From 0585b29e4c3196101c7a9b7619e21e2ab2b96bba Mon Sep 17 00:00:00 2001 From: Andrii Korotkov <137232734+andrii-korotkov-verkada@users.noreply.github.com> Date: Thu, 6 Feb 2025 07:21:48 -0800 Subject: [PATCH] Rename apiServer to _apiServer to preserve it in beta until v3 release (#46480) Closes #46477 The chart version 1.16.0 would be released before airflow v3, so it's better to keep api server in beta so it's easier to make changes. Signed-off-by: Andrii Korotkov --- chart/templates/_helpers.yaml | 4 +- .../api-server/api-server-deployment.yaml | 122 +++++++++--------- .../api-server/api-server-networkpolicy.yaml | 10 +- .../api-server-poddisruptionbudget.yaml | 8 +- .../api-server/api-server-service.yaml | 18 +-- .../api-server/api-server-serviceaccount.yaml | 12 +- chart/templates/configmaps/configmap.yaml | 2 +- chart/values.schema.json | 10 +- chart/values.yaml | 8 +- helm_tests/airflow_core/test_api_server.py | 68 +++++----- helm_tests/security/test_rbac.py | 8 +- 11 files changed, 135 insertions(+), 135 deletions(-) diff --git a/chart/templates/_helpers.yaml b/chart/templates/_helpers.yaml index c76cefa843e34..718674f807441 100644 --- a/chart/templates/_helpers.yaml +++ b/chart/templates/_helpers.yaml @@ -620,8 +620,8 @@ server_tls_key_file = /etc/pgbouncer/server.key {{/* Create the name of the API server service account to use */}} -{{- define "apiServer.serviceAccountName" -}} - {{- include "_serviceAccountName" (merge (dict "key" "apiServer" "nameSuffix" "api-server" ) .) -}} +{{- define "_apiServer.serviceAccountName" -}} + {{- include "_serviceAccountName" (merge (dict "key" "_apiServer" "nameSuffix" "api-server" ) .) -}} {{- end }} {{/* Create the name of the redis service account to use */}} diff --git a/chart/templates/api-server/api-server-deployment.yaml b/chart/templates/api-server/api-server-deployment.yaml index b4cf2cd4461f1..3ce0fb9ac266f 100644 --- a/chart/templates/api-server/api-server-deployment.yaml +++ b/chart/templates/api-server/api-server-deployment.yaml @@ -21,15 +21,15 @@ ## Airflow API Server Deployment ################################# {{- if semverCompare ">=3.0.0" .Values.airflowVersion }} -{{- $nodeSelector := or .Values.apiServer.nodeSelector .Values.nodeSelector }} -{{- $affinity := or .Values.apiServer.affinity .Values.affinity }} -{{- $tolerations := or .Values.apiServer.tolerations .Values.tolerations }} -{{- $topologySpreadConstraints := or .Values.apiServer.topologySpreadConstraints .Values.topologySpreadConstraints }} -{{- $revisionHistoryLimit := or .Values.apiServer.revisionHistoryLimit .Values.revisionHistoryLimit }} -{{- $securityContext := include "airflowPodSecurityContext" (list . .Values.apiServer) }} -{{- $containerSecurityContext := include "containerSecurityContext" (list . .Values.apiServer) }} -{{- $containerSecurityContextWaitForMigrations := include "containerSecurityContext" (list . .Values.apiServer.waitForMigrations) }} -{{- $containerLifecycleHooks := or .Values.apiServer.containerLifecycleHooks .Values.containerLifecycleHooks }} +{{- $nodeSelector := or .Values._apiServer.nodeSelector .Values.nodeSelector }} +{{- $affinity := or .Values._apiServer.affinity .Values.affinity }} +{{- $tolerations := or .Values._apiServer.tolerations .Values.tolerations }} +{{- $topologySpreadConstraints := or .Values._apiServer.topologySpreadConstraints .Values.topologySpreadConstraints }} +{{- $revisionHistoryLimit := or .Values._apiServer.revisionHistoryLimit .Values.revisionHistoryLimit }} +{{- $securityContext := include "airflowPodSecurityContext" (list . .Values._apiServer) }} +{{- $containerSecurityContext := include "containerSecurityContext" (list . .Values._apiServer) }} +{{- $containerSecurityContextWaitForMigrations := include "containerSecurityContext" (list . .Values._apiServer.waitForMigrations) }} +{{- $containerLifecycleHooks := or .Values._apiServer.containerLifecycleHooks .Values.containerLifecycleHooks }} apiVersion: apps/v1 kind: Deployment metadata: @@ -43,17 +43,17 @@ metadata: {{- with .Values.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- if .Values.apiServer.annotations }} - annotations: {{- toYaml .Values.apiServer.annotations | nindent 4 }} + {{- if .Values._apiServer.annotations }} + annotations: {{- toYaml .Values._apiServer.annotations | nindent 4 }} {{- end }} spec: - replicas: {{ .Values.apiServer.replicas }} + replicas: {{ .Values._apiServer.replicas }} {{- if $revisionHistoryLimit }} revisionHistoryLimit: {{ $revisionHistoryLimit }} {{- end }} strategy: - {{- if .Values.apiServer.strategy }} - {{- toYaml .Values.apiServer.strategy | nindent 4 }} + {{- if .Values._apiServer.strategy }} + {{- toYaml .Values._apiServer.strategy | nindent 4 }} {{- else }} # Here we define the rolling update strategy # - maxSurge define how many pod we can add at a time @@ -78,8 +78,8 @@ spec: tier: airflow component: api-server release: {{ .Release.Name }} - {{- if or (.Values.labels) (.Values.apiServer.labels) }} - {{- mustMerge .Values.apiServer.labels .Values.labels | toYaml | nindent 8 }} + {{- if or (.Values.labels) (.Values._apiServer.labels) }} + {{- mustMerge .Values._apiServer.labels .Values.labels | toYaml | nindent 8 }} {{- end }} annotations: checksum/metadata-secret: {{ include (print $.Template.BasePath "/secrets/metadata-connection-secret.yaml") . | sha256sum }} @@ -90,16 +90,16 @@ spec: {{- if .Values.airflowPodAnnotations }} {{- toYaml .Values.airflowPodAnnotations | nindent 8 }} {{- end }} - {{- if .Values.apiServer.podAnnotations }} - {{- toYaml .Values.apiServer.podAnnotations | nindent 8 }} + {{- if .Values._apiServer.podAnnotations }} + {{- toYaml .Values._apiServer.podAnnotations | nindent 8 }} {{- end }} spec: - {{- if .Values.apiServer.hostAliases }} - hostAliases: {{- toYaml .Values.apiServer.hostAliases | nindent 8 }} + {{- if .Values._apiServer.hostAliases }} + hostAliases: {{- toYaml .Values._apiServer.hostAliases | nindent 8 }} {{- end }} - serviceAccountName: {{ include "apiServer.serviceAccountName" . }} - {{- if .Values.apiServer.priorityClassName }} - priorityClassName: {{ .Values.apiServer.priorityClassName }} + serviceAccountName: {{ include "_apiServer.serviceAccountName" . }} + {{- if .Values._apiServer.priorityClassName }} + priorityClassName: {{ .Values._apiServer.priorityClassName }} {{- end }} {{- if .Values.schedulerName }} schedulerName: {{ .Values.schedulerName }} @@ -127,9 +127,9 @@ spec: - name: {{ template "registry_secret" . }} {{- end }} initContainers: - {{- if .Values.apiServer.waitForMigrations.enabled }} + {{- if .Values._apiServer.waitForMigrations.enabled }} - name: wait-for-airflow-migrations - resources: {{- toYaml .Values.apiServer.resources | nindent 12 }} + resources: {{- toYaml .Values._apiServer.resources | nindent 12 }} image: {{ template "airflow_image_for_migrations" . }} imagePullPolicy: {{ .Values.images.airflow.pullPolicy }} securityContext: {{ $containerSecurityContextWaitForMigrations | nindent 12 }} @@ -138,20 +138,20 @@ spec: {{- if .Values.volumeMounts }} {{- toYaml .Values.volumeMounts | nindent 12 }} {{- end }} - {{- if .Values.apiServer.extraVolumeMounts }} - {{- tpl (toYaml .Values.apiServer.extraVolumeMounts) . | nindent 12 }} + {{- if .Values._apiServer.extraVolumeMounts }} + {{- tpl (toYaml .Values._apiServer.extraVolumeMounts) . | nindent 12 }} {{- end }} args: {{- include "wait-for-migrations-command" . | indent 10 }} envFrom: {{- include "custom_airflow_environment_from" . | default "\n []" | indent 10 }} env: {{- include "custom_airflow_environment" . | indent 10 }} {{- include "standard_airflow_environment" . | indent 10 }} - {{- if .Values.apiServer.waitForMigrations.env }} - {{- tpl (toYaml .Values.apiServer.waitForMigrations.env) $ | nindent 12 }} + {{- if .Values._apiServer.waitForMigrations.env }} + {{- tpl (toYaml .Values._apiServer.waitForMigrations.env) $ | nindent 12 }} {{- end }} {{- end }} - {{- if .Values.apiServer.extraInitContainers }} - {{- toYaml .Values.apiServer.extraInitContainers | nindent 8 }} + {{- if .Values._apiServer.extraInitContainers }} + {{- toYaml .Values._apiServer.extraInitContainers | nindent 8 }} {{- end }} containers: - name: api-server @@ -161,13 +161,13 @@ spec: {{- if $containerLifecycleHooks }} lifecycle: {{- tpl (toYaml $containerLifecycleHooks) . | nindent 12 }} {{- end }} - {{- if .Values.apiServer.command }} - command: {{ tpl (toYaml .Values.apiServer.command) . | nindent 12 }} + {{- if .Values._apiServer.command }} + command: {{ tpl (toYaml .Values._apiServer.command) . | nindent 12 }} {{- end }} - {{- if .Values.apiServer.args }} - args: {{- tpl (toYaml .Values.apiServer.args) . | nindent 12 }} + {{- if .Values._apiServer.args }} + args: {{- tpl (toYaml .Values._apiServer.args) . | nindent 12 }} {{- end }} - resources: {{- toYaml .Values.apiServer.resources | nindent 12 }} + resources: {{- toYaml .Values._apiServer.resources | nindent 12 }} volumeMounts: {{- include "airflow_config_mount" . | nindent 12 }} {{- if .Values.logs.persistence.enabled }} @@ -177,48 +177,48 @@ spec: {{- if .Values.volumeMounts }} {{- toYaml .Values.volumeMounts | nindent 12 }} {{- end }} - {{- if .Values.apiServer.extraVolumeMounts }} - {{- tpl (toYaml .Values.apiServer.extraVolumeMounts) . | nindent 12 }} + {{- if .Values._apiServer.extraVolumeMounts }} + {{- tpl (toYaml .Values._apiServer.extraVolumeMounts) . | nindent 12 }} {{- end }} ports: - name: api-server - containerPort: {{ .Values.ports.apiServer }} + containerPort: {{ .Values.ports._apiServer }} livenessProbe: httpGet: path: /public/version - port: {{ .Values.ports.apiServer }} - scheme: {{ .Values.apiServer.livenessProbe.scheme | default "http" }} - initialDelaySeconds: {{ .Values.apiServer.livenessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.apiServer.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.apiServer.livenessProbe.failureThreshold }} - periodSeconds: {{ .Values.apiServer.livenessProbe.periodSeconds }} + port: {{ .Values.ports._apiServer }} + scheme: {{ .Values._apiServer.livenessProbe.scheme | default "http" }} + initialDelaySeconds: {{ .Values._apiServer.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values._apiServer.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values._apiServer.livenessProbe.failureThreshold }} + periodSeconds: {{ .Values._apiServer.livenessProbe.periodSeconds }} readinessProbe: httpGet: path: /public/version - port: {{ .Values.ports.apiServer }} - scheme: {{ .Values.apiServer.readinessProbe.scheme | default "http" }} - initialDelaySeconds: {{ .Values.apiServer.readinessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.apiServer.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.apiServer.readinessProbe.failureThreshold }} - periodSeconds: {{ .Values.apiServer.readinessProbe.periodSeconds }} + port: {{ .Values.ports._apiServer }} + scheme: {{ .Values._apiServer.readinessProbe.scheme | default "http" }} + initialDelaySeconds: {{ .Values._apiServer.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values._apiServer.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values._apiServer.readinessProbe.failureThreshold }} + periodSeconds: {{ .Values._apiServer.readinessProbe.periodSeconds }} startupProbe: httpGet: path: /public/version - port: {{ .Values.ports.apiServer }} - scheme: {{ .Values.apiServer.startupProbe.scheme | default "http" }} - timeoutSeconds: {{ .Values.apiServer.startupProbe.timeoutSeconds }} - failureThreshold: {{ .Values.apiServer.startupProbe.failureThreshold }} - periodSeconds: {{ .Values.apiServer.startupProbe.periodSeconds }} + port: {{ .Values.ports._apiServer }} + scheme: {{ .Values._apiServer.startupProbe.scheme | default "http" }} + timeoutSeconds: {{ .Values._apiServer.startupProbe.timeoutSeconds }} + failureThreshold: {{ .Values._apiServer.startupProbe.failureThreshold }} + periodSeconds: {{ .Values._apiServer.startupProbe.periodSeconds }} envFrom: {{- include "custom_airflow_environment_from" . | default "\n []" | indent 10 }} env: {{- include "custom_airflow_environment" . | indent 10 }} {{- include "standard_airflow_environment" . | indent 10 }} - {{- include "container_extra_envs" (list . .Values.apiServer.env) | indent 10 }} + {{- include "container_extra_envs" (list . .Values._apiServer.env) | indent 10 }} {{- if and (.Values.dags.gitSync.enabled) (not .Values.dags.persistence.enabled) (semverCompare "<2.0.0" .Values.airflowVersion) }} {{- include "git_sync_container" . | nindent 8 }} {{- end }} - {{- if .Values.apiServer.extraContainers }} - {{- tpl (toYaml .Values.apiServer.extraContainers) . | nindent 8 }} + {{- if .Values._apiServer.extraContainers }} + {{- tpl (toYaml .Values._apiServer.extraContainers) . | nindent 8 }} {{- end }} volumes: - name: config @@ -234,7 +234,7 @@ spec: {{- if .Values.volumes }} {{- toYaml .Values.volumes | nindent 8 }} {{- end }} - {{- if .Values.apiServer.extraVolumes }} - {{- tpl (toYaml .Values.apiServer.extraVolumes) . | nindent 8 }} + {{- if .Values._apiServer.extraVolumes }} + {{- tpl (toYaml .Values._apiServer.extraVolumes) . | nindent 8 }} {{- end }} {{- end }} diff --git a/chart/templates/api-server/api-server-networkpolicy.yaml b/chart/templates/api-server/api-server-networkpolicy.yaml index af4601811200e..d648ea4baa25b 100644 --- a/chart/templates/api-server/api-server-networkpolicy.yaml +++ b/chart/templates/api-server/api-server-networkpolicy.yaml @@ -32,8 +32,8 @@ metadata: release: {{ .Release.Name }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" heritage: {{ .Release.Service }} - {{- if or (.Values.labels) (.Values.apiServer.labels) }} - {{- mustMerge .Values.apiServer.labels .Values.labels | toYaml | nindent 4 }} + {{- if or (.Values.labels) (.Values._apiServer.labels) }} + {{- mustMerge .Values._apiServer.labels .Values.labels | toYaml | nindent 4 }} {{- end }} spec: podSelector: @@ -43,11 +43,11 @@ spec: release: {{ .Release.Name }} policyTypes: - Ingress - {{- if .Values.apiServer.networkPolicy.ingress.from }} + {{- if .Values._apiServer.networkPolicy.ingress.from }} ingress: - - from: {{- toYaml .Values.apiServer.networkPolicy.ingress.from | nindent 6 }} + - from: {{- toYaml .Values._apiServer.networkPolicy.ingress.from | nindent 6 }} ports: - {{ range .Values.apiServer.networkPolicy.ingress.ports }} + {{ range .Values._apiServer.networkPolicy.ingress.ports }} - {{- range $key, $val := . }} {{ $key }}: {{ tpl (toString $val) $ }} diff --git a/chart/templates/api-server/api-server-poddisruptionbudget.yaml b/chart/templates/api-server/api-server-poddisruptionbudget.yaml index 7d0b162e41ea9..c8d9249e4acef 100644 --- a/chart/templates/api-server/api-server-poddisruptionbudget.yaml +++ b/chart/templates/api-server/api-server-poddisruptionbudget.yaml @@ -21,7 +21,7 @@ ## Airflow api-server PodDisruptionBudget ################################# {{- if semverCompare ">=3.0.0" .Values.airflowVersion }} -{{- if .Values.apiServer.podDisruptionBudget.enabled }} +{{- if .Values._apiServer.podDisruptionBudget.enabled }} apiVersion: policy/v1 kind: PodDisruptionBudget metadata: @@ -32,8 +32,8 @@ metadata: release: {{ .Release.Name }} chart: {{ .Chart.Name }} heritage: {{ .Release.Service }} - {{- if or (.Values.labels) (.Values.apiServer.labels) }} - {{- mustMerge .Values.apiServer.labels .Values.labels | toYaml | nindent 4 }} + {{- if or (.Values.labels) (.Values._apiServer.labels) }} + {{- mustMerge .Values._apiServer.labels .Values.labels | toYaml | nindent 4 }} {{- end }} spec: selector: @@ -41,6 +41,6 @@ spec: tier: airflow component: api-server release: {{ .Release.Name }} - {{- toYaml .Values.apiServer.podDisruptionBudget.config | nindent 2 }} + {{- toYaml .Values._apiServer.podDisruptionBudget.config | nindent 2 }} {{- end }} {{- end }} diff --git a/chart/templates/api-server/api-server-service.yaml b/chart/templates/api-server/api-server-service.yaml index 0a360aee08539..71ad37f2ff7a9 100644 --- a/chart/templates/api-server/api-server-service.yaml +++ b/chart/templates/api-server/api-server-service.yaml @@ -31,29 +31,29 @@ metadata: release: {{ .Release.Name }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" heritage: {{ .Release.Service }} - {{- if or (.Values.labels) (.Values.apiServer.labels) }} - {{- mustMerge .Values.apiServer.labels .Values.labels | toYaml | nindent 4 }} + {{- if or (.Values.labels) (.Values._apiServer.labels) }} + {{- mustMerge .Values._apiServer.labels .Values.labels | toYaml | nindent 4 }} {{- end }} - {{- with .Values.apiServer.service.annotations }} + {{- with .Values._apiServer.service.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: - type: {{ .Values.apiServer.service.type }} + type: {{ .Values._apiServer.service.type }} selector: tier: airflow component: api-server release: {{ .Release.Name }} ports: - {{ range .Values.apiServer.service.ports }} + {{ range .Values._apiServer.service.ports }} - {{- range $key, $val := . }} {{ $key }}: {{ tpl (toString $val) $ }} {{- end }} {{- end }} - {{- if .Values.apiServer.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.apiServer.service.loadBalancerIP }} + {{- if .Values._apiServer.service.loadBalancerIP }} + loadBalancerIP: {{ .Values._apiServer.service.loadBalancerIP }} {{- end }} - {{- if .Values.apiServer.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.apiServer.service.loadBalancerSourceRanges | nindent 4 }} + {{- if .Values._apiServer.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values._apiServer.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} {{- end }} diff --git a/chart/templates/api-server/api-server-serviceaccount.yaml b/chart/templates/api-server/api-server-serviceaccount.yaml index 3b864d01602fa..b797a7caadf2c 100644 --- a/chart/templates/api-server/api-server-serviceaccount.yaml +++ b/chart/templates/api-server/api-server-serviceaccount.yaml @@ -20,22 +20,22 @@ ###################################### ## Airflow api-server ServiceAccount ###################################### -{{- if and .Values.apiServer.serviceAccount.create (semverCompare ">=3.0.0" .Values.airflowVersion) }} +{{- if and .Values._apiServer.serviceAccount.create (semverCompare ">=3.0.0" .Values.airflowVersion) }} apiVersion: v1 kind: ServiceAccount -automountServiceAccountToken: {{ .Values.apiServer.serviceAccount.automountServiceAccountToken }} +automountServiceAccountToken: {{ .Values._apiServer.serviceAccount.automountServiceAccountToken }} metadata: - name: {{ include "apiServer.serviceAccountName" . }} + name: {{ include "_apiServer.serviceAccountName" . }} labels: tier: airflow component: api-server release: {{ .Release.Name }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" heritage: {{ .Release.Service }} - {{- if or (.Values.labels) (.Values.apiServer.labels) }} - {{- mustMerge .Values.apiServer.labels .Values.labels | toYaml | nindent 4 }} + {{- if or (.Values.labels) (.Values._apiServer.labels) }} + {{- mustMerge .Values._apiServer.labels .Values.labels | toYaml | nindent 4 }} {{- end }} - {{- with .Values.apiServer.serviceAccount.annotations }} + {{- with .Values._apiServer.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} diff --git a/chart/templates/configmaps/configmap.yaml b/chart/templates/configmaps/configmap.yaml index 119e43cce0a5e..ab4f13d918ad4 100644 --- a/chart/templates/configmaps/configmap.yaml +++ b/chart/templates/configmaps/configmap.yaml @@ -42,7 +42,7 @@ data: {{- if semverCompare ">=3.0.0" .Values.airflowVersion -}} {{- $config := merge .Values.config ( dict "workers" dict )}} {{- if not (hasKey $config.workers "execution_api_server_url") -}} - {{- $_ := set $config.workers "execution_api_server_url" (printf "http://%s-api-server:%d/execution/" (include "airflow.fullname" .) (int .Values.ports.apiServer)) -}} + {{- $_ := set $config.workers "execution_api_server_url" (printf "http://%s-api-server:%d/execution/" (include "airflow.fullname" .) (int .Values.ports._apiServer)) -}} {{- end -}} {{- end -}} # These are system-specified config overrides. diff --git a/chart/values.schema.json b/chart/values.schema.json index 8a8aa276f7e79..4564f43dd26fd 100644 --- a/chart/values.schema.json +++ b/chart/values.schema.json @@ -4676,8 +4676,8 @@ } } }, - "apiServer": { - "description": "Airflow API server settings.", + "_apiServer": { + "description": "Airflow API server settings. Experimental / for dev purpose only.", "type": "object", "x-docsSection": "API Server", "additionalProperties": false, @@ -4949,7 +4949,7 @@ }, "default": [ { - "port": "{{ .Values.ports.apiServer }}" + "port": "{{ .Values.ports._apiServer }}" } ], "examples": [ @@ -5176,7 +5176,7 @@ "default": [ { "name": "api-server", - "port": "{{ .Values.ports.apiServer }}" + "port": "{{ .Values.ports._apiServer }}" } ], "examples": [ @@ -8175,7 +8175,7 @@ "type": "integer", "default": 8080 }, - "apiServer": { + "_apiServer": { "description": "API server port.", "type": "integer", "default": 9091 diff --git a/chart/values.yaml b/chart/values.yaml index 5c24186fd8eb3..89718d2a34e37 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1246,7 +1246,7 @@ migrateDatabaseJob: applyCustomEnv: true env: [] -apiServer: +_apiServer: # Labels specific to workers objects and pods labels: {} @@ -1274,7 +1274,7 @@ apiServer: annotations: {} ports: - name: api-server - port: "{{ .Values.ports.apiServer }}" + port: "{{ .Values.ports._apiServer }}" loadBalancerIP: ~ ## Limit load balancer source ips to list of CIDRs @@ -1313,7 +1313,7 @@ apiServer: from: [] # Ports for webserver NetworkPolicy ingress (if `from` is set) ports: - - port: "{{ .Values.ports.apiServer }}" + - port: "{{ .Values.ports._apiServer }}" resources: {} # limits: @@ -2529,7 +2529,7 @@ ports: statsdScrape: 9102 pgbouncer: 6543 pgbouncerScrape: 9127 - apiServer: 9091 + _apiServer: 9091 # Define any ResourceQuotas for namespace quotas: {} diff --git a/helm_tests/airflow_core/test_api_server.py b/helm_tests/airflow_core/test_api_server.py index 91e6418f1db5e..1d6bea96673ed 100644 --- a/helm_tests/airflow_core/test_api_server.py +++ b/helm_tests/airflow_core/test_api_server.py @@ -39,9 +39,9 @@ class TestAPIServerDeployment: [(8, 10), (10, 8), (8, None), (None, 10), (None, None)], ) def test_revision_history_limit(self, revision_history_limit, global_revision_history_limit): - values = {"apiServer": {}} + values = {"_apiServer": {}} if revision_history_limit: - values["apiServer"]["revisionHistoryLimit"] = revision_history_limit + values["_apiServer"]["revisionHistoryLimit"] = revision_history_limit if global_revision_history_limit: values["revisionHistoryLimit"] = global_revision_history_limit docs = render_chart( @@ -54,7 +54,7 @@ def test_revision_history_limit(self, revision_history_limit, global_revision_hi def test_should_add_scheme_to_liveness_and_readiness_and_startup_probes(self): docs = render_chart( values={ - "apiServer": { + "_apiServer": { "livenessProbe": {"scheme": "HTTPS"}, "readinessProbe": {"scheme": "HTTPS"}, "startupProbe": {"scheme": "HTTPS"}, @@ -77,7 +77,7 @@ def test_should_add_extra_containers(self): docs = render_chart( values={ "executor": "CeleryExecutor", - "apiServer": { + "_apiServer": { "extraContainers": [ {"name": "{{.Chart.Name}}", "image": "test-registry/test-repo:test-tag"} ], @@ -94,7 +94,7 @@ def test_should_add_extra_containers(self): def test_should_add_extraEnvs(self): docs = render_chart( values={ - "apiServer": { + "_apiServer": { "env": [{"name": "TEST_ENV_1", "value": "test_env_1"}], }, }, @@ -108,7 +108,7 @@ def test_should_add_extraEnvs(self): def test_should_add_extra_volume_and_extra_volume_mount(self): docs = render_chart( values={ - "apiServer": { + "_apiServer": { "extraVolumes": [{"name": "test-volume-{{ .Chart.Name }}", "emptyDir": {}}], "extraVolumeMounts": [ {"name": "test-volume-{{ .Chart.Name }}", "mountPath": "/opt/test"} @@ -146,7 +146,7 @@ def test_should_add_global_volume_and_global_volume_mount(self): def test_should_add_extraEnvs_to_wait_for_migration_container(self): docs = render_chart( values={ - "apiServer": { + "_apiServer": { "waitForMigrations": { "env": [{"name": "TEST_ENV_1", "value": "test_env_1"}], }, @@ -171,7 +171,7 @@ def test_wait_for_migration_airflow_version(self): def test_disable_wait_for_migration(self): docs = render_chart( values={ - "apiServer": { + "_apiServer": { "waitForMigrations": {"enabled": False}, }, }, @@ -185,7 +185,7 @@ def test_disable_wait_for_migration(self): def test_should_add_extra_init_containers(self): docs = render_chart( values={ - "apiServer": { + "_apiServer": { "extraInitContainers": [ {"name": "test-init-container", "image": "test-registry/test-repo:test-tag"} ], @@ -202,7 +202,7 @@ def test_should_add_extra_init_containers(self): def test_should_add_component_specific_labels(self): docs = render_chart( values={ - "apiServer": { + "_apiServer": { "labels": {"test_label": "test_label_value"}, }, }, @@ -215,7 +215,7 @@ def test_should_add_component_specific_labels(self): def test_should_create_valid_affinity_tolerations_and_node_selector(self): docs = render_chart( values={ - "apiServer": { + "_apiServer": { "affinity": { "nodeAffinity": { "requiredDuringSchedulingIgnoredDuringExecution": { @@ -300,7 +300,7 @@ def test_affinity_tolerations_topology_spread_constraints_and_node_selector_prec } docs = render_chart( values={ - "apiServer": { + "_apiServer": { "affinity": expected_affinity, "tolerations": [ {"key": "dynamic-pods", "operator": "Equal", "value": "true", "effect": "NoSchedule"} @@ -412,7 +412,7 @@ def test_config_volumes(self): def testapi_server_resources_are_configurable(self): docs = render_chart( values={ - "apiServer": { + "_apiServer": { "resources": { "limits": {"cpu": "200m", "memory": "128Mi"}, "requests": {"cpu": "300m", "memory": "169Mi"}, @@ -447,7 +447,7 @@ def testapi_server_resources_are_configurable(self): def test_api_server_security_contexts_are_configurable(self): docs = render_chart( values={ - "apiServer": { + "_apiServer": { "securityContexts": { "pod": { "fsGroup": 1000, @@ -480,7 +480,7 @@ def test_api_server_security_context_legacy(self): with pytest.raises(CalledProcessError, match="Additional property securityContext is not allowed"): render_chart( values={ - "apiServer": { + "_apiServer": { "securityContext": { "fsGroup": 1000, "runAsGroup": 1001, @@ -518,7 +518,7 @@ def test_api_server_resources_are_not_added_by_default(self): ) def test_update_strategy(self, airflow_version, strategy, expected_strategy): docs = render_chart( - values={"airflowVersion": airflow_version, "apiServer": {"strategy": expected_strategy}}, + values={"airflowVersion": airflow_version, "_apiServer": {"strategy": expected_strategy}}, show_only=["templates/api-server/api-server-deployment.yaml"], ) @@ -540,7 +540,7 @@ def test_default_command_and_args(self): @pytest.mark.parametrize("args", [None, ["custom", "args"]]) def test_command_and_args_overrides(self, command, args): docs = render_chart( - values={"apiServer": {"command": command, "args": args}}, + values={"_apiServer": {"command": command, "args": args}}, show_only=["templates/api-server/api-server-deployment.yaml"], ) @@ -550,7 +550,7 @@ def test_command_and_args_overrides(self, command, args): def test_command_and_args_overrides_are_templated(self): docs = render_chart( values={ - "apiServer": { + "_apiServer": { "command": ["{{ .Release.Name }}"], "args": ["{{ .Release.Service }}"], } @@ -563,7 +563,7 @@ def test_command_and_args_overrides_are_templated(self): def test_should_add_component_specific_annotations(self): docs = render_chart( - values={"apiServer": {"annotations": {"test_annotation": "test_annotation_value"}}}, + values={"_apiServer": {"annotations": {"test_annotation": "test_annotation_value"}}}, show_only=["templates/api-server/api-server-deployment.yaml"], ) assert "annotations" in jmespath.search("metadata", docs[0]) @@ -571,7 +571,7 @@ def test_should_add_component_specific_annotations(self): def test_api_server_pod_hostaliases(self): docs = render_chart( - values={"apiServer": {"hostAliases": [{"ip": "127.0.0.1", "hostnames": ["foo.local"]}]}}, + values={"_apiServer": {"hostAliases": [{"ip": "127.0.0.1", "hostnames": ["foo.local"]}]}}, show_only=["templates/api-server/api-server-deployment.yaml"], ) @@ -600,8 +600,8 @@ def test_default_service(self): def test_overrides(self): docs = render_chart( values={ - "ports": {"apiServer": 9000}, - "apiServer": { + "ports": {"_apiServer": 9000}, + "_apiServer": { "service": { "type": "LoadBalancer", "loadBalancerIP": "127.0.0.1", @@ -628,7 +628,7 @@ def test_overrides(self): { "name": "{{ .Release.Name }}", "protocol": "UDP", - "port": "{{ .Values.ports.apiServer }}", + "port": "{{ .Values.ports._apiServer }}", } ], [{"name": "release-name", "protocol": "UDP", "port": 9091}], @@ -636,7 +636,7 @@ def test_overrides(self): ([{"name": "only_sidecar", "port": "{{ int 9000 }}"}], [{"name": "only_sidecar", "port": 9000}]), ( [ - {"name": "api-server", "port": "{{ .Values.ports.apiServer }}"}, + {"name": "api-server", "port": "{{ .Values.ports._apiServer }}"}, {"name": "sidecar", "port": 80, "targetPort": "sidecar"}, ], [ @@ -648,7 +648,7 @@ def test_overrides(self): ) def test_ports_overrides(self, ports, expected_ports): docs = render_chart( - values={"apiServer": {"service": {"ports": ports}}}, + values={"_apiServer": {"service": {"ports": ports}}}, show_only=["templates/api-server/api-server-service.yaml"], ) @@ -656,7 +656,7 @@ def test_ports_overrides(self, ports, expected_ports): def test_should_add_component_specific_labels(self): docs = render_chart( - values={"apiServer": {"labels": {"test_label": "test_label_value"}}}, + values={"_apiServer": {"labels": {"test_label": "test_label_value"}}}, show_only=["templates/api-server/api-server-service.yaml"], ) assert "test_label" in jmespath.search("metadata.labels", docs[0]) @@ -677,7 +677,7 @@ def test_should_add_component_specific_labels(self): ) def test_nodeport_service(self, ports, expected_ports): docs = render_chart( - values={"apiServer": {"service": {"type": "NodePort", "ports": ports}}}, + values={"_apiServer": {"service": {"type": "NodePort", "ports": ports}}}, show_only=["templates/api-server/api-server-service.yaml"], ) @@ -698,7 +698,7 @@ def test_defaults(self): docs = render_chart( values={ "networkPolicies": {"enabled": True}, - "apiServer": { + "_apiServer": { "networkPolicy": { "ingress": { "from": [{"namespaceSelector": {"matchLabels": {"release": "myrelease"}}}] @@ -722,7 +722,7 @@ def test_defaults(self): ([{"port": "sidecar"}], [{"port": "sidecar"}]), ( [ - {"port": "{{ .Values.ports.apiServer }}"}, + {"port": "{{ .Values.ports._apiServer }}"}, {"port": 80}, ], [ @@ -736,7 +736,7 @@ def test_ports_overrides(self, ports, expected_ports): docs = render_chart( values={ "networkPolicies": {"enabled": True}, - "apiServer": { + "_apiServer": { "networkPolicy": { "ingress": { "from": [{"namespaceSelector": {"matchLabels": {"release": "myrelease"}}}], @@ -754,7 +754,7 @@ def test_should_add_component_specific_labels(self): docs = render_chart( values={ "networkPolicies": {"enabled": True}, - "apiServer": { + "_apiServer": { "labels": {"test_label": "test_label_value"}, }, }, @@ -770,7 +770,7 @@ class TestAPIServerServiceAccount: def test_should_add_component_specific_labels(self): docs = render_chart( values={ - "apiServer": { + "_apiServer": { "serviceAccount": {"create": True}, "labels": {"test_label": "test_label_value"}, }, @@ -783,7 +783,7 @@ def test_should_add_component_specific_labels(self): def test_default_automount_service_account_token(self): docs = render_chart( values={ - "apiServer": { + "_apiServer": { "serviceAccount": {"create": True}, }, }, @@ -794,7 +794,7 @@ def test_default_automount_service_account_token(self): def test_overridden_automount_service_account_token(self): docs = render_chart( values={ - "apiServer": { + "_apiServer": { "serviceAccount": {"create": True, "automountServiceAccountToken": False}, }, }, diff --git a/helm_tests/security/test_rbac.py b/helm_tests/security/test_rbac.py index 0eecb9aadeb4d..c494ebc7ee6e3 100644 --- a/helm_tests/security/test_rbac.py +++ b/helm_tests/security/test_rbac.py @@ -153,7 +153,7 @@ def test_deployments_no_rbac_no_sa(self, version): "scheduler": {"serviceAccount": {"create": False}}, "dagProcessor": {"serviceAccount": {"create": False}}, "webserver": {"serviceAccount": {"create": False}}, - "apiServer": {"serviceAccount": {"create": False}}, + "_apiServer": {"serviceAccount": {"create": False}}, "workers": {"serviceAccount": {"create": False}}, "triggerer": {"serviceAccount": {"create": False}}, "statsd": {"serviceAccount": {"create": False}}, @@ -206,7 +206,7 @@ def test_deployments_with_rbac_no_sa(self, version): "scheduler": {"serviceAccount": {"create": False}}, "dagProcessor": {"serviceAccount": {"create": False}}, "webserver": {"serviceAccount": {"create": False}}, - "apiServer": {"serviceAccount": {"create": False}}, + "_apiServer": {"serviceAccount": {"create": False}}, "workers": {"serviceAccount": {"create": False}}, "triggerer": {"serviceAccount": {"create": False}}, "flower": {"enabled": True, "serviceAccount": {"create": False}}, @@ -267,7 +267,7 @@ def test_service_account_custom_names(self): "scheduler": {"serviceAccount": {"name": CUSTOM_SCHEDULER_NAME}}, "dagProcessor": {"serviceAccount": {"name": CUSTOM_DAG_PROCESSOR_NAME}}, "webserver": {"serviceAccount": {"name": CUSTOM_WEBSERVER_NAME}}, - "apiServer": {"serviceAccount": {"name": CUSTOM_API_SERVER_NAME}}, + "_apiServer": {"serviceAccount": {"name": CUSTOM_API_SERVER_NAME}}, "workers": {"serviceAccount": {"name": CUSTOM_WORKER_NAME}}, "triggerer": {"serviceAccount": {"name": CUSTOM_TRIGGERER_NAME}}, "flower": {"enabled": True, "serviceAccount": {"name": CUSTOM_FLOWER_NAME}}, @@ -306,7 +306,7 @@ def test_service_account_custom_names_in_objects(self): "scheduler": {"serviceAccount": {"name": CUSTOM_SCHEDULER_NAME}}, "dagProcessor": {"serviceAccount": {"name": CUSTOM_DAG_PROCESSOR_NAME}}, "webserver": {"serviceAccount": {"name": CUSTOM_WEBSERVER_NAME}}, - "apiServer": {"serviceAccount": {"name": CUSTOM_API_SERVER_NAME}}, + "_apiServer": {"serviceAccount": {"name": CUSTOM_API_SERVER_NAME}}, "workers": {"serviceAccount": {"name": CUSTOM_WORKER_NAME}}, "triggerer": {"serviceAccount": {"name": CUSTOM_TRIGGERER_NAME}}, "flower": {"enabled": True, "serviceAccount": {"name": CUSTOM_FLOWER_NAME}},