Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Helm Chart] Redis and Fernet Secret using pre-install hooks instead of lookup functions #44164

Open
2 tasks done
JKrehling opened this issue Nov 18, 2024 · 1 comment
Open
2 tasks done

[Helm Chart] Redis and Fernet Secret using pre-install hooks instead of lookup functions #44164

JKrehling opened this issue Nov 18, 2024 · 1 comment
Assignees
@JKrehling
Labels
area:core area:helm-chart Airflow Helm Chart kind:bug This is a clearly a bug

Comments

@JKrehling
Copy link
Contributor

JKrehling commented Nov 18, 2024
edited
Loading

Apache Airflow version

main (development)

If "Other Airflow 2 version" selected, which one?

No response

What happened?

Problem:

I was trying to use airflow as a child chart and noticed I couldn't upgrade my existing chart because the fernet secret would not get created.

templates/configmaps/extra-configmaps.yaml: {{- $_ := set $annotations "helm.sh/hook" "pre-install,pre-upgrade" }}
templates/secrets/extra-secrets.yaml: {{- $_ := set $annotations "helm.sh/hook" "pre-install,pre-upgrade" }}
templates/secrets/fernetkey-secret.yaml: "helm.sh/hook": "pre-install"
templates/secrets/redis-secrets.yaml:# relying on the "pre-install" hack to prevent changing randomly generated passwords,
templates/secrets/redis-secrets.yaml: "helm.sh/hook": "pre-install"
templates/secrets/redis-secrets.yaml: "helm.sh/hook": "pre-install"

There are a couple references to secrets, fernet and redis secret that are using the pre-install hook to avoid them changing during helm upgrade

I think this could be done with a lookup function instead

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
  labels:
type: Opaque
data:
  {{- $previousSecret := lookup "v1" "Secret" .Release.Namespace "my-secret" }}
  {{- if $previousSecret }}
  "mysecret": {{  $previousSecret.data.mysecret }}
  {{- else if .Values.mySecret }}
  "mysecret": {{ .Values.mySecret | b64enc | quote }}
  {{- else }}
  "mysecret": {{ randAlphaNum 32 | b64enc | quote }}
  {{- end }}

Because it seems that this pre-install hook was done more as a workaround than anything.

What you think should happen instead?

I think fernet secret should get created on helm upgrade if it does not exist.

How to reproduce

Try using airflow as a child chart that already has a deployed release.

Operating System

Fedora 40

Versions of Apache Airflow Providers

No response

Deployment

Official Apache Airflow Helm Chart

Deployment details

No response

Anything else?

No response

Are you willing to submit PR?

  • Yes I am willing to submit a PR!

Code of Conduct
@JKrehling JKrehling added area:core kind:bug This is a clearly a bug needs-triage label for new issues that we didn't triage yet labels Nov 18, 2024
@boring-cyborg boring-cyborg
Copy link

boring-cyborg bot commented Nov 18, 2024

Thanks for opening your first issue here! Be sure to follow the issue template! If you are willing to raise PR to address this issue please do so, no need to wait for approval.

@dosubot dosubot bot added the area:helm-chart Airflow Helm Chart label Nov 18, 2024
@vatsrahul1001 vatsrahul1001 removed the needs-triage label for new issues that we didn't triage yet label Nov 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JKrehling JKrehling

Labels
area:core area:helm-chart Airflow Helm Chart kind:bug This is a clearly a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JKrehling @vatsrahul1001