I'm trying to deploy Airflow using the official helm chart. I want to pass the user and password of the web server using a Kubernetes secret.
I've created the secrets using:
kubectl create secret generic webserverpw --from-literal=password=123456
kubectl create secret generic webserverus --from-literal=user=test
Then I changed the secret section on the values.yaml from the official helm to:
# Secrets for all airflow containers
secret:
# - envName: ""
# secretName: ""
# secretKey: ""
- envName: "WS_USER"
secretName: "webserverus"
secretKey: "user"
- envName: "WS_PW"
secretName: "webserverpw"
secretKey: "password"
Then, I referenced the envs on the defaultUser section of the values.yaml
defaultUser:
enabled: true
role: Admin
username: $(WS_USER)
email: [email protected]
firstName: User
lastName: Test
password: $(WS_PW)
Although, when I try to deploy the Helm using ArgoCD the pod create-user throws an error:
Warning BackOff 35s (x7 over 2m28s) kubelet Back-off restarting failed container
When I use k describe pod create-user I noticed that the env variables are not passed to the script (the script is in values.yaml):
bash
-c
exec \
airflow users create "$@"
--
-r
Admin
-u
$(WS_USER)
-e
[email protected]
-f
User
-l
Test
-p
$(WS_PW)
So, my doubt is: How can I use the custom secret variable inside values.yml?
So I do not believe can do what you show in the defaultUser key by passing $(WS_USER). Based on your values alone, I have to assume you are mounting those secrets as ENV variables in the pod. By passing in $() type values to values.yaml they are merely interpreted as strings. In your pod entrypoint script, rather than referencing $username just use $WS_USER. This assumes you're mounting those secrets to the pod as your values.yaml might suggest.