dchen71
commented
4 years ago I am trying linkerd as a lighter weight solution to setup a service mesh for mTLS support. I can inject service monitoring via annotations for pod to pod communication and most of the airflow chart does support annotation injection in the templates.
Can the charts be updated to allow the postgres helm chart to be able to inject annotations in it's helm chart at service.annotations and for redis to inject into it's master and slave annotations at master.service.annotations, master.podAnnotations, slave.podAnnotations and slave.service.annotations?
Additionally, when defining the external database for postgres, can we setup a field to pull from kubernetes, the secret for SSL/TLS certs so psychopg can use it to securely connect to the metadata table?
stale[bot]
Is your feature request related to a problem? Please describe. I am trying to understand if the chart implements any form of encryption in transit. I am currently running the celery executor based version of airflow and am using my own fernet key so the postgres credentials are encryption at rest. I brought my own ingress and cert-manager so I do have SSL/TLS. Additionally, the liveness and readinessprobe have been set to https. My main question is about the communication between airflow to the postgres server, and the communication between the messaging bus with celery, redis, and flower. It would also be helpful to understand writing logs to the mounted pvc and submitting jobs in the cluster are encrypted.
Describe the solution you'd like I am hoping to get more information about potential encryption in transit for the chart. It would be nice if encryption between the services have already been implemented or a pointer.
Describe alternatives you've considered I am looking at Istio and how it sets up mTLS via a service mesh for a higher level solution.