Copilot commented on code in PR #64559:
URL: https://github.com/apache/airflow/pull/64559#discussion_r3025328028
##########
chart/values.yaml:
##########
@@ -3676,9 +3804,8 @@ config:
standalone_dag_processor: '{{ ternary "True" "False" (or (semverCompare
">=3.0.0" .Values.airflowVersion) (.Values.dagProcessor.enabled | default
false)) }}'
dag_processor:
# Dag bundle configuration list in JSON string format.
- # This is automatically generated from
.Values.dagProcessor.dagBundleConfigList using the dag_bundle_config_list
helper function.
- # Deprecated: Direct override via
config.dag_processor.dag_bundle_config_list is deprecated.
- # Use dagProcessor.dagBundleConfigList instead.
+ # This is automatically generated from
`.Values.dagProcessor.dagBundleConfigList` using the `dag_bundle_config_list`
helper function.
+ # Direct override is only possible via `dagProcessor.dagBundleConfigList`
configuration
Review Comment:
The comment says direct override is only possible via
`dagProcessor.dagBundleConfigList`, but
`config.dag_processor.dag_bundle_config_list` can still be overridden directly
in user-supplied values (since `config` is rendered into airflow.cfg). Please
adjust the wording to avoid misleading users (e.g., describe it as generated by
default and recommend using `dagProcessor.dagBundleConfigList`).
```suggestion
# This value is generated by default from
`.Values.dagProcessor.dagBundleConfigList` using the `dag_bundle_config_list`
helper function.
# It is recommended to configure this via
`dagProcessor.dagBundleConfigList` rather than overriding
`config.dag_processor.dag_bundle_config_list` directly.
```
##########
chart/values.yaml:
##########
@@ -547,104 +534,105 @@ data:
# port: 5432
# db: postgres
# sslmode: disable
- # Note: brokerUrl can only be set during install, not upgrade
+
+ # Add custom annotations to the result backend connection secret
+ resultBackendConnectionSecretAnnotations: {}
+
+ # Note: `brokerUrl` can only be set during 'helm install', not 'helm
upgrade' command
brokerUrl: ~
+
# Add custom annotations to the broker url secret
brokerUrlSecretAnnotations: {}
# Fernet key settings
-# Note: fernetKey can only be set during install, not upgrade
+# Note: `fernetKey` can only be set during 'helm install', not 'helm upgrade'
command
fernetKey: ~
-# If set, the secret must contain a key ``fernet-key`` with a base64-encoded
-# Fernet key value. Example secret:
-#
-# kind: Secret
-# apiVersion: v1
-# metadata:
-# name: custom-fernet-key-secret
-# type: Opaque
-# data:
-# fernet-key: <base64_encoded_fernet_key>
-#
+
+# If set, the secret must contain a 'fernet-key' key with a base64-encoded key
value
fernetKeySecretName: ~
+# Fernet key secret example:
+# kind: Secret
+# apiVersion: v1
+# metadata:
+# name: custom-fernet-key-secret
+# type: Opaque
+# data:
+# fernet-key: <base64_encoded_fernet_key>
+
# Add custom annotations to the fernet key secret
fernetKeySecretAnnotations: {}
-# Flask secret key for Airflow 3+ Api: `[api] secret_key` in airflow.cfg
+# Flask secret key for Airflow 3+ Api: '[api] secret_key' in airflow.cfg
apiSecretKey: ~
+
# Add custom annotations to the api secret
apiSecretAnnotations: {}
-# If set, the secret must contain a key ``api-secret-key`` with a
base64-encoded
-# API secret key value. Example secret:
-#
-# kind: Secret
-# apiVersion: v1
-# metadata:
-# name: custom-api-secret
-# type: Opaque
-# data:
-# api-secret-key: <base64_encoded_api_secret_key>
-#
+
+# If set, the secret must contain a key 'api-secret-key' with a base64-encoded
key value
apiSecretKeySecretName: ~
+# API secret key example:
+# kind: Secret
+# apiVersion: v1
+# metadata:
+# name: custom-api-secret
+# type: Opaque
+# data:
+# api-secret-key: <base64_encoded_api_secret_key>
-# Secret key used to encode and decode JWTs: `[api_auth] jwt_secret` in
airflow.cfg
+# Secret key used to encode and decode JWTs: '[api_auth] jwt_secret' in
airflow.cfg
jwtSecret: ~
+
# Add custom annotations to the JWT secret
jwtSecretAnnotations: {}
-# If set, the secret must contain a key ``jwt-secret`` with a base64-encoded
-# JWT secret value. Example secret:
-#
-# kind: Secret
-# apiVersion: v1
-# metadata:
-# name: custom-jwt-secret
-# type: Opaque
-# data:
-# jwt-secret: <base64_encoded_jwt_secret>
-#
+
+# If set, the secret must contain a key 'jwt-secret' with a base64-encoded key
value
jwtSecretName: ~
+# JWT secret example:
+# kind: Secret
+# apiVersion: v1
+# metadata:
+# name: custom-jwt-secret
+# type: Opaque
+# data:
+# jwt-secret: <base64_encoded_jwt_secret>
-# Flask secret key for Airflow <3 Webserver: `[webserver] secret_key` in
airflow.cfg
+# Flask secret key for Airflow <3 Webserver: '[webserver] secret_key' in
airflow.cfg
+# (deprecated, use `apiSecretKey` instead (Airflow 3+))
webserverSecretKey: ~
+
# Add custom annotations to the webserver secret
+# (deprecated, use `apiSecretAnnotations` instead (Airflow 3+))
webserverSecretAnnotations: {}
-# Deprecated in favor of apiSecretKeySecretName (Airflow 3+).
-# If set, the secret must contain a key ``webserver-secret-key`` with a
-# base64-encoded secret key value. Example secret:
-#
-# kind: Secret
-# apiVersion: v1
-# metadata:
-# name: custom-webserver-secret
-# type: Opaque
-# data:
-# webserver-secret-key: <base64_encoded_secret_key>
-#
+
+# If set, the secret must contain a key 'webserver-secret-key' with a
base64-encoded key value
+# (deprecated, use `apiSecretKeySecretName` instead (Airflow 3+))
webserverSecretKeySecretName: ~
+# Webserver secret key secret example:
+# kind: Secret
+# apiVersion: v1
+# metadata:
+# name: custom-webserver-secret
+# type: Opaque
+# data:
+# webserver-secret-key: <base64_encoded_secret_key>
-# In order to use kerberos you need to create secret containing the keytab file
+# In order to use kerberos you need to create secret containing the keytab
file.
# The secret name should follow naming convention of the application where
resources are
-# name {{ .Release-name }}-<POSTFIX>. In case of the keytab file, the postfix
is "kerberos-keytab"
-# So if your release is named "my-release" the name of the secret should be
"my-release-kerberos-keytab"
+# name '{{ .Release-name }}-<postfix>'. In case of the keytab file, the
'<postfix>' is "kerberos-keytab".
+# If your release is named "my-release" the name of the secret should be
"my-release-kerberos-keytab".
#
# The Keytab content should be available in the "kerberos.keytab" key of the
secret.
-#
# apiVersion: v1
# kind: Secret
# data:
# kerberos.keytab: <base64_encoded keytab file content>
# type: Opaque
#
-#
-# If you have such keytab file you can do it with similar
-#
-# kubectl create secret generic {{ .Release.name }}-kerberos-keytab
--from-file=kerberos.keytab
-#
+# If you have keytab file you can do it with similar:
+# kubectl create secret generic {{ .Release.name }}-kerberos-keytab
--from-file=kerberos.keytab
Review Comment:
This example uses `.Release.name`, which is not a valid Helm template field
(Helm uses `.Release.Name`). As written, users copy/pasting this will get
template rendering errors.
##########
chart/values.yaml:
##########
@@ -547,104 +534,105 @@ data:
# port: 5432
# db: postgres
# sslmode: disable
- # Note: brokerUrl can only be set during install, not upgrade
+
+ # Add custom annotations to the result backend connection secret
+ resultBackendConnectionSecretAnnotations: {}
+
+ # Note: `brokerUrl` can only be set during 'helm install', not 'helm
upgrade' command
brokerUrl: ~
+
# Add custom annotations to the broker url secret
brokerUrlSecretAnnotations: {}
# Fernet key settings
-# Note: fernetKey can only be set during install, not upgrade
+# Note: `fernetKey` can only be set during 'helm install', not 'helm upgrade'
command
fernetKey: ~
-# If set, the secret must contain a key ``fernet-key`` with a base64-encoded
-# Fernet key value. Example secret:
-#
-# kind: Secret
-# apiVersion: v1
-# metadata:
-# name: custom-fernet-key-secret
-# type: Opaque
-# data:
-# fernet-key: <base64_encoded_fernet_key>
-#
+
+# If set, the secret must contain a 'fernet-key' key with a base64-encoded key
value
fernetKeySecretName: ~
+# Fernet key secret example:
+# kind: Secret
+# apiVersion: v1
+# metadata:
+# name: custom-fernet-key-secret
+# type: Opaque
+# data:
+# fernet-key: <base64_encoded_fernet_key>
+
# Add custom annotations to the fernet key secret
fernetKeySecretAnnotations: {}
-# Flask secret key for Airflow 3+ Api: `[api] secret_key` in airflow.cfg
+# Flask secret key for Airflow 3+ Api: '[api] secret_key' in airflow.cfg
apiSecretKey: ~
+
# Add custom annotations to the api secret
apiSecretAnnotations: {}
-# If set, the secret must contain a key ``api-secret-key`` with a
base64-encoded
-# API secret key value. Example secret:
-#
-# kind: Secret
-# apiVersion: v1
-# metadata:
-# name: custom-api-secret
-# type: Opaque
-# data:
-# api-secret-key: <base64_encoded_api_secret_key>
-#
+
+# If set, the secret must contain a key 'api-secret-key' with a base64-encoded
key value
apiSecretKeySecretName: ~
+# API secret key example:
+# kind: Secret
+# apiVersion: v1
+# metadata:
+# name: custom-api-secret
+# type: Opaque
+# data:
+# api-secret-key: <base64_encoded_api_secret_key>
-# Secret key used to encode and decode JWTs: `[api_auth] jwt_secret` in
airflow.cfg
+# Secret key used to encode and decode JWTs: '[api_auth] jwt_secret' in
airflow.cfg
jwtSecret: ~
+
# Add custom annotations to the JWT secret
jwtSecretAnnotations: {}
-# If set, the secret must contain a key ``jwt-secret`` with a base64-encoded
-# JWT secret value. Example secret:
-#
-# kind: Secret
-# apiVersion: v1
-# metadata:
-# name: custom-jwt-secret
-# type: Opaque
-# data:
-# jwt-secret: <base64_encoded_jwt_secret>
-#
+
+# If set, the secret must contain a key 'jwt-secret' with a base64-encoded key
value
jwtSecretName: ~
+# JWT secret example:
+# kind: Secret
+# apiVersion: v1
+# metadata:
+# name: custom-jwt-secret
+# type: Opaque
+# data:
+# jwt-secret: <base64_encoded_jwt_secret>
-# Flask secret key for Airflow <3 Webserver: `[webserver] secret_key` in
airflow.cfg
+# Flask secret key for Airflow <3 Webserver: '[webserver] secret_key' in
airflow.cfg
+# (deprecated, use `apiSecretKey` instead (Airflow 3+))
webserverSecretKey: ~
+
# Add custom annotations to the webserver secret
+# (deprecated, use `apiSecretAnnotations` instead (Airflow 3+))
webserverSecretAnnotations: {}
-# Deprecated in favor of apiSecretKeySecretName (Airflow 3+).
-# If set, the secret must contain a key ``webserver-secret-key`` with a
-# base64-encoded secret key value. Example secret:
-#
-# kind: Secret
-# apiVersion: v1
-# metadata:
-# name: custom-webserver-secret
-# type: Opaque
-# data:
-# webserver-secret-key: <base64_encoded_secret_key>
-#
+
+# If set, the secret must contain a key 'webserver-secret-key' with a
base64-encoded key value
+# (deprecated, use `apiSecretKeySecretName` instead (Airflow 3+))
webserverSecretKeySecretName: ~
+# Webserver secret key secret example:
+# kind: Secret
+# apiVersion: v1
+# metadata:
+# name: custom-webserver-secret
+# type: Opaque
+# data:
+# webserver-secret-key: <base64_encoded_secret_key>
-# In order to use kerberos you need to create secret containing the keytab file
+# In order to use kerberos you need to create secret containing the keytab
file.
# The secret name should follow naming convention of the application where
resources are
-# name {{ .Release-name }}-<POSTFIX>. In case of the keytab file, the postfix
is "kerberos-keytab"
-# So if your release is named "my-release" the name of the secret should be
"my-release-kerberos-keytab"
+# name '{{ .Release-name }}-<postfix>'. In case of the keytab file, the
'<postfix>' is "kerberos-keytab".
Review Comment:
The Helm template reference in this example is invalid: `.Release-name` is
not a valid field. This should use `.Release.Name` (and keep naming consistent
with other chart examples).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
