You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/09/15 15:55:47 UTC
[GitHub] [airflow] jedcunningham commented on a change in pull request #17934: Add dags.gitSync.sshKeyCustomFile parameter to allow other SSH key sources

jedcunningham commented on a change in pull request #17934:
URL: https://github.com/apache/airflow/pull/17934#discussion_r709281598



##########
File path: chart/templates/_helpers.yaml
##########
@@ -146,9 +146,13 @@ If release name contains chart name it will be used as a full name.
   securityContext:
     runAsUser: {{ .Values.dags.gitSync.uid }}
   env:
-    {{- if .Values.dags.gitSync.sshKeySecret }}
+    {{- if or .Values.dags.gitSync.sshKeySecret .Values.dags.gitSync.sshKeyCustomFile}}

Review comment:
       ```suggestion
       {{- if or .Values.dags.gitSync.sshKeySecret .Values.dags.gitSync.sshKeyCustomFile }}
   ```

##########
File path: chart/files/pod-template-file.kubernetes-helm-yaml
##########
@@ -111,7 +111,7 @@ spec:
   - emptyDir: {}
     name: logs
   {{- end }}
-  {{- if and  .Values.dags.gitSync.enabled  .Values.dags.gitSync.sshKeySecret }}
+  {{- if and  .Values.dags.gitSync.enabled  .Values.dags.gitSync.sshKeySecret}}

Review comment:
       ```suggestion
     {{- if and  .Values.dags.gitSync.enabled  .Values.dags.gitSync.sshKeySecret }}
   ```

##########
File path: chart/values.yaml
##########
@@ -1308,6 +1308,7 @@ dags:
     extraVolumeMounts: []
     env: []
     resources: {}
+    sshKeyCustomFile:

Review comment:
       ```suggestion
      # Path for the ssh key. Can be used with `sshKeySecret` to change the mount path or
      # used alone to have gitSync use another file (possibly via sidecar)
       sshKeyFile:
   ```
   
   Not sure I like the name `sshKeyCustomFile`, I think `sshKeyFile` is better 🤷‍♂️.

##########
File path: docs/helm-chart/manage-dags-files.rst
##########
@@ -177,6 +177,38 @@ In this example, you will create a yaml file called ``override-values.yaml`` to
 
 Don't forget to copy in your private key base64 string.
 
+Using SSH Key from Hashicorp Vault instead of Secret
+----------------------------------------------------

Review comment:
       Being injected in the middle of this existing subsection is confusing I think - the note about using knownhosts is not in the original subsection any longer.

##########
File path: chart/templates/_helpers.yaml
##########
@@ -204,7 +208,11 @@ If release name contains chart name it will be used as a full name.
     mountPath: /git
   {{- if .Values.dags.gitSync.sshKeySecret }}
   - name: git-sync-ssh-key
+    {{- if empty .Values.dags.gitSync.sshKeyCustomFile }}
     mountPath: /etc/git-secret/ssh
+    {{- else }}
+    mountPath: {{.Values.dags.gitSync.sshKeyCustomFile | quote}}
+    {{- end }}

Review comment:
       ```suggestion
       mountPath: {{ .Values.dags.gitSync.sshKeyCustomFile | default "/etc/git-secret/ssh" | quote }}
   ```
   
   I think this is better?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org