This message was deleted BentoML #ask-for-help

Join Slack

This message was deleted.

# ask-for-help

Slackbot

10/11/2022, 6:56 PM

This message was deleted.

👀 1

🦄 1

10/11/2022, 7:00 PM

Hello, @Giacomo Vianello Good question. The ticket is on our roadmap, and it is prioritized. Are you able to spec the private resources in the bentofile.yaml?

Giacomo Vianello

10/11/2022, 7:05 PM

thanks for the prompt answer @Bo. How do you suggest I add the resources in the

bentofile.yaml

Giacomo Vianello

10/11/2022, 7:06 PM

ah, I see, for example by adding them in the

env

. Yeah, I could do that, but that would mean registering credentials in the clear in a text file

Giacomo Vianello

10/11/2022, 7:06 PM

I'd rather avoid that, those files end up in a repository and are therefore visible to everybody

Giacomo Vianello

10/11/2022, 7:06 PM

(everybody within my org, that is. But still, not acceptable from the security perspective)

10/11/2022, 7:08 PM

That makes sense. I think that's something we urgently need to update.

10/11/2022, 7:09 PM

right now, we are cleaning up the installation process and updating containerization work in yatai

Mike Kuhlen

10/11/2022, 7:10 PM

I solved this with a custom Docker base image, as described here: https://bentoml.slack.com/archives/CKRANBHPH/p1659708944441879?thread_ts=1659706470.055609&cid=CKRANBHPH I build that image (providing the credentials as build args) and publish it to our docker repository, and the subsequent bentos start from that base image.

Mike Kuhlen

10/11/2022, 7:11 PM

Totally in favor of a more systematic way of providing build arguments though. ➕

Giacomo Vianello

10/11/2022, 7:14 PM

ok. I think as a stop-gap solution it would be nice to have the possibility to use the Yatai UI to provide arguments to the underlying

bentoml containerize

(assuming Yatai uses that, which looks to be the case).That command provides all the features we need, but not all of them are exposed through the Yatai UI. This would be an easy way to fix that

Giacomo Vianello

10/11/2022, 7:15 PM

great to hear this is on your roadmap. Any idea when we could expect to see progress on this?

Giacomo Vianello

10/11/2022, 7:16 PM

@Mike Kuhlen thanks for your suggestion. That's slightly more secure than having the credentials in the yaml file, but of course the credentials would then get embedded in the docker image...

Mike Kuhlen

10/11/2022, 7:40 PM

Correct.

Aaron Pham

10/11/2022, 9:02 PM

Another suggestion is to use custom dockerfile and use

--mount=type=secret

as described in our docs' examples as well as in Docker’s documentation

Giacomo Vianello

10/11/2022, 9:22 PM

thanks, but the secrets thing is not going to work for Yatai because there is no way to specify that flag for

bentoml containerize

in the Yatai UI (as far as I can see)

Open in Slack

Previous Next