ashb commented on a change in pull request #4777: Airflow 3918 add git sync ssh
auth
URL: https://github.com/apache/airflow/pull/4777#discussion_r260203504
##########
File path: airflow/contrib/kubernetes/worker_configuration.py
##########
@@ -78,19 +77,37 @@ def _get_init_containers(self, volume_mounts):
'value': self.kube_config.git_password
})
- if self.dags_volume_name not in volume_mounts:
- raise AirflowException(
- "GitSync enabled but volume %s is not defined." %
self.dags_volume_name)
-
- volume_mounts[self.dags_volume_name]['mountPath'] =
self.kube_config.git_sync_root
- volume_mounts[self.dags_volume_name]['readOnly'] = False
+ volume_mounts = [{
+ 'mountPath': self.kube_config.git_sync_root,
+ 'name': self.dags_volume_name,
+ 'readOnly': False
+ }]
+ if self.kube_config.git_ssh_key_secret_name:
+ volume_mounts.append({
+ 'name': self.git_sync_ssh_secret_volume_name,
+ 'mountPath': '/etc/git-secret'
+ })
+ init_environment.extend([
+ {
+ 'name': 'GIT_SSH_KEY_FILE',
+ 'value': '/etc/git-secret/ssh'
+ },
+ {
+ 'name': 'GIT_KNOWN_HOSTS',
+ 'value': 'false'
Review comment:
This should default to true - having false hard-coded is a security no-no.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
