From eabaed8e24bfc127fd122d3178702762e63d2192 Mon Sep 17 00:00:00 2001 From: Robert Keyser Date: Fri, 1 May 2026 12:17:42 -0500 Subject: [PATCH 1/4] feat: make task_always_eager configurable on the workers default to false still --- fides/templates/fides/worker-config.yaml | 2 +- fides/values.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/fides/templates/fides/worker-config.yaml b/fides/templates/fides/worker-config.yaml index 57525e3..394ac31 100644 --- a/fides/templates/fides/worker-config.yaml +++ b/fides/templates/fides/worker-config.yaml @@ -15,7 +15,7 @@ data: [celery] event_queue_prefix = "fides_worker" task_default_queue = "fides" - task_always_eager = false + task_always_eager = {{ .Values.fides.workerConfiguration.taskAlwaysEager }} redis_socket_keepalive = true [security] diff --git a/fides/values.yaml b/fides/values.yaml index f035ece..69d9a7c 100644 --- a/fides/values.yaml +++ b/fides/values.yaml @@ -75,6 +75,10 @@ fides: # To override defaults, explicitly define workers below. To disable a worker, set count: 0. # For more information, see: https://www.ethyca.com/docs/dev-docs/get-started/advanced#running-workers workerConfiguration: + # When true, the worker's fides.toml pins celery.task_always_eager = true, + # so subtasks spawned within a worker run inline instead of being requeued. + # Default false enables proper fan-out across the worker pool. + taskAlwaysEager: false # useHttpProbe switches the worker liveness probe from a Celery exec command (default) # to an HTTP GET against the in-process health check server on port 9000. # The exec probe spawns a full celery process on each check, which may cause From 5a68ca839f35fb09b9aef78294f44247d6218a4e Mon Sep 17 00:00:00 2001 From: Robert Keyser Date: Fri, 1 May 2026 13:29:30 -0500 Subject: [PATCH 2/4] feat: add worker queue annotations --- fides-minimal/templates/fides/worker-deployment.yaml | 10 +++++++++- fides/templates/fides/worker-deployment.yaml | 10 +++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/fides-minimal/templates/fides/worker-deployment.yaml b/fides-minimal/templates/fides/worker-deployment.yaml index 7eb3209..00841ee 100644 --- a/fides-minimal/templates/fides/worker-deployment.yaml +++ b/fides-minimal/templates/fides/worker-deployment.yaml @@ -63,9 +63,17 @@ spec: {{- include "fides.deploymentStrategy" $ | nindent 4 }} template: metadata: - {{- with $.Values.podAnnotations }} + {{- if or $.Values.podAnnotations (hasKey . "queues") (hasKey . "excludeQueues") }} annotations: + {{- with $.Values.podAnnotations }} {{- toYaml . | nindent 8 }} + {{- end }} + {{- if hasKey . "queues" }} + fid.es/worker-queues: {{ .queues | toJson | quote }} + {{- end }} + {{- if hasKey . "excludeQueues" }} + fid.es/worker-exclude-queues: {{ .excludeQueues | toJson | quote }} + {{- end }} {{- end }} labels: {{- include "fides.worker.selectorLabels" $ | nindent 8 }} diff --git a/fides/templates/fides/worker-deployment.yaml b/fides/templates/fides/worker-deployment.yaml index 32f3d0b..5b5da92 100644 --- a/fides/templates/fides/worker-deployment.yaml +++ b/fides/templates/fides/worker-deployment.yaml @@ -61,9 +61,17 @@ spec: {{- include "fides.deploymentStrategy" $ | nindent 4 }} template: metadata: - {{- with $.Values.podAnnotations }} + {{- if or $.Values.podAnnotations (hasKey . "queues") (hasKey . "excludeQueues") }} annotations: + {{- with $.Values.podAnnotations }} {{- toYaml . | nindent 8 }} + {{- end }} + {{- if hasKey . "queues" }} + fid.es/worker-queues: {{ .queues | toJson | quote }} + {{- end }} + {{- if hasKey . "excludeQueues" }} + fid.es/worker-exclude-queues: {{ .excludeQueues | toJson | quote }} + {{- end }} {{- end }} labels: {{- include "fides.worker.selectorLabels" $ | nindent 8 }} From 5abac8ff11fcf3b8a6dbbb1bfc06d949745db40f Mon Sep 17 00:00:00 2001 From: Robert Keyser Date: Fri, 1 May 2026 13:47:43 -0500 Subject: [PATCH 3/4] chore: bump version + update CHANGELOG.md --- CHANGELOG.md | 11 +++++++++-- fides/Chart.yaml | 4 ++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4b495ec..e3f8ca6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/) -To view the Changelog for the Fides code, see the [CHANGELOG.md of the ethyca/fides repository](https://github.com/ethyca/fides/blob/main/CHANGELOG.md). +To see what's new in Fides, see the [CHANGELOG.md of the ethyca/fides repository](https://github.com/ethyca/fides/blob/main/CHANGELOG.md) and the [Fides release notes](https://www.ethyca.com/docs/releases). The types of changes are: @@ -16,12 +16,19 @@ The types of changes are: - `Fixed` for any bug fixes. - `Security` in case of vulnerabilities. -## [Unreleased](https://github.com/ethyca/fides-helm/compare/fides-0.18.0...main) +## [Unreleased](https://github.com/ethyca/fides-helm/compare/fides-0.19.1...main) ### Added ### Fixed +## [0.19.1](https://github.com/ethyca/fides-helm/compare/fides-0.19.0...fides-0.19.1) + +### Added + +- Worker queue and exclude queue annotations: `fid.es/worker-queues` and `fid.es/worker-exclude-queues` +- Make `task_always_eager` configurable on Fides workers, defaults to `false`. + ## [0.19.0](https://github.com/ethyca/fides-helm/compare/fides-0.18.0...fides-0.19.0) ### Added diff --git a/fides/Chart.yaml b/fides/Chart.yaml index 68f505f..c170956 100644 --- a/fides/Chart.yaml +++ b/fides/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: fides -version: 0.19.0 -appVersion: "2.82.1" +version: 0.19.1 +appVersion: "2.84.2" description: Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. type: application keywords: From 602e2828c0b70f1a17773bb8c321276736b738d5 Mon Sep 17 00:00:00 2001 From: Robert Keyser Date: Fri, 1 May 2026 15:08:53 -0500 Subject: [PATCH 4/4] mirror worker config changes to fides-minimal + fix PR template - Mirror taskAlwaysEager values entry and worker-config templating to fides-minimal - Bump fides-minimal Chart version 0.17.0 -> 0.19.1 to sync with fides chart - Note Fides appVersion bump (2.82.1 -> 2.84.2) under Changed in 0.19.1 changelog - Replace broken fides/ and fides-minimal/ CHANGELOG links in PR template with the actual root CHANGELOG.md --- .github/pull_request_template.md | 3 +-- CHANGELOG.md | 4 ++++ fides-minimal/Chart.yaml | 2 +- fides-minimal/templates/fides/worker-config.yaml | 2 +- fides-minimal/values.yaml | 4 ++++ 5 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 0042a96..8f08863 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -12,5 +12,4 @@ Closes ### * [ ] Documentation Updated * [ ] Increment Applicable Chart Versions * [ ] Relevant Follow-Up Issues Created -* [ ] Update the Fides chart [CHANGELOG.md](https://github.com/ethyca/fides-helm/blob/main/fides/CHANGELOG.md) -* [ ] Update the Fides-minimal chart [CHANGELOG.md](https://github.com/ethyca/fides-helm/blob/main/fides-minimal/CHANGELOG.md) +* [ ] Update the [CHANGELOG.md](https://github.com/ethyca/fides-helm/blob/main/CHANGELOG.md) diff --git a/CHANGELOG.md b/CHANGELOG.md index e3f8ca6..c0a46a0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,10 @@ The types of changes are: - Worker queue and exclude queue annotations: `fid.es/worker-queues` and `fid.es/worker-exclude-queues` - Make `task_always_eager` configurable on Fides workers, defaults to `false`. +### Changed + +- Upgrade default Fides version to [`2.84.2`](https://github.com/ethyca/fides/releases/tag/2.84.2) (from `2.82.1`) + ## [0.19.0](https://github.com/ethyca/fides-helm/compare/fides-0.18.0...fides-0.19.0) ### Added diff --git a/fides-minimal/Chart.yaml b/fides-minimal/Chart.yaml index 6db89fc..76315ec 100644 --- a/fides-minimal/Chart.yaml +++ b/fides-minimal/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: fides-minimal -version: 0.17.0 +version: 0.19.1 appVersion: "2.48.1" description: Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. This version of the Helm chart removes some excess features such as the lookup function which may not be available in all cases. type: application diff --git a/fides-minimal/templates/fides/worker-config.yaml b/fides-minimal/templates/fides/worker-config.yaml index cf774fa..59c5c6f 100644 --- a/fides-minimal/templates/fides/worker-config.yaml +++ b/fides-minimal/templates/fides/worker-config.yaml @@ -16,7 +16,7 @@ data: [celery] event_queue_prefix = "fides_worker" task_default_queue = "fides" - task_always_eager = false + task_always_eager = {{ .Values.fides.workerConfiguration.taskAlwaysEager }} redis_socket_keepalive = true [security] diff --git a/fides-minimal/values.yaml b/fides-minimal/values.yaml index 3f310b8..8fb0d7d 100644 --- a/fides-minimal/values.yaml +++ b/fides-minimal/values.yaml @@ -70,6 +70,10 @@ fides: # To override defaults, explicitly define workers below. To disable a worker, set count: 0. # For more information, see: https://www.ethyca.com/docs/dev-docs/get-started/advanced#running-workers workerConfiguration: + # When true, the worker's fides.toml pins celery.task_always_eager = true, + # so subtasks spawned within a worker run inline instead of being requeued. + # Default false enables proper fan-out across the worker pool. + taskAlwaysEager: false workers: [] # Example worker override: # - name: other