Skip to content

Helm: add custom annotations to jwt secret #52166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
potiuk merged 1 commit into from
Jun 24, 2025
Merged

Helm: add custom annotations to jwt secret #52166

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions chart/templates/secrets/jwt-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,10 @@ metadata:
{{- with .Values.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.jwtSecretAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
type: Opaque
data:
jwt-secret: {{ (default $generated_secret_key .Values.jwtSecret) | b64enc | quote }}
Expand Down
9 changes: 9 additions & 0 deletions chart/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1482,6 +1482,15 @@
"x-docsSection": "Airflow",
"default": null
},
"jwtSecretAnnotations": {
"description": "Annotations to add to the JWT secret.",
"type": "object",
"x-docsSection": "Common",
"default": {},
"additionalProperties": {
"type": "string"
}
},
"webserverSecretKey": {
"description": "The Flask secret key for Airflow Webserver to encrypt browser session.",
"type": [
Expand Down
2 changes: 2 additions & 0 deletions chart/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -559,6 +559,8 @@ webserverSecretKeySecretName: ~

# Secret key used to encode and decode JWTs: `[api_auth] jwt_secret` in airflow.cfg
jwtSecret: ~
# Add custom annotations to the JWT secret
jwtSecretAnnotations: {}
jwtSecretName: ~

# In order to use kerberos you need to create secret containing the keytab file
Expand Down
15 changes: 15 additions & 0 deletions helm-tests/tests/helm_tests/apiserver/test_apiserver.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,3 +75,18 @@ def test_should_add_volume_and_volume_mount_when_exist_api_server_config(self):
"subPath": "webserver_config.py",
"readOnly": True,
} in jmespath.search("spec.template.spec.containers[0].volumeMounts", docs[0])


class TestAPIServerJWTSecret:
"""Tests API Server JWT secret."""

def test_should_add_annotations_to_jwt_secret(self):
docs = render_chart(
values={
"jwtSecretAnnotations": {"test_annotation": "test_annotation_value"},
},
show_only=["templates/secrets/jwt-secret.yaml"],
)[0]

assert "annotations" in jmespath.search("metadata", docs)
assert jmespath.search("metadata.annotations", docs)["test_annotation"] == "test_annotation_value"