diff --git a/chart/templates/_helpers.yaml b/chart/templates/_helpers.yaml index 7606e75084a31..93802bd723b3f 100644 --- a/chart/templates/_helpers.yaml +++ b/chart/templates/_helpers.yaml @@ -184,6 +184,14 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- end }} +{{/* User defined gitSync container environment from */}} +{{- define "custom_git_sync_environment_from" }} + {{- $Global := . }} + {{- with .Values.dags.gitSync.envFrom }} + {{- tpl . $Global | nindent 2 }} + {{- end }} +{{- end }} + {{/* Git ssh key volume */}} {{- define "git_sync_ssh_key_volume" }} - name: git-sync-ssh-key @@ -198,6 +206,7 @@ If release name contains chart name it will be used as a full name. image: {{ template "git_sync_image" . }} imagePullPolicy: {{ .Values.images.gitSync.pullPolicy }} securityContext: {{- include "localContainerSecurityContext" .Values.dags.gitSync | nindent 4 }} + envFrom: {{- include "custom_git_sync_environment_from" . | default "\n []" | indent 2 }} env: {{- if or .Values.dags.gitSync.sshKeySecret .Values.dags.gitSync.sshKey }} - name: GIT_SSH_KEY_FILE diff --git a/chart/values.schema.json b/chart/values.schema.json index de298ec0620de..5f6a3b55d89f5 100644 --- a/chart/values.schema.json +++ b/chart/values.schema.json @@ -8528,6 +8528,18 @@ } ] }, + "envFrom": { + "description": "Extra envFrom 'items' that will be added to the definition of Airflow gitSync containers; a string or array are expected (can be templated).", + "type": [ + "null", + "string" + ], + "default": null, + "examples": [ + "- secretRef:\n name: 'proxy-config", + "- configMapRef:\n name: 'proxy-config" + ] + }, "resources": { "description": "Resources on workers git-sync sidecar", "type": "object", diff --git a/chart/values.yaml b/chart/values.yaml index 4fe4f05756566..76130e55bb5a0 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -342,6 +342,11 @@ extraSecrets: {} # '{{ .Release.Name }}-other-secret-name-suffix': # data: | # ... +# 'proxy-config': +# stringData: | +# HTTP_PROXY: http://proxy_user:proxy_password@192.168.0.10:2080 +# HTTPS_PROXY: http://proxy_user:proxy_password@192.168.0.10:2080 +# NO_PROXY: "localhost,127.0.0.1,.svc.cluster.local,kubernetes.default.svc" # Extra ConfigMaps that will be managed by the chart # (You can use them with extraEnv or extraEnvFrom or some of the extraVolumes values). @@ -2655,6 +2660,11 @@ dags: # For backwards compatibility, wait will be used if it is specified. period: 5s wait: ~ + # add variables from secret into gitSync containers, such proxy-config + envFrom: ~ + # envFrom: | + # - secretRef: + # name: 'proxy-config' containerName: git-sync uid: 65533 diff --git a/helm_tests/airflow_aux/test_pod_template_file.py b/helm_tests/airflow_aux/test_pod_template_file.py index 43a8d1942343a..8d4cabeef0497 100644 --- a/helm_tests/airflow_aux/test_pod_template_file.py +++ b/helm_tests/airflow_aux/test_pod_template_file.py @@ -85,6 +85,7 @@ def test_should_add_an_init_container_if_git_sync_is_true(self): "sshKeySecret": None, "credentialsSecret": None, "knownHosts": None, + "envFrom": "- secretRef:\n name: 'proxy-config'\n", } }, }, @@ -98,6 +99,7 @@ def test_should_add_an_init_container_if_git_sync_is_true(self): "securityContext": {"runAsUser": 65533}, "image": "test-registry/test-repo:test-tag", "imagePullPolicy": "Always", + "envFrom": [{"secretRef": {"name": "proxy-config"}}], "env": [ {"name": "GIT_SYNC_REV", "value": "HEAD"}, {"name": "GITSYNC_REF", "value": "test-branch"}, diff --git a/helm_tests/other/test_git_sync_scheduler.py b/helm_tests/other/test_git_sync_scheduler.py index 02289bd2deffc..4610888a3779d 100644 --- a/helm_tests/other/test_git_sync_scheduler.py +++ b/helm_tests/other/test_git_sync_scheduler.py @@ -77,6 +77,7 @@ def test_validate_the_git_sync_container_spec(self): "sshKeySecret": None, "credentialsSecret": None, "knownHosts": None, + "envFrom": "- secretRef:\n name: 'proxy-config'\n", }, "persistence": {"enabled": True}, }, @@ -89,6 +90,7 @@ def test_validate_the_git_sync_container_spec(self): "securityContext": {"runAsUser": 65533}, "image": "test-registry/test-repo:test-tag", "imagePullPolicy": "Always", + "envFrom": [{"secretRef": {"name": "proxy-config"}}], "env": [ {"name": "GIT_SYNC_REV", "value": "HEAD"}, {"name": "GITSYNC_REF", "value": "test-branch"}, @@ -137,6 +139,7 @@ def test_validate_the_git_sync_container_spec_if_wait_specified(self): "sshKeySecret": None, "credentialsSecret": None, "knownHosts": None, + "envFrom": "- secretRef:\n name: 'proxy-config'\n", }, "persistence": {"enabled": True}, }, @@ -149,6 +152,7 @@ def test_validate_the_git_sync_container_spec_if_wait_specified(self): "securityContext": {"runAsUser": 65533}, "image": "test-registry/test-repo:test-tag", "imagePullPolicy": "Always", + "envFrom": [{"secretRef": {"name": "proxy-config"}}], "env": [ {"name": "GIT_SYNC_REV", "value": "HEAD"}, {"name": "GITSYNC_REF", "value": "test-branch"},