dap-secret-webhook

module

v0.0.2 Latest Latest Go to latest Published: Jun 22, 2023 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/caraml-dev/dap-secret-webhook

Links

Open Source Insights

README ¶

dap-secret-webhook

Overview

dap-secret-webhook is a Kubernetes pod mutating webhook for using CaraML Secrets in Flyte.

When Flyte Secret is used in a Flyte workflow, the created pod that runs the task will be injected with predefined Flyte labels, with the Secret metadata in pod annotations.

DAP Secret Webhook Server will read the Flyte Secret metadata from the annotations and f

On startup, create a MutatingWebhookConfiguration that calls the webhook server for pod create/delete with the predefined Flyte labels
Read the Flyte Secret Metadata and fetch the Secret Data from MLP
Create a k8 Secret resource and mount it as env var to the pod, in an expected format by Flyte Secret Manager

Reference

Prerequisite

Flyte Native Webhook to be disabled
MLP
TLS Server Key/Cert and CA certs generated
Environment variables configured

Environment Variable

Name	Default	Description
TLS_SERVER_CERT_FILE	-	Server Cert
TLS_SERVER_KEY_FILE	-	Server Key
TLS_CA_CERT_FILE	-	CA Public Cert
MLP_API_HOST	-	MLP API Host
WEBHOOK_NAME	dap-secret-webhook	Name of the MutatingWebhookConfiguration resource
WEBHOOK_NAMESPACE	flyte	Namespace of the MutatingWebhookConfiguration
WEBHOOK_WEBHOOK_NAME	dap-secret-webhook.flyte.svc.cluster.local	Name of the webhook to call. Needs to be qualified name
WEBHOOK_SERVICE_NAME	dap-secret-webhook	Name of the service for the webhook to call when a request fulfill the rules
WEBHOOK_SERVICE_NAMESPACE	flyte	Namespace of the service deployed in cluster
WEBHOOK_SERVICE_PORT	443	Port of the service
WEBHOOK_MUTATE_PATH	/mutate	Endpoint of the service to call for mutate function
PROMETHEUS_ENABLED	false	Flag to enable Prometheus for metrics collection
PROMETHEUS_PORT	10254	Prometheus metrics endpoint, default to 10254 to be similar as Flyte components

Folder Structure

.        
├── client                  # MLP CLient
├── cmd                     # Entrypoint
├── config                  # Configuration
├── test                    # Test data and mocks
├── webhook                 # Webhook Server
└── README.md

Directories ¶

Path	Synopsis
client
cmd
dap-secret-webhook
config
test
mocks
webhook

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL