This is an automated email from the ASF dual-hosted git repository. potiuk pushed a commit to branch v1-10-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 5ce3da6a41f86cc7daf16cca0014cedc306151b7 Author: Jarek Potiuk <[email protected]> AuthorDate: Fri Oct 9 22:54:21 2020 +0200 Add capability of adding service account annotations to Helm Chart (#11387) We can now add annotations to the service accounts in a generic way. This allows for example to add Workflow Identitty in GKE environment but it is not limited to it. Co-authored-by: Kamil Breguła <[email protected]> Co-authored-by: Jacob Ferriero <[email protected]> Co-authored-by: Kamil Breguła <[email protected]> (cherry picked from commit 29a145cd6968a4fab5d6cf3197773e90ba91a642) --- chart/README.md | 6 +++++- chart/templates/scheduler/scheduler-serviceaccount.yaml | 6 ++++++ chart/templates/webserver/webserver-serviceaccount.yaml | 6 ++++++ chart/templates/workers/worker-serviceaccount.yaml | 8 +++++++- chart/values.schema.json | 12 ++++++++++++ chart/values.yaml | 9 ++++++++- 6 files changed, 44 insertions(+), 3 deletions(-) diff --git a/chart/README.md b/chart/README.md index ef1caa3..266ef58 100644 --- a/chart/README.md +++ b/chart/README.md @@ -126,6 +126,9 @@ The following tables lists the configurable parameters of the Airflow chart and | `labels` | Common labels to add to all objects defined in this chart | `{}` | | `privateRegistry.enabled` | Enable usage of a private registry for Airflow base image | `false` | | `privateRegistry.repository` | Repository where base image lives (eg: quay.io) | `~` | +| `ingress.enabled` | Enable Kubernetes Ingress support | `false` | +| `ingress.web.*` | Configs for the Ingress of the web Service | Please refer to `values.yaml` | +| `ingress.flower.*` | Configs for the Ingress of the flower Service | Please refer to `values.yaml` | | `networkPolicies.enabled` | Enable Network Policies to restrict traffic | `true` | | `airflowHome` | Location of airflow home directory | `/opt/airflow` | | `rbacEnabled` | Deploy pods with Kubernetes RBAC enabled | `true` | @@ -207,6 +210,7 @@ The following tables lists the configurable parameters of the Airflow chart and | `dags.persistence.*` | Dag persistence configuration | Please refer to `values.yaml` | | `dags.gitSync.*` | Git sync configuration | Please refer to `values.yaml` | | `multiNamespaceMode` | Whether the KubernetesExecutor can launch pods in multiple namespaces | `False` | +| `serviceAccountAnnottions.*` | Map of annotations for worker, webserver, scheduler kubernetes service accounts | {} | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -221,7 +225,7 @@ helm install --name my-release \ KEDA stands for Kubernetes Event Driven Autoscaling. [KEDA](https://github.com/kedacore/keda) is a custom controller that allows users to create custom bindings to the Kubernetes [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/). We've built an experimental scaler that allows users to create scalers based on postgreSQL queries. For the moment this exists -on a seperate branch, but will be merged upstream soon. To install our custom version of KEDA on your cluster, please run +on a separate branch, but will be merged upstream soon. To install our custom version of KEDA on your cluster, please run ```bash helm repo add kedacore https://kedacore.github.io/charts diff --git a/chart/templates/scheduler/scheduler-serviceaccount.yaml b/chart/templates/scheduler/scheduler-serviceaccount.yaml index bfd9d3b..5dfa1dc 100644 --- a/chart/templates/scheduler/scheduler-serviceaccount.yaml +++ b/chart/templates/scheduler/scheduler-serviceaccount.yaml @@ -28,6 +28,12 @@ metadata: release: {{ .Release.Name }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" heritage: {{ .Release.Service }} + {{- with .Values.scheduler.serviceAccountAnnotations }} + annotations: + {{- range $key, $value := . }} + {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} + {{- end }} + {{- end }} {{- with .Values.labels }} {{ toYaml . | indent 4 }} {{- end }} diff --git a/chart/templates/webserver/webserver-serviceaccount.yaml b/chart/templates/webserver/webserver-serviceaccount.yaml index ea86713..ba99cea 100644 --- a/chart/templates/webserver/webserver-serviceaccount.yaml +++ b/chart/templates/webserver/webserver-serviceaccount.yaml @@ -27,6 +27,12 @@ metadata: release: {{ .Release.Name }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" heritage: {{ .Release.Service }} + {{- with .Values.webserver.serviceAccountAnnotations }} + annotations: + {{- range $key, $value := . }} + {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} + {{- end }} + {{- end }} {{- with .Values.labels }} {{ toYaml . | indent 4 }} {{- end }} diff --git a/chart/templates/workers/worker-serviceaccount.yaml b/chart/templates/workers/worker-serviceaccount.yaml index 8735097..4a7542e 100644 --- a/chart/templates/workers/worker-serviceaccount.yaml +++ b/chart/templates/workers/worker-serviceaccount.yaml @@ -28,7 +28,13 @@ metadata: release: {{ .Release.Name }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" heritage: {{ .Release.Service }} -{{- with .Values.labels }} + {{- with .Values.workers.serviceAccountAnnotations }} + annotations: + {{- range $key, $value := . }} + {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }} + {{- end }} + {{- end }} + {{- with .Values.labels }} {{ toYaml . | indent 4 }} {{- end }} {{- end }} diff --git a/chart/values.schema.json b/chart/values.schema.json index 9776116..a5eda19 100644 --- a/chart/values.schema.json +++ b/chart/values.schema.json @@ -467,6 +467,10 @@ "safeToEvict": { "description": "This setting tells Kubernetes that it's ok to evict when it wants to scale a node down.", "type": "boolean" + }, + "serviceAccountAnnotations": { + "description": "Annotations to add to the worker kubernetes service account.", + "type": "object" } } }, @@ -507,6 +511,10 @@ "safeToEvict": { "description": "This setting tells Kubernetes that its ok to evict when it wants to scale a node down.", "type": "boolean" + }, + "serviceAccountAnnotations": { + "description": "Annotations to add to the scheduler kubernetes service account.", + "type": "object" } } }, @@ -631,6 +639,10 @@ "type": "object" } } + }, + "serviceAccountAnnotations": { + "description": "Annotations to add to the webserver kubernetes service account.", + "type": "object" } } }, diff --git a/chart/values.yaml b/chart/values.yaml index f7c5e67..800f58a 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -233,7 +233,6 @@ kerberos: admin_server = admin_server.foo.com } - # Airflow Worker Config workers: # Number of airflow celery workers in StatefulSet @@ -285,6 +284,8 @@ workers: # This setting tells kubernetes that its ok to evict # when it wants to scale a node down. safeToEvict: true + # Annotations to add to worker kubernetes service account. + serviceAccountAnnotations: {} # Airflow scheduler settings scheduler: @@ -312,6 +313,9 @@ scheduler: # when it wants to scale a node down. safeToEvict: true + # Annotations to add to scheduler kubernetes service account. + serviceAccountAnnotations: {} + # Airflow webserver settings webserver: livenessProbe: @@ -372,6 +376,9 @@ webserver: ## service annotations annotations: {} + # Annotations to add to webserver kubernetes service account. + serviceAccountAnnotations: {} + # Flower settings flower: # Additional network policies as needed
