Skip to content

document missing secret name keys #64135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
rjgoyln wants to merge 2 commits into from
Closed

document missing secret name keys #64135

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6f2fc48
document missing secret name keys
rjgoyln Mar 24, 2026
04c954a
remove confusing base64 encoding mentions in secrets
rjgoyln Mar 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 14 additions & 11 deletions chart/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -498,19 +498,14 @@ extraEnvFrom: ~

# Airflow database & redis config
data:
# If secret names are provided, use those secrets
# These secrets must be created manually, eg:
#
# kind: Secret
# apiVersion: v1
# metadata:
# name: custom-airflow-metadata-secret
# type: Opaque
# data:
# connection: base64_encoded_connection_string

# Must contain a 'connection' key (e.g., postgresql://user:pass@host:5432/db).
# Optional: 'kedaConnection'. Note: URL-encode special characters in passwords.
Comment on lines 500 to +502

@jscheffl jscheffl Mar 28, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if and why your description is now better than the example before. The example before which you now are removing had an example. Yes it was not mentioning that the connection key is needed.

I'd favor keeping the example and marking the note that key(s) are needed.

metadataSecretName: ~

# Must contain a 'connection' key. If not provided, it falls back to 'metadataSecretName'.
resultBackendSecretName: ~

# Must contain a 'connection' key (e.g., redis://:pass@host:6379/0).

@jscheffl jscheffl Mar 28, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...and also I'd not repeat it here but propose to add this to the note that the key is relevant for all options below.

brokerUrlSecretName: ~

# Otherwise pass connection values in
Expand Down Expand Up @@ -545,6 +540,10 @@ data:
# Fernet key settings
# Note: fernetKey can only be set during install, not upgrade
fernetKey: ~
# The Secret MUST contain a 'fernet-key' key.
#
# To handle rotation, provide multiple comma-separated keys in the Secret.
# New values are encrypted with the first key; decryption is attempted with all keys.
fernetKeySecretName: ~
# Add custom annotations to the fernet key secret
fernetKeySecretAnnotations: {}
Expand All @@ -553,18 +552,21 @@ fernetKeySecretAnnotations: {}
apiSecretKey: ~
# Add custom annotations to the api secret
apiSecretAnnotations: {}
# Must contain an 'api-secret-key' key (suggested: random 32-char string).
apiSecretKeySecretName: ~

# Secret key used to encode and decode JWTs: `[api_auth] jwt_secret` in airflow.cfg
jwtSecret: ~
# Add custom annotations to the JWT secret
jwtSecretAnnotations: {}
# Must contain a 'jwt-secret' key (suggested: random 32-char string).
jwtSecretName: ~

# Flask secret key for Airflow <3 Webserver: `[webserver] secret_key` in airflow.cfg
webserverSecretKey: ~
# Add custom annotations to the webserver secret
webserverSecretAnnotations: {}
# Must contain a 'webserver-secret-key' key (suggested: random 32-char string).
webserverSecretKeySecretName: ~

# In order to use kerberos you need to create secret containing the keytab file
Expand Down Expand Up @@ -2777,6 +2779,7 @@ flower:
annotations: {}

# A secret containing the connection
# The Secret MUST contain a 'basicAuth' key (formatted as 'username:password')
secretName: ~
# Add custom annotations to the flower secret
secretAnnotations: {}
Expand Down
Loading