Chart: gitsync Clean Up for KubernetesExecutor (#15925)

The gitsync ssh key was being mounted into the KubernetesExecutor worker which we don't need or want. This also does some more minor gitsync related cleanup. Closes: #15900
apache · May 21, 2021 · 8084cfb · 8084cfb
1 parent 9875f64
commit 8084cfb
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 32 deletions.
diff --git a/chart/files/pod-template-file.kubernetes-helm-yaml b/chart/files/pod-template-file.kubernetes-helm-yaml
@@ -55,16 +55,6 @@ spec:
           subPath: airflow_local_settings.py
           readOnly: true
 {{- end }}
-{{- if .Values.dags.gitSync.knownHosts }}
-        - mountPath: /etc/git-secret/known_hosts
-          name: git-sync-known-hosts
-          subPath: known_hosts
-{{- end }}
-{{- if .Values.dags.gitSync.sshKeySecret }}
-        - mountPath: /etc/git-secret/ssh
-          name: git-sync-ssh-key
-          subPath: ssh
-{{- end }}
 {{- if or .Values.dags.gitSync.enabled .Values.dags.persistence.enabled }}
         {{- include "airflow_dags_mount" . | nindent 8 }}
 {{- end }}
@@ -93,26 +83,20 @@ spec:
   - name: dags
     emptyDir: {}
   {{- end }}
-  {{- if and  .Values.dags.gitSync.enabled  .Values.dags.gitSync.sshKeySecret }}
-{{- include "git_sync_ssh_key_volume" . | indent 2 }}
-  {{- end }}
-{{- if .Values.logs.persistence.enabled }}
+  {{- if .Values.logs.persistence.enabled }}
   - name: logs
     persistentVolumeClaim:
       claimName: {{ template "airflow_logs_volume_claim" . }}
-{{- else }}
+  {{- else }}
   - emptyDir: {}
     name: logs
-{{- end }}
-{{- if .Values.dags.gitSync.knownHosts }}
-  - configMap:
-      defaultMode: 288
-      name: {{ include "airflow_config" . }}
-    name: git-sync-known-hosts
-{{- end }}
+  {{- end }}
+  {{- if and  .Values.dags.gitSync.enabled  .Values.dags.gitSync.sshKeySecret }}
+  {{- include "git_sync_ssh_key_volume" . | nindent 2 }}
+  {{- end }}
   - configMap:
       name: {{ include "airflow_config" . }}
     name: config
-{{- if .Values.workers.extraVolumes }}
-{{ toYaml .Values.workers.extraVolumes | indent 2 }}
-{{- end }}
+  {{- if .Values.workers.extraVolumes }}
+  {{ toYaml .Values.workers.extraVolumes | nindent 2 }}
+  {{- end }}
diff --git a/chart/templates/_helpers.yaml b/chart/templates/_helpers.yaml
@@ -196,7 +196,7 @@ If release name contains chart name it will be used as a full name.
   volumeMounts:
   - name: dags
     mountPath: /git
-  {{- if and  .Values.dags.gitSync.enabled  .Values.dags.gitSync.sshKeySecret }}
+  {{- if .Values.dags.gitSync.sshKeySecret }}
   - name: git-sync-ssh-key
     mountPath: /etc/git-secret/ssh
     readOnly: true
@@ -208,7 +208,7 @@ If release name contains chart name it will be used as a full name.
     subPath: known_hosts
   {{- end }}
   {{- end }}
-{{- if and .Values.dags.gitSync.enabled .Values.dags.gitSync.extraVolumeMounts }}
+{{- if .Values.dags.gitSync.extraVolumeMounts }}
 {{ toYaml .Values.dags.gitSync.extraVolumeMounts | indent 2 }}
 {{- end }}
 {{- end }}

diff --git a/chart/tests/test_pod_template_file.py b/chart/tests/test_pod_template_file.py
@@ -170,6 +170,12 @@ def test_validate_if_ssh_params_are_added(self):
         assert {"name": "GIT_KNOWN_HOSTS", "value": "false"} in jmespath.search(
             "spec.initContainers[0].env", docs[0]
         )
+        assert {
+            "name": "git-sync-ssh-key",
+            "mountPath": "/etc/git-secret/ssh",
+            "subPath": "gitSshKey",
+            "readOnly": True,
+        } in jmespath.search("spec.initContainers[0].volumeMounts", docs[0])
         assert {
             "name": "git-sync-ssh-key",
             "secret": {"secretName": "ssh-secret", "defaultMode": 288},
@@ -195,14 +201,15 @@ def test_validate_if_ssh_known_hosts_are_added(self):
             "spec.initContainers[0].env", docs[0]
         )
         assert {
-            "name": "git-sync-known-hosts",
-            "configMap": {"defaultMode": 288, "name": "RELEASE-NAME-airflow-config"},
-        } in jmespath.search("spec.volumes", docs[0])
+            "name": "GIT_SSH_KNOWN_HOSTS_FILE",
+            "value": "/etc/git-secret/known_hosts",
+        } in jmespath.search("spec.initContainers[0].env", docs[0])
         assert {
-            "name": "git-sync-known-hosts",
+            "name": "config",
             "mountPath": "/etc/git-secret/known_hosts",
             "subPath": "known_hosts",
-        } in jmespath.search("spec.containers[0].volumeMounts", docs[0])
+            "readOnly": True,
+        } in jmespath.search("spec.initContainers[0].volumeMounts", docs[0])
 
     def test_should_set_username_and_pass_env_variables(self):
         docs = render_chart(