Hi Team, i use https://github.com/outerbounds/metaflow-with-airflow-minio to install metaflow on my talos kubernetes cluster. The installation worked and also minio. But as each pod will be a different user from where the python will be executed I will inject:

{
  "METAFLOW_S3_ENDPOINT_URL": "<NGROK TUNNEL URL COMES HERE>",
  "METAFLOW_DEFAULT_DATASTORE": "s3",
  "METAFLOW_DATASTORE_SYSROOT_S3": "<s3://metaflow-test/metaflow>",
  "METAFLOW_DATATOOLS_S3ROOT": "<s3://metaflow-test/data>",
  "METAFLOW_DEFAULT_METADATA": "service",
  "METAFLOW_KUBERNETES_SECRETS": "minio-secret",
  "METAFLOW_SERVICE_INTERNAL_URL": "<http://metaflow-metaflow-service.default.svc.cluster.local:8080>",
  "METAFLOW_AIRFLOW_KUBERNETES_KUBECONFIG_CONTEXT": "minikube"
}

into each pod. But will then each user be able to get METAFLOW_KUBERNETES_SECRETS or can I change RBAC so that only METAFLOW_KUBERNETES_SECRETS is accessible by metaflow pods?

@hundreds-zebra-57629 might be able to help here

Hey @mysterious-room-21161, you can change your rbac to allow access to the secret from multiple service accounts instead of recreating it per service account as long as the pods will be running in the same namespace as the secret. The minio secret is not tied to a specific pod/service account.