Skip to content

fix: add SCC to dag processor #51080

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
eladkal merged 17 commits into from
Jun 12, 2025
Merged

fix: add SCC to dag processor #51080

eladkal merged 17 commits into from
Jun 12, 2025

Conversation

@kesem0811
Copy link
Contributor

@kesem0811 kesem0811 commented May 26, 2025
edited
Loading

helm: Add SCC role binding for dag-processor service account
Currently, the Airflow Helm chart includes a template that creates SCC (Security Context Constraints) role bindings for the service accounts of all components—except the dag-processor.

This PR adds an SCC role binding for the dag-processor service account to ensure consistent security configuration across all Airflow components.

This change is required in environments that use the dag-processor component together with SCC policies, such as OpenShift or other restricted Kubernetes clusters. Without this binding, the dag-processor may fail to start due to insufficient security privileges.

@boring-cyborg boring-cyborg bot added the area:helm-chart Airflow Helm Chart label May 26, 2025
@boring-cyborg
Copy link

boring-cyborg bot commented May 26, 2025

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contributors' Guide (https://github.com/apache/airflow/blob/main/contributing-docs/README.rst)
Here are some useful points:

  • Pay attention to the quality of your code (ruff, mypy and type annotations). Our pre-commits will help you with that.
  • In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example DAG that shows how users should use it.
  • Consider using Breeze environment for testing locally, it's a heavy docker but it ships with a working Airflow and a lot of integrations.
  • Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
  • Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
  • Be sure to read the Airflow Coding style.
  • Always keep your Pull Requests rebased, otherwise your build might fail due to changes not related to your commits.
    Apache Airflow is a community-driven project and together we are making it better 🚀.
    In case of doubts contact the developers at:
    Mailing List: dev@airflow.apache.org
    Slack: https://s.apache.org/airflow-slack

@jedcunningham
Copy link
Member

jedcunningham commented May 28, 2025
edited
Loading

Thanks for the PR @kesem0811. Can you add test coverage here? (There might be more places in that file as well)

@kesem0811 kesem0811 requested a review from romsharon98 June 8, 2025 15:07
romsharon98
romsharon98 reviewed Jun 8, 2025
View reviewed changes
@kesem0811 kesem0811 requested a review from romsharon98 June 11, 2025 13:07
@eladkal
Copy link
Contributor

eladkal commented Jun 12, 2025

Needs rebase

@eladkal eladkal merged commit bc1d51e into apache:main Jun 12, 2025
66 checks passed
@eladkal eladkal mentioned this pull request Jun 13, 2025
Merged
choo121600 pushed a commit to choo121600/airflow that referenced this pull request Jun 14, 2025
@kesem0811 @choo121600
fix: add SCC to dag processor (apache#51080)
db0c6df 
* fix: add SCC to dag processor

* delete typing error

* your message

* change my test

* change the value deffault

* fix tests2

* fix tests2

* return values to original version

* run ruff formater

* change the SCC tests

* change the SCC tests

* fix formatting
@jedcunningham jedcunningham mentioned this pull request Jun 16, 2025
Closed
25 tasks
@eladkal eladkal mentioned this pull request Jun 16, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@romsharon98 romsharon98 romsharon98 approved these changes

@eladkal eladkal eladkal approved these changes

@dstandish dstandish Awaiting requested review from dstandish dstandish is a code owner

@jedcunningham jedcunningham Awaiting requested review from jedcunningham jedcunningham is a code owner

@hussein-awala hussein-awala Awaiting requested review from hussein-awala hussein-awala is a code owner

Assignees

No one assigned

Labels

area:helm-chart Airflow Helm Chart

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kesem0811 @jedcunningham @eladkal @romsharon98