thesuperzapper commented on a change in pull request #8777:
URL: https://github.com/apache/airflow/pull/8777#discussion_r430115441
##########
File path: chart/templates/secrets/result-backend-connection-secret.yaml
##########
@@ -0,0 +1,20 @@
+################################
+## Airflow Result Backend Secret
+#################################
+{{- if (and .Values.data.resultBackendConnection (not
.Values.data.resultBackendSecretName)) }}
+{{- $host := .Values.data.resultBackendConnection.host | default (printf
"%s-%s" .Release.Name "postgresql") }}
+kind: Secret
+apiVersion: v1
+metadata:
+ name: {{ .Release.Name }}-airflow-result-backend
+ labels:
+ release: {{ .Release.Name }}
+ chart: {{ .Chart.Name }}
+ heritage: {{ .Release.Service }}
+{{- with .Values.labels }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+type: Opaque
+data:
+ connection: {{ (printf "db+postgresql://%s:%s@%s:%s/%s?sslmode=%s"
.Values.data.resultBackendConnection.user
.Values.data.resultBackendConnection.pass (ternary (printf "%s-%s"
.Release.Name "pgbouncer") $host .Values.pgbouncer.enabled) ((ternary
.Values.ports.pgbouncer .Values.data.resultBackendConnection.port
.Values.pgbouncer.enabled) | toString) (ternary (printf "%s-%s" .Release.Name
"result-backend") .Values.data.resultBackendConnection.db
.Values.pgbouncer.enabled) .Values.data.resultBackendConnection.sslmode) |
b64enc | quote }}
Review comment:
Is this really the best approach (creating the secret in the chart), as
it will cause users to store their DB passwords inside their `values.yaml` in
plain text. In the `stable/airflow` chart, we allow users to create a secret
which just contains the password, and then combine them as the pods start.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
