The User-Community Airflow Helm Chart is the standard way to deploy Apache Airflow on Kubernetes with Helm. Originally created in 2017, it has since helped thousands of companies create production-ready deployments of Airflow on Kubernetes.
This PR changes the way we generate self-signed certificates for PgBouncer, so that we no longer uses the helm genSelfSignedCert function, which was causing the manifests to show as perpetually "out of sync" in systems like ArgoCD (as each time this function runs, it generates a unique certificate).
We now use our script /home/pgbouncer/config/gen_self_signed_cert.sh which runs on startup and generates a self-signed SSL certificate using the openssl command line (if the user does not provide their own "existingSecret" for the client certificates).
What issues does your PR fix?
What does your PR do?
This PR changes the way we generate self-signed certificates for PgBouncer, so that we no longer uses the helm
genSelfSignedCertfunction, which was causing the manifests to show as perpetually "out of sync" in systems like ArgoCD (as each time this function runs, it generates a unique certificate).We now use our script
/home/pgbouncer/config/gen_self_signed_cert.shwhich runs on startup and generates a self-signed SSL certificate using theopensslcommand line (if the user does not provide their own "existingSecret" for the client certificates).This PR also updates the default PgBouncer image to
ghcr.io/airflow-helm/pgbouncer:1.18.0-patch.1as this was the first version in which we included theopensslCLI.Checklist
For all Pull Requests