[Users] Re: suggestion on managing secrets like aws-secret

 Hello, You can control the secret name used in Trino deployment with the parameter "s3_credentials_secret". https://github.com/AICoE/idh- manifests/tree/production/trino#s3_credentials_secret You don't need to make kfctl/kustomize   Hello, You can control the secret name used in Trino deployment with the parameter "s3_credentials_secret". https://github.com/AICoE/idh-manifests/tree/production/trino#s3_credentials_secret You don't need to make kfctl/kustomize to control the credentials deployment, but you must specify the secret name that contains the right credentials in the parameters, otherwise Trino will use the default "aws_secret" secret that contains only hard-coded "changeme" values, which you don't want to use in a real environment. Unfortunately, that was the only method to parameterize the credentials in Trino and Data Catalog. Let me know if you have any other questions. On Tue, May 4, 2021 at 9:49 AM Ke Zhu <kzhu(a)us.ibm.com&gt; wrote: > I'm trying to adopt the opendatahub/kubeflow operator with > kustomize > to > provisioning components like Hive/Trino, but one common requirement > for > running production system is credential management. > > what's the general suggestion on managing credentials required by > opendatahub? k8s secrets? > > For example: > https://github.com/opendatahub-io/odh-manifests/blob/master/trino/base/aw... > > I'd prefer not to manage credential in code via kustomize. It's ok > by > using environment variable plus kustomize secret generator, but it > won't work if it's the operator pull then provisioning the > opendatahub > via kfctl/kustomize. > _______________________________________________ > Users mailing list -- users(a)lists.opendatahub.io > To unsubscribe send an email to users-leave(a)lists.opendatahub.io