Hi folks. I am trying to set up Clear ML in our k8s cluster and would like to expose the Webserver and API server outisde our cluster. I am bit lost with the configuration settings and the ways to do it securely in k8s. I read https://clearml.slack.com/archives/CTK20V944/p1630682666183600 discussion and like smos I am also a bit shaky when it comes to web security. Is there some documentation explaining in simple terms what the different keys/secrets are used for?
“CLEARML__SECURE__HTTP__SESSION_SECRET__APISERVER”: “”,
“CLEARML__SECURE__AUTH__TOKEN_SECRET”: “”,
“CLEARML__SECURE__CREDENTIALS__APISERVER__USER_KEY”: “”,
“CLEARML__SECURE__CREDENTIALS__APISERVER__USER_SECRET”: “”,
“CLEARML__SECURE__CREDENTIALS__WEBSERVER__USER_KEY”: “”,
“CLEARML__SECURE__CREDENTIALS__WEBSERVER__USER_SECRET”: “”,
“CLEARML__SECURE__CREDENTIALS__TESTS__USER_KEY”: “”,
“CLEARML__SECURE__CREDENTIALS__TESTS__USER_SECRET”: “”.

I am setting up the cluster using the helm charts from https://github.com/allegroai/clearml-helm-charts . I understand that some key/secret pair are needed for internal access for the clearML components and the details in apiserver.conf is needed for user access. If I understand right at the moment the apiserver.conf can be sett using additonalconfigs as in the discussion https://clearml.slack.com/archives/CTK20V944/p1648044291291519 . But this means the configs are commited to git (from were the our helm charts are deployed to our cluster) . This we can all agree that is not safe. I also notice that this config can be mounted as a volume or secret or a configmap as suggested https://clearml.slack.com/archives/CTK20V944/p1627029627387300 . Is there any update on the same?