Support not generating secrets at all, giving an option to rely on other means to get secrets #45171
Open
2 tasks done
Labels
area:secrets
kind:feature
Feature Requests
needs-triage
label for new issues that we didn't triage yet
Comments
andrii-korotkov-verkada
added
kind:feature
2 tasks
|
A related discussion about storing encrypted secret values #45190. |
Closed
2 tasks
|
This can be mostly done by setting some placeholder values for secret names, as well as not setting env variables on pod templates. A couple of things that can't be configured this way are pgbouncer mounts and pgbouncer stats env variable for connection. I'll add a PR to address that. |
andrii-korotkov-verkada
added a commit
to andrii-korotkov-verkada/airflow
that referenced
this issue
Dec 27, 2024
closes: apache#45171 Allow to disable adding default secret mounts for pgbouncer configs as well as metrics exported database url env variable. This can be useful for cases, where the value is retrieved other way, e.g. secrets provider class. Signed-off-by: Andrii Korotkov <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Allow to skip secrets creation completely, providing a way to use other means to get the secret data (e.g. AWS secrets manager with init in
airflowLocalSettings).Use case/motivation
When using ArgoCD to manage manifests, committing secrets to the repo is undesirable due to security reasons. Also, if using AWS secrets manager to store secrets, the Kubernetes secrets won't be necessary.
Related issues
No response
Are you willing to submit a PR?
Code of Conduct
The text was updated successfully, but these errors were encountered: