flypenguin opened a new pull request, #41974: URL: https://github.com/apache/airflow/pull/41974
Using the **helm chart** I was unable to get SSH-based git sync to run. Debugging lead to two issues: - The secret is mounted as `root`, with permissions `0660`, which makes it unreadable for git-sync default user 65533. - If switching to user `root` (which I did not want to do), the SSH key file is still mounted as `0660`, which makes SSH complain and ignore it. That fix uses the init-container to fix the SSH key permissions (ownership, and file mode `0400`), which should now work with any user without any k8s-yaml-fu-magic :) . Also, mounting secrets with non-root _ownership_ (not: group ownership) [seems impossible ATM](https://github.com/kubernetes/kubernetes/issues/81089). If there in fact _is_ a solution for this, I would be very interested in some example helm values file config :) . I was – as mentioned – unable to create it. --- **^ Add meaningful description above** Read the **[Pull Request Guidelines](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#pull-request-guidelines)** for more information. In case of fundamental code changes, an Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvement+Proposals)) is needed. In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x). In case of backwards incompatible changes please leave a note in a newsfragment file, named `{pr_number}.significant.rst` or `{issue_number}.significant.rst`, in [newsfragments](https://github.com/apache/airflow/tree/main/newsfragments). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
