NBardelot edited a comment on issue #6801: [AIRFLOW-6260] Drive _cmd config options by env var URL: https://github.com/apache/airflow/pull/6801#issuecomment-566600054 @potiuk Please consider that this patch doesn't really change fundamentally what already exists in Airflow. You can already achieve the same behaviour by providing an airflow.cfg file that has a _cmd option calling a script. You could even write the full script as a one-liner in the _cmd option. This patch only makes the process smoother and logical from the "you can override options with env vars" point of view. Plus, think of it as a way to enable convention over configuration for sensitive data in the Helm chart. One could modify the existing Helm templates and values to standardize the mount path of secrets in Airflow containers, instead of setting multiple environment variables with clear-text sensitive data in the Helm values (see the airflow.mapenvsecrets Helm value). For the moment the Helm values must be secured in some way because of those sensitive values. In a Kubernetes paradigm I think they should not be: secrets are already there for this purpose, with the platform being responsible to choose how they are stored - in a vault or whatever - because it is not really the concern of the person deploying Airflow. > seems we are killing a fly with a cannon gun (as we say in Polish) Never heard that one in Polish (half-Pole here ^^), but it translates as well in French :)
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
