apache · hussein-awala · Nov 14, 2023
@@ -20,55 +20,68 @@
 ################################
 ## Airflow ConfigMap
 #################################
+{{- $workersNamespaces := list }}
+{{- if .Values.multiNamespaceMode }}
+  {{- range $namespace := .Values.airflowNamespaces }}
+    {{- $workersNamespaces = mustAppend $workersNamespaces ($namespace | quote) }}
+  {{- end }}
+{{- end }}
+{{- if not (has (.Release.Namespace | quote) $workersNamespaces) }}
+    {{ $workersNamespaces = mustPrepend $workersNamespaces (.Release.Namespace | quote) }}
+{{- end }}
+{{- range $namespace := $workersNamespaces }}
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ template "airflow_config" . }}
+  name: {{ template "airflow_config" $ }}
+  namespace: {{ $namespace }}
   labels:
     tier: airflow
     component: config
-    release: {{ .Release.Name }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    heritage: {{ .Release.Service }}
-    {{- with .Values.labels }}
+    release: {{ $.Release.Name }}
+    chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
+    heritage: {{ $.Release.Service }}
+    {{- with $.Values.labels }}
       {{- toYaml . | nindent 4 }}
     {{- end -}}
-  {{- if .Values.airflowConfigAnnotations }}
-  annotations: {{- toYaml .Values.airflowConfigAnnotations | nindent 4 }}
+  {{- if $.Values.airflowConfigAnnotations }}
+  annotations: {{- toYaml $.Values.airflowConfigAnnotations | nindent 4 }}
   {{- end }}
-{{- $Global := . }}
+{{- $Global := $ }}
 data:
   # These are system-specified config overrides.
   airflow.cfg: |-
-    {{- range $section, $settings := .Values.config }}
+    {{- range $section, $settings := $.Values.config }}
     [{{ $section }}]
     {{- range $key, $val := $settings }}
     {{ $key }} = {{ tpl ($val | toString) $Global }}
     {{- end }}
     {{ end }}
 
-  {{- if .Values.airflowLocalSettings }}
+  {{- if $.Values.airflowLocalSettings }}
   airflow_local_settings.py: |-
-    {{- tpl .Values.airflowLocalSettings . | nindent 4 }}
+    {{- tpl $.Values.airflowLocalSettings $ | nindent 4 }}
   {{- end }}
 
-  {{- if and .Values.dags.gitSync.enabled .Values.dags.gitSync.knownHosts }}
+  {{- if and $.Values.dags.gitSync.enabled $.Values.dags.gitSync.knownHosts }}
   known_hosts: |-
-    {{- .Values.dags.gitSync.knownHosts | nindent 4 }}
+    {{- $.Values.dags.gitSync.knownHosts | nindent 4 }}
   {{- end }}
 
 {{- if or (eq $.Values.executor "LocalKubernetesExecutor") (eq $.Values.executor "KubernetesExecutor") (eq $.Values.executor "CeleryKubernetesExecutor") }}
-{{- if semverCompare ">=1.10.12" .Values.airflowVersion }}
+{{- if semverCompare ">=1.10.12" $.Values.airflowVersion }}
   pod_template_file.yaml: |-
-    {{- if .Values.podTemplate }}
-      {{- tpl .Values.podTemplate . | nindent 4 }}
+    {{- if $.Values.podTemplate }}
+      {{- tpl $.Values.podTemplate $ | nindent 4 }}
     {{- else }}
-      {{- tpl (.Files.Get "files/pod-template-file.kubernetes-helm-yaml") . | nindent 4 }}
+      {{- tpl ($.Files.Get "files/pod-template-file.kubernetes-helm-yaml") $ | nindent 4 }}
     {{- end }}
 {{- end }}
 {{- end }}
 
-  {{- if .Values.kerberos.enabled }}
+  {{- if $.Values.kerberos.enabled }}
   krb5.conf: |-
-    {{- tpl .Values.kerberos.config . | nindent 4 }}
+    {{- tpl $.Values.kerberos.config $ | nindent 4 }}
   {{- end }}
+{{- end }}
@@ -23,6 +23,15 @@
 {{- if and .Values.rbac.create .Values.allowPodLaunching }}
 {{- $schedulerLaunchExecutors := list "LocalExecutor" "LocalKubernetesExecutor" "KubernetesExecutor" "CeleryKubernetesExecutor" }}
 {{- $workerLaunchExecutors := list "CeleryExecutor" "LocalKubernetesExecutor" "KubernetesExecutor" "CeleryKubernetesExecutor" }}
+{{- $workersNamespaces := list }}
+{{- if .Values.multiNamespaceMode }}
+  {{- range $namespace := .Values.airflowNamespaces }}
+    {{- $workersNamespaces = mustAppend $workersNamespaces ($namespace | quote) }}
+  {{- end }}
+{{- end }}
+{{- if not (has (.Release.Namespace | quote) $workersNamespaces) }}
+    {{ $workersNamespaces = mustPrepend $workersNamespaces (.Release.Namespace | quote) }}
+{{- end }}
 apiVersion: rbac.authorization.k8s.io/v1
 {{- if .Values.multiNamespaceMode }}
 kind: ClusterRoleBinding
@@ -57,8 +66,10 @@ subjects:
     namespace: "{{ .Release.Namespace }}"
   {{- end }}
   {{- if has .Values.executor $workerLaunchExecutors }}
+  {{- range $namespace := $workersNamespaces }}
   - kind: ServiceAccount
-    name: {{ include "worker.serviceAccountName" . }}
-    namespace: "{{ .Release.Namespace }}"
+    name: {{ include "worker.serviceAccountName" $ }}
+    namespace: {{ $namespace }}
+  {{- end }}
   {{- end }}
 {{- end }}
@@ -21,6 +21,8 @@
 ## Airflow SCC Role Binding
 #################################
 {{- if and .Values.rbac.create .Values.rbac.createSCCRoleBinding }}
+{{- $defaultWorkersNamespaces := list (.Release.Namespace | quote)}}
+{{- $workerNamespaces := (.Values.multiNamespaceMode | ternary (concat $defaultWorkersNamespaces .Values.airflowNamespaces | uniq) $defaultWorkersNamespaces) }}
 {{- $hasWorkers := has .Values.executor (list "CeleryExecutor" "LocalKubernetesExecutor" "KubernetesExecutor" "CeleryKubernetesExecutor") }}
 apiVersion: rbac.authorization.k8s.io/v1
 {{- if .Values.multiNamespaceMode }}
@@ -50,9 +52,11 @@ subjects:
     name: {{ include "webserver.serviceAccountName" . }}
     namespace: "{{ .Release.Namespace }}"
   {{- if $hasWorkers }}
+  {{- range $namespace := $workerNamespaces }}
   - kind: ServiceAccount
-    name: {{ include "worker.serviceAccountName" . }}
-    namespace: "{{ .Release.Namespace }}"
+    name: {{ include "worker.serviceAccountName" $ }}
+    namespace: {{ $namespace }}
+  {{- end }}
   {{- end }}
   - kind: ServiceAccount
     name: {{ include "scheduler.serviceAccountName" . }}

@@ -21,24 +21,37 @@
 ## Elasticsearch Secret
 #################################
 {{- if (and .Values.elasticsearch.enabled (not .Values.elasticsearch.secretName)) }}
+{{- $workersNamespaces := list }}
+{{- if .Values.multiNamespaceMode }}
+  {{- range $namespace := .Values.airflowNamespaces }}
+    {{- $workersNamespaces = mustAppend $workersNamespaces ($namespace | quote) }}
+  {{- end }}
+{{- end }}
+{{- if not (has (.Release.Namespace | quote) $workersNamespaces) }}
+    {{ $workersNamespaces = mustPrepend $workersNamespaces (.Release.Namespace | quote) }}
+{{- end }}
+{{- range $namespace := $workersNamespaces }}
+---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "airflow.fullname" . }}-elasticsearch
+  name: {{ include "airflow.fullname" $ }}-elasticsearch
+  namespace: {{ $namespace }}
   labels:
-    release: {{ .Release.Name }}
-    chart: {{ .Chart.Name }}
-    heritage: {{ .Release.Service }}
-    {{- with .Values.labels }}
-      {{- toYaml . | nindent 4 }}
+    release: {{ $.Release.Name }}
+    chart: {{ $.Chart.Name }}
+    heritage: {{ $.Release.Service }}
+    {{- with $.Values.labels }}
+      {{- toYaml $ | nindent 4 }}
     {{- end }}
 type: Opaque
 data:
-  {{- with .Values.elasticsearch.connection }}
-    {{- if and .user .pass }}
+  {{- with $.Values.elasticsearch.connection }}
+    {{- if and $.user $.pass }}
       connection: {{ urlJoin (dict "scheme" (default "http" .scheme) "userinfo" (printf "%s:%s" (.user | urlquery) (.pass | urlquery)) "host" (printf "%s:%s" .host ((default 9200 .port) | toString) ) ) | b64enc | quote }}
     {{- else }}
     connection: {{ urlJoin (dict "scheme" (default "http" .scheme) "host" (printf "%s:%s" .host ((default 9200 .port) | toString))) | b64enc | quote }}
     {{- end }}
   {{- end }}
 {{- end }}
+{{- end }}
@@ -22,16 +22,28 @@
 #################################
 {{- if not .Values.fernetKeySecretName }}
 {{- $generated_fernet_key := (randAlphaNum 32 | b64enc) }}
+{{- $workersNamespaces := list }}
+{{- if .Values.multiNamespaceMode }}
+  {{- range $namespace := .Values.airflowNamespaces }}
+    {{- $workersNamespaces = mustAppend $workersNamespaces ($namespace | quote) }}
+  {{- end }}
+{{- end }}
+{{- if not (has (.Release.Namespace | quote) $workersNamespaces) }}
+    {{ $workersNamespaces = mustPrepend $workersNamespaces (.Release.Namespace | quote) }}
+{{- end }}
+{{- range $namespace := $workersNamespaces }}
+---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Release.Name }}-fernet-key
+  name: {{ $.Release.Name }}-fernet-key
+  namespace: {{ $namespace }}
   labels:
     tier: airflow
-    release: {{ .Release.Name }}
-    chart: {{ .Chart.Name }}
-    heritage: {{ .Release.Service }}
-    {{- with .Values.labels }}
+    release: {{ $.Release.Name }}
+    chart: {{ $.Chart.Name }}
+    heritage: {{ $.Release.Service }}
+    {{- with $.Values.labels }}
       {{- toYaml . | nindent 4 }}
     {{- end }}
   annotations:
@@ -40,5 +52,6 @@ metadata:
     "helm.sh/hook-weight": "0"
 type: Opaque
 data:
-  fernet-key: {{ (default $generated_fernet_key .Values.fernetKey) | b64enc | quote }}
+  fernet-key: {{ (default $generated_fernet_key $.Values.fernetKey) | b64enc | quote }}
+{{- end }}
 {{- end }}
@@ -30,26 +30,38 @@
 {{- $metadataDatabase := .Values.data.metadataConnection.db }}
 {{- $database := (ternary (printf "%s-%s" .Release.Name "metadata") $metadataDatabase .Values.pgbouncer.enabled) }}
 {{- $query := ternary (printf "sslmode=%s" .Values.data.metadataConnection.sslmode) "" (eq .Values.data.metadataConnection.protocol "postgresql") }}
+{{- $workersNamespaces := list }}
+{{- if .Values.multiNamespaceMode }}
+  {{- range $namespace := .Values.airflowNamespaces }}
+    {{- $workersNamespaces = mustAppend $workersNamespaces ($namespace | quote) }}
+  {{- end }}
+{{- end }}
+{{- if not (has (.Release.Namespace | quote) $workersNamespaces) }}
+    {{ $workersNamespaces = mustPrepend $workersNamespaces (.Release.Namespace | quote) }}
+{{- end }}
+{{- range $namespace := $workersNamespaces }}
+---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "airflow.fullname" . }}-metadata
+  name: {{ include "airflow.fullname" $ }}-metadata
+  namespace: {{ $namespace }}
   labels:
     tier: airflow
-    release: {{ .Release.Name }}
-    chart: {{ .Chart.Name }}
-    heritage: {{ .Release.Service }}
-    {{- with .Values.labels }}
+    release: {{ $.Release.Name }}
+    chart: {{ $.Chart.Name }}
+    heritage: {{ $.Release.Service }}
+    {{- with $.Values.labels }}
       {{- toYaml . | nindent 4 }}
     {{- end }}
 type: Opaque
 data:
-  {{- with .Values.data.metadataConnection }}
+  {{- with $.Values.data.metadataConnection }}
   connection: {{ urlJoin (dict "scheme" .protocol "userinfo" (printf "%s:%s" (.user | urlquery) (.pass | urlquery) ) "host" (printf "%s:%s" $host $port) "path" (printf "/%s" $database) "query" $query) | b64enc | quote }}
   {{- end }}
-  {{- if and .Values.workers.keda.enabled .Values.pgbouncer.enabled (not .Values.workers.keda.usePgbouncer) }}
-  {{- with .Values.data.metadataConnection }}
-  kedaConnection: {{ urlJoin (dict "scheme" .protocol "userinfo" (printf "%s:%s" (.user | urlquery) (.pass | urlquery) ) "host" (printf "%s:%s" $metadataHost $metadataPort) "path" (printf "/%s" $metadataDatabase) "query" $query) | b64enc | quote }}
-  {{- end }}
+  {{- if and $.Values.workers.keda.enabled $.Values.pgbouncer.enabled (not $.Values.workers.keda.usePgbouncer) }}
+  {{- with $.Values.data.metadataConnection }}
+  kedaConnection: {{ urlJoin (dict "scheme" .protocol "userinfo" (printf "%s:%s" (.user | urlquery) (.pass | urlquery) ) "host" (printf "%s:%s" $metadataHost $metadataPort) "path" (printf "/%s" $metadataDatabase) "query" $query) | b64enc | quote }}  {{- end }}
   {{- end }}
 {{- end }}
+{{- end }}
@@ -21,18 +21,31 @@
 ## Registry Secret
 #################################
 {{- if (and .Values.registry.connection (not .Values.registry.secretName)) }}
+{{- $workersNamespaces := list }}
+{{- if .Values.multiNamespaceMode }}
+  {{- range $namespace := .Values.airflowNamespaces }}
+    {{- $workersNamespaces = mustAppend $workersNamespaces ($namespace | quote) }}
+  {{- end }}
+{{- end }}
+{{- if not (has (.Release.Namespace | quote) $workersNamespaces) }}
+    {{ $workersNamespaces = mustPrepend $workersNamespaces (.Release.Namespace | quote) }}
+{{- end }}
+{{- range $namespace := $workersNamespaces }}
+---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "airflow.fullname" . }}-registry
+  name: {{ include "airflow.fullname" $ }}-registry
+  namespace: {{ $namespace }}
   labels:
-    release: {{ .Release.Name }}
-    chart: {{ .Chart.Name }}
-    heritage: {{ .Release.Service }}
-    {{- with .Values.labels }}
+    release: {{ $.Release.Name }}
+    chart: {{ $.Chart.Name }}
+    heritage: {{ $.Release.Service }}
+    {{- with $.Values.labels }}
       {{- toYaml . | nindent 4 }}
     {{- end }}
 type: kubernetes.io/dockerconfigjson
 data:
-  .dockerconfigjson: {{ include "registry_docker_config" . | b64enc }}
+  .dockerconfigjson: {{ include "registry_docker_config" $ | b64enc }}
+{{- end }}
 {{- end }}
@@ -30,21 +30,33 @@
 {{- $port := (ternary .Values.ports.pgbouncer $connection.port .Values.pgbouncer.enabled) | toString }}
 {{- $database := ternary (printf "%s-%s" .Release.Name "result-backend") $connection.db .Values.pgbouncer.enabled }}
 {{- $query := ternary (printf "sslmode=%s" $connection.sslmode) "" (eq $connection.protocol "postgresql") }}
+{{- $workersNamespaces := list }}
+{{- if .Values.multiNamespaceMode }}
+  {{- range $namespace := .Values.airflowNamespaces }}
+    {{- $workersNamespaces = mustAppend $workersNamespaces ($namespace | quote) }}
+  {{- end }}
+{{- end }}
+{{- if not (has (.Release.Namespace | quote) $workersNamespaces) }}
+    {{ $workersNamespaces = mustPrepend $workersNamespaces (.Release.Namespace | quote) }}
+{{- end }}
+{{- range $namespace := $workersNamespaces }}
+---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "airflow.fullname" . }}-result-backend
+  name: {{ include "airflow.fullname" $ }}-result-backend
   labels:
     tier: airflow
-    release: {{ .Release.Name }}
-    chart: {{ .Chart.Name }}
-    heritage: {{ .Release.Service }}
-    {{- with .Values.labels }}
-      {{- toYaml . | nindent 4 }}
+    release: {{ $.Release.Name }}
+    chart: {{ $.Chart.Name }}
+    heritage: {{ $.Release.Service }}
+    {{- with $.Values.labels }}
+      {{- toYaml $ | nindent 4 }}
     {{- end }}
 type: Opaque
 data:
   connection: {{ urlJoin (dict "scheme" (printf "db+%s" $connection.protocol) "userinfo" (printf "%s:%s" ($connection.user|urlquery) ($connection.pass | urlquery)) "host" (printf "%s:%s" $host $port) "path" (printf "/%s" $database) "query" $query) | b64enc | quote }}
 {{- end }}
 {{- end }}
 {{- end }}
+{{- end }}
@@ -22,20 +22,33 @@
 ############################################
 {{- if not .Values.webserverSecretKeySecretName }}
 {{ $generated_secret_key := (randAlphaNum 32 | b64enc) }}
+{{- $workersNamespaces := list }}
+{{- if .Values.multiNamespaceMode }}
+  {{- range $namespace := .Values.airflowNamespaces }}
+    {{- $workersNamespaces = mustAppend $workersNamespaces ($namespace | quote) }}
+  {{- end }}
+{{- end }}
+{{- if not (has (.Release.Namespace | quote) $workersNamespaces) }}
+    {{ $workersNamespaces = mustPrepend $workersNamespaces (.Release.Namespace | quote) }}
+{{- end }}
+{{- range $namespace := $workersNamespaces }}
+---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "airflow.fullname" . }}-webserver-secret-key
+  name: {{ include "airflow.fullname" $ }}-webserver-secret-key
+  namespace: {{ $namespace }}
   labels:
     tier: airflow
     component: webserver
-    release: {{ .Release.Name }}
-    chart: {{ .Chart.Name }}
-    heritage: {{ .Release.Service }}
-    {{- with .Values.labels }}
-      {{- toYaml . | nindent 4 }}
+    release: {{ $.Release.Name }}
+    chart: {{ $.Chart.Name }}
+    heritage: {{ $.Release.Service }}
+    {{- with $.Values.labels }}
+      {{- toYaml $ | nindent 4 }}
     {{- end }}
 type: Opaque
 data:
-  webserver-secret-key: {{ (default $generated_secret_key .Values.webserverSecretKey) | b64enc | quote }}
+  webserver-secret-key: {{ (default $generated_secret_key $.Values.webserverSecretKey) | b64enc | quote }}
+{{- end }}
 {{- end }}