While we generally recommend that users should leverage the connection interface to configure and abstract requesting and mounting secrets. It is sometimes much easier to mount a secret manually if the secret will be used temporarily or for testing purposes.
Polyaxon supports similar secrets syntax and mechanisms as Kubernetes Pod specs, which allows access to secrets as environment variables or volume mounts. For more information, please check the Kubernetes documentation.
In this section, we will demonstrate how to mount a secret manually as environment variables in a job, but the same steps can be followed to mount secrets in services or distributed jobs.
kind: component ... run: kind: job container: command: .. envFrom: - secretRef: name: my-secret1 - secretRef: name: my-secret2 env: - name: secret-name valueFrom: secretKeyRef: name: my-secret3 key: secret-key
In this section, we will demonstrate how to mount secrets manually as volumes in a job, but the same steps can be followed to mount secrets in services or distributed jobs.
kind: component ... run: kind: job volumes: - name: secret-vol-name secret: secretName: my-secret container: command: .. volumeMounts: - name: secret-vol-name mountPath: "/etc/secret/path" readOnly: true
If you find yourself defining the same secrets in all operations, or if you have non-Kubernetes experts using Polyaxon, we suggest that you define those secrets as custom connections, by doing so, users of the cluster will just request those secrets using a single line:
kind: component ... run: kind: job connections: [secret1, secret2]
Polyaxon will take care of the mechanics of converting those connections to environment variables or volumes and mounts.