Skip to content

Add securityContext config for Redis to helm chart#22182

Merged
jedcunningham merged 15 commits into
apache:mainfrom
dan-vaughan:helm-add-redis-securitycontext
Apr 8, 2022
Merged

Add securityContext config for Redis to helm chart#22182
jedcunningham merged 15 commits into
apache:mainfrom
dan-vaughan:helm-add-redis-securitycontext

Conversation

@dan-vaughan

Copy link
Copy Markdown
Contributor
  • Add securityContext templating to statefulSet manifest
  • Add securityContext commented-out to values.yaml
  • Add securityContext section to values.schema.json

- Add securityContext templating to statefulSet manifest
- Add securityContext commented-out to values.yaml
- Add securityContext section to values.schema.json
@boring-cyborg boring-cyborg Bot added the area:helm-chart Airflow Helm Chart label Mar 11, 2022
@boring-cyborg

boring-cyborg Bot commented Mar 11, 2022

Copy link
Copy Markdown

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst)
Here are some useful points:

  • Pay attention to the quality of your code (flake8, mypy and type annotations). Our pre-commits will help you with that.
  • In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example DAG that shows how users should use it.
  • Consider using Breeze environment for testing locally, it’s a heavy docker but it ships with a working Airflow and a lot of integrations.
  • Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
  • Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
  • Be sure to read the Airflow Coding style.
    Apache Airflow is a community-driven project and together we are making it better 🚀.
    In case of doubts contact the developers at:
    Mailing List: dev@airflow.apache.org
    Slack: https://s.apache.org/airflow-slack

@jedcunningham jedcunningham left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @flipstone42!

Can you add the redis statefulset to the test suite for this feature?

"templates/jobs/migrate-database-job.yaml",

@jedcunningham jedcunningham added the type:new-feature Changelog: New Features label Mar 12, 2022
@pgvishnuram

Copy link
Copy Markdown
Contributor

@jedcunningham should we also add in redis sts in test_check_local_setting

{{- $nodeSelector := or .Values.redis.nodeSelector .Values.nodeSelector }}
{{- $affinity := or .Values.redis.affinity .Values.affinity }}
{{- $tolerations := or .Values.redis.tolerations .Values.tolerations }}
{{- $securityContext := include "airflowSecurityContext" (list . .Values.redis) }}

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
{{- $securityContext := include "airflowSecurityContext" (list . .Values.redis) }}
{{- $securityContext := include "localSecurityContext" .Values.redis }}

This should use localSecurityContext instead. We don't want the global Airflow security context to apply to Redis.

Comment thread chart/values.schema.json
Comment thread chart/values.schema.json Outdated
Comment thread chart/values.yaml Outdated
Comment thread tests/charts/test_security_context.py Outdated
Comment thread chart/values.yaml Outdated
@dan-vaughan

Copy link
Copy Markdown
Contributor Author

Apologies for not following up sooner @jedcunningham - would you like me to implement the changes you suggest here, or close this PR in favour of #22663?

@jedcunningham

Copy link
Copy Markdown
Member

@flipstone42, no worries! Yeah go ahead and make them here. I don't want to swipe your first commit, but I do want to get this done for the next chart release 👍.

There was one other test change I had added, so you can use my PR as an example.

Dan Vaughan and others added 4 commits April 3, 2022 15:19
- Set uid (default 0) in values
- Use localSecurityContext in redis statefulset
- Refactor test for localSecurityContext
- Set uid (default 0) in values
- Use localSecurityContext in redis statefulset
- Refactor test for localSecurityContext
…42/airflow into helm-add-redis-securitycontext
@dan-vaughan

Copy link
Copy Markdown
Contributor Author

@jedcunningham I've implemented your suggested changes, and defaulted the uid of the redis statefulset to 0 for backwards-compatibility 😄

flipstone42 added 2 commits April 3, 2022 15:28
@jedcunningham

Copy link
Copy Markdown
Member

Sounds good. Can you also add redis to the test_check_local_setting test?

@dan-vaughan

Copy link
Copy Markdown
Contributor Author

@jedcunningham is there anything else we need to merge this in?

@github-actions github-actions Bot added the full tests needed We need to run full set of tests for this PR to merge label Apr 7, 2022
@github-actions

github-actions Bot commented Apr 7, 2022

Copy link
Copy Markdown
Contributor

The PR most likely needs to run full matrix of tests because it modifies parts of the core of Airflow. However, committers might decide to merge it quickly and take the risk. If they don't merge it quickly - please rebase it to the latest main at your convenience, or amend the last commit of the PR, and push it with --force-with-lease.

@dan-vaughan

Copy link
Copy Markdown
Contributor Author

@jedcunningham I fixed a test error & have tested locally, I think I need you to trigger the full set of unit-tests before we merge this in?

@jedcunningham jedcunningham merged commit 5ec0bab into apache:main Apr 8, 2022
@boring-cyborg

boring-cyborg Bot commented Apr 8, 2022

Copy link
Copy Markdown

Awesome work, congrats on your first merged pull request!

@jedcunningham

Copy link
Copy Markdown
Member

@dan-vaughan, congrats on your first commit! 🎉🚀

@dan-vaughan

Copy link
Copy Markdown
Contributor Author

@dan-vaughan, congrats on your first commit! 🎉🚀

Thank you for your help @jedcunningham 🙏

@malthe

malthe commented Oct 14, 2022

Copy link
Copy Markdown
Contributor

@dan-vaughan what was the backward compatibility concern that led to using 0 as the default uid rather than 999?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:helm-chart Airflow Helm Chart full tests needed We need to run full set of tests for this PR to merge type:new-feature Changelog: New Features

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants