This is an automated email from the ASF dual-hosted git repository.
jscheffl pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 1ae6a2a963c Fix tpl rendering for TLS hosts in ingress templates
#62358 (#62548)
1ae6a2a963c is described below
commit 1ae6a2a963c18af72cf1f14fb12896a4fc878db4
Author: Haseeb Malik <[email protected]>
AuthorDate: Sun Mar 1 09:56:55 2026 -0500
Fix tpl rendering for TLS hosts in ingress templates #62358 (#62548)
---
chart/templates/api-server/api-server-ingress.yaml | 6 ++++--
chart/templates/flower/flower-ingress.yaml | 6 ++++--
chart/templates/pgbouncer/pgbouncer-ingress.yaml | 2 +-
chart/templates/statsd/statsd-ingress.yaml | 2 +-
chart/templates/webserver/webserver-ingress.yaml | 6 ++++--
.../tests/helm_tests/apiserver/test_ingress_apiserver.py | 14 ++++++++++++--
.../tests/helm_tests/webserver/test_ingress_flower.py | 14 ++++++++++++--
helm-tests/tests/helm_tests/webserver/test_ingress_web.py | 14 ++++++++++++--
8 files changed, 50 insertions(+), 14 deletions(-)
diff --git a/chart/templates/api-server/api-server-ingress.yaml
b/chart/templates/api-server/api-server-ingress.yaml
index 991e008ba00..02860382cd1 100644
--- a/chart/templates/api-server/api-server-ingress.yaml
+++ b/chart/templates/api-server/api-server-ingress.yaml
@@ -55,7 +55,7 @@ spec:
{{- if .tls }}
{{- if .tls.enabled }}
- hosts:
- - {{ .name | quote }}
+ - {{ tpl .name $ | quote }}
secretName: {{ .tls.secretName }}
{{- end }}
{{- end }}
@@ -64,7 +64,9 @@ spec:
{{- else if .Values.ingress.apiServer.tls.enabled }}
tls:
- hosts:
- {{- .Values.ingress.apiServer.hosts | default (list
.Values.ingress.apiServer.host) | toYaml | nindent 8 }}
+ {{- range .Values.ingress.apiServer.hosts | default (list
.Values.ingress.apiServer.host) }}
+ - {{ tpl . $ | quote }}
+ {{- end }}
secretName: {{ .Values.ingress.apiServer.tls.secretName }}
{{- end }}
rules:
diff --git a/chart/templates/flower/flower-ingress.yaml
b/chart/templates/flower/flower-ingress.yaml
index fde9db6ecb4..f1822338d5d 100644
--- a/chart/templates/flower/flower-ingress.yaml
+++ b/chart/templates/flower/flower-ingress.yaml
@@ -55,7 +55,7 @@ spec:
{{- if .tls }}
{{- if .tls.enabled }}
- hosts:
- - {{ .name | quote }}
+ - {{ tpl .name $ | quote }}
secretName: {{ .tls.secretName }}
{{- end }}
{{- end }}
@@ -64,7 +64,9 @@ spec:
{{- else if .Values.ingress.flower.tls.enabled }}
tls:
- hosts:
- {{- .Values.ingress.flower.hosts | default (list
.Values.ingress.flower.host) | toYaml | nindent 8 }}
+ {{- range .Values.ingress.flower.hosts | default (list
.Values.ingress.flower.host) }}
+ - {{ tpl . $ | quote }}
+ {{- end }}
secretName: {{ .Values.ingress.flower.tls.secretName }}
{{- end }}
rules:
diff --git a/chart/templates/pgbouncer/pgbouncer-ingress.yaml
b/chart/templates/pgbouncer/pgbouncer-ingress.yaml
index d67d1556af7..e1e5a8d6393 100644
--- a/chart/templates/pgbouncer/pgbouncer-ingress.yaml
+++ b/chart/templates/pgbouncer/pgbouncer-ingress.yaml
@@ -54,7 +54,7 @@ spec:
{{- if .tls }}
{{- if .tls.enabled }}
- hosts:
- - {{ .name | quote }}
+ - {{ tpl .name $ | quote }}
secretName: {{ .tls.secretName }}
{{- end }}
{{- end }}
diff --git a/chart/templates/statsd/statsd-ingress.yaml
b/chart/templates/statsd/statsd-ingress.yaml
index d48ec29085a..8544bd19d7d 100644
--- a/chart/templates/statsd/statsd-ingress.yaml
+++ b/chart/templates/statsd/statsd-ingress.yaml
@@ -54,7 +54,7 @@ spec:
{{- if .tls }}
{{- if .tls.enabled }}
- hosts:
- - {{ .name | quote }}
+ - {{ tpl .name $ | quote }}
secretName: {{ .tls.secretName }}
{{- end }}
{{- end }}
diff --git a/chart/templates/webserver/webserver-ingress.yaml
b/chart/templates/webserver/webserver-ingress.yaml
index f65f1841f86..6e0e2f6d3e9 100644
--- a/chart/templates/webserver/webserver-ingress.yaml
+++ b/chart/templates/webserver/webserver-ingress.yaml
@@ -55,7 +55,7 @@ spec:
{{- if .tls }}
{{- if .tls.enabled }}
- hosts:
- - {{ .name | quote }}
+ - {{ tpl .name $ | quote }}
secretName: {{ .tls.secretName }}
{{- end }}
{{- end }}
@@ -64,7 +64,9 @@ spec:
{{- else if .Values.ingress.web.tls.enabled }}
tls:
- hosts:
- {{- .Values.ingress.web.hosts | default (list
.Values.ingress.web.host) | toYaml | nindent 8 }}
+ {{- range .Values.ingress.web.hosts | default (list
.Values.ingress.web.host) }}
+ - {{ tpl . $ | quote }}
+ {{- end }}
secretName: {{ .Values.ingress.web.tls.secretName }}
{{- end }}
rules:
diff --git a/helm-tests/tests/helm_tests/apiserver/test_ingress_apiserver.py
b/helm-tests/tests/helm_tests/apiserver/test_ingress_apiserver.py
index c38c8682cfd..a1c3091ea48 100644
--- a/helm-tests/tests/helm_tests/apiserver/test_ingress_apiserver.py
+++ b/helm-tests/tests/helm_tests/apiserver/test_ingress_apiserver.py
@@ -190,8 +190,14 @@ class TestIngressAPIServer:
"apiServer": {
"enabled": True,
"hosts": [
- {"name": "*.{{ .Release.Namespace }}.example.com"},
- {"name": "{{ .Values.testValues.scalar
}}.example.com"},
+ {
+ "name": "*.{{ .Release.Namespace
}}.example.com",
+ "tls": {"enabled": True, "secretName":
"secret1"},
+ },
+ {
+ "name": "{{ .Values.testValues.scalar
}}.example.com",
+ "tls": {"enabled": True, "secretName":
"secret2"},
+ },
{"name": "{{ index .Values.testValues.list 1
}}.example.com"},
{"name": "{{ .Values.testValues.dict.key
}}.example.com"},
],
@@ -208,6 +214,10 @@ class TestIngressAPIServer:
"cc.example.com",
"dd.example.com",
]
+ assert jmespath.search("spec.tls[*]", docs[0]) == [
+ {"hosts": ["*.airflow.example.com"], "secretName": "secret1"},
+ {"hosts": ["aa.example.com"], "secretName": "secret2"},
+ ]
def test_backend_service_name(self):
docs = render_chart(
diff --git a/helm-tests/tests/helm_tests/webserver/test_ingress_flower.py
b/helm-tests/tests/helm_tests/webserver/test_ingress_flower.py
index 461450c0daa..c98617c4a8e 100644
--- a/helm-tests/tests/helm_tests/webserver/test_ingress_flower.py
+++ b/helm-tests/tests/helm_tests/webserver/test_ingress_flower.py
@@ -198,8 +198,14 @@ class TestIngressFlower:
"flower": {
"enabled": True,
"hosts": [
- {"name": "*.{{ .Release.Namespace }}.example.com"},
- {"name": "{{ .Values.testValues.scalar
}}.example.com"},
+ {
+ "name": "*.{{ .Release.Namespace
}}.example.com",
+ "tls": {"enabled": True, "secretName":
"secret1"},
+ },
+ {
+ "name": "{{ .Values.testValues.scalar
}}.example.com",
+ "tls": {"enabled": True, "secretName":
"secret2"},
+ },
{"name": "{{ index .Values.testValues.list 1
}}.example.com"},
{"name": "{{ .Values.testValues.dict.key
}}.example.com"},
],
@@ -216,6 +222,10 @@ class TestIngressFlower:
"cc.example.com",
"dd.example.com",
]
+ assert jmespath.search("spec.tls[*]", docs[0]) == [
+ {"hosts": ["*.airflow.example.com"], "secretName": "secret1"},
+ {"hosts": ["aa.example.com"], "secretName": "secret2"},
+ ]
def test_backend_service_name(self):
docs = render_chart(
diff --git a/helm-tests/tests/helm_tests/webserver/test_ingress_web.py
b/helm-tests/tests/helm_tests/webserver/test_ingress_web.py
index 389bae4628d..9aa28691043 100644
--- a/helm-tests/tests/helm_tests/webserver/test_ingress_web.py
+++ b/helm-tests/tests/helm_tests/webserver/test_ingress_web.py
@@ -190,8 +190,14 @@ class TestIngressWeb:
"web": {
"enabled": True,
"hosts": [
- {"name": "*.{{ .Release.Namespace }}.example.com"},
- {"name": "{{ .Values.testValues.scalar
}}.example.com"},
+ {
+ "name": "*.{{ .Release.Namespace
}}.example.com",
+ "tls": {"enabled": True, "secretName":
"secret1"},
+ },
+ {
+ "name": "{{ .Values.testValues.scalar
}}.example.com",
+ "tls": {"enabled": True, "secretName":
"secret2"},
+ },
{"name": "{{ index .Values.testValues.list 1
}}.example.com"},
{"name": "{{ .Values.testValues.dict.key
}}.example.com"},
],
@@ -208,6 +214,10 @@ class TestIngressWeb:
"cc.example.com",
"dd.example.com",
]
+ assert jmespath.search("spec.tls[*]", docs[0]) == [
+ {"hosts": ["*.airflow.example.com"], "secretName": "secret1"},
+ {"hosts": ["aa.example.com"], "secretName": "secret2"},
+ ]
def test_backend_service_name(self):
docs = render_chart(
