airflow-helm / charts

The User-Community Airflow Helm Chart is the standard way to deploy Apache Airflow on Kubernetes with Helm. Originally created in 2017, it has since helped thousands of companies create production-ready deployments of Airflow on Kubernetes.
https://github.com/airflow-helm/charts/tree/main/charts/airflow
Apache License 2.0
665 stars 476 forks source link

feat: generate self-signed pgbouncer certs with script #718

Closed thesuperzapper closed 1 year ago

thesuperzapper commented 1 year ago

What issues does your PR fix?

What does your PR do?

This PR changes the way we generate self-signed certificates for PgBouncer, so that we no longer uses the helm genSelfSignedCert function, which was causing the manifests to show as perpetually "out of sync" in systems like ArgoCD (as each time this function runs, it generates a unique certificate).

We now use our script /home/pgbouncer/config/gen_self_signed_cert.sh which runs on startup and generates a self-signed SSL certificate using the openssl command line (if the user does not provide their own "existingSecret" for the client certificates).

This PR also updates the default PgBouncer image to ghcr.io/airflow-helm/pgbouncer:1.18.0-patch.1 as this was the first version in which we included the openssl CLI.

Checklist

For all Pull Requests