We using apacheairflow but we want use ldap authentication as I saw config file want AUTH_LDAP_BIND_PASSWORD = "**********" we can not write password like this. because this method unsecure. how to hide ldap bind password on this line , we dont any idea for this maybe somebody help me ?
This approach generally goes via pipeline or a bash script and what we do is
You can export your password in a script from a file like
export LDAP_PASSWORD=$(cat ./ldappassword)
Now you can write the webserver_config in values.yaml.j2 as
webserver:
webserverConfig: |
#... the other values
AUTH_LDAP_BIND_PASSWORD = "{{ LDAP_PASSWORD }}"
Please Note. This requires j2cli to be installed and the extension of values.yaml file is .j2
Now you can replace these templates by calling
j2 ./values.yaml.j2 > ./values.yaml
This command replaces templates under **{{ variables }}** by the respective env variables.
After this command you can install airflow by
helm upgrade --install $RELEASE_NAME apache/airflow -n $NAMESPACE -f values.yaml
and then remove the templated values.yaml.