arjav1528 opened a new pull request, #60111: URL: https://github.com/apache/airflow/pull/60111
Root Cause The JWT secret checksum annotation was missing from both deployment templates. Other secrets (metadata-secret, pgbouncer-config-secret, etc.) had checksum annotations that trigger pod restarts when secrets change, but the JWT secret did not. When Helm values change: The API server redeploys (due to other checksum changes) and picks up the new JWT secret The scheduler doesn't redeploy (no JWT secret checksum) and continues using the old secret Tokens generated by the scheduler fail validation at the API server Solution Added checksum/jwt-secret annotations to both: chart/templates/api-server/api-server-deployment.yaml chart/templates/scheduler/scheduler-deployment.yaml This ensures both components redeploy together when the JWT secret changes, keeping them synchronized. Changes Added JWT secret checksum annotation to API server deployment template Added JWT secret checksum annotation to scheduler deployment template Conditional logic matches the JWT secret template (only for Airflow 3.0+ when API server is enabled and chart manages the secret) closes: #60040 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
