elements-ix opened a new issue, #32981: URL: https://github.com/apache/airflow/issues/32981
### Official Helm Chart version 1.10.0 (latest released) ### Apache Airflow version 2.6.2 ### Kubernetes Version v1.24.10+k3s1 ### Helm Chart configuration I have attempted the following configurations: # 1. SSH credentials via extraSecrets according to the official docs [link to docs](https://airflow.apache.org/docs/helm-chart/stable/manage-dags-files.html#mounting-dags-from-a-private-github-repo-using-git-sync-sidecar) values.yaml ```yaml # override-values.yaml dags: gitSync: enabled: true repo: [email protected]:elements-ix/<my-private-repo>.git branch: main subPath: dags # this is where my DAGs live in my private repo sshKeySecret: airflow-ssh-secret extraSecrets: airflow-ssh-secret: data: | gitSshKey: '<base64-converted-ssh-private-key>' # I have tried this both with and without the quotes in case that matters ``` # 2. SSH credentials via secret.yaml according to the comments in values.yaml ```yaml # secret.yaml --- apiVersion: v1 kind: Secret metadata: name: airflow-ssh-secret namespace: airflow data: gitSshKey: '<base64-converted-ssh-private-key>' # I have tried this both with and without the quotes in case that matters ``` ```yaml # override-values.yaml dags: gitSync: enabled: true repo: [email protected]:elements-ix/<my-private-repo>.git branch: main subPath: dags # this is where my DAGs live in my private repo sshKeySecret: airflow-ssh-secret ``` # 3. SSH credentials via kubectl create secret ```bash kubectl create secret generic airflow-ssh-secret --from-file=gitSshKey=~/.ssh/id_rsa --namespace airflow ``` ```yaml # override-values.yaml dags: gitSync: enabled: true repo: [email protected]:elements-ix/<my-private-repo>.git branch: main subPath: dags # this is where my DAGs live in my private repo sshKeySecret: airflow-ssh-secret ``` ### Docker Image customizations _No response_ ### What happened No matter which way I configure the SSH secret, I get this error and then the scheduler pod enters an `Init:CrashLoopBackOff` state: ```bash git-sync-init E0731 16:11:20.223845 14 main.go:535] "msg"="too many failures, aborting" "error"="Run(git clone -v --no-checkout -b main --depth 1 ssh://github.com/elements-ix/<my-private-repo>.git /git): exit status 128: { stdout: "", stderr: "Cloning into '/git'...\nWarning: Permanently added 'github.com,192.30.255.113' (ECDSA) to the list of known hosts.\r\[email protected]: Permission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists." }" "failCount"=1 ``` ### What you think should happen instead The private github repository should have been pulled successfully, and the scheduler pod should have started (or at least progressed past the point where it pulls the private repository). ### How to reproduce Follow the instructions in the [official docs](https://airflow.apache.org/docs/helm-chart/stable/manage-dags-files.html#mounting-dags-from-a-private-github-repo-using-git-sync-sidecar) for mounting DAGs from a private Github repo using git-sync sidecar. ### Anything else I have created a deploy key in my private repository with read-only access (enabling write access does not change the error I receive) containing the public key. I was able to successfully pull a public repository (Airflow test DAGs). ### Are you willing to submit PR? - [X] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
