Add extra secret annotations to most secrets

[sarah-reddit]

This adds annotations to the following secret objects:

• ElasticSearch
• FernetKey
• Flower
• Metadata Connection
• PgBouncer Certificates
• PgBouncer Config
• PgBouncer Stats
• Redis Password
• Redis Broker Url
• Result Backend Connection
• Webserver Secret Key

Motivation:
Our deploy tool by default versions secrets. This forces us to fork this helm chart and modify it to adding annotations to disable versioning. This would take us a step closer to not having to do that anymore. (Relevant: #29910)

This PR was mostly inspired by #33340.

---

^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in airflow-core/newsfragments.

[boring-cyborg]

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contributors' Guide (https://github.com/apache/airflow/blob/main/contributing-docs/README.rst)
Here are some useful points:

• Pay attention to the quality of your code (ruff, mypy and type annotations). Our pre-commits will help you with that.
• In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example DAG that shows how users should use it.
• Consider using Breeze environment for testing locally, it's a heavy docker but it ships with a working Airflow and a lot of integrations.
• Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
• Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
• Be sure to read the Airflow Coding style.
• Always keep your Pull Requests rebased, otherwise your build might fail due to changes not related to your commits.
  Apache Airflow is a community-driven project and together we are making it better 🚀.
  In case of doubts contact the developers at:
  Mailing List: dev@airflow.apache.org
  Slack: https://s.apache.org/airflow-slack

[sarah-reddit]

@potiuk approved running CI a few days ago, it seems like there was an error in generating requirements.txt: https://github.com/apache/airflow/actions/runs/14385261556/job/40784592715

But AFAIK that should be unrelated to the helm chart? Since I didn't add any dependencies.

I tried rebasing off of main to see if that would help (if it was an unrelated error that has since been fixed). But if you think this might be related to my PR and I need to investigate more, please let me know! Thank you!

[sarah-reddit]

It seems like all the checks pass now! @dstandish @jedcunningham @hussein-awala would you be up for reviewing this soon?

[sarah-reddit]

It seems like all the checks pass now! @dstandish @jedcunningham @hussein-awala would you be up for reviewing this soon?

Hello! I was wondering if I might be able to get feedback on this soon? Thank you!

[SamWheating]

Alternatively - thoughts on just adding a common AirflowSecretsAnnotations value which is added to all secrets? Something similar is already supported for pods:

airflow/chart/values.yaml

Lines 290 to 292 in 4789fc2

	# Extra annotations to apply to all
	# Airflow pods
	airflowPodAnnotations: {}

Will let the maintainers weigh in here with their best practices.

[sarah-reddit]

Alternatively - thoughts on just adding a common AirflowSecretsAnnotations value which is added to all secrets? Something similar is already supported for pods:

airflow/chart/values.yaml

Lines 290 to 292 in 4789fc2

	# Extra annotations to apply to all
	# Airflow pods
	airflowPodAnnotations: {}

Will let the maintainers weigh in here with their best practices.

We could! I thought that maybe people would want to add different annotations to different secrets. But for our use case, we want to add the same annotation to them all (turning off versioning in our deploy tool), so I'm okay with either approach. I'll defer to the maintainers.

[jedcunningham]

Alternatively - thoughts on just adding a common AirflowSecretsAnnotations value which is added to all secrets? Something similar is already supported for pods:

airflow/chart/values.yaml

Lines 290 to 292 in 4789fc2

	# Extra annotations to apply to all
	# Airflow pods
	airflowPodAnnotations: {}

Will let the maintainers weigh in here with their best practices.

Happy to take a PR for that as well :)

[boring-cyborg]

Awesome work, congrats on your first merged pull request! You are invited to check our Issue Tracker for additional contributions.

[jedcunningham]

Thanks @sarah-reddit! Congrats on your first PR 🎉!

[sarah-reddit]

@jedcunningham Thanks so much for your review! Very exciting! :)