airship/shipyard
Code Issues Proposed changes

RBAC: Update serviceaccount and k8s rbac for Airflow

Browse Source 
This patch set brings the airflow/shipyard chart to be
inline with OSH* RBAC approach used in [0] and [1]

[0] https://review.openstack.org/#/c/526464/52
[1] https://review.openstack.org/#/c/529378/

Change-Id: Id2ff9f59028474601933196e1722b46c95f3a8ac
This commit is contained in:
Anthony Lin 2018-01-22 16:47:00 +00:00
parent ac637d6614
commit b379477236
6 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
charts/shipyard/templates/deployment-airflow-flower.yaml
View File

@ -15,6 +15,8 @@
{{- if .Values.manifests.deployment_airflow_flower }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.airflow_server }}
{{- $serviceAccountName := "airflow-flower" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{- $mounts_airflow_flower := .Values.pod.mounts.airflow_flower.airflow_flower }}
{{- $mounts_airflow_flower_init := .Values.pod.mounts.airflow_flower.init_container }}
---
@ -33,6 +35,7 @@ spec:
configmap-bin-hash: {{ tuple "configmap-airflow-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-airflow-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
restartPolicy: Always

3
charts/shipyard/templates/deployment-airflow-scheduler.yaml
View File

@ -15,6 +15,8 @@
{{- if .Values.manifests.deployment_airflow_scheduler }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.airflow_server }}
{{- $serviceAccountName := "airflow-scheduler" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{- $mounts_airflow_scheduler := .Values.pod.mounts.airflow_scheduler.airflow_scheduler }}
{{- $mounts_airflow_scheduler_init := .Values.pod.mounts.airflow_scheduler.init_container }}
---
@ -33,6 +35,7 @@ spec:
configmap-bin-hash: {{ tuple "configmap-airflow-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-airflow-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
restartPolicy: Always

3
charts/shipyard/templates/deployment-airflow-web.yaml
View File

@ -15,6 +15,8 @@
{{- if .Values.manifests.deployment_airflow_web }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.airflow_server }}
{{- $serviceAccountName := "airflow-web" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{- $mounts_airflow_web := .Values.pod.mounts.airflow_web.airflow_web }}
{{- $mounts_airflow_web_init := .Values.pod.mounts.airflow_web.init_container }}
---
@ -33,6 +35,7 @@ spec:
configmap-bin-hash: {{ tuple "configmap-airflow-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-airflow-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
restartPolicy: Always

3
charts/shipyard/templates/deployment-airflow-worker.yaml
View File

@ -15,6 +15,8 @@
{{- if .Values.manifests.deployment_airflow_worker }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.airflow_server }}
{{- $serviceAccountName := "airflow-worker" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{- $mounts_airflow_worker := .Values.pod.mounts.airflow_worker.airflow_worker }}
{{- $mounts_airflow_worker_init := .Values.pod.mounts.airflow_worker.init_container }}
---
@ -33,6 +35,7 @@ spec:
configmap-bin-hash: {{ tuple "configmap-airflow-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-airflow-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
restartPolicy: Always

3
charts/shipyard/templates/job-airflow-db-init.yaml
View File

@ -17,6 +17,8 @@ limitations under the License.
{{- if .Values.manifests.job_airflow_db_init }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.airflow_db_init }}
{{- $serviceAccountName := "airflow-db-init" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
@ -28,6 +30,7 @@ spec:
labels:
{{ tuple $envAll "airflow" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}

3
charts/shipyard/templates/job-airflow-db-sync.yaml
View File

@ -17,6 +17,8 @@ limitations under the License.
{{- if .Values.manifests.job_airflow_db_sync }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.airflow_db_sync }}
{{- $serviceAccountName := "airflow-db-sync" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
@ -28,6 +30,7 @@ spec:
labels:
{{ tuple $envAll "airflow" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}