[stable/airflow]Add optional security context to airflow deployments (h…

…elm#21024) * Add optional security context to airflow deployments Signed-off-by: Ziyang Liu <[email protected]> * Address a typo in README.md Signed-off-by: Ziyang Liu <[email protected]> Signed-off-by: Ziyang Liu <[email protected]> * add missing service account name to flower and web Signed-off-by: Ziyang Liu <[email protected]> * add missing service account name to flower and web Signed-off-by: Ziyang Liu <[email protected]> * update version Signed-off-by: Ziyang Liu <[email protected]> Co-authored-by: Ziyang Liu <[email protected]> Signed-off-by: Miguel Mingorance <[email protected]>
mmingorance-dh · Aug 28, 2020 · 0f3a97f · 0f3a97f
1 parent c75646d
commit 0f3a97f
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 2 deletions.
diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 description: Airflow is a platform to programmatically author, schedule and monitor workflows
 name: airflow
-version: 6.2.1
+version: 6.3.0
 appVersion: 1.10.4
 icon: https://airflow.apache.org/_images/pin_large.png
 home: https://airflow.apache.org/

diff --git a/stable/airflow/README.md b/stable/airflow/README.md
@@ -399,6 +399,7 @@ The following table lists the configurable parameters of the Airflow chart and t
 | `flower.service.type`                    | service type for Flower UI                              | `ClusterIP`               |
 | `flower.service.annotations`             | (optional) service annotations for Flower UI            | `{}`                      |
 | `flower.service.externalPort`            | (optional) external port for Flower UI                  | `5555`                    |
+| `flower.securityContext`                 | (optional) security context for the flower deployment   | `{}`                      |
 | `web.baseUrl`                            | webserver UI URL                                        | `http://localhost:8080`   |
 | `web.resources`                          | custom resource configuration for web pod               | `{}`                      |
 | `web.labels`                             | labels for the web deployment                           | `{}`                      |
@@ -417,10 +418,12 @@ The following table lists the configurable parameters of the Airflow chart and t
 | `web.initialDelaySeconds`                | initial delay on livenessprobe before checking if webserver is available    | `360` |
 | `web.secretsDir`                         | directory in which to mount secrets on webserver nodes  | /var/airflow/secrets      |
 | `web.secrets`                            | secrets to mount as volumes on webserver nodes          | []                        |
+| `web.securityContext`                    | (optional) security context for the web deployment      | `{}`                      |
 | `scheduler.resources`                    | custom resource configuration for scheduler pod         | `{}`                      |
 | `scheduler.labels`                       | labels for the scheduler deployment                     | `{}`                      |
 | `scheduler.annotations`                  | annotations for the scheduler deployment                | `{}`                      |
 | `scheduler.podAnnotations`               | podAnnotations for the scheduler deployment             | `{}`                      |
+| `scheduler.securityContext`              | (optional) security context for the scheduler deployment| `{}`                      |
 | `workers.enabled`                        | enable workers                                          | `true`                    |
 | `workers.replicas`                       | number of workers pods to launch                        | `1`                       |
 | `workers.terminationPeriod`              | gracefull termination period for workers to stop        | `30`                      |
@@ -433,6 +436,7 @@ The following table lists the configurable parameters of the Airflow chart and t
 | `workers.podAnnotations`                 | annotations for the worker pods                         | `{}`                      |
 | `workers.secretsDir`                     | directory in which to mount secrets on worker nodes     | /var/airflow/secrets      |
 | `workers.secrets`                        | secrets to mount as volumes on worker nodes             | []                        |
+| `workers.securityContext`                 | (optional) security context for the worker statefulSet  | `{}`                      |
 | `nodeSelector`                           | Node labels for pod assignment                          | `{}`                      |
 | `affinity`                               | Affinity labels for pod assignment                      | `{}`                      |
 | `tolerations`                            | Toleration labels for pod assignment                    | `[]`                      |

diff --git a/stable/airflow/templates/deployments-flower.yaml b/stable/airflow/templates/deployments-flower.yaml
@@ -54,6 +54,11 @@ spec:
       {{- if .Values.flower.tolerations }}
       tolerations:
 {{ toYaml .Values.flower.tolerations | indent 8 }}
+      {{- end }}
+      serviceAccountName: {{ template "airflow.serviceAccountName" . }}
+      {{- if .Values.flower.securityContext }}
+      securityContext:
+{{ toYaml .Values.flower.securityContext | indent 8 }}
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}-flower

diff --git a/stable/airflow/templates/deployments-scheduler.yaml b/stable/airflow/templates/deployments-scheduler.yaml
@@ -67,6 +67,10 @@ spec:
       {{- if .Values.scheduler.tolerations }}
       tolerations:
 {{ toYaml .Values.scheduler.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.scheduler.securityContext }}
+      securityContext:
+{{ toYaml .Values.scheduler.securityContext | indent 8 }}
       {{- end }}
       serviceAccountName: {{ template "airflow.serviceAccountName" . }}
       {{- if .Values.dags.initContainer.enabled }}

diff --git a/stable/airflow/templates/deployments-web.yaml b/stable/airflow/templates/deployments-web.yaml
@@ -65,6 +65,11 @@ spec:
       {{- if .Values.web.tolerations }}
       tolerations:
 {{ toYaml .Values.web.tolerations | indent 8 }}
+      {{- end }}
+      serviceAccountName: {{ template "airflow.serviceAccountName" . }}
+      {{- if .Values.web.securityContext }}
+      securityContext:
+{{ toYaml .Values.web.securityContext | indent 8 }}
       {{- end }}
       {{- if .Values.dags.initContainer.enabled }}
       initContainers:

diff --git a/stable/airflow/templates/statefulsets-workers.yaml b/stable/airflow/templates/statefulsets-workers.yaml
@@ -69,7 +69,10 @@ spec:
       tolerations:
 {{ toYaml .Values.workers.tolerations | indent 8 }}
       {{- end }}
-
+      {{- if .Values.workers.securityContext }}
+      securityContext:
+{{ toYaml .Values.workers.securityContext | indent 8 }}
+      {{- end }}
       {{- if .Values.dags.initContainer.enabled }}
       initContainers:
         - name: git-clone