[GitHub] [airflow] jedcunningham commented on a change in pull request #17934: Add dags.gitSync.sshKeyCustomFile parameter to allow other SSH key sources

Wed, 15 Sep 2021 08:55:52 -0700 


jedcunningham commented on a change in pull request #17934:
URL: https://github.com/apache/airflow/pull/17934#discussion_r709281598



##########
File path: chart/templates/_helpers.yaml
##########
@@ -146,9 +146,13 @@ If release name contains chart name it will be used as a 
full name.
   securityContext:
     runAsUser: {{ .Values.dags.gitSync.uid }}
   env:
-    {{- if .Values.dags.gitSync.sshKeySecret }}
+    {{- if or .Values.dags.gitSync.sshKeySecret 
.Values.dags.gitSync.sshKeyCustomFile}}

Review comment:
       ```suggestion
       {{- if or .Values.dags.gitSync.sshKeySecret 
.Values.dags.gitSync.sshKeyCustomFile }}
   ```

##########
File path: chart/files/pod-template-file.kubernetes-helm-yaml
##########
@@ -111,7 +111,7 @@ spec:
   - emptyDir: {}
     name: logs
   {{- end }}
-  {{- if and  .Values.dags.gitSync.enabled  .Values.dags.gitSync.sshKeySecret 
}}
+  {{- if and  .Values.dags.gitSync.enabled  .Values.dags.gitSync.sshKeySecret}}

Review comment:
       ```suggestion
     {{- if and  .Values.dags.gitSync.enabled  
.Values.dags.gitSync.sshKeySecret }}
   ```

##########
File path: chart/values.yaml
##########
@@ -1308,6 +1308,7 @@ dags:
     extraVolumeMounts: []
     env: []
     resources: {}
+    sshKeyCustomFile:

Review comment:
       ```suggestion
      # Path for the ssh key. Can be used with `sshKeySecret` to change the 
mount path or
      # used alone to have gitSync use another file (possibly via sidecar)
       sshKeyFile:
   ```
   
   Not sure I like the name `sshKeyCustomFile`, I think `sshKeyFile` is better 
🤷‍♂️.

##########
File path: docs/helm-chart/manage-dags-files.rst
##########
@@ -177,6 +177,38 @@ In this example, you will create a yaml file called 
``override-values.yaml`` to
 
 Don't forget to copy in your private key base64 string.
 
+Using SSH Key from Hashicorp Vault instead of Secret
+----------------------------------------------------

Review comment:
       Being injected in the middle of this existing subsection is confusing I 
think - the note about using knownhosts is not in the original subsection any 
longer.

##########
File path: chart/templates/_helpers.yaml
##########
@@ -204,7 +208,11 @@ If release name contains chart name it will be used as a 
full name.
     mountPath: /git
   {{- if .Values.dags.gitSync.sshKeySecret }}
   - name: git-sync-ssh-key
+    {{- if empty .Values.dags.gitSync.sshKeyCustomFile }}
     mountPath: /etc/git-secret/ssh
+    {{- else }}
+    mountPath: {{.Values.dags.gitSync.sshKeyCustomFile | quote}}
+    {{- end }}

Review comment:
       ```suggestion
       mountPath: {{ .Values.dags.gitSync.sshKeyCustomFile | default 
"/etc/git-secret/ssh" | quote }}
   ```
   
   I think this is better?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to