ashb commented on a change in pull request #8777: URL: https://github.com/apache/airflow/pull/8777#discussion_r436184591
########## File path: chart/values.yaml ########## @@ -0,0 +1,434 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Default values for airflow. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# User and group of airflow user +uid: 100 +gid: 101 + +# Select certain nodes for airflow pods. +nodeSelector: {} +affinity: {} +tolerations: [] + +# Add common labels to all objects and pods defined in this chart. +labels: {} + +# Network policy configuration +networkPolicies: + # Enabled network policies + enabled: false + +# Airflow home directory +# Used for mount paths +airflowHome: "/usr/local/airflow" + +# Extra annotations to apply to all +# Airflow pods +airflowPodAnnotations: {} + +# Enable RBAC (default on most clusters these days) +rbacEnabled: true + +# Airflow executor +# Options: SequentialExecutor, LocalExecutor, CeleryExecutor, KubernetesExecutor +executor: "KubernetesExecutor" + +# If this is true and using LocalExecutor/SequentialExecutor/KubernetesExecutor, the scheudler's +# service account will have access to communicate with the api-server and launch pods. +# If this is true and using the CeleryExecutor, the workers will be able to launch pods. +allowPodLaunching: true + +# Default airflow repository +defaultAirflowRepository: astronomerinc/ap-airflow + +# Default airflow tag to deploy +defaultAirflowTag: 1.10.10-buster + +# Images +images: + airflow: + repository: astronomerinc/ap-airflow + tag: ~ + pullPolicy: IfNotPresent + flower: + repository: astronomerinc/ap-airflow + tag: ~ + pullPolicy: IfNotPresent + statsd: + repository: astronomerinc/ap-statsd-exporter + tag: 0.11.0 + pullPolicy: IfNotPresent + redis: + repository: astronomerinc/ap-redis + tag: 0.11.0 + pullPolicy: IfNotPresent + pgbouncer: + repository: astronomerinc/ap-pgbouncer + tag: 0.11.0 + pullPolicy: IfNotPresent + pgbouncerExporter: + repository: astronomerinc/ap-pgbouncer-exporter Review comment: I have left this as astronomerinc images as the "canonical" image hasn't been updated in months and has security vulnerabilities: ``` jbub/pgbouncer_exporter:v0.5.0 (alpine 3.7.0) ============================================= Total: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 1, HIGH: 0, CRITICAL: 0) +----------+------------------+----------+-------------------+---------------+--------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +----------+------------------+----------+-------------------+---------------+--------------------------------+ | libressl | CVE-2018-0732 | MEDIUM | 2.6.3-r0 | 2.6.5-r0 | openssl: Malicious server can | | | | | | | send large prime to client | | | | | | | during DH(E) TLS... | + +------------------+----------+ + +--------------------------------+ | | CVE-2018-0495 | LOW | | | ROHNP: Key Extraction Side | | | | | | | Channel in Multiple Crypto | | | | | | | Libraries | +----------+------------------+----------+-------------------+---------------+--------------------------------+ ``` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
