Add securityContext config for Redis to helm chart

[dan-vaughan]

• Add securityContext templating to statefulSet manifest
• Add securityContext commented-out to values.yaml
• Add securityContext section to values.schema.json

[boring-cyborg]

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst)
Here are some useful points:

• Pay attention to the quality of your code (flake8, mypy and type annotations). Our pre-commits will help you with that.
• In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example DAG that shows how users should use it.
• Consider using Breeze environment for testing locally, it’s a heavy docker but it ships with a working Airflow and a lot of integrations.
• Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
• Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
• Be sure to read the Airflow Coding style.
  Apache Airflow is a community-driven project and together we are making it better 🚀.
  In case of doubts contact the developers at:
  Mailing List: dev@airflow.apache.org
  Slack: https://s.apache.org/airflow-slack

[jedcunningham]

Thanks @flipstone42!

Can you add the redis statefulset to the test suite for this feature?

airflow/tests/charts/test_security_context.py

Line 41 in 2499da8

"templates/jobs/migrate-database-job.yaml",

[pgvishnuram]

@jedcunningham should we also add in redis sts in test_check_local_setting

[jedcunningham]

Suggested change

	{{- $securityContext := include "airflowSecurityContext" (list . .Values.redis) }}
	{{- $securityContext := include "localSecurityContext" .Values.redis }}

This should use localSecurityContext instead. We don't want the global Airflow security context to apply to Redis.

[dan-vaughan]

Apologies for not following up sooner @jedcunningham - would you like me to implement the changes you suggest here, or close this PR in favour of #22663?

[jedcunningham]

@flipstone42, no worries! Yeah go ahead and make them here. I don't want to swipe your first commit, but I do want to get this done for the next chart release 👍.

There was one other test change I had added, so you can use my PR as an example.

[dan-vaughan]

@jedcunningham I've implemented your suggested changes, and defaulted the uid of the redis statefulset to 0 for backwards-compatibility 😄

[jedcunningham]

Sounds good. Can you also add redis to the test_check_local_setting test?

[dan-vaughan]

@jedcunningham is there anything else we need to merge this in?

[github-actions]

The PR most likely needs to run full matrix of tests because it modifies parts of the core of Airflow. However, committers might decide to merge it quickly and take the risk. If they don't merge it quickly - please rebase it to the latest main at your convenience, or amend the last commit of the PR, and push it with --force-with-lease.

[dan-vaughan]

@jedcunningham I fixed a test error & have tested locally, I think I need you to trigger the full set of unit-tests before we merge this in?

[boring-cyborg]

Awesome work, congrats on your first merged pull request!

[jedcunningham]

@dan-vaughan, congrats on your first commit! 🎉🚀

[dan-vaughan]

@dan-vaughan, congrats on your first commit! 🎉🚀

Thank you for your help @jedcunningham 🙏

[malthe]

@dan-vaughan what was the backward compatibility concern that led to using 0 as the default uid rather than 999?