laserpedro opened a new issue, #43458:
URL: https://github.com/apache/airflow/issues/43458
### Official Helm Chart version
1.10.0
### Apache Airflow version
2.6.2
### Kubernetes Version
1.30
### Helm Chart configuration
``` dags:
persistence:
subPath: dags/platform
size: 10Gi
storageClassName: default-efs
gitSync:
enabled: true
repo: [email protected]:my-org/dag-repo.git
branch: main
rev: HEAD
sshKeySecret: airflow-git-sync-secret
### Docker Image customizations
_No response_
### What happened
I have created a deploy ssh key in the repo to enable gitsync to only access
this repo in particular with read only access. I generate a ssh key locally and
updated the public key on the deploy key. The private key is stored in AWS
secrets manager as a plain text file and I let external secret operator create
a secret that by construction is base64 encoded and matches the format
indicated by the documentation:
```
# If you are using an ssh clone url, you can load
# the ssh private key to a k8s secret like the one below
# ---
# apiVersion: v1
# kind: Secret
# metadata:
# name: airflow-ssh-secret
# data:
# # key needs to be gitSshKey
# gitSshKey: <base64_encoded_data>
```
However I receive the error:
> "msg"="too many failures, aborting" "error"="Run(git clone -v
--no-checkout -b main --depth 1 [email protected]:my-org/dag-repository.git
/git): exit status 128: { stdout: "", stderr: "Cloning into '/git'...\nWarning:
Permanently added 'github.com,20.X.X.X.X' (ECDSA) to the list of known
hosts.\r\nLoad key \"/etc/git-secret/ssh\": invalid format\r\[email protected]:
Permission denied (publickey).\r\nfatal: Could not read from remote
repository.\n\nPlease make sure you have the correct access rights\nand the
repository exists." }" "failCount"=1
I have create d a debug pod with the secret mounted as it is on the
airflow-worker pod and the pem file looks fine for me:
cat /etc/git-secret/ssh
```
-----BEGIN OPENSSH PRIVATE KEY-----
-----END OPENSSH PRIVATE KEY-----
```
### What you think should happen instead
_No response_
### How to reproduce
Deploy Airflow on kubernetes 1.30 and deploy the 1.10 airflow helm chart
trying to connect using a deploy ssh key to the dag folder.
### Anything else
_No response_
### Are you willing to submit PR?
- [ ] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
