kaxil commented on a change in pull request #13519: URL: https://github.com/apache/airflow/pull/13519#discussion_r553074438
########## File path: chart/README.md ########## @@ -32,6 +32,47 @@ cluster using the [Helm](https://helm.sh) package manager. - Helm 2.11+ or Helm 3.0+ - PV provisioner support in the underlying infrastructure +## Configuring Airflow + +All Airflow configuation parameters (equivalent of `airflow.cfg`) are stored in [values.yaml](https://github.com/apache/airflow/blob/master/chart/values.yaml) under the `config` key (around line 650 of `values.yaml`). The following code demonstrates how one would deny webserver users from viewing the config from within the webserver application. See the bottom line of the example... Review comment: ```suggestion All Airflow configuration parameters (equivalent of `airflow.cfg`) are stored in [values.yaml](https://github.com/apache/airflow/blob/master/chart/values.yaml) under the `config` key . The following code demonstrates how one would deny webserver users from viewing the config from within the webserver application. See the bottom line of the example: ``` ########## File path: chart/README.md ########## @@ -32,6 +32,47 @@ cluster using the [Helm](https://helm.sh) package manager. - Helm 2.11+ or Helm 3.0+ - PV provisioner support in the underlying infrastructure +## Configuring Airflow + +All Airflow configuation parameters (equivalent of `airflow.cfg`) are stored in [values.yaml](https://github.com/apache/airflow/blob/master/chart/values.yaml) under the `config` key (around line 650 of `values.yaml`). The following code demonstrates how one would deny webserver users from viewing the config from within the webserver application. See the bottom line of the example... + +``` Review comment: ```suggestion ```yaml ``` ########## File path: chart/README.md ########## @@ -32,6 +32,47 @@ cluster using the [Helm](https://helm.sh) package manager. - Helm 2.11+ or Helm 3.0+ - PV provisioner support in the underlying infrastructure +## Configuring Airflow + +All Airflow configuation parameters (equivalent of `airflow.cfg`) are stored in [values.yaml](https://github.com/apache/airflow/blob/master/chart/values.yaml) under the `config` key (around line 650 of `values.yaml`). The following code demonstrates how one would deny webserver users from viewing the config from within the webserver application. See the bottom line of the example... + +``` +# Config settings to go into the mounted airflow.cfg +# +# Please note that these values are passed through the `tpl` function, so are +# all subject to being rendered as go templates. If you need to include a +# literal `{{` in a value, it must be expressed like this: +# +# a: '{{ "{{ not a template }}" }}' +# +# yamllint disable rule:line-length +config: + core: + dags_folder: '{{ include "airflow_dags" . }}' + load_examples: 'False' + executor: '{{ .Values.executor }}' + # For Airflow 1.10, backward compatibility + colored_console_log: 'False' + remote_logging: '{{- ternary "True" "False" .Values.elasticsearch.enabled }}' + # Authentication backend used for the experimental API + api: + auth_backend: airflow.api.auth.backend.deny_all + logging: + remote_logging: '{{- ternary "True" "False" .Values.elasticsearch.enabled }}' + colored_console_log: 'False' + logging_level: DEBUG + metrics: + statsd_on: '{{ ternary "True" "False" .Values.statsd.enabled }}' + statsd_port: 9125 + statsd_prefix: airflow + statsd_host: '{{ printf "%s-statsd" .Release.Name }}' + webserver: + enable_proxy_fix: 'True' + expose_config: 'False' <<<<<<<<<< BY DEFAULT THIS IS 'True' BUT WE CHANGE IT TO 'False' PRIOR TO INSTALLING THE CHART Review comment: ```suggestion expose_config: 'False' # <<<<<<<<<< BY DEFAULT THIS IS 'True' BUT WE CHANGE IT TO 'False' PRIOR TO INSTALLING THE CHART ``` ########## File path: chart/README.md ########## @@ -32,6 +32,47 @@ cluster using the [Helm](https://helm.sh) package manager. - Helm 2.11+ or Helm 3.0+ - PV provisioner support in the underlying infrastructure +## Configuring Airflow + +All Airflow configuation parameters (equivalent of `airflow.cfg`) are stored in [values.yaml](https://github.com/apache/airflow/blob/master/chart/values.yaml) under the `config` key (around line 650 of `values.yaml`). The following code demonstrates how one would deny webserver users from viewing the config from within the webserver application. See the bottom line of the example... + +``` +# Config settings to go into the mounted airflow.cfg +# +# Please note that these values are passed through the `tpl` function, so are +# all subject to being rendered as go templates. If you need to include a +# literal `{{` in a value, it must be expressed like this: +# +# a: '{{ "{{ not a template }}" }}' +# +# yamllint disable rule:line-length +config: + core: + dags_folder: '{{ include "airflow_dags" . }}' + load_examples: 'False' + executor: '{{ .Values.executor }}' + # For Airflow 1.10, backward compatibility + colored_console_log: 'False' + remote_logging: '{{- ternary "True" "False" .Values.elasticsearch.enabled }}' + # Authentication backend used for the experimental API + api: + auth_backend: airflow.api.auth.backend.deny_all + logging: + remote_logging: '{{- ternary "True" "False" .Values.elasticsearch.enabled }}' + colored_console_log: 'False' + logging_level: DEBUG + metrics: + statsd_on: '{{ ternary "True" "False" .Values.statsd.enabled }}' + statsd_port: 9125 + statsd_prefix: airflow + statsd_host: '{{ printf "%s-statsd" .Release.Name }}' + webserver: + enable_proxy_fix: 'True' + expose_config: 'False' <<<<<<<<<< BY DEFAULT THIS IS 'True' BUT WE CHANGE IT TO 'False' PRIOR TO INSTALLING THE CHART +``` + +Generally speaking, it is useful to familiarize ones self with the Airflow configuration prior to installing and deploying the service. Review comment: ```suggestion Generally speaking, it is useful to familiarize oneself with the Airflow configuration prior to installing and deploying the service. ``` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
