Skip to content

Finish workers.celery.kerberosInitContainer & add workers.kubernetes.kerberosInitContainer #60751

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jscheffl merged 1 commit into from
Jan 18, 2026
Merged

Finish workers.celery.kerberosInitContainer & add workers.kubernetes.kerberosInitContainer #60751

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions chart/files/pod-template-file.kubernetes-helm-yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ metadata:
{{- end }}
annotations:
{{- toYaml $podAnnotations | nindent 4 }}
{{- if .Values.workers.kerberosInitContainer.enabled }}
{{- if or .Values.workers.kubernetes.kerberosInitContainer.enabled .Values.workers.kerberosInitContainer.enabled }}
checksum/kerberos-keytab: {{ include (print $.Template.BasePath "/secrets/kerberos-keytab-secret.yaml") . | sha256sum }}
{{- end }}
spec:
Expand All @@ -53,12 +53,12 @@ spec:
{{- if .Values.workers.extraInitContainers }}
{{- tpl (toYaml .Values.workers.extraInitContainers) . | nindent 4 }}
{{- end }}
{{- if and (semverCompare ">=2.8.0" .Values.airflowVersion) .Values.workers.kerberosInitContainer.enabled }}
{{- if and (semverCompare ">=2.8.0" .Values.airflowVersion) (or .Values.workers.kubernetes.kerberosInitContainer.enabled .Values.workers.kerberosInitContainer.enabled) }}
- name: kerberos-init
image: {{ template "airflow_image" . }}
imagePullPolicy: {{ .Values.images.airflow.pullPolicy }}
args: ["kerberos", "-o"]
resources: {{- toYaml .Values.workers.kerberosInitContainer.resources | nindent 8 }}
resources: {{- toYaml (.Values.workers.kubernetes.kerberosInitContainer.resources | default .Values.workers.kerberosInitContainer.resources) | nindent 8 }}
volumeMounts:
- name: logs
mountPath: {{ template "airflow_logs" . }}
Expand Down Expand Up @@ -106,7 +106,7 @@ spec:
env:
- name: AIRFLOW__CORE__EXECUTOR
value: {{ .Values.executor | quote }}
{{- if or .Values.workers.kerberosSidecar.enabled .Values.workers.kerberosInitContainer.enabled}}
{{- if or .Values.workers.kerberosSidecar.enabled .Values.workers.kubernetes.kerberosInitContainer.enabled .Values.workers.kerberosInitContainer.enabled }}
- name: KRB5_CONFIG
value: {{ .Values.kerberos.configPath | quote }}
- name: KRB5CCNAME
Expand Down Expand Up @@ -255,13 +255,13 @@ spec:
name: {{ include "airflow_config" . }}
name: config
{{- if semverCompare ">=3.0.0" .Values.airflowVersion }}
{{- if and (or .Values.apiServer.apiServerConfig .Values.apiServer.apiServerConfigConfigMapName) (or .Values.workers.kerberosInitContainer.enabled .Values.workers.kerberosSidecar.enabled)}}
{{- if and (or .Values.apiServer.apiServerConfig .Values.apiServer.apiServerConfigConfigMapName) (or .Values.workers.kubernetes.kerberosInitContainer.enabled .Values.workers.kerberosInitContainer.enabled .Values.workers.kerberosSidecar.enabled) }}
- name: api-server-config
configMap:
name: {{ template "airflow_api_server_config_configmap_name" . }}
{{- end }}
{{- else }}
{{- if and (or .Values.webserver.webserverConfig .Values.webserver.webserverConfigConfigMapName) (or .Values.workers.kerberosInitContainer.enabled .Values.workers.kerberosSidecar.enabled)}}
{{- if and (or .Values.webserver.webserverConfig .Values.webserver.webserverConfigConfigMapName) (or .Values.workers.kubernetes.kerberosInitContainer.enabled .Values.workers.kerberosInitContainer.enabled .Values.workers.kerberosSidecar.enabled) }}
- name: webserver-config
configMap:
name: {{ template "airflow_webserver_config_configmap_name" . }}
Expand Down
8 changes: 0 additions & 8 deletions chart/templates/NOTES.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,14 +204,6 @@ DEPRECATION WARNING:

{{- end }}

{{- if not (empty .Values.workers.kerberosInitContainer) }}

DEPRECATION WARNING:
`workers.kerberosInitContainer` has been renamed to `workers.celery.kerberosInitContainer`.
Please change your values as support for the old name will be dropped in a future release.

{{- end }}

{{- if ne (.Values.workers.args | toJson) (list "bash" "-c" "exec \\\nairflow {{ semverCompare \">=2.0.0\" .Values.airflowVersion | ternary \"celery worker\" \"worker\" }}" | toJson) }}

DEPRECATION WARNING:
Expand Down
6 changes: 2 additions & 4 deletions chart/templates/workers/worker-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,14 +187,12 @@ spec:
subPath: {{ .Values.logs.persistence.subPath }}
{{- end }}
{{- end }}
{{- $kerberosInitContainerEnabled := or (.Values.workers.celery.kerberosInitContainer).enabled (.Values.workers.kerberosInitContainer).enabled }}
{{- $kerberosInitContainerResources := (.Values.workers.celery.kerberosInitContainer).resources | default (.Values.workers.kerberosInitContainer).resources | default dict }}
{{- if and (semverCompare ">=2.8.0" .Values.airflowVersion) $kerberosInitContainerEnabled }}
{{- if and (semverCompare ">=2.8.0" .Values.airflowVersion) (or .Values.workers.celery.kerberosInitContainer.enabled .Values.workers.kerberosInitContainer.enabled) }}
- name: kerberos-init
image: {{ template "airflow_image" . }}
imagePullPolicy: {{ .Values.images.airflow.pullPolicy }}
args: ["kerberos", "-o"]
resources: {{- toYaml $kerberosInitContainerResources | nindent 12 }}
resources: {{- toYaml (.Values.workers.kerberosInitContainer.resources | default .Values.workers.celery.kerberosInitContainer.resources) | nindent 12 }}
volumeMounts:
- name: logs
mountPath: {{ template "airflow_logs" . }}
Expand Down
89 changes: 86 additions & 3 deletions chart/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2171,7 +2171,7 @@
}
},
"kerberosInitContainer": {
"description": "Kerberos init container for Airflow Celery workers and pods created with pod-template-file (deprecated, use `workers.celery.kerberosInitContainer` instead).",
"description": "Kerberos init container for Airflow Celery workers and pods created with pod-template-file.",
"type": "object",
"additionalProperties": false,
"properties": {
Expand Down Expand Up @@ -2951,7 +2951,7 @@
"$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements"
},
"containerLifecycleHooks": {
"description": "Container Lifecycle Hooks definition for the kerberos init container. If not set, the values from global `containerLifecycleHooks` will be used.",
"description": "Container Lifecycle Hooks definition for the kerberos init container. If not set, the values from `workers.kerberosInitContainer.containerLifecycleHooks` will be used.",
"type": "object",
"$ref": "#/definitions/io.k8s.api.core.v1.Lifecycle",
"default": {},
Expand Down Expand Up @@ -2980,7 +2980,7 @@
]
},
"securityContexts": {
"description": "Security context definition for the kerberos init container. If not set, the values from global `securityContexts` will be used.",
"description": "Security context definition for the kerberos init container. If not set, the values from `workers.kerberosInitContainer.securityContexts` will be used.",
"type": "object",
"x-docsSection": "Kubernetes",
"properties": {
Expand Down Expand Up @@ -3058,6 +3058,89 @@
]
}
}
},
"kerberosInitContainer": {
"description": "Kerberos init container for pods created with pod-template-file.",
"type": "object",
"additionalProperties": false,
"properties": {
"enabled": {
"description": "Enable kerberos init container.",
"type": "boolean",
"default": false
},
"resources": {
"description": "Resources on kerberos init container.",
"type": "object",
"default": {},
"examples": [
{
"limits": {
"cpu": "100m",
"memory": "128Mi"
},
"requests": {
"cpu": "100m",
"memory": "128Mi"
}
}
],
"$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements"
},
"containerLifecycleHooks": {
"description": "Container Lifecycle Hooks definition for the kerberos init container. If not set, the values from `workers.kerberosInitContainer.containerLifecycleHooks` will be used.",
"type": "object",
"$ref": "#/definitions/io.k8s.api.core.v1.Lifecycle",
"default": {},
"x-docsSection": "Kubernetes",
"examples": [
{
"postStart": {
"exec": {
"command": [
"/bin/sh",
"-c",
"echo postStart handler > /usr/share/message"
]
}
},
"preStop": {
"exec": {
"command": [
"/bin/sh",
"-c",
"echo preStop handler > /usr/share/message"
]
}
}
}
]
},
"securityContexts": {
"description": "Security context definition for the kerberos init container. If not set, the values from `workers.kerberosInitContainer.securityContexts` will be used.",
"type": "object",
"x-docsSection": "Kubernetes",
"properties": {
"container": {
"description": "Container security context definition for the kerberos init container.",
"type": "object",
"$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext",
"default": {},
"x-docsSection": "Kubernetes",
"examples": [
{
"allowPrivilegeEscalation": false,
"capabilities": {
"drop": [
"ALL"
]
}
}
]
}
}
}
}
}
}
}
Expand Down
33 changes: 30 additions & 3 deletions chart/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -873,10 +873,12 @@ workers:
containerLifecycleHooks: {}

# Kerberos init container configuration for Airflow Celery workers and pods created with pod-template-file
# (deprecated, use `workers.celery.kerberosInitContainer` instead)
# Use workers.celery.kerberosInitContainer and/or workers.kubernetes.kerberosInitContainer to separate
# value between Celery workers and pod-template-file
kerberosInitContainer:
# Enable kerberos init container
enabled: false

resources: {}
# limits:
# cpu: 100m
Expand All @@ -885,7 +887,7 @@ workers:
# cpu: 100m
# memory: 128Mi

# Detailed default security context for kerberos init container on container level
# Detailed default security context for kerberos init container
securityContexts:
container: {}

Expand Down Expand Up @@ -1146,9 +1148,12 @@ workers:
container: {}

# Kerberos init container configuration for Airflow Celery workers
# If not set, the values from `workers.kubernetesInitContainer` section will be used.
kerberosInitContainer:
# Enable kerberos init container
# If workers.kerberosInitContainer.enabled is set to True, this flag has no effect
enabled: false

resources: {}
# limits:
# cpu: 100m
Expand All @@ -1157,7 +1162,7 @@ workers:
# cpu: 100m
# memory: 128Mi

# Detailed default security context for kerberos init container on container level
# Detailed default security context for kerberos init container
securityContexts:
container: {}

Expand All @@ -1174,6 +1179,28 @@ workers:
pod: {}
container: {}

# Kerberos init container configuration for pods created with pod-template-file
# If not set, the values from `workers.kubernetesInitContainer` section will be used.
kerberosInitContainer:
# Enable kerberos init container
# If workers.kerberosInitContainer.enabled is set to True, this flag has no effect
enabled: false

resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi

# Detailed default security context for kerberos init container
securityContexts:
container: {}

# Container level lifecycle hooks
containerLifecycleHooks: {}

# Airflow scheduler settings
scheduler:
enabled: true
Expand Down
Loading