Rested opened a new issue #8275: Environment variable ordering for refrencing secrets with KubernetesPodOperator URL: https://github.com/apache/airflow/issues/8275 <!-- Welcome to Apache Airflow! For a smooth issue process, try to answer the following questions. Don't worry if they're not all applicable; just try to include what you can :-) If you need to include code snippets or logs, please put them in fenced code blocks. If they're super-long, please use the details tag like <details><summary>super-long log</summary> lots of stuff </details> Please delete these comment blocks before submitting the issue. --> <!-- IMPORTANT!!! Please complete the next sections or the issue will be closed. This questions are the first thing we need to know to understand the context. --> **Apache Airflow version**: 1.10.9 **Kubernetes version (if you are using kubernetes)** (use `kubectl version`): 1.16.6 **Environment**: - **Cloud provider or hardware configuration**: - **OS** (e.g. from /etc/os-release): Debian GNU/Linux - **Kernel** (e.g. `uname -a`): Linux 4.19.0-0.bpo.6-amd64 #1 SMP Debian 4.19.67-2+deb10u2~bpo9+1 (2019-11-12) x86_64 Linux - **Install tools**: - **Others**: **What happened**: When `env_vars` and `secrets` is set on a `KubernetesPodOperator` the resulting pod will always have the secrets after the environment variables. This makes it impossible to use [variable refrences](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#envvar-v1-core) from secrets based env vars to regular env vars. **What you expected to happen**: <!-- What do you think went wrong? --> **How to reproduce it**: <!--- As minimally and precisely as possible. Keep in mind we do not have access to your cluster or dags. If you are using kubernetes, please attempt to recreate the issue using minikube or kind. ## Install minikube/kind - Minikube https://minikube.sigs.k8s.io/docs/start/ - Kind https://kind.sigs.k8s.io/docs/user/quick-start/ If this is a UI bug, please provide a screenshot of the bug or a link to a youtube video of the bug in action You can include images using the .md sytle of  To record a screencast, mac users can use QuickTime and then create an unlisted youtube video with the resulting .mov file. ---> **Anything else we need to know**: The fix is fairly simple - change this: ```python for k in pod.envs.keys(): env.append({'name': k, 'value': pod.envs[k]}) for secret in envs_from_key_secrets: KubernetesRequestFactory.add_secret_to_env(env, secret) ``` To this ```python for secret in envs_from_key_secrets: KubernetesRequestFactory.add_secret_to_env(env, secret) for k in pod.envs.keys(): env.append({'name': k, 'value': pod.envs[k]}) ``` here https://github.com/apache/airflow/blob/96697180d79bfc90f6964a8e99f9dd441789177c/airflow/contrib/kubernetes/kubernetes_request_factory/kubernetes_request_factory.py#L159 However I am aware that this has been changed in `airflow 2` which afaict avoids this issue by specifying allowing the user to specify a list of `k8s.V1EnvVar`s which can be secrets or regular env vars with user specified ordering https://github.com/dimberman/airflow/blob/6018532d21796e04fdf47a77f36ae8308cc928ba/airflow/kubernetes/pod_generator.py#L203 <!-- How often does this problem occur? Once? Every time etc? Any relevant logs to include? Put them here in side a detail tag: <details><summary>x.log</summary> lots of stuff </details> -->
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
