I am trying to deploy models using ray serve on kubernetes and I am using a github repo url as my workdir which is a private repo. And I don’t want to add credentials in the deployment yaml file.
There is an authtication method usign netrc Authenticating Remote URIs in runtime_env — Ray 2.10.0
Is there any way through which I can use aws credentials manager secrets directly to authenticate my remote urls?
This might totally be useless, but here goes nothing, I’ve used ray cluster.yaml files to write data to my .bashrc and, subsequently I log into my ECR. So in your case you could use a similar aproach, to write your secret name to your .bashrc and subsequently use your secret later in your script. Good luck!
initialization_commands:
# for each command the call is:
# Full command is `ssh -tt -i ~/.ssh/<YOURKEY>.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -o ServerAliveInterval=5 -o ServerAliveCountMax=3 -o ConnectTimeout=120s ubuntu@<IP> bash --login -c -i 'source ~/.bashrc; export OMP_NUM_THREADS=1 PYTHONWARNINGS=ignore && <YOUR COMMAND HERE>"`
# This means that variables are not shared between sessions so make sure to store your variables into your bashrc
- rm ~/.aws -fr
- AWS_REGION=$(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | sed 's/\(.*\)[a-z]/\1/') && echo "export AWS_REGION=${AWS_REGION}" >> ~/.bashrc
- AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query 'Account' --output text --region $AWS_REGION) && echo "export AWS_ACCOUNT_ID=${AWS_ACCOUNT_ID}" >> ~/.bashrc
- aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com