oliverisaac commented on pull request #18336:
URL: https://github.com/apache/airflow/pull/18336#issuecomment-922990542
> Currently, when you pass an empty string to the AIRFLOW__CORE__FERNET_KEY
environment variable, secret encryption is turned off.
Ah, yeah, that's an excellent example of why this is not going to work...
> This means you have experience with Hashicorp Vault. Would you like to
improve support for this tool in Helm Chart?
I don't think there is much Vault-specific value that needs to be brought.
The specifics of how Vault is implemented is going to vary wildly from org to
org. The biggest/only change that needs to be made is not defining the
`AIRFLOW__CORE__FERNET_KEY` and `AIRFLOW__CORE__SQL_ALCHEMY_CONN` env vars when
they shouldn't be defined (either a flag to turn them off, or logic to assess
if they are needed or not.)
For future people who land here from a Google search, I ended up making the
airflow chart a subchart of a custom chart and defining a custom `_helpers.tpl`
file in my parent chart. This allows the parent chart to override the
`standard_airflow_environment` template block and is where I removed the env
vars.
```
$ tree .
.
├── Chart.yaml
├── charts
│ └── airflow-1.1.0.tgz
├── templates
│ └── _helpers_overrides.yaml
└── values.yaml
```
In your values file, set all the values to be under the top-level key of
`airflow`.
In `Chart.yaml` make sure you add the dependencies:
```
dependencies:
- name: airflow
repository: https://airflow.apache.org
version: 1.1.0
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
