You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "hussein-awala (via GitHub)" <gi...@apache.org> on 2023/03/12 00:09:54 UTC
[GitHub] [airflow] hussein-awala opened a new pull request, #30048: Add a new Airflow conf to specify a SSL ca cert for Kubernetes client
hussein-awala opened a new pull request, #30048:
URL: https://github.com/apache/airflow/pull/30048
closes: #8019
---
The K8S client verifies the server’s SSL certificate by default, using the system’s trusted CA certificates. If we use a self-signed certificate, the only solution we have now is disabling SSL verification by setting the `verify_ssl` parameter to `False`. However, this is not recommended for production environments.
This PR add a new Airflow conf `ssl_ca_cert`, which is a path to the certificate file we want to use in the API client to verify the server's SSL certificate when establishing a secure connection (when `verify_ssl` is not False).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk merged pull request #30048: Add a new Airflow conf to specify a SSL ca cert for Kubernetes client
Posted by "potiuk (via GitHub)" <gi...@apache.org>.
potiuk merged PR #30048:
URL: https://github.com/apache/airflow/pull/30048
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] uranusjr commented on a diff in pull request #30048: Add a new Airflow conf to specify a SSL ca cert for Kubernetes client
Posted by "uranusjr (via GitHub)" <gi...@apache.org>.
uranusjr commented on code in PR #30048:
URL: https://github.com/apache/airflow/pull/30048#discussion_r1134943915
##########
airflow/kubernetes/kube_client.py:
##########
@@ -30,11 +30,13 @@
has_kubernetes = True
- def _disable_verify_ssl() -> None:
+ def _get_default_configuration():
Review Comment:
```suggestion
def _get_default_configuration() -> Configuration:
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] uranusjr commented on a diff in pull request #30048: Add a new Airflow conf to specify a SSL ca cert for Kubernetes client
Posted by "uranusjr (via GitHub)" <gi...@apache.org>.
uranusjr commented on code in PR #30048:
URL: https://github.com/apache/airflow/pull/30048#discussion_r1133511137
##########
airflow/config_templates/config.yml:
##########
@@ -2719,6 +2719,13 @@ kubernetes_executor:
type: integer
example: ~
default: "100"
+ ssl_ca_cert:
+ description: |
+ Path to a ca certificate to be used by the Kubernetes client to verify the server's SSL certificate.
Review Comment:
```suggestion
Path to a CA certificate to be used by the Kubernetes client to verify the server's SSL certificate.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org