The User-Community Airflow Helm Chart is the standard way to deploy Apache Airflow on Kubernetes with Helm. Originally created in 2017, it has since helped thousands of companies create production-ready deployments of Airflow on Kubernetes.
This PR changes the way we generate self-signed certificates for PgBouncer, so that we no longer uses the helm genSelfSignedCert function, which was causing the manifests to show as perpetually "out of sync" in systems like ArgoCD (as each time this function runs, it generates a unique certificate).
We now use our script /home/pgbouncer/config/gen_self_signed_cert.sh which runs on startup and generates a self-signed SSL certificate using the openssl command line (if the user does not provide their own "existingSecret" for the client certificates).
What issues does your PR fix?
What does your PR do?
This PR changes the way we generate self-signed certificates for PgBouncer, so that we no longer uses the helm
genSelfSignedCert
function, which was causing the manifests to show as perpetually "out of sync" in systems like ArgoCD (as each time this function runs, it generates a unique certificate).We now use our script
/home/pgbouncer/config/gen_self_signed_cert.sh
which runs on startup and generates a self-signed SSL certificate using theopenssl
command line (if the user does not provide their own "existingSecret" for the client certificates).This PR also updates the default PgBouncer image to
ghcr.io/airflow-helm/pgbouncer:1.18.0-patch.1
as this was the first version in which we included theopenssl
CLI.Checklist
For all Pull Requests