feat: Secrets for external database access from a ML training pod (e.g. PyTorchJob)
Priority-3
TrainDB-ML need to access external legacy DBMS (e.g. MySQL, Kairos, etc.) for training ML models.
In terms of the security during interacting between TrainDB-main and TrainDB-ML, we handles sensitive data such as db_user_name and db_password.
While ConfigMaps in K8s are great for most configuration data, there is certain data that is extra-sensitive. This can include passwords, security tokens, or other types of private keys. Collectively, we call this type of data “secrets.” Kubernetes has native support for storing and handling this data with care.
Secrets enable container images to be created without bundling sensitive data. This allows containers to remain portable across environments. Secrets are exposed to Pods via explicit declaration in Pod manifests and the Kubernetes API. In this way, the Kubernetes secrets API provides an application-centric mechanism for exposing sensitive configuration information to applications in a way that’s easy to audit and leverages native OS isolation primitives.
feat: Secrets for external database access from a ML training pod (e.g. PyTorchJob)
Priority-3
TrainDB-ML need to access external legacy DBMS (e.g. MySQL, Kairos, etc.) for training ML models. In terms of the security during interacting between TrainDB-main and TrainDB-ML, we handles sensitive data such as db_user_name and db_password.
While ConfigMaps in K8s are great for most configuration data, there is certain data that is extra-sensitive. This can include passwords, security tokens, or other types of private keys. Collectively, we call this type of data “secrets.” Kubernetes has native support for storing and handling this data with care.
Secrets enable container images to be created without bundling sensitive data. This allows containers to remain portable across environments. Secrets are exposed to Pods via explicit declaration in Pod manifests and the Kubernetes API. In this way, the Kubernetes secrets API provides an application-centric mechanism for exposing sensitive configuration information to applications in a way that’s easy to audit and leverages native OS isolation primitives.
Related tasks