You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/06/03 10:00:25 UTC

[GitHub] [airflow] thesuperzapper commented on a change in pull request #8777: Add Production Helm chart support

thesuperzapper commented on a change in pull request #8777:
URL: https://github.com/apache/airflow/pull/8777#discussion_r430115441



##########
File path: chart/templates/secrets/result-backend-connection-secret.yaml
##########
@@ -0,0 +1,20 @@
+################################
+## Airflow Result Backend Secret
+#################################
+{{- if (and .Values.data.resultBackendConnection (not .Values.data.resultBackendSecretName)) }}
+{{- $host := .Values.data.resultBackendConnection.host | default (printf "%s-%s" .Release.Name "postgresql") }}
+kind: Secret
+apiVersion: v1
+metadata:
+  name: {{ .Release.Name }}-airflow-result-backend
+  labels:
+    release: {{ .Release.Name }}
+    chart: {{ .Chart.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.labels }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+type: Opaque
+data:
+  connection: {{ (printf "db+postgresql://%s:%s@%s:%s/%s?sslmode=%s" .Values.data.resultBackendConnection.user .Values.data.resultBackendConnection.pass (ternary (printf "%s-%s" .Release.Name "pgbouncer") $host .Values.pgbouncer.enabled) ((ternary .Values.ports.pgbouncer .Values.data.resultBackendConnection.port .Values.pgbouncer.enabled) | toString) (ternary (printf "%s-%s" .Release.Name "result-backend") .Values.data.resultBackendConnection.db .Values.pgbouncer.enabled) .Values.data.resultBackendConnection.sslmode) | b64enc | quote }}

Review comment:
       Is this really the best approach (creating the secret in the chart), as it will cause users to store their DB passwords inside their `values.yaml` in plain text. In the `stable/airflow` chart, we allow users to create a secret which just contains the password, and then combine them as the pods start.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org