Proposal: secrets web app #20
Comments
|
/transfer dashboard |
|
@axel7083: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
* Add support for setting custom "command" and "args" for Notebook servers (kubeflow#20) * Support command and args in PodDefault * Improve logging, refactoring * Add unit test for setCommandAndArgs, fix broken tests * Cleanup
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
/kind feature
Description
In the same manner the Volumes web app allow the user to manipulate PVCs in their Kubeflow cluster by providing a user friendly way to handle the lifecycle of PVC objects. A Secret web app could be made to create, manage and use secrets in kubeblow components.
Use case
When dealing with private registry, it requires to interact with the cluster resources to add the ImagePullSecrets to the
ServiceAccount, this task could be automated with the Secrets Web app.In a Kubeflow Pipeline, we sometime requires to use secrets, for the v2 they have a dedicated package kfp[kubernetes] helping with that, but it would be useful to be able to use secrets as pipeline arguments, selecting from a list.
Jupyter Notebook, we could assign secrets to jupyter, so the user would not have to have them hardcoded and copy past in their notebook. The secrets could be mounted as env or volume.
Security concern
To avoid most issues with dealing with secrets, only
list,patch,writeanddeleteRBAC verb should be allowed. Retrieving secrets value using the secrets web app should be impossible.The creation and deletion of secrets in a Profile should be limited to Owners.
The text was updated successfully, but these errors were encountered: