This is an automated email from the ASF dual-hosted git repository.
zihaoxiang pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
The following commit(s) were added to refs/heads/dev by this push:
new 67b9a803df [Feature-17566][Helm] add secrets and initContainers in
worker statefulset (#17519)
67b9a803df is described below
commit 67b9a803dfb93f35b613753688db08e3767232af
Author: Juan Manuel Moreno Carballo <[email protected]>
AuthorDate: Wed Nov 19 09:36:33 2025 +0100
[Feature-17566][Helm] add secrets and initContainers in worker statefulset
(#17519)
---
deploy/kubernetes/dolphinscheduler/README.md | 4 ++-
.../statefulset-dolphinscheduler-worker.yaml | 20 ++++++++++++++
deploy/kubernetes/dolphinscheduler/values.yaml | 32 ++++++++++++++++++++++
3 files changed, 55 insertions(+), 1 deletion(-)
diff --git a/deploy/kubernetes/dolphinscheduler/README.md
b/deploy/kubernetes/dolphinscheduler/README.md
index 24ded7de7d..627f218148 100644
--- a/deploy/kubernetes/dolphinscheduler/README.md
+++ b/deploy/kubernetes/dolphinscheduler/README.md
@@ -329,6 +329,8 @@ Please refer to the [Quick Start in
Kubernetes](../../../docs/docs/en/guide/inst
|
worker.env.WORKER_SERVER_LOAD_PROTECTION_MAX_SYSTEM_MEMORY_USAGE_PERCENTAGE_THRESHOLDS
| float | `0.7` | Worker max memory usage , when the worker's memory usage is
smaller then this value, worker server can be dispatched tasks. |
| worker.env.WORKER_TENANT_CONFIG_AUTO_CREATE_TENANT_ENABLED | bool | `true` |
tenant corresponds to the user of the system, which is used by the worker to
submit the job. If system does not have this user, it will be automatically
created after the parameter worker.tenant.auto.create is true. |
| worker.env.WORKER_TENANT_CONFIG_DEFAULT_TENANT_ENABLED | bool | `false` | If
set true, will use worker bootstrap user as the tenant to execute task when the
tenant is `default`; |
+| worker.envFromSecret | string | `""` | Direct Secret Mounting Mount secrets
directly as environment variables Single secret |
+| worker.initContainers | object | `{}` | Init Container for Advanced
Processing Use when you need to transform, validate, or prepare configuration
files |
| worker.keda.advanced | object | `{}` | Specify HPA related options |
| worker.keda.cooldownPeriod | int | `30` | How many seconds KEDA will wait
before scaling to zero. Note that HPA has a separate cooldown period for
scale-downs |
| worker.keda.enabled | bool | `false` | Enable or disable the Keda component |
@@ -371,7 +373,7 @@ Please refer to the [Quick Start in
Kubernetes](../../../docs/docs/en/guide/inst
| worker.service.serviceMonitor.labels | object | `{}` | serviceMonitor.labels
ServiceMonitor extra labels |
| worker.service.serviceMonitor.path | string | `"/actuator/prometheus"` |
serviceMonitor.path path of the metrics endpoint |
| worker.tolerations | list | `[]` | Tolerations are appended (excluding
duplicates) to pods running with this RuntimeClass during admission,
effectively unioning the set of nodes tolerated by the pod and the
RuntimeClass. |
-| worker.updateStrategy | object | `{"type":"RollingUpdate"}` | Update
strategy ref:
https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
|
+| worker.updateStrategy.type | string | `"RollingUpdate"` | |
| zookeeper.enabled | bool | `true` | If not exists external registry, the
zookeeper registry will be used by default. |
| zookeeper.fourlwCommandsWhitelist | string | `"srvr,ruok,wchs,cons"` | A
list of comma separated Four Letter Words commands to use |
| zookeeper.image.registry | string | `"docker.io"` | |
diff --git
a/deploy/kubernetes/dolphinscheduler/templates/statefulset-dolphinscheduler-worker.yaml
b/deploy/kubernetes/dolphinscheduler/templates/statefulset-dolphinscheduler-worker.yaml
index fc5854908d..5b95d50583 100644
---
a/deploy/kubernetes/dolphinscheduler/templates/statefulset-dolphinscheduler-worker.yaml
+++
b/deploy/kubernetes/dolphinscheduler/templates/statefulset-dolphinscheduler-worker.yaml
@@ -60,6 +60,10 @@ spec:
imagePullSecrets:
- name: {{ .Values.image.pullSecret }}
{{- end }}
+ {{- if .Values.worker.initContainers }}
+ initContainers:
+ {{- toYaml .Values.worker.initContainers | nindent 8 }}
+ {{- end }}
containers:
- name: {{ include "dolphinscheduler.fullname" . }}-worker
image: {{ include "dolphinscheduler.image.fullname.worker" . }}
@@ -83,6 +87,16 @@ spec:
envFrom:
- configMapRef:
name: {{ include "dolphinscheduler.fullname" . }}-common
+ {{- if .Values.worker.envFromSecret }}
+ - secretRef:
+ name: {{ .Values.worker.envFromSecret }}
+ {{- end }}
+ {{- if .Values.worker.envFromSecrets }}
+ {{- range .Values.worker.envFromSecrets }}
+ - secretRef:
+ name: {{ . }}
+ {{- end }}
+ {{- end }}
{{- if .Values.worker.resources }}
resources:
{{- toYaml .Values.worker.resources | nindent 12 }}
@@ -171,6 +185,9 @@ spec:
{{- include "dolphinscheduler.sharedStorage.volumeMount" . |
nindent 12 }}
{{- include "dolphinscheduler.fsFileResource.volumeMount" . |
nindent 12 }}
{{- include "dolphinscheduler.etcd.ssl.volumeMount" . | nindent 12
}}
+ {{- if .Values.worker.extraVolumeMounts }}
+ {{- toYaml .Values.worker.extraVolumeMounts | nindent 12 }}
+ {{- end }}
volumes:
{{- if .Values.worker.persistentVolumeClaim.enabled }}
- name: {{ include "dolphinscheduler.fullname" . }}-worker-data
@@ -204,6 +221,9 @@ spec:
{{- include "dolphinscheduler.sharedStorage.volume" . | nindent 8 }}
{{- include "dolphinscheduler.fsFileResource.volume" . | nindent 8 }}
{{- include "dolphinscheduler.etcd.ssl.volume" . | nindent 8 }}
+ {{- if .Values.worker.extraVolumes }}
+ {{- toYaml .Values.worker.extraVolumes | nindent 8 }}
+ {{- end }}
{{- if .Values.worker.persistentVolumeClaim.enabled }}
volumeClaimTemplates:
{{- if .Values.worker.persistentVolumeClaim.dataPersistentVolume.enabled }}
diff --git a/deploy/kubernetes/dolphinscheduler/values.yaml
b/deploy/kubernetes/dolphinscheduler/values.yaml
index c4ae8eaf61..039760e046 100644
--- a/deploy/kubernetes/dolphinscheduler/values.yaml
+++ b/deploy/kubernetes/dolphinscheduler/values.yaml
@@ -591,6 +591,38 @@ worker:
# -- Update strategy
# ref:
https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
#
+ # -- Direct Secret Mounting
+ # Mount secrets directly as environment variables
+ # Single secret
+ envFromSecret: ""
+
+ # Multiple secrets (advanced use cases)
+ # Use when you have variables distributed across different secrets
+ # envFromSecrets:
+ # - "git-sync-secret" # Git synchronization credentials
+ # - "database-secret" # Database connection details
+ # - "external-api-secret" # Third-party API keys
+
+ # -- Init Container for Advanced Processing
+ # Use when you need to transform, validate, or prepare configuration files
+ initContainers: {}
+ # - name: config-processor
+ # image: busybox:latest
+ # command:
+ # - /bin/sh
+ # - -c
+ # - |
+ # echo "⚙️ Init startup settings..."
+ # # Create specific starup script for an specific environment
settings in worker pods.
+ # # You can use unix variables from secrets
+ # envFrom:
+ # # -- Example secret name for initContainer
+ # - secretRef:
+ # name: git-sync-secret
+ # # -- Example volumeMounts for initContiner
+ # volumeMounts:
+ # - name: shared-config
+ # mountPath: /shared-config
updateStrategy:
type: RollingUpdate
# -- Replicas is the desired number of replicas of the given Template.
