bodywork-ml/bodywork-core

Make Secrets Namespace Agnostic

Marios85 opened this issue · 0 comments

Marios85 commented

As a Machine Learning Engineer I would like to use the same set of secrets across multiple workflows/deployments and not deal with namespaces.

Tasks

Currently Secrets are created for each individual namespace and instead they should be arranged into groups and be namespace agnostic.

  • For the bodywork secret commands, replace namespace argument with a name that represents the name of the secrets group this secret is in e.g. --group.
  • Create all secrets in the bodywork-deployment-jobs namespace.
  • Prefix the name of the secret with the name arg provided or similar so that they can be retrieved according to the group name that they belong to e.g. 'Prod' group secret would be 'Prod-SSHKey'.
  • Add secrets_group item to project section of bodywork.yaml
  • Ensure the relevant secrets are retrieved and added to the workflow container/workflow if secrets_group is specified in the config.

N.B. Remember to remove the namespace setup and amend the Secret creation in test_workflow_and_service_management_end_to_end_from_cli