This is an automated email from the ASF dual-hosted git repository.
bugraoz93 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 18704832a39 Remove deprecated SecurityContext from chart (#68036)
18704832a39 is described below
commit 18704832a39f15f4f666e5ab1393dac98864b576
Author: Jens Scheffler <[email protected]>
AuthorDate: Wed Jun 10 21:38:33 2026 +0200
Remove deprecated SecurityContext from chart (#68036)
* Remove deprecated SecurityContext from chart
* Remove deprecated from NOTES as well
* Rename newsfragment
---
chart/newsfragments/68036.significant.rst | 3 +
chart/templates/NOTES.txt | 33 ----
chart/templates/_helpers.yaml | 36 ++--
.../airflow_aux/test_pod_template_file.py | 16 --
.../helm_tests/airflow_core/test_scheduler.py | 22 ---
chart/tests/helm_tests/other/test_statsd.py | 22 ---
.../helm_tests/security/test_security_context.py | 193 ---------------------
chart/values.schema.json | 156 -----------------
chart/values.yaml | 79 ---------
9 files changed, 16 insertions(+), 544 deletions(-)
diff --git a/chart/newsfragments/68036.significant.rst
b/chart/newsfragments/68036.significant.rst
new file mode 100644
index 00000000000..0d3847d4077
--- /dev/null
+++ b/chart/newsfragments/68036.significant.rst
@@ -0,0 +1,3 @@
+Deprecated ``securityContext`` has been removed from top level and in service
elements.
+
+Use ``securityContexts`` instead.
diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt
index 2ba8c2401e6..38be615f118 100644
--- a/chart/templates/NOTES.txt
+++ b/chart/templates/NOTES.txt
@@ -193,31 +193,6 @@ DEPRECATION WARNING:
{{- end }}
-
-{{- if .Values.securityContext }}
-
- DEPRECATION WARNING:
- `securityContext` has been renamed to `securityContexts`, to be enabled on
container and pod level.
- Please change your values as support for the old name will be dropped in a
future release.
-
-{{- end }}
-
-{{- if .Values.scheduler.securityContext }}
-
- DEPRECATION WARNING:
- `scheduler.securityContext` has been renamed to
`scheduler.securityContexts`.
- Please change your values as support for the old name will be dropped in a
future release.
-
-{{- end }}
-
-{{- if .Values.statsd.securityContext }}
-
- DEPRECATION WARNING:
- `statsd.securityContext` has been renamed to `statsd.securityContexts`.
- Please change your values as support for the old name will be dropped in a
future release.
-
-{{- end }}
-
{{- if ne (int .Values.workers.replicas) 1 }}
DEPRECATION WARNING:
@@ -322,14 +297,6 @@ DEPRECATION WARNING:
{{- end }}
-{{- if not (empty .Values.workers.securityContext) }}
-
- DEPRECATION WARNING:
- `workers.securityContext` has been renamed to
`workers.celery.securityContexts`/`workers.kubernetes.securityContexts`.
- Please change your values as support for the old name will be dropped in a
future release.
-
-{{- end }}
-
{{- if not (empty .Values.workers.securityContexts.pod) }}
DEPRECATION WARNING:
diff --git a/chart/templates/_helpers.yaml b/chart/templates/_helpers.yaml
index 75736ade897..f39f2c6be61 100644
--- a/chart/templates/_helpers.yaml
+++ b/chart/templates/_helpers.yaml
@@ -827,11 +827,11 @@ server_tls_key_file = /etc/pgbouncer/server.key
{{/*
Set the default value for pod securityContext
-If no value is passed for securityContexts.pod or <node>.securityContexts.pod
or legacy securityContext and <node>.securityContext, defaults to global uid
and gid.
+If no value is passed for securityContexts.pod or <node>.securityContexts.pod,
defaults to global uid and gid.
- +-----------------------------+ +------------------------+
+----------------------+ +-----------------+
+-------------------------+
- | <node>.securityContexts.pod | -> | <node>.securityContext | -> |
securityContexts.pod | -> | securityContext | -> | Values.uid + Values.gid |
- +-----------------------------+ +------------------------+
+----------------------+ +-----------------+
+-------------------------+
+ +-----------------------------+ +----------------------+
+-------------------------+
+ | <node>.securityContexts.pod | -> | securityContexts.pod | -> |
Values.uid + Values.gid |
+ +-----------------------------+ +----------------------+
+-------------------------+
Values are not accumulated meaning that if runAsUser is set to 10 in
<node>.securityContexts.pod,
any extra values set to securityContext or uid+gid will be ignored.
@@ -850,10 +850,6 @@ Priority of values are from left to right, meaning if
first value is not empty,
{{- $result = .securityContexts.pod }}
{{- break }}
{{- end }}
- {{- if and (hasKey . "securityContext") .securityContext }}
- {{- $result = .securityContext }}
- {{- break }}
- {{- end }}
{{- end }}
{{- if $result }}
{{- toYaml $result | print }}
@@ -865,11 +861,11 @@ fsGroup: {{ $.gid }}
{{/*
Set the default value for pod securityContext
-If no value is passed for <node>.securityContexts.pod or
<node>.securityContext, defaults to UID in the local node.
+If no value is passed for <node>.securityContexts.pod, defaults to UID in the
local node.
- +-----------------------------+ +------------------------+
+------------+
- | <node>.securityContexts.pod | -> | <node>.securityContext | -> |
<node>.uid |
- +-----------------------------+ +------------------------+
+------------+
+ +-----------------------------+ +------------+
+ | <node>.securityContexts.pod | -> | <node>.uid |
+ +-----------------------------+ +------------+
The template can be called like so:
include "localPodSecurityContext" (list . .Values.schedule)
@@ -879,8 +875,6 @@ It is important to pass the local variables scope to this
template as it is used
{{- define "localPodSecurityContext" -}}
{{- if .securityContexts.pod -}}
{{ toYaml .securityContexts.pod | print }}
- {{- else if .securityContext -}}
- {{ toYaml .securityContext | print }}
{{- else -}}
runAsUser: {{ .uid }}
{{- end -}}
@@ -888,11 +882,11 @@ runAsUser: {{ .uid }}
{{/*
Set the default value for container securityContext
-If no value is passed for <node>.securityContexts.container or
<node>.securityContext, defaults to UID in the local node.
+If no value is passed for <node>.securityContexts.container, defaults to UID
in the local node.
- +-----------------------------------+ +------------------------+
+------------+
- | <node>.securityContexts.container | -> | <node>.securityContext | ->
| <node>.uid |
- +-----------------------------------+ +------------------------+
+------------+
+ +-----------------------------------+ +------------+
+ | <node>.securityContexts.container | -> | <node>.uid |
+ +-----------------------------------+ +------------+
The template can be called like so:
include "localContainerSecurityContext" .Values.statsd
@@ -902,8 +896,6 @@ It is important to pass the local variables scope to this
template as it is used
{{- define "localContainerSecurityContext" -}}
{{- if .securityContexts.container -}}
{{ toYaml .securityContexts.container | print }}
- {{- else if .securityContext -}}
- {{ toYaml .securityContext | print }}
{{- else -}}
runAsUser: {{ .uid }}
{{- end -}}
@@ -911,7 +903,7 @@ runAsUser: {{ .uid }}
{{/*
Set the default value for workers chown for persistent storage
-If no value is passed for securityContexts.pod or <node>.securityContexts.pod
or legacy securityContext and <node>.securityContext, defaults to global uid
and gid.
+If no value is passed for securityContexts.pod or <node>.securityContexts.pod,
defaults to global uid and gid.
The template looks for `runAsUser` and `fsGroup` specifically, any other
parameter will be ignored.
+-----------------------------+
+----------------------------------------------------+
+------------------+ +-------------------------+
@@ -931,8 +923,6 @@ Where `.` is the global variables scope and
`.Values.workers` the local variable
{{- with index . 1 }}
{{- if .securityContexts.pod -}}
{{ pluck "runAsUser" .securityContexts.pod | first | default
$.Values.uid }}:{{ pluck "fsGroup" .securityContexts.pod | first | default
$.Values.gid }}
- {{- else if $.Values.securityContext -}}
- {{ pluck "runAsUser" $.Values.securityContext | first | default
$.Values.uid }}:{{ pluck "fsGroup" $.Values.securityContext | first | default
$.Values.gid }}
{{- else if $.Values.securityContexts.pod -}}
{{ pluck "runAsUser" $.Values.securityContexts.pod | first | default
$.Values.uid }}:{{ pluck "fsGroup" $.Values.securityContexts.pod | first |
default $.Values.gid }}
{{- else -}}
diff --git a/chart/tests/helm_tests/airflow_aux/test_pod_template_file.py
b/chart/tests/helm_tests/airflow_aux/test_pod_template_file.py
index bbad368fcb3..503428c623c 100644
--- a/chart/tests/helm_tests/airflow_aux/test_pod_template_file.py
+++ b/chart/tests/helm_tests/airflow_aux/test_pod_template_file.py
@@ -847,9 +847,7 @@ class TestPodTemplateFile:
@pytest.mark.parametrize(
"values",
[
- {"securityContext": {"runAsUser": 10}},
{"securityContexts": {"pod": {"runAsUser": 10}}},
- {"workers": {"securityContext": {"runAsUser": 10}}},
{"workers": {"securityContexts": {"pod": {"runAsUser": 10}}}},
{"workers": {"kubernetes": {"securityContexts": {"pod":
{"runAsUser": 10}}}}},
],
@@ -889,7 +887,6 @@ class TestPodTemplateFile:
@pytest.mark.parametrize(
"values",
[
- {"securityContext": {"runAsUser": 5}, "workers":
{"securityContext": {"runAsUser": 10}}},
{
"securityContexts": {"pod": {"runAsUser": 5}},
"workers": {"securityContexts": {"pod": {"runAsUser": 10}}},
@@ -904,19 +901,6 @@ class TestPodTemplateFile:
"kubernetes": {"securityContexts": {"pod": {"runAsUser":
10}}},
},
},
- {"securityContext": {"runAsUser": 5}, "securityContexts": {"pod":
{"runAsUser": 10}}},
- {
- "workers": {
- "securityContext": {"runAsUser": 5},
- "securityContexts": {"pod": {"runAsUser": 10}},
- }
- },
- {
- "workers": {
- "securityContext": {"runAsUser": 5},
- "kubernetes": {"securityContexts": {"pod": {"runAsUser":
10}}},
- }
- },
],
)
def test_pod_security_context_overwrite(self, values):
diff --git a/chart/tests/helm_tests/airflow_core/test_scheduler.py
b/chart/tests/helm_tests/airflow_core/test_scheduler.py
index 45f8dfd91f0..427a315b909 100644
--- a/chart/tests/helm_tests/airflow_core/test_scheduler.py
+++ b/chart/tests/helm_tests/airflow_core/test_scheduler.py
@@ -600,28 +600,6 @@ class TestScheduler:
"runAsNonRoot": True,
}
- def test_scheduler_security_context_legacy(self):
- docs = render_chart(
- values={
- "scheduler": {
- "securityContext": {
- "fsGroup": 1000,
- "runAsGroup": 1001,
- "runAsNonRoot": True,
- "runAsUser": 2000,
- }
- },
- },
- show_only=["templates/scheduler/scheduler-deployment.yaml"],
- )
-
- assert jmespath.search("spec.template.spec.securityContext", docs[0])
== {
- "runAsUser": 2000,
- "runAsGroup": 1001,
- "fsGroup": 1000,
- "runAsNonRoot": True,
- }
-
def test_scheduler_resources_are_configurable(self):
docs = render_chart(
values={
diff --git a/chart/tests/helm_tests/other/test_statsd.py
b/chart/tests/helm_tests/other/test_statsd.py
index 619851f4b9b..27016af67d6 100644
--- a/chart/tests/helm_tests/other/test_statsd.py
+++ b/chart/tests/helm_tests/other/test_statsd.py
@@ -269,28 +269,6 @@ class TestStatsd:
"runAsNonRoot": True,
}
- def test_statsd_security_context_legacy(self):
- docs = render_chart(
- values={
- "statsd": {
- "securityContext": {
- "fsGroup": 1000,
- "runAsGroup": 1001,
- "runAsNonRoot": True,
- "runAsUser": 2000,
- }
- },
- },
- show_only=["templates/statsd/statsd-deployment.yaml"],
- )
-
- assert jmespath.search("spec.template.spec.securityContext", docs[0])
== {
- "runAsUser": 2000,
- "runAsGroup": 1001,
- "fsGroup": 1000,
- "runAsNonRoot": True,
- }
-
def test_statsd_resources_are_not_added_by_default(self):
docs = render_chart(
show_only=["templates/statsd/statsd-deployment.yaml"],
diff --git a/chart/tests/helm_tests/security/test_security_context.py
b/chart/tests/helm_tests/security/test_security_context.py
index 191c7fdb4d3..0fcca281cf0 100644
--- a/chart/tests/helm_tests/security/test_security_context.py
+++ b/chart/tests/helm_tests/security/test_security_context.py
@@ -118,63 +118,6 @@ class TestSCBackwardsCompatibility:
class TestSecurityContext:
"""Tests security context."""
- def test_default_setting(self):
- docs = render_chart(
- values={
- "securityContext": {"runAsUser": 6000, "fsGroup": 60},
- "flower": {"enabled": True},
- "statsd": {"enabled": False},
- },
- show_only=[
- "templates/dag-processor/dag-processor-deployment.yaml",
- "templates/flower/flower-deployment.yaml",
- "templates/scheduler/scheduler-deployment.yaml",
- "templates/triggerer/triggerer-deployment.yaml",
- "templates/api-server/api-server-deployment.yaml",
- "templates/workers/worker-deployment.yaml",
- "templates/jobs/create-user-job.yaml",
- "templates/jobs/migrate-database-job.yaml",
- ],
- )
-
- for doc in docs:
- assert
jmespath.search("spec.template.spec.securityContext.runAsUser", doc) == 6000
- assert
jmespath.search("spec.template.spec.securityContext.fsGroup", doc) == 60
-
- def test_check_local_setting(self):
- component_contexts = {"securityContext": {"runAsUser": 9000,
"fsGroup": 90}}
- docs = render_chart(
- values={
- "uid": 3000,
- "gid": 30,
- "securityContext": {"runAsUser": 6000, "fsGroup": 60},
- "workers": component_contexts,
- "flower": {"enabled": True, **component_contexts},
- "scheduler": component_contexts,
- "dagProcessor": component_contexts,
- "createUserJob": component_contexts,
- "migrateDatabaseJob": component_contexts,
- "triggerer": component_contexts,
- "redis": component_contexts,
- "statsd": {"enabled": True, **component_contexts},
- },
- show_only=[
- "templates/flower/flower-deployment.yaml",
- "templates/dag-processor/dag-processor-deployment.yaml",
- "templates/scheduler/scheduler-deployment.yaml",
- "templates/triggerer/triggerer-deployment.yaml",
- "templates/workers/worker-deployment.yaml",
- "templates/jobs/create-user-job.yaml",
- "templates/jobs/migrate-database-job.yaml",
- "templates/statsd/statsd-deployment.yaml",
- "templates/redis/redis-statefulset.yaml",
- ],
- )
-
- for doc in docs:
- assert
jmespath.search("spec.template.spec.securityContext.runAsUser", doc) == 9000
- assert
jmespath.search("spec.template.spec.securityContext.fsGroup", doc) == 90
-
# Test priority:
# <local>.securityContexts > securityContexts > uid + gid
@pytest.mark.parametrize(
@@ -228,23 +171,6 @@ class TestSecurityContext:
assert
jmespath.search("spec.template.spec.securityContext.runAsUser", doc) == 9000
assert
jmespath.search("spec.template.spec.securityContext.fsGroup", doc) == 90
- # Test containerSecurity priority over uid under components using
localSecurityContext
- def test_check_local_uid(self):
- component_contexts = {"uid": 3000, "securityContext": {"runAsUser":
7000}}
- docs = render_chart(
- values={
- "redis": component_contexts,
- "statsd": {"enabled": True, **component_contexts},
- },
- show_only=[
- "templates/statsd/statsd-deployment.yaml",
- "templates/redis/redis-statefulset.yaml",
- ],
- )
-
- for doc in docs:
- assert
jmespath.search("spec.template.spec.securityContext.runAsUser", doc) == 7000
-
# Test securityContexts for main containers
def test_global_security_context(self):
ctx_value_pod = {"runAsUser": 7000}
@@ -643,125 +569,6 @@ class TestSecurityContext:
for doc in docs[1:]:
assert ctx_value ==
jmespath.search("spec.template.spec.securityContext", doc)
- @pytest.mark.parametrize(
- "workers_values",
- [
- {"securityContext": {"runAsUser": 7000}},
- {
- "celery": {
- "enableDefault": False,
- "sets": [{"name": "test", "securityContext": {"runAsUser":
7000}}],
- },
- },
- ],
- )
- def test_main_pod_setting_legacy_security(self, workers_values):
- ctx_value = {"runAsUser": 7000}
- security_context = {"securityContext": ctx_value}
- docs = render_chart(
- values={
- "executor": "CeleryExecutor,KubernetesExecutor",
- "cleanup": {"enabled": True, **security_context},
- "scheduler": security_context,
- "workers": workers_values,
- "flower": {"enabled": True, **security_context},
- "statsd": security_context,
- "createUserJob": security_context,
- "migrateDatabaseJob": security_context,
- "triggerer": security_context,
- "redis": security_context,
- "dagProcessor": security_context,
- },
- show_only=[
- "templates/cleanup/cleanup-cronjob.yaml",
- "templates/flower/flower-deployment.yaml",
- "templates/scheduler/scheduler-deployment.yaml",
- "templates/workers/worker-deployment.yaml",
- "templates/statsd/statsd-deployment.yaml",
- "templates/jobs/create-user-job.yaml",
- "templates/jobs/migrate-database-job.yaml",
- "templates/triggerer/triggerer-deployment.yaml",
- "templates/redis/redis-statefulset.yaml",
- "templates/dag-processor/dag-processor-deployment.yaml",
- ],
- )
-
- assert ctx_value ==
jmespath.search("spec.jobTemplate.spec.template.spec.securityContext", docs[0])
-
- for doc in docs[1:]:
- assert ctx_value ==
jmespath.search("spec.template.spec.securityContext", doc)
-
- def test_deprecated_overwrite_global(self):
- docs = render_chart(
- values={
- "securityContext": {"runAsUser": 6000, "fsGroup": 60},
- "securityContexts": {"pod": {"runAsUser": 9000, "fsGroup":
90}},
- },
- show_only=[
- "templates/flower/flower-deployment.yaml",
- "templates/scheduler/scheduler-deployment.yaml",
- "templates/triggerer/triggerer-deployment.yaml",
- "templates/api-server/api-server-deployment.yaml",
- "templates/workers/worker-deployment.yaml",
- "templates/dag-processor/dag-processor-deployment.yaml",
- "templates/jobs/create-user-job.yaml",
- "templates/jobs/migrate-database-job.yaml",
- ],
- )
-
- for doc in docs:
- assert
jmespath.search("spec.template.spec.securityContext.runAsUser", doc) == 9000
- assert
jmespath.search("spec.template.spec.securityContext.fsGroup", doc) == 90
-
- @pytest.mark.parametrize(
- "workers_values",
- [
- {
- "securityContext": {"runAsUser": 6000, "fsGroup": 60},
- "securityContexts": {"pod": {"runAsUser": 9000, "fsGroup":
90}},
- },
- {
- "securityContext": {"runAsUser": 6000, "fsGroup": 60},
- "celery": {"securityContexts": {"pod": {"runAsUser": 9000,
"fsGroup": 90}}},
- },
- {
- "securityContext": {"runAsUser": 6000, "fsGroup": 60},
- "celery": {
- "enableDefault": False,
- "sets": [
- {"name": "test", "securityContexts": {"pod":
{"runAsUser": 9000, "fsGroup": 90}}}
- ],
- },
- },
- ],
- )
- def test_deprecated_overwrite_local(self, workers_values):
- context = {
- "securityContext": {"runAsUser": 6000, "fsGroup": 60},
- "securityContexts": {"pod": {"runAsUser": 9000, "fsGroup": 90}},
- }
-
- docs = render_chart(
- values={
- "flower": context,
- "scheduler": context,
- "triggerer": context,
- "workers": workers_values,
- "dagProcessor": context,
- },
- show_only=[
- "templates/flower/flower-deployment.yaml",
- "templates/scheduler/scheduler-deployment.yaml",
- "templates/triggerer/triggerer-deployment.yaml",
- "templates/workers/worker-deployment.yaml",
- "templates/dag-processor/dag-processor-deployment.yaml",
- ],
- )
-
- for doc in docs:
- assert
jmespath.search("spec.template.spec.securityContext.runAsUser", doc) == 9000
- assert
jmespath.search("spec.template.spec.securityContext.fsGroup", doc) == 90
-
def test_workers_overwrite_local(self):
docs = render_chart(
values={
diff --git a/chart/values.schema.json b/chart/values.schema.json
index 516cda888d5..25ba415d1f8 100644
--- a/chart/values.schema.json
+++ b/chart/values.schema.json
@@ -96,20 +96,6 @@
"default": "3.2.2",
"x-docsSection": "Common"
},
- "securityContext": {
- "description": "Default pod security context definition
(deprecated, use `securityContexts` instead). The values in this parameter will
be used when `securityContext` is not defined for specific Pods",
- "type": "object",
- "$ref": "#/definitions/io.k8s.api.core.v1.PodSecurityContext",
- "default": {},
- "x-docsSection": "Kubernetes",
- "examples": [
- {
- "runAsUser": 50000,
- "runAsGroup": 0,
- "fsGroup": 0
- }
- ]
- },
"securityContexts": {
"description": "Default security context definition. The values in
this parameter will be used when `securityContexts` is not defined for specific
Pods/Container.",
"type": "object",
@@ -2607,19 +2593,6 @@
}
}
},
- "securityContext": {
- "description": "Security context for the Airflow Celery
worker pods and pods created with pod-template-file (deprecated, use
``workers.celery.securityContexts`` and/or
``workers.kubernetes.securityContexts`` instead). If not set, the values from
`securityContext` will be used.",
- "type": "object",
- "$ref":
"#/definitions/io.k8s.api.core.v1.PodSecurityContext",
- "default": {},
- "examples": [
- {
- "runAsUser": 50000,
- "runAsGroup": 0,
- "fsGroup": 0
- }
- ]
- },
"containerLifecycleHooks": {
"description": "Container Lifecycle Hooks definition for
Airflow Celery workers and pods created with pod-template-file (deprecated, use
``workers.celery.containerLifecycleHooks`` and/or
``workers.kubernetes.containerLifecycleHooks`` instead). If not set, the values
from global `containerLifecycleHooks` will be used.",
"type": "object",
@@ -4923,19 +4896,6 @@
"$ref": "#/definitions/logGroomerConfigType",
"description": "Configuration for the schedulers log
groomer sidecar."
},
- "securityContext": {
- "description": "Security context for the scheduler pod
(deprecated, use `securityContexts` instead). If not set, the values from
`securityContext` will be used.",
- "type": "object",
- "$ref":
"#/definitions/io.k8s.api.core.v1.PodSecurityContext",
- "default": {},
- "examples": [
- {
- "runAsUser": 50000,
- "runAsGroup": 0,
- "fsGroup": 0
- }
- ]
- },
"containerLifecycleHooks": {
"description": "Container Lifecycle Hooks definition for
the scheduler. If not set, the values from global `containerLifecycleHooks`
will be used.",
"type": "object",
@@ -5488,19 +5448,6 @@
"type": "string"
}
},
- "securityContext": {
- "description": "Security context for the triggerer pod
(deprecated, use `securityContexts` instead). If not set, the values from
`securityContext` will be used.",
- "type": "object",
- "$ref":
"#/definitions/io.k8s.api.core.v1.PodSecurityContext",
- "default": {},
- "examples": [
- {
- "runAsUser": 50000,
- "runAsGroup": 0,
- "fsGroup": 0
- }
- ]
- },
"containerLifecycleHooks": {
"description": "Container Lifecycle Hooks definition for
the triggerer. If not set, the values from global `containerLifecycleHooks`
will be used.",
"type": "object",
@@ -6094,19 +6041,6 @@
"type": "string"
}
},
- "securityContext": {
- "description": "Security context for the dag processor pod
(deprecated, use `securityContexts` instead). If not set, the values from
`securityContext` will be used.",
- "type": "object",
- "$ref":
"#/definitions/io.k8s.api.core.v1.PodSecurityContext",
- "default": {},
- "examples": [
- {
- "runAsUser": 50000,
- "runAsGroup": 0,
- "fsGroup": 0
- }
- ]
- },
"containerLifecycleHooks": {
"description": "Container Lifecycle Hooks definition for
the dag processor. If not set, the values from global `containerLifecycleHooks`
will be used.",
"type": "object",
@@ -6525,19 +6459,6 @@
"$ref":
"#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint"
}
},
- "securityContext": {
- "description": "Security context for the create user job
pod (deprecated, use `securityContexts` instead). If not set, the values from
`securityContext` will be used.",
- "type": "object",
- "$ref":
"#/definitions/io.k8s.api.core.v1.PodSecurityContext",
- "default": {},
- "examples": [
- {
- "runAsUser": 50000,
- "runAsGroup": 0,
- "fsGroup": 0
- }
- ]
- },
"containerLifecycleHooks": {
"description": "Container Lifecycle Hooks definition for
the create user job. If not set, the values from global
`containerLifecycleHooks` will be used.",
"type": "object",
@@ -6892,19 +6813,6 @@
"$ref":
"#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint"
}
},
- "securityContext": {
- "description": "Security context for the migrate database
job pod (deprecated, use `securityContexts` instead). If not set, the values
from `securityContext` will be used.",
- "type": "object",
- "$ref":
"#/definitions/io.k8s.api.core.v1.PodSecurityContext",
- "default": {},
- "examples": [
- {
- "runAsUser": 50000,
- "runAsGroup": 0,
- "fsGroup": 0
- }
- ]
- },
"containerLifecycleHooks": {
"description": "Container Lifecycle Hooks definition for
the migrate database job. If not set, the values from global
`containerLifecycleHooks` will be used.",
"type": "object",
@@ -8209,19 +8117,6 @@
"type": "string"
}
},
- "securityContext": {
- "description": "Security context for the flower pod
(deprecated, use `securityContexts` instead). If not set, the values from
`securityContext` will be used.",
- "type": "object",
- "$ref":
"#/definitions/io.k8s.api.core.v1.PodSecurityContext",
- "default": {},
- "examples": [
- {
- "runAsUser": 50000,
- "runAsGroup": 0,
- "fsGroup": 0
- }
- ]
- },
"containerLifecycleHooks": {
"description": "Container Lifecycle Hooks definition for
the network policy. If not set, the values from global
`containerLifecycleHooks` will be used.",
"type": "object",
@@ -8532,19 +8427,6 @@
"type": "array",
"default": []
},
- "securityContext": {
- "description": "Security context for the StatsD pod
(deprecated, use `securityContexts` instead).",
- "type": "object",
- "$ref":
"#/definitions/io.k8s.api.core.v1.PodSecurityContext",
- "default": {},
- "examples": [
- {
- "runAsUser": 50000,
- "runAsGroup": 0,
- "fsGroup": 0
- }
- ]
- },
"containerLifecycleHooks": {
"description": "Container Lifecycle Hooks definition for
the statsd. If not set, the values from global `containerLifecycleHooks` will
be used.",
"type": "object",
@@ -9819,19 +9701,6 @@
}
}
},
- "securityContext": {
- "description": "Security context for the cleanup job pod
(deprecated, use `securityContexts` instead). If not set, the values from
`securityContext` will be used.",
- "type": "object",
- "$ref":
"#/definitions/io.k8s.api.core.v1.PodSecurityContext",
- "default": {},
- "examples": [
- {
- "runAsUser": 50000,
- "runAsGroup": 0,
- "fsGroup": 0
- }
- ]
- },
"containerLifecycleHooks": {
"description": "Container Lifecycle Hooks definition for
the redis. If not set, the values from global `containerLifecycleHooks` will be
used.",
"type": "object",
@@ -10402,19 +10271,6 @@
}
}
},
- "securityContext": {
- "description": "Security context for the cleanup job pod
(deprecated, use `securityContexts` instead). If not set, the values from
`securityContext` will be used.",
- "type": "object",
- "$ref":
"#/definitions/io.k8s.api.core.v1.PodSecurityContext",
- "default": {},
- "examples": [
- {
- "runAsUser": 50000,
- "runAsGroup": 0,
- "fsGroup": 0
- }
- ]
- },
"containerLifecycleHooks": {
"description": "Container Lifecycle Hooks definition for
the cleanup. If not set, the values from global `containerLifecycleHooks` will
be used.",
"type": "object",
@@ -11143,18 +10999,6 @@
"type": "string",
"default": "git-sync"
},
- "securityContext": {
- "description": "Security context for the `gitSync`
container (deprecated, use `securityContexts` instead). If not set, the values
from `securityContext` will be used.",
- "type": "object",
- "$ref":
"#/definitions/io.k8s.api.core.v1.SecurityContext",
- "default": {},
- "examples": [
- {
- "runAsUser": 50000,
- "runAsGroup": 0
- }
- ]
- },
"httpPort": {
"description": "Git-Sync liveness service http
bind port.",
"type": "integer",
diff --git a/chart/values.yaml b/chart/values.yaml
index 9b3f8b0cd61..b8960c2c9bc 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -43,12 +43,6 @@ revisionHistoryLimit: ~
uid: 50000
gid: 0
-# Default security context for Airflow (deprecated, use `securityContexts`
instead)
-securityContext: {}
-# runAsUser: 50000
-# fsGroup: 0
-# runAsGroup: 0
-
# Detailed default security context for Airflow Deployments
securityContexts:
pod: {}
@@ -696,14 +690,6 @@ workers:
# (deprecated, use `workers.celery.podManagementPolicy` instead)
# podManagementPolicy: Parallel
- # When not set, the values defined in the global securityContext will
- # be used in Airflow Celery workers and pod-template-file
- # (deprecated, use `workers.celery.securityContexts` and/or
`workers.kubernetes.securityContexts` instead)
- securityContext: {}
- # runAsUser: 50000
- # fsGroup: 0
- # runAsGroup: 0
-
# Detailed default security context for the
# Airflow Celery workers and pod-template-file on container and pod level
# (deprecated, use `workers.celery.securityContexts` and/or
`workers.kubernetes.securityContexts` instead)
@@ -1811,13 +1797,6 @@ scheduler:
# (when not using LocalExecutor and `workers.persistence`)
strategy: ~
- # When not set, the values defined in the global `securityContext` will be
used
- # (deprecated, use `scheduler.securityContexts` instead)
- securityContext: {}
- # runAsUser: 50000
- # fsGroup: 0
- # runAsGroup: 0
-
# Detailed default security context for scheduler Deployments for container
and pod level
securityContexts:
pod: {}
@@ -2043,13 +2022,6 @@ createUserJob:
# Labels specific to `createUserJob` objects and pods
labels: {}
- # When not set, the values defined in the global `securityContext` will be
used
- # (deprecated, use `createUserJob.securityContexts` instead)
- securityContext: {}
- # runAsUser: 50000
- # fsGroup: 0
- # runAsGroup: 0
-
# Detailed default security context for `createUserJob` for container and
pod level
securityContexts:
pod: {}
@@ -2147,13 +2119,6 @@ migrateDatabaseJob:
# Labels specific to migrate database job objects and pods
labels: {}
- # When not set, the values defined in the global `securityContext` will be
used
- # (deprecated, use `migrateDatabaseJob.securityContexts` instead)
- securityContext: {}
- # runAsUser: 50000
- # fsGroup: 0
- # runAsGroup: 0
-
# Detailed default security context for `migrateDatabaseJob` for container
and pod level
securityContexts:
pod: {}
@@ -2477,13 +2442,6 @@ triggerer:
# Annotations to add to triggerer Kubernetes Service Account.
annotations: {}
- # When not set, the values defined in the global `securityContext` will be
used
- # (deprecated, use `triggerer.securityContexts` instead)
- securityContext: {}
- # runAsUser: 50000
- # fsGroup: 0
- # runAsGroup: 0
-
# Detailed default security context for triggerer for container and pod level
securityContexts:
pod: {}
@@ -2772,13 +2730,6 @@ dagProcessor:
maxUnavailable: 1
# minAvailable: 1
- # When not set, the values defined in the global `securityContext` will be
used
- # (deprecated, use `dagProcessor.securityContexts` instead)
- securityContext: {}
- # runAsUser: 50000
- # fsGroup: 0
- # runAsGroup: 0
-
# Detailed default security context for dagProcessor for container and pod
level
securityContexts:
pod: {}
@@ -2965,13 +2916,6 @@ flower:
# cpu: 100m
# memory: 128Mi
- # When not set, the values defined in the global `securityContext` will be
used
- # (deprecated, use `flower.securityContexts` instead)
- securityContext: {}
- # runAsUser: 50000
- # fsGroup: 0
- # runAsGroup: 0
-
# Detailed default security context for flower for container and pod level
securityContexts:
pod: {}
@@ -3140,12 +3084,6 @@ statsd:
uid: 65534
- # (deprecated, use `statsd.securityContexts` instead)
- securityContext: {}
- # runAsUser: 65534
- # fsGroup: 0
- # runAsGroup: 0
-
# Detailed default security context for StatsD Deployments for container and
pod level
securityContexts:
pod: {}
@@ -3611,11 +3549,6 @@ redis:
# Set to 0 for backwards-compatibility
uid: 0
- # (deprecated, use `redis.securityContexts` instead)
- securityContext: {}
- # runAsUser: 999
- # runAsGroup: 0
-
# Detailed default security context for redis for container and pod level
securityContexts:
pod: {}
@@ -3783,12 +3716,6 @@ cleanup:
# Audience for the token
audience: ~
- # When not set, the values defined in the global `securityContext` will be
used
- # (deprecated, use `cleanup.securityContexts` instead)
- securityContext: {}
- # runAsUser: 50000
- # runAsGroup: 0
-
env: []
# Detailed default security context for cleanup for container level
@@ -4113,12 +4040,6 @@ dags:
containerName: git-sync
uid: 65533
- # When not set, the values defined in the global `securityContext` will be
used
- # (deprecated, use `dags.gitSync.securityContexts` instead)
- securityContext: {}
- # runAsUser: 65533
- # runAsGroup: 0
-
securityContexts:
container: {}
