JKrehling opened a new issue, #44164:
URL: https://github.com/apache/airflow/issues/44164
### Apache Airflow version
main (development)
### If "Other Airflow 2 version" selected, which one?
_No response_
### What happened?
Problem:
I was trying to use airflow as a child chart and noticed I couldn't upgrade
my existing chart because the fernet secret would not get created.
templates/configmaps/extra-configmaps.yaml: {{- $_ := set $annotations
"helm.sh/hook" "pre-install,pre-upgrade" }}
templates/secrets/extra-secrets.yaml: {{- $_ := set $annotations
"helm.sh/hook" "pre-install,pre-upgrade" }}
templates/secrets/fernetkey-secret.yaml: "helm.sh/hook": "pre-install"
templates/secrets/redis-secrets.yaml:# relying on the "pre-install" hack to
prevent changing randomly generated passwords,
templates/secrets/redis-secrets.yaml: "helm.sh/hook": "pre-install"
templates/secrets/redis-secrets.yaml: "helm.sh/hook": "pre-install"
There are a couple references to secrets, fernet and redis secret that are
using the pre-install hook to avoid them changing during helm upgrade
I think this could be done with a lookup function instead
`apiVersion: v1
kind: Secret
metadata:
name: my-secret
labels:
type: Opaque
data:
{{- $previousSecret := lookup "v1" "Secret" .Release.Namespace "my-secret"
}}
{{- if $previousSecret }}
"mysecret": {{ $previousSecret.data.mysecret }}
{{- else if .Values.mySecret }}
"mysecret": {{ .Values.mySecret | b64enc | quote }}
{{- else }}
"mysecret": {{ randAlphaNum 32 | b64enc | quote }}
{{- end }}`
Because it seems that this pre-install hook was done more as a workaround
than anything.
### What you think should happen instead?
I think fernet secret should get created on helm upgrade if it does not
exist.
### How to reproduce
Try using airflow as a child chart that already has a deployed release.
### Operating System
Fedora 40
### Versions of Apache Airflow Providers
_No response_
### Deployment
Official Apache Airflow Helm Chart
### Deployment details
_No response_
### Anything else?
_No response_
### Are you willing to submit PR?
- [X] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]