mirror of
https://github.com/bitnami/charts.git
synced 2026-03-16 06:47:30 +08:00
[bitnami/airflow] fix: 🔒 Move service-account token auto-mount to pod declaration (#22382)
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
f7d5b6f2c4
commit
4f1eacc079
@@ -47,4 +47,4 @@ maintainers:
|
||||
name: airflow
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/airflow
|
||||
version: 16.2.1
|
||||
version: 16.3.0
|
||||
|
||||
@@ -161,6 +161,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `web.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `web.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` |
|
||||
| `web.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `web.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` |
|
||||
| `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` |
|
||||
@@ -222,6 +223,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `scheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `scheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` |
|
||||
| `scheduler.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `scheduler.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `scheduler.podLabels` | Add extra labels to the Airflow scheduler pods | `{}` |
|
||||
| `scheduler.podAnnotations` | Add extra annotations to the Airflow scheduler pods | `{}` |
|
||||
@@ -302,6 +304,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` |
|
||||
| `worker.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `worker.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `worker.podLabels` | Add extra labels to the Airflow worker pods | `{}` |
|
||||
| `worker.podAnnotations` | Add extra annotations to the Airflow worker pods | `{}` |
|
||||
@@ -454,6 +457,7 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
| `metrics.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` |
|
||||
| `metrics.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
|
||||
| `metrics.hostAliases` | Airflow exporter pods host aliases | `[]` |
|
||||
| `metrics.podLabels` | Extra labels for Airflow exporter pods | `{}` |
|
||||
| `metrics.podAnnotations` | Extra annotations for Airflow exporter pods | `{}` |
|
||||
|
||||
@@ -36,6 +36,7 @@ data:
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "airflow.imagePullSecrets" . | nindent 6 }}
|
||||
automountServiceAccountToken: {{ .Values.worker.automountServiceAccountToken }}
|
||||
{{- if .Values.worker.hostAliases }}
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.worker.hostAliases "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -32,6 +32,7 @@ spec:
|
||||
app.kubernetes.io/component: metrics
|
||||
spec:
|
||||
{{- include "airflow.imagePullSecrets" . | nindent 6 }}
|
||||
automountServiceAccountToken: {{ .Values.metrics.automountServiceAccountToken }}
|
||||
{{- if .Values.metrics.hostAliases }}
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.hostAliases "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -36,6 +36,7 @@ spec:
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "airflow.imagePullSecrets" . | nindent 6 }}
|
||||
automountServiceAccountToken: {{ .Values.scheduler.automountServiceAccountToken }}
|
||||
{{- if .Values.scheduler.hostAliases }}
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.hostAliases "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -35,6 +35,7 @@ spec:
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "airflow.imagePullSecrets" . | nindent 6 }}
|
||||
automountServiceAccountToken: {{ .Values.web.automountServiceAccountToken }}
|
||||
{{- if .Values.web.hostAliases }}
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.web.hostAliases "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -40,6 +40,7 @@ spec:
|
||||
app.kubernetes.io/component: worker
|
||||
spec:
|
||||
{{- include "airflow.imagePullSecrets" . | nindent 6 }}
|
||||
automountServiceAccountToken: {{ .Values.worker.automountServiceAccountToken }}
|
||||
{{- if .Values.worker.hostAliases }}
|
||||
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.worker.hostAliases "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -337,6 +337,9 @@ web:
|
||||
## @param web.lifecycleHooks for the Airflow web container(s) to automate configuration before or after startup
|
||||
##
|
||||
lifecycleHooks: {}
|
||||
## @param web.automountServiceAccountToken Mount Service Account token in pod
|
||||
##
|
||||
automountServiceAccountToken: false
|
||||
## @param web.hostAliases Deployment pod host aliases
|
||||
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||||
##
|
||||
@@ -559,6 +562,9 @@ scheduler:
|
||||
## @param scheduler.lifecycleHooks for the Airflow scheduler container(s) to automate configuration before or after startup
|
||||
##
|
||||
lifecycleHooks: {}
|
||||
## @param scheduler.automountServiceAccountToken Mount Service Account token in pod
|
||||
##
|
||||
automountServiceAccountToken: false
|
||||
## @param scheduler.hostAliases Deployment pod host aliases
|
||||
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||||
##
|
||||
@@ -829,6 +835,9 @@ worker:
|
||||
## @param worker.lifecycleHooks for the Airflow worker container(s) to automate configuration before or after startup
|
||||
##
|
||||
lifecycleHooks: {}
|
||||
## @param worker.automountServiceAccountToken Mount Service Account token in pod
|
||||
##
|
||||
automountServiceAccountToken: false
|
||||
## @param worker.hostAliases Deployment pod host aliases
|
||||
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||||
##
|
||||
@@ -1417,6 +1426,9 @@ metrics:
|
||||
## @param metrics.lifecycleHooks for the Airflow exporter container(s) to automate configuration before or after startup
|
||||
##
|
||||
lifecycleHooks: {}
|
||||
## @param metrics.automountServiceAccountToken Mount Service Account token in pod
|
||||
##
|
||||
automountServiceAccountToken: false
|
||||
## @param metrics.hostAliases Airflow exporter pods host aliases
|
||||
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
||||
##
|
||||
|
||||
Reference in New Issue
Block a user