attempt to add airflow ini

apps/children/postgresql.yaml

@@ -3,7 +3,9 @@ kind: Application
 metadata: { name: postgresql, namespace: ai }
 spec:
     project: ai-stack
-    destination: { server: https://kubernetes.default.svc, namespace: ai }
+    destination:
+        server: https://kubernetes.default.svc
+        namespace: ai
     source:
         repoURL: https://charts.bitnami.com/bitnami
         chart: postgresql
@@ -12,4 +14,7 @@ spec:
             valueFiles:
                 - apps/values/postgresql.yaml
 
-    syncPolicy: { automated: { prune: true, selfHeal: true } }
+    syncPolicy:
+        automated:
+            prune: true
+            selfHeal: true

apps/values/airflow.yaml

@@ -2,16 +2,44 @@ useStandardNaming: true
 executor: KubernetesExecutor
 
 airflow:
-    extraPipPackages:
-        - "apache-airflow-providers-cncf-kubernetes>=7.4.0"
+    extraPipPackages: []
 
 # metastore (postgres)
 env:
     - name: AIRFLOW__DATABASE__SQL_ALCHEMY_CONN
       value: "postgresql+psycopg2://postgres:mypassword@postgresql-primary.ai.svc.cluster.local:5432/openwebui"
 
+# using external postgres and not the subchart
+postgresql:
+    enabled: false;
+
+data:
+    metadataConnection:
+        user: postgres;
+        pass: mypassword;
+        protocol: postgresql;
+        host: postgresql-primary.ai.svc.cluster.local;
+        port: 5432;
+        db: airflow; # better to keep airflow separate from other apps
+        sslmode: disable;
+
+# enable pgbouncer and sync with extraIni
 pgbouncer:
-    enabled: true
+    enabled: true;
+    # official default is scram-sha-256, but bitnami uses md5 so...
+    auth_type: md5;
+    maxClientConn: 200;
+    metadataPoolSize: 20; # server connections to metadata db
+    resultBackendPoolSize: 5;
+    # general pgbouncer section stuffs
+    extraIni: |
+        pool_mode = transaction
+        listen_port = 6543
+        listen_addr = *
+        ignore_startup_parameters = extra_float_digits
+        server_tls_sslmode = prefer
+    metricsExporterSidecar:
+        enabled: true;
 
 logs:
     persistence:
@@ -26,7 +54,7 @@ scheduler:
         limits: { cpu: "1", memory: "1Gi" }
 
 webserver:
-    secretKeySecretName: airflow-webserver-secret
+    webserverSecretKeySecretName: airflow-webserver-secret
     service:
         type: NodePort
         nodePort: 30082 # 30000–32767

scripts/setup.sh

@@ -29,7 +29,19 @@ kubectl apply -n argocd -f apps/0-project-and-root.yaml;
 # service!
 # SEE???? I CAN USE DASHES AND NOT JUST CAMELCASE!!!
 kubectl -n ai create secret generic airflow-fernet-key-secret --from-literal=fernet-key=$(python3 -c 'import secrets;print(secrets.token_urlsafe(32))')
-kubectl -n ai create secret generic airflow-webserver-secret --from-literal=webserver-secret-key=$(python3 -c 'import secrets;print(secrets.token_hex(16))')
+kubectl -n ai create secret generic airflow-webserver-secret --from-literal="webserver-secret-key=$(python3 -c 'import secrets;print(secrets.token_hex(16))')";
+
+# airflow stuffs
+kubectl -n ai exec -it svc/postgresql-primary -- bash -lc "psql -U postgres -c 'CREATE DATABASE airflow;'";
+set -l PGBOUNCER_SVC (kubectl -n ai get svc -l tier=airflow,component=pgbouncer -o jsonpath='{.items[0].metadata.name}');
+echo $PGBOUNCER_SVC;
+
+# stats (used by the metrics sidecar and also points to pgbouncer itself on 127.0.0.1:6543)
+kubectl -n ai create secret generic airflow-pgbouncer-stats \
+  --from-literal=connection="postgresql://postgres:mypassword@127.0.0.1:6543/pgbouncer?sslmode=disable";
+
+kubectl -n ai create secret generic airflow-metadata \
+  --from-literal=connection="postgresql+psycopg2://postgres:mypassword@$PGBOUNCER_SVC:6543/airflow";
 
 minikube service -n ai airflow-webserver --url || echo "FAILED TO FIND SERVICE"