stackabletech
diff --git a/‎CHANGELOG.md‎
Lines changed: 2 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎deploy/helm/airflow-operator/crds/crds.yaml‎
Lines changed: 5 additions & 8 deletions b/‎deploy/helm/airflow-operator/crds/crds.yaml‎
Lines changed: 5 additions & 8 deletions
diff --git a/‎docs/modules/airflow/examples/example-airflow-dags-configmap.yaml‎
Lines changed: 1 addition & 1 deletion b/‎docs/modules/airflow/examples/example-airflow-dags-configmap.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/modules/airflow/examples/example-airflow-incluster.yaml‎
Lines changed: 1 addition & 1 deletion b/‎docs/modules/airflow/examples/example-airflow-incluster.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/modules/airflow/examples/example-airflow-kubernetes-executor-s3-logging.yaml‎
Lines changed: 1 addition & 1 deletion b/‎docs/modules/airflow/examples/example-airflow-kubernetes-executor-s3-logging.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/modules/airflow/examples/example-airflow-kubernetes-executor-s3-xcom.yaml‎
Lines changed: 1 addition & 1 deletion b/‎docs/modules/airflow/examples/example-airflow-kubernetes-executor-s3-xcom.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/modules/airflow/examples/getting_started/code/airflow.yaml‎
Lines changed: 1 addition & 1 deletion b/‎docs/modules/airflow/examples/getting_started/code/airflow.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/modules/airflow/pages/usage-guide/listenerclass.adoc‎
Lines changed: 5 additions & 3 deletions b/‎docs/modules/airflow/pages/usage-guide/listenerclass.adoc‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎examples/simple-airflow-cluster-dags-cmap.yaml‎
Lines changed: 1 addition & 1 deletion b/‎examples/simple-airflow-cluster-dags-cmap.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎examples/simple-airflow-cluster-ldap-insecure-tls.yaml‎
Lines changed: 1 addition & 1 deletion b/‎examples/simple-airflow-cluster-ldap-insecure-tls.yaml‎
Lines changed: 1 addition & 1 deletion
@@ -30,6 +30,7 @@
   - The `runAsUser` and `runAsGroup` fields will not be set anymore by the operator
   - The defaults from the docker images itself will now apply, which will be different from 1000/0 going forward
   - This is marked as breaking because tools and policies might exist, which require these fields to be set
+- Changed listener class to be role-only ([#645]).
 
 ### Fixed
 
@@ -48,6 +49,7 @@
 [#625]: https://github.com/stackabletech/airflow-operator/pull/625
 [#630]: https://github.com/stackabletech/airflow-operator/pull/630
 [#636]: https://github.com/stackabletech/airflow-operator/pull/636
+[#645]: https://github.com/stackabletech/airflow-operator/pull/645
 
 ## [25.3.0] - 2025-03-21
 
 
@@ -1332,10 +1332,6 @@ spec:
                           description: Time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Consult the operator documentation for details.
                           nullable: true
                           type: string
-                        listenerClass:
-                          description: This field controls which [ListenerClass](https://docs.stackable.tech/home/nightly/listener-operator/listenerclass.html) is used to expose the webserver.
-                          nullable: true
-                          type: string
                         logging:
                           default:
                             containers: {}
@@ -1480,11 +1476,16 @@ spec:
                       x-kubernetes-preserve-unknown-fields: true
                     roleConfig:
                       default:
+                        listenerClass: cluster-internal
                         podDisruptionBudget:
                           enabled: true
                           maxUnavailable: null
                       description: This is a product-agnostic RoleConfig, which is sufficient for most of the products.
                       properties:
+                        listenerClass:
+                          default: cluster-internal
+                          description: This field controls which [ListenerClass](https://docs.stackable.tech/home/nightly/listener-operator/listenerclass.html) is used to expose the webserver.
+                          type: string
                         podDisruptionBudget:
                           default:
                             enabled: true
@@ -1553,10 +1554,6 @@ spec:
                                 description: Time period Pods have to gracefully shut down, e.g. `30m`, `1h` or `2d`. Consult the operator documentation for details.
                                 nullable: true
                                 type: string
-                              listenerClass:
-                                description: This field controls which [ListenerClass](https://docs.stackable.tech/home/nightly/listener-operator/listenerclass.html) is used to expose the webserver.
-                                nullable: true
-                                type: string
                               logging:
                                 default:
                                   containers: {}
 
@@ -19,7 +19,7 @@ spec:
         mountPath: /dags/test_airflow_dag.py # <6>
         subPath: test_airflow_dag.py # <7>
   webservers:
-    config:
+    roleConfig:
       listenerClass: external-unstable
     roleGroups:
       default:
 
@@ -11,7 +11,7 @@ spec:
     exposeConfig: false
     credentialsSecret: simple-airflow-credentials
   webservers:
-    config:
+    roleConfig:
       listenerClass: external-unstable
     roleGroups:
       default:
 
@@ -7,7 +7,7 @@ spec:
     productVersion: 2.10.5
   clusterConfig: {}
   webservers:
-    config:
+    roleConfig:
       listenerClass: external-unstable
     envOverrides: &envOverrides
       AIRFLOW__LOGGING__REMOTE_LOGGING: "True"
 
@@ -7,7 +7,7 @@ spec:
     productVersion: 2.10.5
   clusterConfig: {}
   webservers:
-    config:
+    roleConfig:
       listenerClass: external-unstable
     envOverrides: &envOverrides
       AIRFLOW__CORE__XCOM_BACKEND: airflow.providers.common.io.xcom.backend.XComObjectStorageBackend
 
@@ -11,7 +11,7 @@ spec:
     exposeConfig: false
     credentialsSecret: simple-airflow-credentials
   webservers:
-    config:
+    roleConfig:
       listenerClass: external-unstable
     roleGroups:
       default:
 
@@ -2,18 +2,20 @@
 :description: Configure Airflow service exposure with ListenerClasses: cluster-internal, external-unstable, or external-stable.
 
 The operator deploys a xref:listener-operator:listener.adoc[Listener] for the Webserver pod.
-The listener defaults to only being accessible from within the Kubernetes cluster, but this can be changed by setting `.spec.webservers.config.listenerClass`:
+The listener defaults to only being accessible from within the Kubernetes cluster, but this can be changed by setting `.spec.webservers.roleConfig.listenerClass`:
 
 [source,yaml]
 ----
 spec:
   webservers:
-    config:
+    roleConfig:
       listenerClass: external-unstable  # <1>
+    config:
+      ...
   schedulers:
     ...
   celeryExecutors:
     ...
 ----
-<1> Specify a ListenerClass, such as `external-stable`, `external-unstable`, or `cluster-internal` (the default setting is `cluster-internal`).
+<1> Specify a ListenerClass, such as `external-stable`, `external-unstable`, or `cluster-internal` (the default setting is `cluster-internal`) at role-level.
 This can be set only for the webservers role.
@@ -96,7 +96,7 @@ spec:
         mountPath: /dags/test_airflow_dag.py
         subPath: test_airflow_dag.py
   webservers:
-    config:
+    roleConfig:
       listenerClass: external-unstable
     roleGroups:
       default:
 
@@ -157,7 +157,7 @@ spec:
       - authenticationClass: airflow-with-ldap-insecure-tls-ldap
         userRegistrationRole: Admin
   webservers:
-    config:
+    roleConfig:
       listenerClass: external-unstable
     roleGroups:
       default: