HsiuChuanHsu commented on issue #53192: URL: https://github.com/apache/airflow/issues/53192#issuecomment-3217654479
I'd like to propose adding global configuration options that allow automatic inheritance of SSL-related environment variables for CA certificates across all KubernetesPodOperator instances. Would love to have some feedback from you! **1. Configuration Enhancement** Add new configuration section to `airflow.cfg` ``` [kubernetes_executor] # Comma-separated list of environment variables to inherit automatically default_inherit_env_vars = REQUESTS_CA_BUNDLE,SSL_CERT_FILE,CURL_CA_BUNDLE # Enable automatic SSL CA environment variable inheritance auto_inherit_ssl_ca = True ``` **2. KubernetesExecutor Modifications** Enhance the `execute_async`method to automatically apply global SSL configurations. https://github.com/apache/airflow/blob/cfce5734b214a5d235c9d9410fe8f54dc7e8a94b/providers/cncf/kubernetes/src/airflow/providers/cncf/kubernetes/executors/kubernetes_executor.py#L255 **3. Support KubernetesPodOperator** Handle environment variable inheritance configuration from kubernetes_executor configuration https://github.com/apache/airflow/blob/cfce5734b214a5d235c9d9410fe8f54dc7e8a94b/providers/cncf/kubernetes/src/airflow/providers/cncf/kubernetes/operators/pod.py#L121 I think once we have this global configuration, it would help us automatically inherit the CA via ENV. Let me know what you think! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
