8:01 a.m.
Hello,
You can control the secret name used in Trino deployment with the parameter
"s3_credentials_secret".
https://github.com/AICoE/idh-manifests/tree/production/trino#s3_credentia...
You don't need to make kfctl/kustomize to control the credentials
deployment, but you must specify the secret name that contains the right
credentials in the parameters, otherwise Trino will use the default
"aws_secret" secret that contains only hard-coded "changeme" values,
which
you don't want to use in a real environment. Unfortunately, that was the
only method to parameterize the credentials in Trino and Data Catalog.
Let me know if you have any other questions.
On Tue, May 4, 2021 at 9:49 AM Ke Zhu <kzhu(a)us.ibm.com> wrote:
I'm trying to adopt the opendatahub/kubeflow operator with
kustomize to
provisioning components like Hive/Trino, but one common requirement for
running production system is credential management.
what's the general suggestion on managing credentials required by
opendatahub? k8s secrets?
For example:
https://github.com/opendatahub-io/odh-manifests/blob/master/trino/base/aw...
I'd prefer not to manage credential in code via kustomize. It's ok by
using environment variable plus kustomize secret generator, but it
won't work if it's the operator pull then provisioning the opendatahub
via kfctl/kustomize.
_______________________________________________
Users mailing list -- users(a)lists.opendatahub.io
To unsubscribe send an email to users-leave(a)lists.opendatahub.io
--
Ricardo Martinelli De Oliveira
Senior Software Engineer, AI CoE
Red Hat Brazil <https://www.redhat.com/>
Av. Brigadeiro Faria Lima, 3900
8th floor
rmartine(a)redhat.com T: +551135426125
M: +5511970696531
@redhatjobs <https://twitter.com/redhatjobs> redhatjobs
<https://www.facebook.com/redhatjobs> @redhatjobs
<https://instagram.com/redhatjobs>
<https://www.redhat.com/>