Update README.md

charts/flyte-core/README.md

@@ -273,7 +273,8 @@ helm install gateway bitnami/contour -n flyte
 | flytescheduler.tolerations | list | `[]` | tolerations for Flytescheduler deployment |
 | secrets.adminOauthClientCredentials.clientId | string | `"flytepropeller"` |  |
 | secrets.adminOauthClientCredentials.clientSecret | string | `"foobar"` |  |
-| secrets.adminOauthClientCredentials.enabled | bool | `true` | If enabled is true, helm will create and manage `flyte-secret-auth` and populate it with `clientSecret`. If enabled is false, it's up to the user to create `flyte-secret-auth` as described in https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server |
+| secrets.adminOauthClientCredentials.enabled | bool | `true` | If enabled is true, helm will mount `flyte-secret-auth`. If enabled is false, helm will not mount `flyte-secret-auth` |
+ | secrets.adminOauthClientCredentials.create | bool | `true` | If create is true, helm will create the `flyte-secret-auth`. If create is false, it's up to the user to create `flyte-secret-auth` as described in https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server |
 | sparkoperator | object | `{"enabled":false,"plugin_config":{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}}` | Optional: Spark Plugin using the Spark Operator |
 | sparkoperator.enabled | bool | `false` | - enable or disable Sparkoperator deployment installation |
 | sparkoperator.plugin_config | object | `{"plugins":{"spark":{"spark-config-default":[{"spark.hadoop.fs.s3a.aws.credentials.provider":"com.amazonaws.auth.DefaultAWSCredentialsProviderChain"},{"spark.hadoop.mapreduce.fileoutputcommitter.algorithm.version":"2"},{"spark.kubernetes.allocation.batch.size":"50"},{"spark.hadoop.fs.s3a.acl.default":"BucketOwnerFullControl"},{"spark.hadoop.fs.s3n.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3n.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.impl":"org.apache.hadoop.fs.s3a.S3AFileSystem"},{"spark.hadoop.fs.AbstractFileSystem.s3a.impl":"org.apache.hadoop.fs.s3a.S3A"},{"spark.hadoop.fs.s3a.multipart.threshold":"536870912"},{"spark.blacklist.enabled":"true"},{"spark.blacklist.timeout":"5m"},{"spark.task.maxfailures":"8"}]}}}` | Spark plugin configuration |

charts/flyte-core/values-keycloak-idp-flyteclients-without-browser.yaml

@@ -298,10 +298,13 @@ deployRedoc: false
 
 secrets:
   adminOauthClientCredentials:
-    # -- If enabled is true, helm will create and manage `flyte-secret-auth` and populate it with `clientSecret`.
-    # If enabled is false, it's up to the user to create `flyte-secret-auth` as described in
+    # If enabled is true, helm will mount `flyte-secret-auth`.
+    # If enabled is false, helm will not mount `flyte-secret-auth`.
+    # If create is true, helm will create the `flyte-secret-auth`.
+    # If create is false, it's up to the user to create `flyte-secret-auth` as described in
     # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server
     enabled: true
+    create: true
     clientSecret: "<>" # put the secret for the confidential client flytepropeller defined in the IDP
     clientId: "flytepropeller" #use this client id and secret in the flytectl config with ClientSecret option
 

charts/flyte-core/values.yaml

@@ -430,8 +430,8 @@ deployRedoc: false
 
 secrets:
   adminOauthClientCredentials:
-    # -- If enabled is true, helm will populate `flyte-secret-auth` with `clientSecret`.
-    # If enabled is false, helm will not populate `flyte-secret-auth`.
+    # If enabled is true, helm will mount `flyte-secret-auth`.
+    # If enabled is false, helm will not mount `flyte-secret-auth`.
     # If create is true, helm will create the `flyte-secret-auth`.
     # If create is false, it's up to the user to create `flyte-secret-auth` as described in
     # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server

docs/deployment/configuration/auth_setup.rst

@@ -345,9 +345,13 @@ Apply OIDC Configuration
          
          secrets:
            adminOauthClientCredentials:
-          # -- If enabled is true, helm will create and manage `flyte-secret-auth` and populate it with `clientSecret`.
-          # If enabled is false, it's up to the user to create `flyte-secret-auth`
+             # If enabled is true, helm will mount `flyte-secret-auth`.
+             # If enabled is false, helm will not mount `flyte-secret-auth`.
+             # If create is true, helm will create the `flyte-secret-auth`.
+             # If create is false, it's up to the user to create `flyte-secret-auth` as described in
+             # https://docs.flyte.org/en/latest/deployment/cluster_config/auth_setup.html#oauth2-authorization-server
              enabled: true
+             create: true
            # Use the non-encoded version of the random password 
              clientSecret: "<your-random-password>" 
              clientId: flytepropeller
@@ -597,7 +601,8 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
    
          secrets:
            adminOauthClientCredentials:
-             enabled: true # see the section "Disable Helm secret management" if you require to do so
+             enabled: true
+             create: true # see the section "Disable Helm secret management" if you require to do so
              # Replace with the client_secret provided by your IdP for flytepropeller.
              clientSecret: <client_secret>
              # Replace with the client_id provided by provided by your IdP for flytepropeller.
@@ -617,6 +622,7 @@ Follow the steps in this section to configure `flyteadmin` to use an external au
          secrets:
          adminOauthClientCredentials:
             enabled: true
+            create: true
             clientSecret: <client secret>
             clientId: <client id>
          ---
@@ -673,7 +679,8 @@ Alternatively, you can instruct Helm not to create and manage the secret for ``f
 
    secrets:
      adminOauthClientCredentials:
-       enabled: false #set to false
+       enabled: true # mount the flyte-secret-auth secret to the flytepropeller.
+       create: false # set to false
        # Replace with the client_id provided by provided by your IdP for flytepropeller.
        clientId: <client_id>