You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/12/16 10:39:05 UTC

[GitHub] [airflow] ashb commented on a change in pull request #13094: #13081 add note block to 2.x migration docs

ashb commented on a change in pull request #13094:
URL: https://github.com/apache/airflow/pull/13094#discussion_r544191088



##########
File path: docs/apache-airflow/upgrading-to-2.rst
##########
@@ -325,6 +325,13 @@ the only supported UI.
 
 **Breaking Change in OAuth**
 
+.. note::
+
+    When multiple replicas of the airflow-web pods are running in Kubernetes they
+    need to share the same *secret_key* to access the same user session across pods. Inject
+    this via the environment and rotate it regularly like the fernet_key to ensure security.
+    The 1.10.14 bridge-release has this feature.

Review comment:
       This is too specific:
   
   - Don't mention pods; this applies in or out of kubernetes usage.
   - Specifying via environment is not required -- any config mechanism is valid.
   - Please remove reference to rotating keys
   - _All_ versions had this feature, it's just the previously they all had an insecure default so it wasn't noticed.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org