Taragolis commented on issue #27908:
URL: https://github.com/apache/airflow/issues/27908#issuecomment-1327377251

   Unfortunetly I've unable to reproduce this.
   Airflow do not required internet access for `upgrade db` in case if Secrets 
Backends not uses. 
   AWS SSM client only use in one place if it specified as secrets backend.
   
   ```yaml
   version: '3'
   
   networks:
     no-internet-access:
       driver: bridge
       internal: true
   
   volumes:
     postgres-db-volume:
   
   services:
     postgres:
       image: postgres:13
       environment:
         POSTGRES_USER: airflow
         POSTGRES_PASSWORD: insecurepassword
         POSTGRES_DB: airflow
       volumes:
         - postgres-db-volume:/var/lib/postgresql/data
       healthcheck:
         test: ["CMD", "pg_isready", "-U", "airflow", "-d", "airflow"]
         interval: 5s
         retries: 5
       restart: on-failure
       networks:
         - no-internet-access
   
     airflow-upgrade:
       image: ${AIRFLOW_IMAGE_NAME:-apache/airflow:2.4.3}
       environment:
         CONNECTION_CHECK_MAX_COUNT: "0"
         AIRFLOW__CORE__EXECUTOR: LocalExecutor
         AIRFLOW__DATABASE__SQL_ALCHEMY_CONN: 
postgresql+psycopg2://airflow:insecurepassword@postgres/airflow
         # AIRFLOW__SECRETS__BACKEND: 
'airflow.providers.amazon.aws.secrets.systems_manager.SystemsManagerParameterStoreBackend'
         # AIRFLOW__DATABASE__SQL_ALCHEMY_CONN_SECRET: boom
       command: ["db", "upgrade"]
       networks:
         - no-internet-access
       depends_on:
         postgres:
           condition: service_healthy
   
     airflow-version:
       image: ${AIRFLOW_IMAGE_NAME:-apache/airflow:2.4.3}
       environment:
         AIRFLOW__CORE__EXECUTOR: LocalExecutor
         AIRFLOW__DATABASE__SQL_ALCHEMY_CONN: 
postgresql+psycopg2://airflow:insecurepassword@postgres/airflow
       command: version
       networks:
         - no-internet-access
       depends_on:
         airflow-upgrade:
           condition: service_completed_successfully
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to