(airflow) branch chart/v1-2x-test updated: Chart: Select NetworkPolicy log-access component by Airflow version (#67817)

Sun, 31 May 2026 14:20:04 -0700 

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch chart/v1-2x-test
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/chart/v1-2x-test by this push:
     new 908cfe05400 Chart: Select NetworkPolicy log-access component by 
Airflow version (#67817)
908cfe05400 is described below

commit 908cfe05400e9ad7d163d7fd3ea66f44d9005b19
Author: Jarek Potiuk <[email protected]>
AuthorDate: Sun May 31 23:19:45 2026 +0200

    Chart: Select NetworkPolicy log-access component by Airflow version (#67817)
    
    The 1.2x chart line supports both Airflow 2.11 (logs served by the 
webserver) and Airflow 3 (logs served by the api-server). #65754 
unconditionally changed the scheduler/triggerer/worker NetworkPolicy 
log-ingress selectors to api-server, which would break task log access on 
Airflow 2.11 deployments. Choose the component based on .Values.airflowVersion 
via semverCompare (>=3.0.0 -> api-server, else webserver), matching how the 
chart already selects webserver vs api-server elsewhere. Te [...]
---
 chart/templates/scheduler/scheduler-networkpolicy.yaml     | 2 +-
 chart/templates/triggerer/triggerer-networkpolicy.yaml     | 2 +-
 chart/templates/workers/worker-networkpolicy.yaml          | 2 +-
 helm-tests/tests/helm_tests/airflow_core/test_scheduler.py | 9 +++++++--
 helm-tests/tests/helm_tests/airflow_core/test_triggerer.py | 9 +++++++--
 helm-tests/tests/helm_tests/airflow_core/test_worker.py    | 9 +++++++--
 6 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/chart/templates/scheduler/scheduler-networkpolicy.yaml 
b/chart/templates/scheduler/scheduler-networkpolicy.yaml
index 1828361a239..0762442e9e4 100644
--- a/chart/templates/scheduler/scheduler-networkpolicy.yaml
+++ b/chart/templates/scheduler/scheduler-networkpolicy.yaml
@@ -48,7 +48,7 @@ spec:
     - podSelector:
         matchLabels:
           tier: airflow
-          component: api-server
+          component: {{ if semverCompare ">=3.0.0" .Values.airflowVersion 
}}api-server{{ else }}webserver{{ end }}
           release: {{ .Release.Name }}
     ports:
     - protocol: TCP
diff --git a/chart/templates/triggerer/triggerer-networkpolicy.yaml 
b/chart/templates/triggerer/triggerer-networkpolicy.yaml
index ea3cda5b45c..f2beddbca1e 100644
--- a/chart/templates/triggerer/triggerer-networkpolicy.yaml
+++ b/chart/templates/triggerer/triggerer-networkpolicy.yaml
@@ -48,7 +48,7 @@ spec:
         matchLabels:
           tier: airflow
           release: {{ .Release.Name }}
-          component: api-server
+          component: {{ if semverCompare ">=3.0.0" .Values.airflowVersion 
}}api-server{{ else }}webserver{{ end }}
     ports:
     - protocol: TCP
       port: {{ .Values.ports.triggererLogs }}
diff --git a/chart/templates/workers/worker-networkpolicy.yaml 
b/chart/templates/workers/worker-networkpolicy.yaml
index 0e4206f10f0..3df69c7dcca 100644
--- a/chart/templates/workers/worker-networkpolicy.yaml
+++ b/chart/templates/workers/worker-networkpolicy.yaml
@@ -64,7 +64,7 @@ spec:
         matchLabels:
           tier: airflow
           release: {{ .Release.Name }}
-          component: api-server
+          component: {{ if semverCompare ">=3.0.0" .Values.airflowVersion 
}}api-server{{ else }}webserver{{ end }}
     ports:
     - protocol: TCP
       port: {{ .Values.ports.workerLogs }}
diff --git a/helm-tests/tests/helm_tests/airflow_core/test_scheduler.py 
b/helm-tests/tests/helm_tests/airflow_core/test_scheduler.py
index ca3ed2fce8f..4622db151a8 100644
--- a/helm-tests/tests/helm_tests/airflow_core/test_scheduler.py
+++ b/helm-tests/tests/helm_tests/airflow_core/test_scheduler.py
@@ -1065,9 +1065,14 @@ class TestSchedulerNetworkPolicy:
         assert "test_label" in jmespath.search("metadata.labels", docs[0])
         assert jmespath.search("metadata.labels", docs[0])["test_label"] == 
"test_label_value"
 
-    def test_should_allow_api_server_to_read_scheduler_logs(self):
+    @pytest.mark.parametrize(
+        ("airflow_version", "expected_component"),
+        [("3.0.0", "api-server"), ("2.11.0", "webserver")],
+    )
+    def test_should_allow_log_server_to_read_scheduler_logs(self, 
airflow_version, expected_component):
         docs = render_chart(
             values={
+                "airflowVersion": airflow_version,
                 "executor": "LocalExecutor",
                 "networkPolicies": {"enabled": True},
             },
@@ -1076,7 +1081,7 @@ class TestSchedulerNetworkPolicy:
 
         assert (
             
jmespath.search("spec.ingress[0].from[0].podSelector.matchLabels.component", 
docs[0])
-            == "api-server"
+            == expected_component
         )
 
 
diff --git a/helm-tests/tests/helm_tests/airflow_core/test_triggerer.py 
b/helm-tests/tests/helm_tests/airflow_core/test_triggerer.py
index 74cee65e0f0..81f5d9e282c 100644
--- a/helm-tests/tests/helm_tests/airflow_core/test_triggerer.py
+++ b/helm-tests/tests/helm_tests/airflow_core/test_triggerer.py
@@ -791,9 +791,14 @@ class TestTriggererServiceAccount:
 class TestTriggererNetworkPolicy:
     """Tests triggerer network policy."""
 
-    def test_should_allow_api_server_to_read_triggerer_logs(self):
+    @pytest.mark.parametrize(
+        ("airflow_version", "expected_component"),
+        [("3.0.0", "api-server"), ("2.11.0", "webserver")],
+    )
+    def test_should_allow_log_server_to_read_triggerer_logs(self, 
airflow_version, expected_component):
         docs = render_chart(
             values={
+                "airflowVersion": airflow_version,
                 "networkPolicies": {"enabled": True},
             },
             show_only=["templates/triggerer/triggerer-networkpolicy.yaml"],
@@ -801,7 +806,7 @@ class TestTriggererNetworkPolicy:
 
         assert (
             
jmespath.search("spec.ingress[0].from[0].podSelector.matchLabels.component", 
docs[0])
-            == "api-server"
+            == expected_component
         )
 
 
diff --git a/helm-tests/tests/helm_tests/airflow_core/test_worker.py 
b/helm-tests/tests/helm_tests/airflow_core/test_worker.py
index 145048d1016..deb922d0e03 100644
--- a/helm-tests/tests/helm_tests/airflow_core/test_worker.py
+++ b/helm-tests/tests/helm_tests/airflow_core/test_worker.py
@@ -2803,9 +2803,14 @@ class TestWorkerNetworkPolicy:
         assert "key" not in labels
 
     @pytest.mark.parametrize("executor", ["CeleryExecutor", 
"CeleryExecutor,KubernetesExecutor"])
-    def test_should_allow_api_server_to_read_worker_logs(self, executor):
+    @pytest.mark.parametrize(
+        ("airflow_version", "expected_component"),
+        [("3.0.0", "api-server"), ("2.11.0", "webserver")],
+    )
+    def test_should_allow_log_server_to_read_worker_logs(self, executor, 
airflow_version, expected_component):
         docs = render_chart(
             values={
+                "airflowVersion": airflow_version,
                 "networkPolicies": {"enabled": True},
                 "executor": executor,
             },
@@ -2814,7 +2819,7 @@ class TestWorkerNetworkPolicy:
 
         assert (
             
jmespath.search("spec.ingress[0].from[0].podSelector.matchLabels.component", 
docs[0])
-            == "api-server"
+            == expected_component
         )

Reply via email to