[I] [Helm Chart] Redis and Fernet Secret using pre-install hooks instead of lookup functions [airflow]

Mon, 18 Nov 2024 16:48:09 -0800 


JKrehling opened a new issue, #44164:
URL: https://github.com/apache/airflow/issues/44164

   ### Apache Airflow version
   
   main (development)
   
   ### If "Other Airflow 2 version" selected, which one?
   
   _No response_
   
   ### What happened?
   
   Problem: 
   
   I was trying to use airflow as a child chart and noticed I couldn't upgrade 
my existing chart because the fernet secret would not get created. 
   
   templates/configmaps/extra-configmaps.yaml:    {{- $_ := set $annotations 
"helm.sh/hook" "pre-install,pre-upgrade" }}
   templates/secrets/extra-secrets.yaml:    {{- $_ := set $annotations 
"helm.sh/hook" "pre-install,pre-upgrade" }}
   templates/secrets/fernetkey-secret.yaml:    "helm.sh/hook": "pre-install"
   templates/secrets/redis-secrets.yaml:# relying on the "pre-install" hack to 
prevent changing randomly generated passwords,
   templates/secrets/redis-secrets.yaml:    "helm.sh/hook": "pre-install"
   templates/secrets/redis-secrets.yaml:    "helm.sh/hook": "pre-install"
   
   There are a couple references to secrets, fernet and redis secret that are 
using the pre-install hook to avoid them changing during helm upgrade 
   
   I think this could be done with a lookup function instead 
   
   `apiVersion: v1
   kind: Secret
   metadata:
     name: my-secret
     labels:
   type: Opaque
   data:
     {{- $previousSecret := lookup "v1" "Secret" .Release.Namespace "my-secret" 
}}
     {{- if $previousSecret }}
     "mysecret": {{  $previousSecret.data.mysecret }}
     {{- else if .Values.mySecret }}
     "mysecret": {{ .Values.mySecret | b64enc | quote }}
     {{- else }}
     "mysecret": {{ randAlphaNum 32 | b64enc | quote }}
     {{- end }}`
   
   Because it seems that this pre-install hook was done more as a workaround 
than anything.  
   
   
   
   ### What you think should happen instead?
   
   I think fernet secret should get created on helm upgrade if it does not 
exist.  
   
   ### How to reproduce
   
   Try using airflow as a child chart that already has a deployed release. 
   
   ### Operating System
   
   Fedora 40
   
   ### Versions of Apache Airflow Providers
   
   _No response_
   
   ### Deployment
   
   Official Apache Airflow Helm Chart
   
   ### Deployment details
   
   _No response_
   
   ### Anything else?
   
   _No response_
   
   ### Are you willing to submit PR?
   
   - [X] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of 
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to