VladimirYushkevich commented on issue #33924: URL: https://github.com/apache/airflow/issues/33924#issuecomment-2027324190
We experienced a similar issue. I don't mind fixing it, but I need to clarify a few things first: * `data.metadataSecretName` is not for `pgbouncer`; it is for other workloads to connect to the DB directly. * `data.metadataConnection` details can be used for connection to `pgbouncer`. In this case storing credentials in values IMO is still secure, as the actual connection to DB is handled by `pgbouncer`. * as mentioned above `pgbouncer` uses another [credentials](https://github.com/apache/airflow/blob/ae6fec927c8f717d2a8481a6c3afc85a171652c6/chart/templates/_helpers.yaml#L443). As far as I can see, there is only one way to set it up, via `data.metadataConnection` values (not secure). In our case we created a k8s secret with the encrypted content of `pgbouncer.ini`, as mentioned [here](https://github.com/apache/airflow/blob/ae6fec927c8f717d2a8481a6c3afc85a171652c6/chart/values.yaml#L1970) and referenced it in `configSecretName`. But I don't see an easy way to populate the content of `pgbouncer.ini` from another k8s secret. Any ideas? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org