airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [airflow] NBardelot edited a comment on issue #6801: [AIRFLOW-6260] Drive _cmd config options by env var
Date Tue, 17 Dec 2019 15:51:18 GMT
NBardelot edited a comment on issue #6801: [AIRFLOW-6260] Drive _cmd config options by env
var
URL: https://github.com/apache/airflow/pull/6801#issuecomment-566600054
 
 
   @potiuk
   
   Please consider that this patch doesn't really change fundamentally what already exists
in Airflow. You can already achieve the same behaviour by providing an airflow.cfg file that
has a _cmd option calling a script. You could even write the full script as a one-liner in
the _cmd option. This patch only makes the process smoother and logical from the "you can
override options with env vars" point of view.
   
   Plus, think of it as a way to enable convention over configuration for sensitive data in
the Helm chart. One could modify the existing Helm templates and values to standardize the
mount path of secrets in Airflow containers, instead of setting multiple environment variables
with clear-text sensitive data in the Helm values (see the airflow.mapenvsecrets Helm value
in the [stable Helm Airflow chart](https://github.com/helm/charts/tree/master/stable/airflow)
). 
   
   For the moment the Helm values must be secured in some way because of those sensitive values.
In a Kubernetes paradigm I think they should not even be a need for this: secrets are already
there for this purpose, with the platform being responsible to choose how they are stored
- in a vault or whatever - because it is not really the concern of the person deploying Airflow.

   
   > seems we are killing a fly with a cannon gun (as we say in Polish)
   Never heard that one in Polish (half-Pole here ^^), but it translates as well in French
:)

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message