You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by po...@apache.org on 2020/10/09 20:55:50 UTC

[airflow] branch master updated: Add capability of adding service account annotations to Helm Chart (#11387)

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/master by this push:
     new 29a145c  Add capability of adding service account annotations to Helm Chart (#11387)
29a145c is described below

commit 29a145cd6968a4fab5d6cf3197773e90ba91a642
Author: Jarek Potiuk <ja...@polidea.com>
AuthorDate: Fri Oct 9 22:54:21 2020 +0200

    Add capability of adding service account annotations to Helm Chart (#11387)
    
    We can now add annotations to the service accounts in a generic
    way. This allows for example to add Workflow Identitty in GKE
    environment but it is not limited to it.
    
    Co-authored-by: Kamil Breguła <ka...@polidea.com>
    
    Co-authored-by: Jacob Ferriero <jf...@google.com>
    Co-authored-by: Kamil Breguła <ka...@polidea.com>
---
 chart/README.md                                         |  4 +++-
 chart/templates/scheduler/scheduler-serviceaccount.yaml |  6 ++++++
 chart/templates/webserver/webserver-serviceaccount.yaml |  6 ++++++
 chart/templates/workers/worker-serviceaccount.yaml      |  8 +++++++-
 chart/values.schema.json                                | 12 ++++++++++++
 chart/values.yaml                                       |  9 ++++++++-
 6 files changed, 42 insertions(+), 3 deletions(-)

diff --git a/chart/README.md b/chart/README.md
index 1753d6c..4e25362 100644
--- a/chart/README.md
+++ b/chart/README.md
@@ -210,7 +210,9 @@ The following tables lists the configurable parameters of the Airflow chart and
 | `webserver.defaultUser`                               | Optional default airflow user information                                                                    | `{}`                                              |
 | `dags.persistence.*`                                  | Dag persistence configuration                                                                                | Please refer to `values.yaml`                     |
 | `dags.gitSync.*`                                      | Git sync configuration                                                                                       | Please refer to `values.yaml`                     |
-| `multiNamespaceMode`                                   | Whether the KubernetesExecutor can launch pods in multiple namespaces                                        | `False`                                           |
+| `multiNamespaceMode`                                  | Whether the KubernetesExecutor can launch pods in multiple namespaces                                        | `False`                                           |
+| `serviceAccountAnnottions.*`                          | Map of annotations for worker, webserver, scheduler kubernetes service accounts                              | {}                                                |
+
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 
diff --git a/chart/templates/scheduler/scheduler-serviceaccount.yaml b/chart/templates/scheduler/scheduler-serviceaccount.yaml
index 0e97bbd..c5e97f1 100644
--- a/chart/templates/scheduler/scheduler-serviceaccount.yaml
+++ b/chart/templates/scheduler/scheduler-serviceaccount.yaml
@@ -28,6 +28,12 @@ metadata:
     release: {{ .Release.Name }}
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     heritage: {{ .Release.Service }}
+  {{- with .Values.scheduler.serviceAccountAnnotations }}
+  annotations:
+    {{- range $key, $value := . }}
+      {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
+      {{- end }}
+  {{- end }}
 {{- with .Values.labels }}
 {{ toYaml . | indent 4 }}
 {{- end }}
diff --git a/chart/templates/webserver/webserver-serviceaccount.yaml b/chart/templates/webserver/webserver-serviceaccount.yaml
index ea86713..ba99cea 100644
--- a/chart/templates/webserver/webserver-serviceaccount.yaml
+++ b/chart/templates/webserver/webserver-serviceaccount.yaml
@@ -27,6 +27,12 @@ metadata:
     release: {{ .Release.Name }}
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     heritage: {{ .Release.Service }}
+  {{- with .Values.webserver.serviceAccountAnnotations }}
+  annotations:
+    {{- range $key, $value := . }}
+      {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
+      {{- end }}
+  {{- end }}
 {{- with .Values.labels }}
 {{ toYaml . | indent 4 }}
 {{- end }}
diff --git a/chart/templates/workers/worker-serviceaccount.yaml b/chart/templates/workers/worker-serviceaccount.yaml
index 5bfb6a6..3f2df95 100644
--- a/chart/templates/workers/worker-serviceaccount.yaml
+++ b/chart/templates/workers/worker-serviceaccount.yaml
@@ -28,7 +28,13 @@ metadata:
     release: {{ .Release.Name }}
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     heritage: {{ .Release.Service }}
-{{- with .Values.labels }}
+  {{- with .Values.workers.serviceAccountAnnotations }}
+  annotations:
+    {{- range $key, $value := . }}
+      {{- printf "%s: %s" $key (tpl $value $ | quote) | nindent 4 }}
+      {{- end }}
+  {{- end }}
+  {{- with .Values.labels }}
 {{ toYaml . | indent 4 }}
 {{- end }}
 {{- end }}
diff --git a/chart/values.schema.json b/chart/values.schema.json
index 9776116..a5eda19 100644
--- a/chart/values.schema.json
+++ b/chart/values.schema.json
@@ -467,6 +467,10 @@
                 "safeToEvict": {
                     "description": "This setting tells Kubernetes that it's ok to evict when it wants to scale a node down.",
                     "type": "boolean"
+                },
+                "serviceAccountAnnotations": {
+                  "description": "Annotations to add to the worker kubernetes service account.",
+                  "type": "object"
                 }
             }
         },
@@ -507,6 +511,10 @@
                 "safeToEvict": {
                     "description": "This setting tells Kubernetes that its ok to evict when it wants to scale a node down.",
                     "type": "boolean"
+                },
+                "serviceAccountAnnotations": {
+                  "description": "Annotations to add to the scheduler kubernetes service account.",
+                  "type": "object"
                 }
             }
         },
@@ -631,6 +639,10 @@
                             "type": "object"
                         }
                     }
+                },
+                "serviceAccountAnnotations": {
+                  "description": "Annotations to add to the webserver kubernetes service account.",
+                  "type": "object"
                 }
             }
         },
diff --git a/chart/values.yaml b/chart/values.yaml
index 1279da5..3c823ee 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -233,7 +233,6 @@ kerberos:
       admin_server = admin_server.foo.com
     }
 
-
 # Airflow Worker Config
 workers:
   # Number of airflow celery workers in StatefulSet
@@ -285,6 +284,8 @@ workers:
   # This setting tells kubernetes that its ok to evict
   # when it wants to scale a node down.
   safeToEvict: true
+  # Annotations to add to worker kubernetes service account.
+  serviceAccountAnnotations: {}
 
 # Airflow scheduler settings
 scheduler:
@@ -312,6 +313,9 @@ scheduler:
   # when it wants to scale a node down.
   safeToEvict: true
 
+  # Annotations to add to scheduler kubernetes service account.
+  serviceAccountAnnotations: {}
+
 # Airflow webserver settings
 webserver:
   livenessProbe:
@@ -372,6 +376,9 @@ webserver:
     ## service annotations
     annotations: {}
 
+  # Annotations to add to webserver kubernetes service account.
+  serviceAccountAnnotations: {}
+
 # Flower settings
 flower:
   # Additional network policies as needed