[GitHub] [airflow] potiuk commented on a change in pull request #18974: Allows to disable built-in secret variables individually in chart

[GitBox]

potiuk commented on a change in pull request #18974:
URL: https://github.com/apache/airflow/pull/18974#discussion_r771855651



##########
File path: chart/values.schema.json
##########
@@ -711,6 +711,59 @@
                 }
             ]
         },
+        "enableBuiltInSecretEnvVars": {
+            "description": "Uses built-in secret values set as environment 
variables passed to Airflow. You should supply corresponding environment 
variables as ``extraEnv`` variables if you disable them here.",
+            "type": "object",
+            "additionalProperties": false,
+            "x-docsSection": "Airflow",
+            "properties": {
+                "AIRFLOW__CORE__FERNET_KEY": {
+                    "description": "Enable ``AIRFLOW__CORE__FERNET_KEY`` 
variable to be read from the Fernet key Secret (either derived from release 
name ``Values.Release.Name``-fernet-key or from ``.Values.fernetKeySecretName`` 
if specified)",
+                    "type": "boolean",
+                    "default": true
+                },
+                "AIRFLOW__CORE__SQL_ALCHEMY_CONN": {
+                    "description": "Enable ``AIRFLOW__CORE__SQL_ALCHEMY_CONN`` 
variable to be read from the Metadata Secret (from 
``.Values.data.metadataSecretName``)",

Review comment:
       Ah. I see it now (after looking deeper in the code). 
   
   I looked a bit deeper and I shortened the description in json and a little 
more detailed table. I also found out that we have few more secret names where 
names are derived from release name but not documented (you can only find them 
by searching the source code). Those are not taken from ``AIRFLOW__`` 
variables, but I think it's worth to document them here as well.
   
   I also found out, that we have yet another special case: 
`AIRFLOW__CELERY__FLOWER_BASIC_AUTH` - this one looks similar to other 
``AIRLFOW__`` variable but it behaves differently. It is only set when either 
``.Values.flower.secretName`` is set or both: `.Values.flower.user` and 
`.Values.flower.password` are set.  This mean that - even if it looks similar 
to other ``AIRFLOW__*`` variables,  it behaves differently. I tried to describe 
it well - please double-check @jedcunningham .
   
   BTW. The sheer fact how many iterations it takes us to figure out the right 
description, shows how badly  needed it was. I can't imagine our users trying 
to find out how this all worked before - like finding how the secrets are named 
or that FLOWER config is different :(.
   
   




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org