From c06066220e1cea7ca81af0488ff8ea3629a20fc2 Mon Sep 17 00:00:00 2001 From: Jens Scheffler Date: Sun, 1 Feb 2026 21:22:24 +0100 Subject: [PATCH 1/2] Remove breaking change for createUser in Chart --- chart/templates/NOTES.txt | 14 +++++- .../jobs/create-user-job-serviceaccount.yaml | 4 +- chart/templates/jobs/create-user-job.yaml | 6 +-- ...curity-context-constraint-rolebinding.yaml | 6 +-- chart/values.schema.json | 48 ++++++++++++++++--- chart/values.yaml | 24 +++++++--- 6 files changed, 80 insertions(+), 22 deletions(-) diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt index 53248aa31a3b1..0d4c29c7bb3d7 100644 --- a/chart/templates/NOTES.txt +++ b/chart/templates/NOTES.txt @@ -114,7 +114,11 @@ Flower Dashboard: kubectl port-forward svc/{{ include "airflow.fullname" . {{- end }} -{{- if .Values.createUserJob.enabled}} +{{- if and .Values.webserver.defaultUser .Values.webserver.defaultUser.enabled}} +Default user (Airflow UI) Login credentials: + username: {{ .Values.createUserJob.defaultUser.username }} + password: {{ .Values.createUserJob.defaultUser.password }} +{{- else if .Values.createUserJob.enabled}} Default user (Airflow UI) Login credentials: username: {{ .Values.createUserJob.defaultUser.username }} password: {{ .Values.createUserJob.defaultUser.password }} @@ -340,6 +344,14 @@ DEPRECATION WARNING: {{- end }} +{{- if not (empty .Values.webserver.defaultUser) }} + + DEPRECATION WARNING: + `webserver.defaultUser` has been renamed to `createUserJob.defaultUser`. + Please change your values as support for the old name will be dropped in a future release. + +{{- end }} + {{ if (semverCompare ">=3.0.0" .Values.airflowVersion) }} ##################################################### # WARNING: You should set a static API secret key # diff --git a/chart/templates/jobs/create-user-job-serviceaccount.yaml b/chart/templates/jobs/create-user-job-serviceaccount.yaml index 60b2a36579ea8..0af6a9e96b5dc 100644 --- a/chart/templates/jobs/create-user-job-serviceaccount.yaml +++ b/chart/templates/jobs/create-user-job-serviceaccount.yaml @@ -17,9 +17,9 @@ under the License. */}} -########################################### +######################################### ## Airflow Create User Job ServiceAccount -########################################### +######################################### {{- if .Values.createUserJob.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/chart/templates/jobs/create-user-job.yaml b/chart/templates/jobs/create-user-job.yaml index 6913d4ef19fe9..0a58b50ce0098 100644 --- a/chart/templates/jobs/create-user-job.yaml +++ b/chart/templates/jobs/create-user-job.yaml @@ -17,10 +17,10 @@ under the License. */}} -################################ +########################## ## Airflow Create User Job -################################# -{{- if .Values.createUserJob.enabled }} +########################## +{{- if or (and .Values.webserver.defaultUser .Values.webserver.defaultUser.enabled) .Values.createUserJob.enabled }} {{- $nodeSelector := or .Values.createUserJob.nodeSelector .Values.nodeSelector }} {{- $affinity := or .Values.createUserJob.affinity .Values.affinity }} {{- $tolerations := or .Values.createUserJob.tolerations .Values.tolerations }} diff --git a/chart/templates/rbac/security-context-constraint-rolebinding.yaml b/chart/templates/rbac/security-context-constraint-rolebinding.yaml index 185eb3a890e9c..8e01246bd564d 100644 --- a/chart/templates/rbac/security-context-constraint-rolebinding.yaml +++ b/chart/templates/rbac/security-context-constraint-rolebinding.yaml @@ -17,9 +17,9 @@ under the License. */}} -################################ +########################### ## Airflow SCC Role Binding -################################# +########################### {{- if and .Values.rbac.create .Values.rbac.createSCCRoleBinding }} {{- $hasWorkers := has .Values.executor (list "CeleryExecutor" "LocalKubernetesExecutor" "KubernetesExecutor" "CeleryKubernetesExecutor") }} apiVersion: rbac.authorization.k8s.io/v1 @@ -88,7 +88,7 @@ subjects: - kind: ServiceAccount name: {{ include "migrateDatabaseJob.serviceAccountName" . }} namespace: "{{ .Release.Namespace }}" - {{- if .Values.createUserJob.enabled }} + {{- if or (and .Values.webserver.defaultUser .Values.webserver.defaultUser.enabled) .Values.createUserJob.enabled }} - kind: ServiceAccount name: {{ include "createUserJob.serviceAccountName" . }} namespace: "{{ .Release.Namespace }}" diff --git a/chart/values.schema.json b/chart/values.schema.json index d3e0c98c2a89e..990ae0cfa1ff7 100644 --- a/chart/values.schema.json +++ b/chart/values.schema.json @@ -5027,17 +5027,17 @@ "exec \\\nairflow {{ semverCompare \">=2.0.0\" .Values.airflowVersion | ternary \"users create\" \"create_user\" }} \"$@\"", "--", "-r", - "{{ .Values.createUserJob.defaultUser.role }}", + "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.role }}{{ else }}{{ .Values.createUserJob.defaultUser.role }}{{ end }}", "-u", - "{{ .Values.createUserJob.defaultUser.username }}", + "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.username }}{{ else }}{{ .Values.createUserJob.defaultUser.username }}{{ end }}", "-e", - "{{ .Values.createUserJob.defaultUser.email }}", + "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.email }}{{ else }}{{ .Values.createUserJob.defaultUser.email }}{{ end }}", "-f", - "{{ .Values.createUserJob.defaultUser.firstName }}", + "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.firstName }}{{ else }}{{ .Values.createUserJob.defaultUser.firstName }}{{ end }}", "-l", - "{{ .Values.createUserJob.defaultUser.lastName }}", + "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.lastName }}{{ else }}{{ .Values.createUserJob.defaultUser.lastName }}{{ end }}", "-p", - "{{ .Values.createUserJob.defaultUser.password }}" + "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.password }}{{ else }}{{ .Values.createUserJob.defaultUser.password }}{{ end }}" ] }, "annotations": { @@ -6879,6 +6879,42 @@ ], "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" }, + "defaultUser": { + "description": "Optional default Airflow user information (deprecated, use createUserJob section instead)", + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "description": "Enable default user creation.", + "type": "boolean", + "x-docsSection": "Common" + }, + "role": { + "description": "Default user role.", + "type": "string" + }, + "username": { + "description": "Default user username.", + "type": "string" + }, + "email": { + "description": "Default user email address.", + "type": "string" + }, + "firstName": { + "description": "Default user firstname.", + "type": "string" + }, + "lastName": { + "description": "Default user lastname.", + "type": "string" + }, + "password": { + "description": "Default user password.", + "type": "string" + } + } + }, "extraContainers": { "description": "Launch additional containers into webserver (templated).", "type": "array", diff --git a/chart/values.yaml b/chart/values.yaml index ae3ff24aeb2d8..598c6b9ffad7f 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1414,19 +1414,19 @@ createUserJob: exec \ airflow {{ semverCompare ">=2.0.0" .Values.airflowVersion | ternary "users create" "create_user" }} "$@" - -- + # yamllint disable rule:line-length - "-r" - - "{{ .Values.createUserJob.defaultUser.role }}" + - "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.role }}{{ else }}{{ .Values.createUserJob.defaultUser.role }}{{ end }}" - "-u" - - "{{ .Values.createUserJob.defaultUser.username }}" + - "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.username }}{{ else }}{{ .Values.createUserJob.defaultUser.username }}{{ end }}" - "-e" - - "{{ .Values.createUserJob.defaultUser.email }}" + - "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.email }}{{ else }}{{ .Values.createUserJob.defaultUser.email }}{{ end }}" - "-f" - - "{{ .Values.createUserJob.defaultUser.firstName }}" + - "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.firstName }}{{ else }}{{ .Values.createUserJob.defaultUser.firstName }}{{ end }}" - "-l" - - "{{ .Values.createUserJob.defaultUser.lastName }}" + - "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.lastName }}{{ else }}{{ .Values.createUserJob.defaultUser.lastName }}{{ end }}" - "-p" - - "{{ .Values.createUserJob.defaultUser.password }}" - + - "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.password }}{{ else }}{{ .Values.createUserJob.defaultUser.password }}{{ end }}" # Annotations on the create user job pod annotations: {} # jobAnnotations are annotations on the create user job @@ -1930,6 +1930,16 @@ webserver: # cpu: 100m # memory: 128Mi + # Create initial user. (Note: Deprecated, use createUserJob section instead) + # defaultUser: + # enabled: true + # role: Admin + # username: admin + # email: admin@example.com + # firstName: admin + # lastName: user + # password: admin + # Launch additional containers into webserver (templated). extraContainers: [] # Add additional init containers into webserver (templated). From 24e0d5e99bb788136d0ccd2a8c149a6099af2cc8 Mon Sep 17 00:00:00 2001 From: Jens Scheffler Date: Sun, 1 Feb 2026 21:30:33 +0100 Subject: [PATCH 2/2] Remove breaking change for createUser in Chart, notes --- chart/RELEASE_NOTES.rst | 11 +++++++++++ chart/reproducible_build.yaml | 4 ++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/chart/RELEASE_NOTES.rst b/chart/RELEASE_NOTES.rst index 0770d457a6af1..6f670d3e20fcf 100644 --- a/chart/RELEASE_NOTES.rst +++ b/chart/RELEASE_NOTES.rst @@ -53,6 +53,17 @@ This change introduces support for advanced Celery Workers topologies to Apache **Granular Configuration Overrides**: This change allows for overwrite of any currently available workers configuration per worker set. For example, a user can enable KEDA globally, but explicitly disable it for a specific worker set that requires a static number of replicas. +Options to create a default user have been moved under the ``createUserJob`` section +"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" + +Please update your configuration accordingly: + +* ``webserver.defaultUser`` section is now deprecated in favor of ``createUserJob`` (#59767) + +The previous configuration options are still working but are deprecated and will be removed in a future version. + +Note that the previous documentation described also the option ``apiServer.defaultUser``, which was never implemented in the chart. The only supported option is now ``createUserJob``. Using ``apiServer.defaultUser`` will raise an error. + Celery specific config options have been moved under the ``celery`` section in ``workers`` """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" diff --git a/chart/reproducible_build.yaml b/chart/reproducible_build.yaml index 062281940b9ac..a2468948ffefa 100644 --- a/chart/reproducible_build.yaml +++ b/chart/reproducible_build.yaml @@ -1,2 +1,2 @@ -release-notes-hash: b0ace4cbce4fe3f1c34de9c60ecc7fb7 -source-date-epoch: 1769927217 +release-notes-hash: b769a1a52290c4c11fc21615511aef6d +source-date-epoch: 1769977763