From f6822e73578891b8796a7691a67e683b10fc6cf3 Mon Sep 17 00:00:00 2001 From: johanjk Date: Sat, 23 May 2026 14:20:31 +0200 Subject: [PATCH 1/2] [helm chart] configuration enableServiceLinks --- chart/templates/api-server/api-server-deployment.yaml | 1 + chart/templates/cleanup/cleanup-cronjob.yaml | 1 + chart/templates/dag-processor/dag-processor-deployment.yaml | 1 + .../database-cleanup/database-cleanup-cronjob.yaml | 1 + chart/templates/flower/flower-deployment.yaml | 1 + chart/templates/jobs/create-user-job.yaml | 1 + chart/templates/jobs/migrate-database-job.yaml | 1 + .../templates/otel-collector/otel-collector-deployment.yaml | 1 + chart/templates/pgbouncer/pgbouncer-deployment.yaml | 1 + chart/templates/redis/redis-statefulset.yaml | 1 + chart/templates/scheduler/scheduler-deployment.yaml | 1 + chart/templates/statsd/statsd-deployment.yaml | 1 + chart/templates/triggerer/triggerer-deployment.yaml | 1 + chart/templates/workers/worker-deployment.yaml | 1 + chart/values.schema.json | 6 ++++++ chart/values.yaml | 2 ++ 16 files changed, 22 insertions(+) diff --git a/chart/templates/api-server/api-server-deployment.yaml b/chart/templates/api-server/api-server-deployment.yaml index e8358c5f458fc..8fabd32ca0367 100644 --- a/chart/templates/api-server/api-server-deployment.yaml +++ b/chart/templates/api-server/api-server-deployment.yaml @@ -106,6 +106,7 @@ spec: hostAliases: {{- toYaml .Values.apiServer.hostAliases | nindent 8 }} {{- end }} serviceAccountName: {{ include "apiServer.serviceAccountName" . }} + enableServiceLinks: {{ .Values.enableServiceLinks }} {{- if .Values.apiServer.priorityClassName }} priorityClassName: {{ .Values.apiServer.priorityClassName }} {{- end }} diff --git a/chart/templates/cleanup/cleanup-cronjob.yaml b/chart/templates/cleanup/cleanup-cronjob.yaml index 70cb53862d1cb..552d1216ce8ae 100644 --- a/chart/templates/cleanup/cleanup-cronjob.yaml +++ b/chart/templates/cleanup/cleanup-cronjob.yaml @@ -86,6 +86,7 @@ spec: tolerations: {{- toYaml $tolerations | nindent 12 }} topologySpreadConstraints: {{- toYaml $topologySpreadConstraints | nindent 12 }} serviceAccountName: {{ include "cleanup.serviceAccountName" . }} + enableServiceLinks: {{ .Values.enableServiceLinks }} imagePullSecrets: {{- include "image_pull_secrets" . | nindent 12 }} securityContext: {{ $securityContext | nindent 12 }} containers: diff --git a/chart/templates/dag-processor/dag-processor-deployment.yaml b/chart/templates/dag-processor/dag-processor-deployment.yaml index 5cad98175c503..1f42c471afd0d 100644 --- a/chart/templates/dag-processor/dag-processor-deployment.yaml +++ b/chart/templates/dag-processor/dag-processor-deployment.yaml @@ -110,6 +110,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.dagProcessor.terminationGracePeriodSeconds }} restartPolicy: Always serviceAccountName: {{ include "dagProcessor.serviceAccountName" . }} + enableServiceLinks: {{ .Values.enableServiceLinks }} securityContext: {{ $securityContext | nindent 8 }} imagePullSecrets: {{ include "image_pull_secrets" . | nindent 8 }} initContainers: diff --git a/chart/templates/database-cleanup/database-cleanup-cronjob.yaml b/chart/templates/database-cleanup/database-cleanup-cronjob.yaml index 2c1ab65073ac8..93c0d30a7c4ff 100644 --- a/chart/templates/database-cleanup/database-cleanup-cronjob.yaml +++ b/chart/templates/database-cleanup/database-cleanup-cronjob.yaml @@ -89,6 +89,7 @@ spec: tolerations: {{- toYaml $tolerations | nindent 12 }} topologySpreadConstraints: {{- toYaml $topologySpreadConstraints | nindent 12 }} serviceAccountName: {{ include "databaseCleanup.serviceAccountName" . }} + enableServiceLinks: {{ .Values.enableServiceLinks }} imagePullSecrets: {{- include "image_pull_secrets" . | nindent 12 }} securityContext: {{ $securityContext | nindent 12 }} containers: diff --git a/chart/templates/flower/flower-deployment.yaml b/chart/templates/flower/flower-deployment.yaml index 4ee4256dcbefc..3e93610faf0e1 100644 --- a/chart/templates/flower/flower-deployment.yaml +++ b/chart/templates/flower/flower-deployment.yaml @@ -79,6 +79,7 @@ spec: tolerations: {{- toYaml $tolerations | nindent 8 }} topologySpreadConstraints: {{- toYaml $topologySpreadConstraints | nindent 8 }} serviceAccountName: {{ include "flower.serviceAccountName" . }} + enableServiceLinks: {{ .Values.enableServiceLinks }} {{- if .Values.flower.priorityClassName }} priorityClassName: {{ .Values.flower.priorityClassName }} {{- end }} diff --git a/chart/templates/jobs/create-user-job.yaml b/chart/templates/jobs/create-user-job.yaml index e1c55ac383e1a..2d09a85d3a3f1 100644 --- a/chart/templates/jobs/create-user-job.yaml +++ b/chart/templates/jobs/create-user-job.yaml @@ -86,6 +86,7 @@ spec: tolerations: {{- toYaml $tolerations | nindent 8 }} topologySpreadConstraints: {{- toYaml $topologySpreadConstraints | nindent 8 }} serviceAccountName: {{ include "createUserJob.serviceAccountName" . }} + enableServiceLinks: {{ .Values.enableServiceLinks }} imagePullSecrets: {{- include "image_pull_secrets" . | nindent 8 }} {{- if .Values.createUserJob.extraInitContainers }} initContainers: diff --git a/chart/templates/jobs/migrate-database-job.yaml b/chart/templates/jobs/migrate-database-job.yaml index 362d5f406b063..d56c6ce78a969 100644 --- a/chart/templates/jobs/migrate-database-job.yaml +++ b/chart/templates/jobs/migrate-database-job.yaml @@ -86,6 +86,7 @@ spec: tolerations: {{- toYaml $tolerations | nindent 8 }} topologySpreadConstraints: {{- toYaml $topologySpreadConstraints | nindent 8 }} serviceAccountName: {{ include "migrateDatabaseJob.serviceAccountName" . }} + enableServiceLinks: {{ .Values.enableServiceLinks }} imagePullSecrets: {{- include "image_pull_secrets" . | nindent 8 }} {{- if .Values.migrateDatabaseJob.extraInitContainers }} initContainers: diff --git a/chart/templates/otel-collector/otel-collector-deployment.yaml b/chart/templates/otel-collector/otel-collector-deployment.yaml index 45cf3fddb68da..abbcbc8bd9bf7 100644 --- a/chart/templates/otel-collector/otel-collector-deployment.yaml +++ b/chart/templates/otel-collector/otel-collector-deployment.yaml @@ -73,6 +73,7 @@ spec: topologySpreadConstraints: {{- toYaml $topologySpreadConstraints | nindent 8 }} terminationGracePeriodSeconds: {{ .Values.otelCollector.terminationGracePeriodSeconds }} serviceAccountName: {{ include "otelCollector.serviceAccountName" . }} + enableServiceLinks: {{ .Values.enableServiceLinks }} {{- if .Values.otelCollector.priorityClassName }} priorityClassName: {{ .Values.otelCollector.priorityClassName }} {{- end }} diff --git a/chart/templates/pgbouncer/pgbouncer-deployment.yaml b/chart/templates/pgbouncer/pgbouncer-deployment.yaml index 9d6550afbeee9..1cd49eba0dd51 100644 --- a/chart/templates/pgbouncer/pgbouncer-deployment.yaml +++ b/chart/templates/pgbouncer/pgbouncer-deployment.yaml @@ -88,6 +88,7 @@ spec: tolerations: {{- toYaml $tolerations | nindent 8 }} topologySpreadConstraints: {{- toYaml $topologySpreadConstraints | nindent 8 }} serviceAccountName: {{ include "pgbouncer.serviceAccountName" . }} + enableServiceLinks: {{ .Values.enableServiceLinks }} securityContext: {{ $securityContext | nindent 8 }} restartPolicy: Always imagePullSecrets: {{- include "image_pull_secrets" . | nindent 8 }} diff --git a/chart/templates/redis/redis-statefulset.yaml b/chart/templates/redis/redis-statefulset.yaml index 9ec27f6e9f1c7..361c229212a15 100644 --- a/chart/templates/redis/redis-statefulset.yaml +++ b/chart/templates/redis/redis-statefulset.yaml @@ -83,6 +83,7 @@ spec: topologySpreadConstraints: {{- toYaml $topologySpreadConstraints | nindent 8 }} terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }} serviceAccountName: {{ include "redis.serviceAccountName" . }} + enableServiceLinks: {{ .Values.enableServiceLinks }} {{- if .Values.schedulerName }} schedulerName: {{ .Values.schedulerName }} {{- end }} diff --git a/chart/templates/scheduler/scheduler-deployment.yaml b/chart/templates/scheduler/scheduler-deployment.yaml index 3ba9d89dae495..a0edc2c866c44 100644 --- a/chart/templates/scheduler/scheduler-deployment.yaml +++ b/chart/templates/scheduler/scheduler-deployment.yaml @@ -133,6 +133,7 @@ spec: restartPolicy: Always terminationGracePeriodSeconds: {{ .Values.scheduler.terminationGracePeriodSeconds }} serviceAccountName: {{ include "scheduler.serviceAccountName" . }} + enableServiceLinks: {{ .Values.enableServiceLinks }} {{- if and (eq (include "airflow.podLaunchingExecutor" .) "true") (not .Values.scheduler.serviceAccount.automountServiceAccountToken) }} automountServiceAccountToken: false {{- end }} diff --git a/chart/templates/statsd/statsd-deployment.yaml b/chart/templates/statsd/statsd-deployment.yaml index 0b21999453c27..bb47d7d0400fd 100644 --- a/chart/templates/statsd/statsd-deployment.yaml +++ b/chart/templates/statsd/statsd-deployment.yaml @@ -84,6 +84,7 @@ spec: topologySpreadConstraints: {{- toYaml $topologySpreadConstraints | nindent 8 }} terminationGracePeriodSeconds: {{ .Values.statsd.terminationGracePeriodSeconds }} serviceAccountName: {{ include "statsd.serviceAccountName" . }} + enableServiceLinks: {{ .Values.enableServiceLinks }} securityContext: {{ $securityContext | nindent 8 }} restartPolicy: Always imagePullSecrets: {{ include "image_pull_secrets" . | nindent 8 }} diff --git a/chart/templates/triggerer/triggerer-deployment.yaml b/chart/templates/triggerer/triggerer-deployment.yaml index dd7c081a05808..2b4149b9a3b90 100644 --- a/chart/templates/triggerer/triggerer-deployment.yaml +++ b/chart/templates/triggerer/triggerer-deployment.yaml @@ -127,6 +127,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.triggerer.terminationGracePeriodSeconds }} restartPolicy: Always serviceAccountName: {{ include "triggerer.serviceAccountName" . }} + enableServiceLinks: {{ .Values.enableServiceLinks }} securityContext: {{ $securityContext | nindent 8 }} imagePullSecrets: {{ include "image_pull_secrets" . | nindent 8 }} initContainers: diff --git a/chart/templates/workers/worker-deployment.yaml b/chart/templates/workers/worker-deployment.yaml index e3fb42478d768..f6a284d614708 100644 --- a/chart/templates/workers/worker-deployment.yaml +++ b/chart/templates/workers/worker-deployment.yaml @@ -157,6 +157,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.workers.terminationGracePeriodSeconds }} restartPolicy: Always serviceAccountName: {{ include "worker.serviceAccountName" . }} + enableServiceLinks: {{ .Values.enableServiceLinks }} securityContext: {{ $securityContext | nindent 8 }} imagePullSecrets: {{ include "image_pull_secrets" . | nindent 8 }} initContainers: diff --git a/chart/values.schema.json b/chart/values.schema.json index 4a645d85c22db..d4f26861b44da 100644 --- a/chart/values.schema.json +++ b/chart/values.schema.json @@ -226,6 +226,12 @@ "type": "string" } }, + "enableServiceLinks": { + "description": "Enable kubernetes service links.", + "type": "boolean", + "default": false, + "x-docsSection": "Kubernetes" + }, "imagePullSecrets": { "description": "List of existing Kubernetes secrets containing Base64 encoded credentials to connect to private registries (will get passed to imagePullSecrets).", "type": "array", diff --git a/chart/values.yaml b/chart/values.yaml index 0df514c93ece7..cd13b996defcf 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -136,6 +136,8 @@ schedulerName: ~ # Add common labels to all objects and pods defined in this chart. labels: {} +# Disable service links by default +enableServiceLinks: false # List of existing Kubernetes secrets containing Base64 encoded credentials to connect to private # registries. Items can be either strings or {name: secret} objects. From f49d23d5074e320b0a9b3d3d87a569a9d5bbcb56 Mon Sep 17 00:00:00 2001 From: johanjk Date: Tue, 26 May 2026 00:11:29 +0200 Subject: [PATCH 2/2] Added newsfragment --- chart/newsfragments/67447.feature.rst | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 chart/newsfragments/67447.feature.rst diff --git a/chart/newsfragments/67447.feature.rst b/chart/newsfragments/67447.feature.rst new file mode 100644 index 0000000000000..ef3965815abae --- /dev/null +++ b/chart/newsfragments/67447.feature.rst @@ -0,0 +1,3 @@ +Added support for configuring ``enableServiceLinks``. + +The new default is ``false`` if you previously relied on these environment variables, set ``enableServiceLinks: true``, or migrate your code to use dns based service lookups.