From b846fcd6ac18c0c4b3a19a2eefa38f0f7a375131 Mon Sep 17 00:00:00 2001 From: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> Date: Tue, 30 Apr 2024 19:28:46 -0700 Subject: [PATCH] fix: set `appProtocol` on Service ports (for Istio) (#854) Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> --- charts/airflow/templates/_helpers/common.tpl | 15 ++++++++++++++- .../airflow/templates/flower/flower-service.yaml | 2 ++ .../templates/pgbouncer/pgbouncer-service.yaml | 2 ++ .../templates/webserver/webserver-service.yaml | 1 + .../airflow/templates/worker/worker-service.yaml | 3 +++ 5 files changed, 22 insertions(+), 1 deletion(-) diff --git a/charts/airflow/templates/_helpers/common.tpl b/charts/airflow/templates/_helpers/common.tpl index df2d8ad8..427a510f 100644 --- a/charts/airflow/templates/_helpers/common.tpl +++ b/charts/airflow/templates/_helpers/common.tpl @@ -62,7 +62,8 @@ true {{- end -}} {{/* -The scheme (HTTP, HTTPS) used by the webserver +The scheme (HTTP, HTTPS) used by the webserver. +NOTE: this is used in the liveness/readiness probes of the webserver */}} {{- define "airflow.web.scheme" -}} {{- if and (.Values.airflow.config.AIRFLOW__WEBSERVER__WEB_SERVER_SSL_CERT) (.Values.airflow.config.AIRFLOW__WEBSERVER__WEB_SERVER_SSL_KEY) -}} @@ -72,6 +73,18 @@ HTTP {{- end -}} {{- end -}} +{{/* +The app protocol used by the webserver. +NOTE: this sets the `appProtocol` of the Service port (only important for Istio users) +*/}} +{{- define "airflow.web.appProtocol" -}} +{{- if and (.Values.airflow.config.AIRFLOW__WEBSERVER__WEB_SERVER_SSL_CERT) (.Values.airflow.config.AIRFLOW__WEBSERVER__WEB_SERVER_SSL_KEY) -}} +https +{{- else -}} +http +{{- end -}} +{{- end -}} + {{/* The path containing DAG files */}} diff --git a/charts/airflow/templates/flower/flower-service.yaml b/charts/airflow/templates/flower/flower-service.yaml index 013e6487..8569450c 100644 --- a/charts/airflow/templates/flower/flower-service.yaml +++ b/charts/airflow/templates/flower/flower-service.yaml @@ -21,6 +21,8 @@ spec: release: {{ .Release.Name }} ports: - name: flower + ## NOTE: flower always uses http (only important for Istio users) + appProtocol: http protocol: TCP port: {{ .Values.flower.service.externalPort }} {{- if and (eq .Values.flower.service.type "NodePort") (.Values.flower.service.nodePort.http) }} diff --git a/charts/airflow/templates/pgbouncer/pgbouncer-service.yaml b/charts/airflow/templates/pgbouncer/pgbouncer-service.yaml index dda2895d..18e76bb3 100644 --- a/charts/airflow/templates/pgbouncer/pgbouncer-service.yaml +++ b/charts/airflow/templates/pgbouncer/pgbouncer-service.yaml @@ -17,6 +17,8 @@ spec: release: {{ .Release.Name }} ports: - name: pgbouncer + ## NOTE: pgbouncer should be treated as opaque TCP (only important for Istio users) + appProtocol: tcp protocol: TCP port: 6432 {{- end }} \ No newline at end of file diff --git a/charts/airflow/templates/webserver/webserver-service.yaml b/charts/airflow/templates/webserver/webserver-service.yaml index f922c30b..b65b313b 100644 --- a/charts/airflow/templates/webserver/webserver-service.yaml +++ b/charts/airflow/templates/webserver/webserver-service.yaml @@ -25,6 +25,7 @@ spec: {{- end }} ports: - name: web + appProtocol: {{ include "airflow.web.appProtocol" . | quote }} protocol: TCP port: {{ .Values.web.service.externalPort | default 8080 }} {{- if and (eq .Values.web.service.type "NodePort") (.Values.web.service.nodePort.http) }} diff --git a/charts/airflow/templates/worker/worker-service.yaml b/charts/airflow/templates/worker/worker-service.yaml index bccabe7a..d0832852 100644 --- a/charts/airflow/templates/worker/worker-service.yaml +++ b/charts/airflow/templates/worker/worker-service.yaml @@ -13,6 +13,9 @@ metadata: spec: ports: - name: worker + ## NOTE: the worker logs port is always http (only important for Istio users) + ## https://github.com/apache/airflow/blob/2.9.0/airflow/utils/log/file_task_handler.py#L415 + appProtocol: http protocol: TCP port: 8793 clusterIP: None