airflow

Helm chart

Last changed

Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Tag:

# Licensed to the Apache Software Foundation (ASF) under one

# or more contributor license agreements. See the NOTICE file

# distributed with this work for additional information

# regarding copyright ownership. The ASF licenses this file

# to you under the Apache License, Version 2.0 (the

# "License"); you may not use this file except in compliance

# with the License. You may obtain a copy of the License at

# http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing,

# software distributed under the License is distributed on an

# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

# KIND, either express or implied. See the License for the

# specific language governing permissions and limitations

# under the License.

# Provide a name to substitute for the full names of resources

fullnameOverride: ""

# Default values for airflow.

# This is a YAML-formatted file.

# Declare variables to be passed into your templates.

# Provide a name to substitute for the name of the chart

nameOverride: ""

# Use standard naming for all resources using airflow.fullname template

# Consider removing this later and default it to true

# to make this chart follow standard naming conventions using the fullname template.

# For now this is an opt-in switch for backwards compatibility to leverage the standard naming convention

# and being able to use fully fullnameOverride and nameOverride in all resources

# For new installations - it is recommended to set it to True to follow standard naming conventions

# For existing installations, this will rename and redeploy your resources with the new names. Be aware that

# this will recreate your deployment/statefulsets along with their persistent volume claims and data storage

# migration may be needed to keep your old data

# Note:fernet-key,redis-password and broker-url secrets don't use this logic yet,

# as this may break existing installations due to how they get installed via pre-install hook.

useStandardNaming: false

# Max number of old replicasets to retain. Can be overridden by each deployment's revisionHistoryLimit

revisionHistoryLimit: ~

# User and group of airflow user

uid: 50000

gid: 0

# Default security context for airflow (deprecated, use `securityContexts` instead)

securityContext: {}

# runAsUser: 50000

# fsGroup: 0

# runAsGroup: 0

# Detailed default security context for airflow deployments

securityContexts:

pod: {}

containers: {}

# Global container lifecycle hooks for airflow containers

containerLifecycleHooks: {}

# Airflow home directory

# Used for mount paths

airflowHome: /opt/airflow

# Default airflow repository -- overridden by all the specific images below

defaultAirflowRepository: cgr.dev/chainguard-private/airflow

# Default airflow tag to deploy

defaultAirflowTag: latest

# Default airflow digest. If specified, it takes precedence over tag

defaultAirflowDigest: sha256:1d16d03c46fe5086b7ec90a8653ad524fcf5d1d110248e5980ef0c9ac6a65561

# Airflow version (Used to make some decisions based on Airflow Version being deployed)

# Version 2.11.0 and above is supported.

airflowVersion: "3.1.8"

# Images

images:

airflow:

repository: ~

tag: ~

# Specifying digest takes precedence over tag.

digest: ~

pullPolicy: IfNotPresent

# To avoid images with user code, you can turn this to 'true' and

# all the 'run-airflow-migrations' and 'wait-for-airflow-migrations' containers/jobs

# will use the images from 'defaultAirflowRepository:defaultAirflowTag' values

# to run and wait for DB migrations .

useDefaultImageForMigration: false

# timeout (in seconds) for airflow-migrations to complete

migrationsWaitTimeout: 60

pod_template:

# Note that `images.pod_template.repository` and `images.pod_template.tag` parameters

# can be overridden in `config.kubernetes` section. So for these parameters to have effect

# `config.kubernetes.worker_container_repository` and `config.kubernetes.worker_container_tag`

# must be not set .

repository: ~

tag: ~

pullPolicy: IfNotPresent

flower:

repository: cgr.dev/chainguard-private/flower

tag: latest@sha256:2287358ff8f4cc4a6746b80b8494484088a2eaa9083edcde5eb58a431b04d6b7

pullPolicy: IfNotPresent

statsd:

repository: cgr.dev/chainguard-private/prometheus-statsd-exporter

tag: latest@sha256:7257ea5e7e5a01e2943650a7eed4e4ab47bf9b7fd5f6bc437dd795980e7a2f39

pullPolicy: IfNotPresent

redis:

repository: cgr.dev/chainguard-private/redis

100

# Redis is limited to 7.2-bookworm due to licencing change

101

# https://redis.io/blog/redis-adopts-dual-source-available-licensing/

102

tag: latest@sha256:fe82f37b4f5c8e4874fff7db3babdb0e5e5ec2c863598e40fa28c10459da7a84

103

pullPolicy: IfNotPresent

104

pgbouncer:

105

repository: cgr.dev/chainguard-private/pgbouncer

106

tag: latest@sha256:b7f0be9d3aa7ad63afe334c8d589c94bead7f8e9e883c3212885b3146b627ddc

107

pullPolicy: IfNotPresent

108

pgbouncerExporter:

109

repository: cgr.dev/chainguard-private/prometheus-pgbouncer-exporter

110

tag: latest@sha256:7e84d4fbb4c6ef6c10bb0c140d63f3870509c4e7eef41612d3249339d69d7809

111

pullPolicy: IfNotPresent

112

gitSync:

113

repository: cgr.dev/chainguard-private/git-sync

114

tag: latest@sha256:a9cf7fe5d5a73dc5e603152f3995163fabcfa1e476e2a082e23c9ccd037a6386

115

pullPolicy: IfNotPresent

116

# Select certain nodes for airflow pods.

117

nodeSelector: {}

118

affinity: {}

119

tolerations: []

120

topologySpreadConstraints: []

121

schedulerName: ~

122

# Add common labels to all objects and pods defined in this chart.

123

labels: {}

124

# List of existing Kubernetes secrets containing Base64 encoded credentials to connect to private

125

# registries. Items can be either strings or {name: secret} objects.

126

imagePullSecrets: []

127

# Ingress configuration

128

ingress:

129

# Enable all ingress resources

130

# (deprecated - use ingress.web.enabled, ingress.apiServer.enabled and ingress.flower.enabled)

131

enabled: ~

132

# Configs for the Ingress of the API Server (Airflow 3+)

133

apiServer:

134

# Enable API Server ingress resource

135

enabled: false

136

# Annotations for the API Server Ingress

137

annotations: {}

138

# The path for the API Server Ingress

139

path: "/"

140

# The pathType for the above path (used only with Kubernetes v1.19 and above)

141

pathType: "ImplementationSpecific"

142

# The hostname for the API Server Ingress (Deprecated - renamed to `ingress.apiServer.hosts`)

143

host: ""

144

# The hostnames or hosts configuration for the API Server Ingress

145

hosts: []

146

# # The hostname for the web Ingress (templated)

147

# - name: ""

148

# # configs for API Server Ingress TLS

149

# tls:

150

# # Enable TLS termination for the API Server Ingress

151

# enabled: false

152

# # the name of a pre-created Secret containing a TLS private key and certificate

153

# secretName: ""

154

155

# The Ingress Class for the API Server Ingress (used only with Kubernetes v1.19 and above)

156

ingressClassName: ""

157

# configs for API Server Ingress TLS (Deprecated - renamed to `ingress.apiServer.hosts[*].tls`)

158

tls:

159

# Enable TLS termination for the API Server Ingress

160

enabled: false

161

# the name of a pre-created Secret containing a TLS private key and certificate

162

secretName: ""

163

# HTTP paths to add to the API Server Ingress before the default path

164

precedingPaths: []

165

# Http paths to add to the API Server Ingress after the default path

166

succeedingPaths: []

167

# Configs for the Ingress of the web Service (Airflow <3.0.0)

168

web:

169

# Enable web ingress resource

170

enabled: false

171

# Annotations for the web Ingress

172

annotations: {}

173

# The path for the web Ingress

174

path: "/"

175

# The pathType for the above path (used only with Kubernetes v1.19 and above)

176

pathType: "ImplementationSpecific"

177

# The hostname for the web Ingress (Deprecated - renamed to `ingress.web.hosts`)

178

host: ""

179

# The hostnames or hosts configuration for the web Ingress

180

hosts: []

181

# # The hostname for the web Ingress (templated)

182

# - name: ""

183

# # configs for web Ingress TLS

184

# tls:

185

# # Enable TLS termination for the web Ingress

186

# enabled: false

187

# # the name of a pre-created Secret containing a TLS private key and certificate

188

# secretName: ""

189

190

# The Ingress Class for the web Ingress (used only with Kubernetes v1.19 and above)

191

ingressClassName: ""

192

# configs for web Ingress TLS (Deprecated - renamed to `ingress.web.hosts[*].tls`)

193

tls:

194

# Enable TLS termination for the web Ingress

195

enabled: false

196

# the name of a pre-created Secret containing a TLS private key and certificate

197

secretName: ""

198

# HTTP paths to add to the web Ingress before the default path

199

precedingPaths: []

200

# Http paths to add to the web Ingress after the default path

201

succeedingPaths: []

202

# Configs for the Ingress of the flower Service

203

flower:

204

# Enable web ingress resource

205

enabled: false

206

# Annotations for the flower Ingress

207

annotations: {}

208

# The path for the flower Ingress

209

path: "/"

210

# The pathType for the above path (used only with Kubernetes v1.19 and above)

211

pathType: "ImplementationSpecific"

212

# The hostname for the flower Ingress (Deprecated - renamed to `ingress.flower.hosts`)

213

host: ""

214

# The hostnames or hosts configuration for the flower Ingress

215

hosts: []

216

# # The hostname for the flower Ingress (templated)

217

# - name: ""

218

# tls:

219

# # Enable TLS termination for the flower Ingress

220

# enabled: false

221

# # the name of a pre-created Secret containing a TLS private key and certificate

222

# secretName: ""

223

224

# The Ingress Class for the flower Ingress (used only with Kubernetes v1.19 and above)

225

ingressClassName: ""

226

# configs for flower Ingress TLS (Deprecated - renamed to `ingress.flower.hosts[*].tls`)

227

tls:

228

# Enable TLS termination for the flower Ingress

229

enabled: false

230

# the name of a pre-created Secret containing a TLS private key and certificate

231

secretName: ""

232

# Configs for the Ingress of the statsd Service

233

statsd:

234

# Enable web ingress resource

235

enabled: false

236

# Annotations for the statsd Ingress

237

annotations: {}

238

# The path for the statsd Ingress

239

path: "/metrics"

240

# The pathType for the above path (used only with Kubernetes v1.19 and above)

241

pathType: "ImplementationSpecific"

242

# The hostname for the statsd Ingress (Deprecated - renamed to `ingress.statsd.hosts`)

243

host: ""

244

# The hostnames or hosts configuration for the statsd Ingress

245

hosts: []

246

# # The hostname for the statsd Ingress (templated)

247

# - name: ""

248

# tls:

249

# # Enable TLS termination for the statsd Ingress

250

# enabled: false

251

# # the name of a pre-created Secret containing a TLS private key and certificate

252

# secretName: ""

253

254

# The Ingress Class for the statsd Ingress (used only with Kubernetes v1.19 and above)

255

ingressClassName: ""

256

# Configs for the Ingress of the pgbouncer Service

257

pgbouncer:

258

# Enable web ingress resource

259

enabled: false

260

# Annotations for the pgbouncer Ingress

261

annotations: {}

262

# The path for the pgbouncer Ingress

263

path: "/metrics"

264

# The pathType for the above path (used only with Kubernetes v1.19 and above)

265

pathType: "ImplementationSpecific"

266

# The hostname for the pgbouncer Ingress (Deprecated - renamed to `ingress.pgbouncer.hosts`)

267

host: ""

268

# The hostnames or hosts configuration for the pgbouncer Ingress

269

hosts: []

270

# # The hostname for the statsd Ingress (templated)

271

# - name: ""

272

# tls:

273

# # Enable TLS termination for the pgbouncer Ingress

274

# enabled: false

275

# # the name of a pre-created Secret containing a TLS private key and certificate

276

# secretName: ""

277

278

# The Ingress Class for the pgbouncer Ingress (used only with Kubernetes v1.19 and above)

279

ingressClassName: ""

280

# Network policy configuration

281

networkPolicies:

282

# Enabled network policies

283

enabled: false

284

# Extra annotations to apply to all

285

# Airflow pods (templated)

286

airflowPodAnnotations: {}

287

# Extra annotations to apply to

288

# main Airflow configmap

289

airflowConfigAnnotations: {}

290

# `airflow_local_settings` file as a string (templated).

291

airflowLocalSettings: |-

292

293

{{- if not (or .Values.webserverSecretKey .Values.webserverSecretKeySecretName) }}

294

from airflow.www.utils import UIAlert

295

296

DASHBOARD_UIALERTS = [

297

UIAlert(

298

'Usage of a dynamic webserver secret key detected. We recommend a static webserver secret key instead.'

299

' See the <a href='

300

'"https://airflow.apache.org/docs/helm-chart/stable/production-guide.html#webserver-secret-key" '

301

'target="_blank" rel="noopener noreferrer">'

302

'Helm Chart Production Guide</a> for more details.',

303

category="warning",

304

roles=["Admin"],

305

html=True,

306

)

307

]

308

309

310

# Enable RBAC (default on most clusters these days)

311

rbac:

312

# Specifies whether RBAC resources should be created

313

create: true

314

createSCCRoleBinding: false

315

# Airflow executor

316

# One or multiple of: LocalExecutor, CeleryExecutor, KubernetesExecutor

317

# For Airflow <3.0, LocalKubernetesExecutor and CeleryKubernetesExecutor are also supported.

318

# Specify executors in a prioritized list to leverage multiple execution environments as needed:

319

# https://airflow.apache.org/docs/apache-airflow/stable/core-concepts/executor/index.html#using-multiple-executors-concurrently

320

executor: "CeleryExecutor"

321

# If this is true and using LocalExecutor/KubernetesExecutor/CeleryKubernetesExecutor, the scheduler's

322

# service account will have access to communicate with the api-server and launch pods.

323

# If this is true and using CeleryExecutor/KubernetesExecutor/CeleryKubernetesExecutor, the workers

324

# will be able to launch pods.

325

allowPodLaunching: true

326

allowJobLaunching: false

327

# Environment variables for all airflow containers

328

env: []

329

# - name: ""

330

# value: ""

331

332

# Volumes for all airflow containers

333

volumes: []

334

# VolumeMounts for all airflow containers

335

volumeMounts: []

336

# Secrets for all airflow containers

337

secret: []

338

# - envName: ""

339

# secretName: ""

340

# secretKey: ""

341

342

# Enables selected built-in secrets that are set via environment variables by default.

343

# Those secrets are provided by the Helm Chart secrets by default but in some cases you

344

# might want to provide some of those variables with _CMD or _SECRET variable, and you should

345

# in this case disable setting of those variables by setting the relevant configuration to false.

346

enableBuiltInSecretEnvVars:

347

AIRFLOW__CORE__FERNET_KEY: true

348

AIRFLOW__DATABASE__SQL_ALCHEMY_CONN: true

349

AIRFLOW_CONN_AIRFLOW_DB: true

350

AIRFLOW__API__SECRET_KEY: true

351

AIRFLOW__API_AUTH__JWT_SECRET: true

352

AIRFLOW__WEBSERVER__SECRET_KEY: true

353

AIRFLOW__CELERY__RESULT_BACKEND: true

354

AIRFLOW__CELERY__BROKER_URL: true

355

AIRFLOW__ELASTICSEARCH__HOST: true

356

AIRFLOW__OPENSEARCH__HOST: true

357

# Priority Classes that will be installed by charts.

358

# Ideally, there should be an entry for dagProcessor, flower,

359

# pgbouncer, scheduler, statsd, triggerer, webserver, worker.

360

# The format for priorityClasses is an array with each element having:

361

# * name is the name of the priorityClass. Ensure the same name is given to the respective section as well

362

# * preemptionPolicy for the priorityClass

363

# * value is the preemption value for the priorityClass

364

priorityClasses: []

365

# - name: class1 (if this is for dagProcessor, ensure overriding .Values.dagProcessor.priorityClass too)

366

# preemptionPolicy: PreemptLowerPriority

367

# value: 10000

368

# - name: class2

369

# preemptionPolicy: Never

370

# value: 100000

371

372

# Extra secrets that will be managed by the chart

373

# (You can use them with extraEnv or extraEnvFrom or some of the extraVolumes values).

374

# The format for secret data is "key/value" where

375

# * key (templated) is the name of the secret that will be created

376

# * value: an object with the standard 'data' or 'stringData' key (or both).

377

# The value associated with those keys must be a string (templated)

378

extraSecrets: {}

379

# eg:

380

# extraSecrets:

381

# '{{ .Release.Name }}-airflow-connections':

382

# type: 'Opaque'

383

# labels:

384

# my.custom.label/v1: my_custom_label_value_1

385

# data: |

386

# AIRFLOW_CONN_GCP: 'base64_encoded_gcp_conn_string'

387

# AIRFLOW_CONN_AWS: 'base64_encoded_aws_conn_string'

388

# stringData: |

389

# AIRFLOW_CONN_OTHER: 'other_conn'

390

# '{{ .Release.Name }}-other-secret-name-suffix':

391

# data: |

392

# ...

393

# 'proxy-config':

394

# stringData: |

395

# HTTP_PROXY: http://proxy_user:proxy_password@192.168.0.10:2080

396

# HTTPS_PROXY: http://proxy_user:proxy_password@192.168.0.10:2080

397

# NO_PROXY: "localhost,127.0.0.1,.svc.cluster.local,kubernetes.default.svc"

398

399

# Extra ConfigMaps that will be managed by the chart

400

# (You can use them with extraEnv or extraEnvFrom or some of the extraVolumes values).

401

# The format for configmap data is "key/value" where

402

# * key (templated) is the name of the configmap that will be created

403

# * value: an object with the standard 'data' key.

404

# The value associated with this keys must be a string (templated)

405

extraConfigMaps: {}

406

# eg:

407

# extraConfigMaps:

408

# '{{ .Release.Name }}-airflow-variables':

409

# labels:

410

# my.custom.label/v2: my_custom_label_value_2

411

# data: |

412

# AIRFLOW_VAR_HELLO_MESSAGE: "Hi!"

413

# AIRFLOW_VAR_KUBERNETES_NAMESPACE: "{{ .Release.Namespace }}"

414

415

# Extra env 'items' that will be added to the definition of airflow containers

416

# a string is expected (templated).

417

# TODO: difference from `env`? This is a templated string. Probably should template `env` and remove this.

418

extraEnv: ~

419

# eg:

420

# extraEnv: |

421

# - name: AIRFLOW__CORE__LOAD_EXAMPLES

422

# value: 'True'

423

424

# Extra envFrom 'items' that will be added to the definition of airflow containers

425

# A string is expected (templated).

426

extraEnvFrom: ~

427

# eg:

428

# extraEnvFrom: |

429

# - secretRef:

430

# name: '{{ .Release.Name }}-airflow-connections'

431

# - configMapRef:

432

# name: '{{ .Release.Name }}-airflow-variables'

433

434

# Airflow database & redis config

435

data:

436

# If secret names are provided, use those secrets

437

# These secrets must be created manually, eg:

438

439

# kind: Secret

440

# apiVersion: v1

441

# metadata:

442

# name: custom-airflow-metadata-secret

443

# type: Opaque

444

# data:

445

# connection: base64_encoded_connection_string

446

metadataSecretName: ~

447

resultBackendSecretName: ~

448

brokerUrlSecretName: ~

449

# Otherwise pass connection values in

450

metadataConnection:

451

user: postgres

452

pass: postgres

453

protocol: postgresql

454

host: ~

455

port: 5432

456

db: postgres

457

sslmode: disable

458

# Add custom annotations to the metadata connection secret

459

secretAnnotations: {}

460

# resultBackendConnection defaults to the same database as metadataConnection

461

resultBackendConnection: ~

462

# Add custom annotations to the result backend connection secret

463

resultBackendConnectionSecretAnnotations: {}

464

# or, you can use a different database

465

# resultBackendConnection:

466

# user: postgres

467

# pass: postgres

468

# protocol: postgresql

469

# host: ~

470

# port: 5432

471

# db: postgres

472

# sslmode: disable

473

# Note: brokerUrl can only be set during install, not upgrade

474

brokerUrl: ~

475

# Add custom annotations to the broker url secret

476

brokerUrlSecretAnnotations: {}

477

# Fernet key settings

478

# Note: fernetKey can only be set during install, not upgrade

479

fernetKey: ~

480

fernetKeySecretName: ~

481

# Add custom annotations to the fernet key secret

482

fernetKeySecretAnnotations: {}

483

# Flask secret key for Airflow 3+ Api: `[api] secret_key` in airflow.cfg

484

apiSecretKey: ~

485

# Add custom annotations to the api secret

486

apiSecretAnnotations: {}

487

apiSecretKeySecretName: ~

488

# Secret key used to encode and decode JWTs: `[api_auth] jwt_secret` in airflow.cfg

489

jwtSecret: ~

490

# Add custom annotations to the JWT secret

491

jwtSecretAnnotations: {}

492

jwtSecretName: ~

493

# Flask secret key for Airflow <3 Webserver: `[webserver] secret_key` in airflow.cfg

494

webserverSecretKey: ~

495

# Add custom annotations to the webserver secret

496

webserverSecretAnnotations: {}

497

webserverSecretKeySecretName: ~

498

# In order to use kerberos you need to create secret containing the keytab file

499

# The secret name should follow naming convention of the application where resources are

500

# name {{ .Release-name }}-<POSTFIX>. In case of the keytab file, the postfix is "kerberos-keytab"

501

# So if your release is named "my-release" the name of the secret should be "my-release-kerberos-keytab"

502

503

# The Keytab content should be available in the "kerberos.keytab" key of the secret.

504

505

# apiVersion: v1

506

# kind: Secret

507

# data:

508

# kerberos.keytab: <base64_encoded keytab file content>

509

# type: Opaque

510

511

512

# If you have such keytab file you can do it with similar

513

514

# kubectl create secret generic {{ .Release.name }}-kerberos-keytab --from-file=kerberos.keytab

515

516

517

# Alternatively, instead of manually creating the secret, it is possible to specify

518

# kerberos.keytabBase64Content parameter. This parameter should contain base64 encoded keytab.

519

520

kerberos:

521

enabled: false

522

ccacheMountPath: /var/kerberos-ccache

523

ccacheFileName: cache

524

configPath: /etc/krb5.conf

525

keytabBase64Content: ~

526

keytabPath: /etc/airflow.keytab

527

principal: airflow@FOO.COM

528

reinitFrequency: 3600

529

config: |

530

# This is an example config showing how you can use templating and how "example" config

531

# might look like. It works with the test kerberos server that we are using during integration

532

# testing at Apache Airflow (see `scripts/ci/docker-compose/integration-kerberos.yml` but in

533

# order to make it production-ready you must replace it with your own configuration that

534

# Matches your kerberos deployment. Administrators of your Kerberos instance should

535

# provide the right configuration.

536

537

[logging]

538

default = "FILE:{{ template "airflow_logs_no_quote" . }}/kerberos_libs.log"

539

kdc = "FILE:{{ template "airflow_logs_no_quote" . }}/kerberos_kdc.log"

540

admin_server = "FILE:{{ template "airflow_logs_no_quote" . }}/kadmind.log"

541

542

[libdefaults]

543

default_realm = FOO.COM

544

ticket_lifetime = 10h

545

renew_lifetime = 7d

546

forwardable = true

547

548

[realms]

549

FOO.COM = {

550

kdc = kdc-server.foo.com

551

admin_server = admin_server.foo.com

552

}

553

# Airflow Worker Config

554

workers:

555

# Number of Airflow Celery workers (deprecated, use `workers.celery.replicas` instead)

556

replicas: 1

557

# Max number of old Airflow Celery workers ReplicaSets to retain

558

# (deprecated, use `workers.celery.revisionHistoryLimit` instead)

559

revisionHistoryLimit: ~

560

# Command to use when running Airflow Celery workers and using pod-template-file (templated)

561

# (deprecated, use workers.celery.command and/or workers.kubernetes.command instead)

562

command: ~

563

# Args to use when running Airflow Celery workers (templated)

564

# (deprecated, use `workers.celery.args` instead)

565

args:

566

- "bash"

567

- "-c"

568

# The format below is necessary to get `helm lint` happy

569

- |-

570

exec \

571

airflow celery worker

572

{{- if and .Values.workers.queue (ne .Values.workers.queue "default") }}

573

574

575

# If the Airflow Celery worker stops responding for 5 minutes (5*60s)

576

# kill the worker and let Kubernetes restart it

577

# (deprecated, use `workers.celery.livenessProbe` section instead)

578

livenessProbe:

579

# (deprecated, use `workers.celery.livenessProbe.enabled` instead)

580

enabled: true

581

# (deprecated, use `workers.celery.livenessProbe.initialDelaySeconds` instead)

582

initialDelaySeconds: 10

583

# (deprecated, use `workers.celery.livenessProbe.timeoutSeconds` instead)

584

timeoutSeconds: 20

585

# (deprecated, use `workers.celery.livenessProbe.failureThreshold` instead)

586

failureThreshold: 5

587

# (deprecated, use `workers.celery.livenessProbe.periodSeconds` instead)

588

periodSeconds: 60

589

# (deprecated, use `workers.celery.livenessProbe.command` instead)

590

command: ~

591

# Update Strategy when Airflow Celery worker is deployed as a StatefulSet

592

# (deprecated, use `workers.celery.updateStrategy` instead)

593

updateStrategy: ~

594

# Update Strategy when Airflow Celery worker is deployed as a Deployment

595

# (deprecated, use `workers.celery.strategy` instead)

596

strategy:

597

rollingUpdate:

598

maxSurge: "100%"

599

maxUnavailable: "50%"

600

# Allow relaxing ordering guarantees for Airflow Celery worker while preserving its uniqueness and identity

601

# (deprecated, use `workers.celery.podManagementPolicy` instead)

602

# podManagementPolicy: Parallel

603

604

# When not set, the values defined in the global securityContext will

605

# be used in Airflow Celery workers and pod-template-file

606

# (deprecated, use workers.celery.securityContexts and/or workers.kubernetes.securityContexts instead)

607

securityContext: {}

608

# runAsUser: 50000

609

# fsGroup: 0

610

# runAsGroup: 0

611

612

# Detailed default security context for the

613

# Airflow Celery workers and pod-template-file on container and pod level

614

# (deprecated, use workers.celery.securityContexts and/or workers.kubernetes.securityContexts instead)

615

securityContexts:

616

# (deprecated, use

617

# workers.celery.securityContexts.pod and/or

618

# workers.kubernetes.securityContexts.pod

619

# instead)

620

pod: {}

621

# (deprecated, use

622

# workers.celery.securityContexts.container and/or

623

# workers.kubernetes.securityContexts.container

624

# instead)

625

container: {}

626

# Container level Lifecycle Hooks definition for

627

# Airflow Celery workers and pods created with pod-template-file

628

# (deprecated, use

629

# workers.celery.containerLifecycleHooks and/or

630

# workers.kubernetes.containerLifecycleHooks

631

# instead)

632

containerLifecycleHooks: {}

633

# Airflow Celery workers pod disruption budget

634

# (deprecated, use `workers.celery.podDisruptionBudget` instead)

635

podDisruptionBudget:

636

# (deprecated, use `workers.celery.podDisruptionBudget.enabled` instead)

637

enabled: false

638

# PDB configuration

639

# (deprecated, use `workers.celery.podDisruptionBudget.config` instead)

640

config:

641

# minAvailable and maxUnavailable are mutually exclusive

642

# (deprecated, use `workers.celery.podDisruptionBudget.config.maxUnavailable` instead)

643

maxUnavailable: 1

644

# (deprecated, use `workers.celery.podDisruptionBudget.config.minAvailable` instead)

645

# minAvailable: 1

646

# Create ServiceAccount for Airflow Celery workers and pods created with pod-template-file

647

serviceAccount:

648

# default value is true

649

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

650

automountServiceAccountToken: true

651

# Specifies whether a ServiceAccount should be created

652

create: true

653

# The name of the ServiceAccount to use.

654

# If not set and create is true, a name is generated using the release name

655

656

# Annotations to add to worker kubernetes service account.

657

annotations: {}

658

# Allow KEDA autoscaling for Airflow Celery workers

659

# (deprecated, use `workers.celery.keda` instead)

660

keda:

661

# (deprecated, use `workers.celery.keda.enabled` instead)

662

enabled: false

663

# (deprecated, use `workers.celery.keda.namespaceLabels` instead)

664

namespaceLabels: {}

665

# How often KEDA polls the airflow DB to report new scale requests to the HPA

666

# (deprecated, use `workers.celery.keda.pollingInterval` instead)

667

pollingInterval: 5

668

# How many seconds KEDA will wait before scaling to zero.

669

# Note that HPA has a separate cooldown period for scale-downs

670

# (deprecated, use `workers.celery.keda.cooldownPeriod` instead)

671

cooldownPeriod: 30

672

# Minimum number of Airflow Celery workers created by keda

673

# (deprecated, use `workers.celery.keda.minReplicaCount` instead)

674

minReplicaCount: 0

675

# Maximum number of Airflow Celery workers created by keda

676

# (deprecated, use `workers.celery.keda.maxReplicaCount` instead)

677

maxReplicaCount: 10

678

# Specify HPA related options

679

# (deprecated, use `workers.celery.keda.advanced` instead)

680

advanced: {}

681

# horizontalPodAutoscalerConfig:

682

# behavior:

683

# scaleDown:

684

# stabilizationWindowSeconds: 300

685

# policies:

686

# - type: Percent

687

# value: 100

688

# periodSeconds: 15

689

690

# Query to use for KEDA autoscaling. Must return a single integer.

691

# (deprecated, use `workers.celery.keda.query` instead)

692

query: >-

693

SELECT ceil(COUNT(*)::decimal / {{ .Values.config.celery.worker_concurrency }}) FROM task_instance WHERE (state='running' OR state='queued') AND queue IN ( {{- range $i, $q := splitList "," .Values.workers.queue -}} {{- if $i }},{{ end }}'{{ $q | trim }}' {{- end -}} ) {{- if contains "CeleryKubernetesExecutor" .Values.executor }} AND queue != '{{ .Values.config.celery_kubernetes_executor.kubernetes_queue }}' {{- else if contains "KubernetesExecutor" .Values.executor }} AND executor IS DISTINCT FROM 'KubernetesExecutor' {{- else if contains "airflow.providers.edge3.executors.EdgeExecutor" .Values.executor }} AND executor IS DISTINCT FROM 'EdgeExecutor' {{- end }}

694

# Weather to use PGBouncer to connect to the database or not when it is enabled

695

# This configuration will be ignored if PGBouncer is not enabled

696

# (deprecated, use `workers.celery.keda.usePgbouncer` instead)

697

usePgbouncer: true

698

# Allow HPA for Airflow Celery workers (KEDA must be disabled)

699

hpa:

700

enabled: false

701

# Minimum number of Airflow Celery workers created by HPA

702

minReplicaCount: 0

703

# Maximum number of Airflow Celery workers created by HPA

704

maxReplicaCount: 5

705

# Specifications for which to use to calculate the desired replica count

706

metrics:

707

- type: Resource

708

resource:

709

710

target:

711

type: Utilization

712

averageUtilization: 80

713

# Scaling behavior of the target in both Up and Down directions

714

behavior: {}

715

# Persistence volume configuration for Airflow Celery workers

716

# (deprecated, use `workers.celery.persistence` instead)

717

persistence:

718

# Enable persistent volumes (deprecated, use `workers.celery.persistence.enabled` instead)

719

enabled: true

720

# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed

721

# (deprecated, use `workers.celery.persistence.persistentVolumeClaimRetentionPolicy` instead)

722

persistentVolumeClaimRetentionPolicy: ~

723

# persistentVolumeClaimRetentionPolicy:

724

# whenDeleted: Delete

725

# whenScaled: Delete

726

727

# Volume size for Airflow Celery worker StatefulSet

728

# (deprecated, use `workers.celery.persistence.size` instead)

729

size: 100Gi

730

# If using a custom storageClass, pass name ref to all StatefulSets here

731

# (deprecated, use `workers.celery.persistence.storageClassName` instead)

732

storageClassName:

733

# Execute init container to chown log directory.

734

# This is currently only needed in kind, due to usage

735

# of local-path provisioner.

736

# (deprecated, use `workers.celery.persistence.fixPermissions` instead)

737

fixPermissions: false

738

# Annotations to add to Airflow Celery worker volumes

739

# (deprecated, use `workers.celery.persistence.annotations` instead)

740

annotations: {}

741

# Detailed default security context for persistence on container level

742

# (deprecated, use `workers.celery.persistence.securityContexts` instead)

743

securityContexts:

744

# (deprecated, use `workers.celery.persistence.securityContexts.container` instead)

745

container: {}

746

# Kerberos sidecar configuration for Airflow Celery workers and pods created with pod-template-file

747

# (deprecated, use workers.celery.kerberosSidecar and/or workers.kubernetes.kerberosSidecar instead)

748

kerberosSidecar:

749

# Enable kerberos sidecar

750

# (deprecated, use

751

# workers.celery.kerberosSidecar.enabled and/or

752

# workers.kubernetes.kerberosSidecar.enabled

753

# instead)

754

enabled: false

755

# (deprecated, use

756

# workers.celery.kerberosSidecar.resources and/or

757

# workers.kubernetes.kerberosSidecar.resources

758

# instead)

759

resources: {}

760

# limits:

761

# cpu: 100m

762

# memory: 128Mi

763

# requests:

764

# cpu: 100m

765

# memory: 128Mi

766

767

# Detailed default security context for kerberos sidecar on container level

768

# (deprecated, use

769

# workers.celery.kerberosSidecar.securityContexts and/or

770

# workers.kubernetes.kerberosSidecar.securityContexts

771

# instead)

772

securityContexts:

773

# (deprecated, use

774

# workers.celery.kerberosSidecar.securityContexts.container and/or

775

# workers.kubernetes.kerberosSidecar.securityContexts.container

776

# instead)

777

container: {}

778

# Container level lifecycle hooks

779

# (deprecated, use

780

# workers.celery.kerberosSidecar.containerLifecycleHooks and/or

781

# workers.kubernetes.kerberosSidecar.containerLifecycleHooks

782

# instead)

783

containerLifecycleHooks: {}

784

# Kerberos init container configuration for Airflow Celery workers and pods created with pod-template-file

785

# (deprecated, use

786

# workers.celery.kerberosInitContainer and/or

787

# workers.kubernetes.kerberosInitContainer

788

# instead)

789

kerberosInitContainer:

790

# Enable kerberos init container

791

# (deprecated, use

792

# workers.celery.kerberosInitContainer.enabled and/or

793

# workers.kubernetes.kerberosInitContainer.enabled

794

# instead)

795

enabled: false

796

# (deprecated, use

797

# workers.celery.kerberosInitContainer.resources and/or

798

# workers.kubernetes.kerberosInitContainer.resources

799

# instead)

800

resources: {}

801

# limits:

802

# cpu: 100m

803

# memory: 128Mi

804

# requests:

805

# cpu: 100m

806

# memory: 128Mi

807

808

# Detailed default security context for kerberos init container

809

# (deprecated, use

810

# workers.celery.kerberosInitContainer.securityContexts and/or

811

# workers.kubernetes.kerberosInitContainer.securityContexts

812

# instead)

813

securityContexts:

814

# (deprecated, use

815

# workers.celery.kerberosInitContainer.securityContexts.container and/or

816

# workers.kubernetes.kerberosInitContainer.securityContexts.container

817

# instead)

818

container: {}

819

# Container level lifecycle hooks

820

# (deprecated, use

821

# workers.celery.kerberosInitContainer.containerLifecycleHooks and/or

822

# workers.kubernetes.kerberosInitContainer.containerLifecycleHooks

823

# instead)

824

containerLifecycleHooks: {}

825

# Resource configuration for Airflow Celery workers and pods created with pod-template-file

826

# (deprecated, use workers.celery.resources or/and workers.kubernetes.resources instead)

827

resources: {}

828

# limits:

829

# cpu: 100m

830

# memory: 128Mi

831

# requests:

832

# cpu: 100m

833

# memory: 128Mi

834

835

# Grace period for tasks to finish after SIGTERM is sent from kubernetes.

836

# It is used by Airflow Celery workers and pod-template-file.

837

# (deprecated, use

838

# workers.celery.terminationGracePeriodSeconds or/and

839

# workers.kubernetes.terminationGracePeriodSeconds

840

# instead)

841

terminationGracePeriodSeconds: 600

842

# This setting tells kubernetes that its ok to evict when it wants to scale a node down.

843

# It is used by Airflow Celery workers and pod-template-file.

844

safeToEvict: false

845

# Launch additional containers into Airflow Celery worker

846

# and pods created with pod-template-file (templated).

847

# Note: If used with KubernetesExecutor, you are responsible for signaling sidecars to exit when the main

848

# container finishes so Airflow can continue the worker shutdown process!

849

extraContainers: []

850

# Add additional init containers into Airflow Celery workers

851

# and pods created with pod-template-file (templated).

852

extraInitContainers: []

853

# Additional volumes and volume mounts attached to the

854

# Airflow Celery workers and pods created with pod-template-file

855

extraVolumes: []

856

extraVolumeMounts: []

857

# Mount additional volumes into workers pods. It can be templated like in the following example:

858

# extraVolumes:

859

# - name: my-templated-extra-volume

860

# secret:

861

# secretName: '{{ include "my_secret_template" . }}'

862

# defaultMode: 0640

863

# optional: true

864

865

# extraVolumeMounts:

866

# - name: my-templated-extra-volume

867

# mountPath: "{{ .Values.my_custom_path }}"

868

# readOnly: true

869

870

# Expose additional ports of Airflow Celery workers. These can be used for additional metric collection.

871

extraPorts: []

872

# Select certain nodes for Airflow Celery worker pods and pods created with pod-template-file

873

# (deprecated, use workers.celery.nodeSelector or/and workers.kubernetes.nodeSelector instead)

874

nodeSelector: {}

875

runtimeClassName: ~

876

priorityClassName: ~

877

affinity: {}

878

# Default Airflow Celery worker affinity is:

879

# podAntiAffinity:

880

# preferredDuringSchedulingIgnoredDuringExecution:

881

# - podAffinityTerm:

882

# labelSelector:

883

# matchLabels:

884

# component: worker

885

# topologyKey: kubernetes.io/hostname

886

# weight: 100

887

tolerations: []

888

topologySpreadConstraints: []

889

# hostAliases to use in Airflow Celery worker pods and pods created with pod-template-file

890

# See:

891

# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

892

hostAliases: []

893

# - ip: "127.0.0.2"

894

# hostnames:

895

# - "test.hostname.one"

896

# - ip: "127.0.0.3"

897

# hostnames:

898

# - "test.hostname.two"

899

900

# Annotations for the Airflow Celery worker resource

901

annotations: {}

902

# Pod annotations for the Airflow Celery workers and pods created with pod-template-file (templated)

903

podAnnotations: {}

904

# Labels specific to Airflow Celery workers objects and pods created with pod-template-file

905

labels: {}

906

# Log groomer configuration for Airflow Celery workers

907

logGroomerSidecar:

908

# Whether to deploy the Airflow Celery worker log groomer sidecar

909

enabled: true

910

# Command to use when running the Airflow Celery worker log groomer sidecar (templated)

911

command: ~

912

# Args to use when running the Airflow Celery worker log groomer sidecar (templated)

913

args: ["bash", "/clean-logs"]

914

# Number of days to retain logs

915

retentionDays: 15

916

# Number of minutes to retain logs.

917

# This can be used for finer granularity than days.

918

# Total retention is retentionDays + retentionMinutes.

919

retentionMinutes: 0

920

# Frequency to attempt to groom logs (in minutes)

921

frequencyMinutes: 15

922

# Max size of logs in bytes. 0 = disabled

923

maxSizeBytes: 0

924

# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if maxSizeBytes is set.

925

maxSizePercent: 0

926

resources: {}

927

# limits:

928

# cpu: 100m

929

# memory: 128Mi

930

# requests:

931

# cpu: 100m

932

# memory: 128Mi

933

934

# Detailed default security context for logGroomerSidecar for container level

935

securityContexts:

936

container: {}

937

env: []

938

# Configuration of wait-for-airflow-migration init container for Airflow Celery workers

939

waitForMigrations:

940

# Whether to create init container to wait for db migrations

941

enabled: true

942

env: []

943

# Detailed default security context for wait-for-airflow-migrations container

944

securityContexts:

945

container: {}

946

# Additional env variable configuration for Airflow Celery workers and pods created with pod-template-file

947

env: []

948

# Additional volume claim templates for Airflow Celery workers

949

volumeClaimTemplates: []

950

# Comment out the above and uncomment the section below to enable it.

951

# Make sure to mount it under extraVolumeMounts.

952

# volumeClaimTemplates:

953

# - metadata:

954

# name: data-volume-1

955

# spec:

956

# storageClassName: "storage-class-1"

957

# accessModes:

958

# - "ReadWriteOnce"

959

# resources:

960

# requests:

961

# storage: "10Gi"

962

# - metadata:

963

# name: data-volume-2

964

# spec:

965

# storageClassName: "storage-class-2"

966

# accessModes:

967

# - "ReadWriteOnce"

968

# resources:

969

# requests:

970

# storage: "20Gi"

971

972

celery:

973

# Number of Airflow Celery workers

974

replicas: ~

975

# Max number of old Airflow Celery workers ReplicaSets to retain

976

revisionHistoryLimit: ~

977

# Command to use when running Airflow Celery workers (templated)

978

command: ~

979

# Args to use when running Airflow Celery workers (templated)

980

args: ~

981

# If the Airflow Celery worker stops responding for 5 minutes (5*60s)

982

# kill the worker and let Kubernetes restart it

983

livenessProbe:

984

enabled: ~

985

initialDelaySeconds: ~

986

timeoutSeconds: ~

987

failureThreshold: ~

988

periodSeconds: ~

989

command: ~

990

# Enable the default workers defined by the root `workers` and `workers.celery`

991

# configurations to be created.

992

# If false, only dedicated workers defined in 'sets' will be created.

993

enableDefault: true

994

# Queue name for the default workers

995

queue: "default"

996

# List of worker sets. Each item can overwrite values from the parent `workers` and `workers.celery`

997

# section.

998

sets: []

999

# sets:

1000

# - name: highcpu

1001

# replicas: 2

1002

# queue: "highcpu"

1003

# resources:

1004

# requests:

1005

# memory: "2Gi"

1006

# cpu: "4000m"

1007

# limits:

1008

# memory: "4Gi"

1009

# cpu: "8000m"

1010

# - name: highmem

1011

# replicas: 2

1012

# queue: "highmem"

1013

# resources:

1014

# requests:

1015

# memory: "4Gi"

1016

# cpu: "2000m"

1017

# limits:

1018

# memory: "8Gi"

1019

# cpu: "4000m"

1020

1021

# Update Strategy when Airflow Celery worker is deployed as a StatefulSet

1022

updateStrategy: ~

1023

# Update Strategy when Airflow Celery worker is deployed as a Deployment

1024

strategy: ~

1025

# Allow relaxing ordering guarantees for Airflow Celery worker

1026

# while preserving its uniqueness and identity

1027

# podManagementPolicy: Parallel

1028

1029

# Detailed default security context for Airflow Celery workers for container and pod level

1030

# If not set, the values from `workers.securityContexts` section will be used.

1031

securityContexts:

1032

pod: {}

1033

container: {}

1034

# Container level Lifecycle Hooks definition for Airflow Celery workers

1035

containerLifecycleHooks: {}

1036

# Airflow Celery workers pod disruption budget

1037

podDisruptionBudget:

1038

enabled: ~

1039

# PDB configuration

1040

config:

1041

# minAvailable and maxUnavailable are mutually exclusive

1042

maxUnavailable: ~

1043

# minAvailable: ~

1044

# Allow KEDA autoscaling for Airflow Celery workers

1045

keda:

1046

enabled: ~

1047

namespaceLabels: {}

1048

# How often KEDA polls the airflow DB to report new scale requests to the HPA

1049

pollingInterval: ~

1050

# How many seconds KEDA will wait before scaling to zero.

1051

# Note that HPA has a separate cooldown period for scale-downs

1052

cooldownPeriod: ~

1053

# Minimum number of Airflow Celery workers created by keda

1054

minReplicaCount: ~

1055

# Maximum number of Airflow Celery workers created by keda

1056

maxReplicaCount: ~

1057

# Specify HPA related options

1058

advanced: {}

1059

# horizontalPodAutoscalerConfig:

1060

# behavior:

1061

# scaleDown:

1062

# stabilizationWindowSeconds: 300

1063

# policies:

1064

# - type: Percent

1065

# value: 100

1066

# periodSeconds: 15

1067

1068

# Query to use for KEDA autoscaling. Must return a single integer

1069

query: ~

1070

# Weather to use PGBouncer to connect to the database or not when it is enabled

1071

# This configuration will be ignored if PGBouncer is not enabled

1072

usePgbouncer: ~

1073

# Persistence volume configuration for Airflow Celery workers

1074

persistence:

1075

# Enable persistent volumes

1076

enabled: ~

1077

# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed

1078

persistentVolumeClaimRetentionPolicy: ~

1079

# persistentVolumeClaimRetentionPolicy:

1080

# whenDeleted: Delete

1081

# whenScaled: Delete

1082

1083

# Volume size for Airflow Celery worker StatefulSet

1084

size: ~

1085

# If using a custom storageClass, pass name ref to all StatefulSets here

1086

storageClassName:

1087

# Execute init container to chown log directory.

1088

# This is currently only needed in kind, due to usage

1089

# of local-path provisioner.

1090

fixPermissions: ~

1091

# Annotations to add to Airflow Celery worker volumes

1092

annotations: {}

1093

# Detailed default security context for persistence on container level

1094

securityContexts:

1095

container: {}

1096

# Kerberos sidecar configuration for Airflow Celery workers

1097

kerberosSidecar:

1098

# Enable kerberos sidecar

1099

enabled: ~

1100

resources: {}

1101

# limits:

1102

# cpu: 100m

1103

# memory: 128Mi

1104

# requests:

1105

# cpu: 100m

1106

# memory: 128Mi

1107

1108

# Detailed default security context for kerberos sidecar on container level

1109

securityContexts:

1110

container: {}

1111

# Container level lifecycle hooks

1112

containerLifecycleHooks: {}

1113

# Kerberos init container configuration for Airflow Celery workers

1114

# If not set, the values from `workers.kubernetesInitContainer` section will be used.

1115

kerberosInitContainer:

1116

# Enable kerberos init container

1117

# If workers.kerberosInitContainer.enabled is set to True, this flag has no effect

1118

enabled: ~

1119

resources: {}

1120

# limits:

1121

# cpu: 100m

1122

# memory: 128Mi

1123

# requests:

1124

# cpu: 100m

1125

# memory: 128Mi

1126

1127

# Detailed default security context for kerberos init container

1128

securityContexts:

1129

container: {}

1130

# Container level lifecycle hooks

1131

containerLifecycleHooks: {}

1132

# Resource configuration for Airflow Celery workers

1133

resources: {}

1134

# limits:

1135

# cpu: 100m

1136

# memory: 128Mi

1137

# requests:

1138

# cpu: 100m

1139

# memory: 128Mi

1140

1141

# Grace period for tasks to finish after SIGTERM is sent from kubernetes

1142

terminationGracePeriodSeconds: ~

1143

# Select certain nodes for Airflow Celery worker pods

1144

nodeSelector: {}

1145

kubernetes:

1146

# Command to use in pod-template-file (templated)

1147

command: ~

1148

# Detailed default security context for pod-template-file for container and pod level

1149

# If not set, the values from `workers.securityContexts` section will be used.

1150

securityContexts:

1151

pod: {}

1152

container: {}

1153

# Container level Lifecycle Hooks definition for pods created with pod-template-file

1154

containerLifecycleHooks: {}

1155

# Kerberos sidecar configuration for pods created with pod-template-file

1156

kerberosSidecar:

1157

# Enable kerberos sidecar

1158

enabled: ~

1159

resources: {}

1160

# limits:

1161

# cpu: 100m

1162

# memory: 128Mi

1163

# requests:

1164

# cpu: 100m

1165

# memory: 128Mi

1166

1167

# Detailed default security context for kerberos sidecar on container level

1168

securityContexts:

1169

container: {}

1170

# Container level lifecycle hooks

1171

containerLifecycleHooks: {}

1172

# Kerberos init container configuration for pods created with pod-template-file

1173

# If not set, the values from `workers.kubernetesInitContainer` section will be used.

1174

kerberosInitContainer:

1175

# Enable kerberos init container

1176

# If workers.kerberosInitContainer.enabled is set to True, this flag has no effect

1177

enabled: ~

1178

resources: {}

1179

# limits:

1180

# cpu: 100m

1181

# memory: 128Mi

1182

# requests:

1183

# cpu: 100m

1184

# memory: 128Mi

1185

1186

# Detailed default security context for kerberos init container

1187

securityContexts:

1188

container: {}

1189

# Container level lifecycle hooks

1190

containerLifecycleHooks: {}

1191

# Resource configuration for pods created with pod-template-file

1192

resources: {}

1193

# limits:

1194

# cpu: 100m

1195

# memory: 128Mi

1196

# requests:

1197

# cpu: 100m

1198

# memory: 128Mi

1199

1200

# Grace period for tasks to finish after SIGTERM is sent from kubernetes

1201

terminationGracePeriodSeconds: ~

1202

# Select certain nodes for pods created with pod-template-file

1203

nodeSelector: {}

1204

# Airflow scheduler settings

1205

scheduler:

1206

enabled: true

1207

# hostAliases for the scheduler pod

1208

hostAliases: []

1209

# - ip: "127.0.0.1"

1210

# hostnames:

1211

# - "foo.local"

1212

# - ip: "10.1.2.3"

1213

# hostnames:

1214

# - "foo.remote"

1215

1216

# If the scheduler stops heartbeating for 5 minutes (5*60s) kill the

1217

# scheduler and let Kubernetes restart it

1218

livenessProbe:

1219

initialDelaySeconds: 10

1220

timeoutSeconds: 20

1221

failureThreshold: 5

1222

periodSeconds: 60

1223

command: ~

1224

# Wait for at most 1 minute (6*10s) for the scheduler container to startup.

1225

# livenessProbe kicks in after the first successful startupProbe

1226

startupProbe:

1227

initialDelaySeconds: 0

1228

failureThreshold: 6

1229

periodSeconds: 10

1230

timeoutSeconds: 20

1231

command: ~

1232

# Amount of scheduler replicas

1233

replicas: 1

1234

# Max number of old replicasets to retain

1235

revisionHistoryLimit: ~

1236

# Command to use when running the Airflow scheduler (templated).

1237

command: ~

1238

# Args to use when running the Airflow scheduler (templated).

1239

args: ["bash", "-c", "exec airflow scheduler"]

1240

# Update Strategy when scheduler is deployed as a StatefulSet

1241

# (when using LocalExecutor and workers.persistence)

1242

updateStrategy: ~

1243

# Update Strategy when scheduler is deployed as a Deployment

1244

# (when not using LocalExecutor and workers.persistence)

1245

strategy: ~

1246

# When not set, the values defined in the global securityContext will be used

1247

# (deprecated, use `securityContexts` instead)

1248

securityContext: {}

1249

# runAsUser: 50000

1250

# fsGroup: 0

1251

# runAsGroup: 0

1252

1253

# Detailed default security context for scheduler deployments for container and pod level

1254

securityContexts:

1255

pod: {}

1256

container: {}

1257

# container level lifecycle hooks

1258

containerLifecycleHooks: {}

1259

# Grace period for tasks to finish after SIGTERM is sent from kubernetes

1260

terminationGracePeriodSeconds: 10

1261

# Create ServiceAccount

1262

serviceAccount:

1263

# affects all executors that launch pods, default value is true

1264

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1265

automountServiceAccountToken: true

1266

# Specifies whether a ServiceAccount should be created

1267

create: true

1268

# The name of the ServiceAccount to use.

1269

# If not set and create is true, a name is generated using the release name

1270

1271

# Annotations to add to scheduler kubernetes service account.

1272

annotations: {}

1273

# Service Account Token Volume configuration

1274

# This is only used when automountServiceAccountToken is false

1275

# and allows manual configuration of the service account token volume

1276

serviceAccountTokenVolume:

1277

# Enable manual service account token volume configuration

1278

enabled: false

1279

# Path where the service account token should be mounted

1280

mountPath: /var/run/secrets/kubernetes.io/serviceaccount

1281

# Name of the volume

1282

volumeName: kube-api-access

1283

# Token expiration in seconds (default: 1 hour)

1284

expirationSeconds: 3600

1285

# Audience for the token

1286

audience: ~

1287

# Scheduler pod disruption budget

1288

podDisruptionBudget:

1289

enabled: false

1290

# PDB configuration

1291

config:

1292

# minAvailable and maxUnavailable are mutually exclusive

1293

maxUnavailable: 1

1294

# minAvailable: 1

1295

resources: {}

1296

# limits:

1297

# cpu: 100m

1298

# memory: 128Mi

1299

# requests:

1300

# cpu: 100m

1301

# memory: 128Mi

1302

1303

# This setting tells kubernetes that its ok to evict

1304

# when it wants to scale a node down.

1305

safeToEvict: true

1306

# Launch additional containers into scheduler (templated).

1307

extraContainers: []

1308

# Add additional init containers into scheduler (templated).

1309

extraInitContainers: []

1310

# Mount additional volumes into scheduler. It can be templated like in the following example:

1311

# extraVolumes:

1312

# - name: my-templated-extra-volume

1313

# secret:

1314

# secretName: '{{ include "my_secret_template" . }}'

1315

# defaultMode: 0640

1316

# optional: true

1317

1318

# extraVolumeMounts:

1319

# - name: my-templated-extra-volume

1320

# mountPath: "{{ .Values.my_custom_path }}"

1321

# readOnly: true

1322

extraVolumes: []

1323

extraVolumeMounts: []

1324

# Select certain nodes for airflow scheduler pods.

1325

nodeSelector: {}

1326

affinity: {}

1327

# default scheduler affinity is:

1328

# podAntiAffinity:

1329

# preferredDuringSchedulingIgnoredDuringExecution:

1330

# - podAffinityTerm:

1331

# labelSelector:

1332

# matchLabels:

1333

# component: scheduler

1334

# topologyKey: kubernetes.io/hostname

1335

# weight: 100

1336

tolerations: []

1337

topologySpreadConstraints: []

1338

priorityClassName: ~

1339

# annotations for scheduler deployment

1340

annotations: {}

1341

# Pod annotations for scheduler pods (templated)

1342

podAnnotations: {}

1343

# Labels specific to scheduler objects and pods

1344

labels: {}

1345

logGroomerSidecar:

1346

# Whether to deploy the Airflow scheduler log groomer sidecar.

1347

enabled: true

1348

# Command to use when running the Airflow scheduler log groomer sidecar (templated).

1349

command: ~

1350

# Args to use when running the Airflow scheduler log groomer sidecar (templated).

1351

args: ["bash", "/clean-logs"]

1352

# Number of days to retain logs

1353

retentionDays: 15

1354

# Number of minutes to retain logs.

1355

# This can be used for finer granularity than days.

1356

# Total retention is retentionDays + retentionMinutes.

1357

retentionMinutes: 0

1358

# frequency to attempt to groom logs, in minutes

1359

frequencyMinutes: 15

1360

# Max size of logs in bytes. 0 = disabled

1361

maxSizeBytes: 0

1362

# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if maxSizeBytes is set.

1363

maxSizePercent: 0

1364

resources: {}

1365

# limits:

1366

# cpu: 100m

1367

# memory: 128Mi

1368

# requests:

1369

# cpu: 100m

1370

# memory: 128Mi

1371

# Detailed default security context for logGroomerSidecar for container level

1372

securityContexts:

1373

container: {}

1374

# container level lifecycle hooks

1375

containerLifecycleHooks: {}

1376

env: []

1377

waitForMigrations:

1378

# Whether to create init container to wait for db migrations

1379

enabled: true

1380

env: []

1381

# Detailed default security context for waitForMigrations for container level

1382

securityContexts:

1383

container: {}

1384

env: []

1385

# Airflow create user job settings

1386

createUserJob:

1387

# Whether the create user job should be created

1388

enabled: true

1389

# Create initial user.

1390

defaultUser:

1391

role: Admin

1392

username: admin

1393

email: admin@example.com

1394

firstName: admin

1395

lastName: user

1396

password: admin

1397

# Limit the lifetime of the job object after it finished execution.

1398

ttlSecondsAfterFinished: 300

1399

# Command to use when running the create user job (templated).

1400

command: ~

1401

# Args to use when running the create user job (templated).

1402

args:

1403

- "bash"

1404

- "-c"

1405

# The format below is necessary to get `helm lint` happy

1406

- |-

1407

exec \

1408

airflow users create "$@"

1409

- --

1410

# yamllint disable rule:line-length

1411

- "-r"

1412

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.role }}{{ else }}{{ .Values.createUserJob.defaultUser.role }}{{ end }}"

1413

- "-u"

1414

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.username }}{{ else }}{{ .Values.createUserJob.defaultUser.username }}{{ end }}"

1415

- "-e"

1416

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.email }}{{ else }}{{ .Values.createUserJob.defaultUser.email }}{{ end }}"

1417

- "-f"

1418

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.firstName }}{{ else }}{{ .Values.createUserJob.defaultUser.firstName }}{{ end }}"

1419

- "-l"

1420

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.lastName }}{{ else }}{{ .Values.createUserJob.defaultUser.lastName }}{{ end }}"

1421

- "-p"

1422

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.password }}{{ else }}{{ .Values.createUserJob.defaultUser.password }}{{ end }}"

1423

# Annotations on the create user job pod (templated)

1424

annotations: {}

1425

# jobAnnotations are annotations on the create user job

1426

jobAnnotations: {}

1427

restartPolicy: OnFailure

1428

# Labels specific to createUserJob objects and pods

1429

labels: {}

1430

# When not set, the values defined in the global securityContext will be used

1431

securityContext: {}

1432

# runAsUser: 50000

1433

# fsGroup: 0

1434

# runAsGroup: 0

1435

1436

# Detailed default security context for createUserJob for container and pod level

1437

securityContexts:

1438

pod: {}

1439

container: {}

1440

# container level lifecycle hooks

1441

containerLifecycleHooks: {}

1442

# Create ServiceAccount

1443

serviceAccount:

1444

# default value is true

1445

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1446

automountServiceAccountToken: true

1447

# Specifies whether a ServiceAccount should be created

1448

create: true

1449

# The name of the ServiceAccount to use.

1450

# If not set and create is true, a name is generated using the release name

1451

1452

# Annotations to add to create user kubernetes service account.

1453

annotations: {}

1454

# Launch additional containers into user creation job

1455

extraContainers: []

1456

# Add additional init containers into user creation job (templated).

1457

extraInitContainers: []

1458

# Mount additional volumes into user creation job. It can be templated like in the following example:

1459

# extraVolumes:

1460

# - name: my-templated-extra-volume

1461

# secret:

1462

# secretName: '{{ include "my_secret_template" . }}'

1463

# defaultMode: 0640

1464

# optional: true

1465

1466

# extraVolumeMounts:

1467

# - name: my-templated-extra-volume

1468

# mountPath: "{{ .Values.my_custom_path }}"

1469

# readOnly: true

1470

extraVolumes: []

1471

extraVolumeMounts: []

1472

nodeSelector: {}

1473

affinity: {}

1474

tolerations: []

1475

topologySpreadConstraints: []

1476

priorityClassName: ~

1477

# In case you need to disable the helm hooks that create the jobs after install.

1478

# Disable this if you are using ArgoCD for example

1479

useHelmHooks: true

1480

applyCustomEnv: true

1481

env: []

1482

resources: {}

1483

# limits:

1484

# cpu: 100m

1485

# memory: 128Mi

1486

# requests:

1487

# cpu: 100m

1488

# memory: 128Mi

1489

# Airflow database migration job settings

1490

migrateDatabaseJob:

1491

enabled: true

1492

# Limit the lifetime of the job object after it finished execution.

1493

ttlSecondsAfterFinished: 300

1494

# Command to use when running the migrate database job (templated).

1495

command: ~

1496

# Args to use when running the migrate database job (templated).

1497

args:

1498

- "bash"

1499

- "-c"

1500

- >-

1501

exec \

1502

1503

airflow db migrate

1504

# Annotations on the database migration pod (templated)

1505

annotations: {}

1506

# jobAnnotations are annotations on the database migration job

1507

jobAnnotations: {}

1508

restartPolicy: OnFailure

1509

# Labels specific to migrate database job objects and pods

1510

labels: {}

1511

# When not set, the values defined in the global securityContext will be used

1512

securityContext: {}

1513

# runAsUser: 50000

1514

# fsGroup: 0

1515

# runAsGroup: 0

1516

1517

# Detailed default security context for migrateDatabaseJob for container and pod level

1518

securityContexts:

1519

pod: {}

1520

container: {}

1521

# container level lifecycle hooks

1522

containerLifecycleHooks: {}

1523

# Create ServiceAccount

1524

serviceAccount:

1525

# default value is true

1526

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1527

automountServiceAccountToken: true

1528

# Specifies whether a ServiceAccount should be created

1529

create: true

1530

# The name of the ServiceAccount to use.

1531

# If not set and create is true, a name is generated using the release name

1532

1533

# Annotations to add to migrate database job kubernetes service account.

1534

annotations: {}

1535

resources: {}

1536

# limits:

1537

# cpu: 100m

1538

# memory: 128Mi

1539

# requests:

1540

# cpu: 100m

1541

# memory: 128Mi

1542

1543

# Launch additional containers into database migration job

1544

extraContainers: []

1545

# Add additional init containers into migrate database job (templated).

1546

extraInitContainers: []

1547

# Mount additional volumes into database migration job. It can be templated like in the following example:

1548

# extraVolumes:

1549

# - name: my-templated-extra-volume

1550

# secret:

1551

# secretName: '{{ include "my_secret_template" . }}'

1552

# defaultMode: 0640

1553

# optional: true

1554

1555

# extraVolumeMounts:

1556

# - name: my-templated-extra-volume

1557

# mountPath: "{{ .Values.my_custom_path }}"

1558

# readOnly: true

1559

extraVolumes: []

1560

extraVolumeMounts: []

1561

nodeSelector: {}

1562

affinity: {}

1563

tolerations: []

1564

topologySpreadConstraints: []

1565

priorityClassName: ~

1566

# In case you need to disable the helm hooks that create the jobs after install.

1567

# Disable this if you are using ArgoCD for example

1568

useHelmHooks: true

1569

applyCustomEnv: true

1570

env: []

1571

apiServer:

1572

enabled: true

1573

# Number of Airflow API servers in the deployment.

1574

# Omitted from the Deployment, when HPA is enabled.

1575

replicas: 1

1576

# Max number of old replicasets to retain

1577

revisionHistoryLimit: ~

1578

# Labels specific to Airflow API server objects and pods

1579

labels: {}

1580

# Command to use when running the Airflow API server (templated).

1581

command: ~

1582

# Args to use when running the Airflow API server (templated).

1583

# Example: To enable proxy headers support when running behind a reverse proxy:

1584

# args: ["bash", "-c", "exec airflow api-server --proxy-headers"]

1585

args: ["bash", "-c", "exec airflow api-server"]

1586

allowPodLogReading: true

1587

# Environment variables for the Airflow API server.

1588

# Example: To configure FORWARDED_ALLOW_IPS when running behind a reverse proxy:

1589

# env:

1590

# - name: FORWARDED_ALLOW_IPS

1591

# value: "*" # Use "*" for trusted environments, or specify proxy IP ranges for production

1592

env: []

1593

# Allow Horizontal Pod Autoscaler (HPA) configuration for apiServer. (optional)

1594

# HPA automatically scales the number of apiServer pods based on observed metrics.

1595

# HPA automatically adjusts apiServer replicas between minReplicaCount and maxReplicaCount based on metrics.

1596

hpa:

1597

enabled: false

1598

# Minimum number of api-servers created by HPA

1599

minReplicaCount: 1

1600

# Maximum number of api-servers created by HPA

1601

maxReplicaCount: 5

1602

# Specifications for which to use to calculate the desired replica count

1603

metrics:

1604

- type: Resource

1605

resource:

1606

1607

target:

1608

type: Utilization

1609

averageUtilization: 50

1610

# Scaling behavior of the target in both Up and Down directions

1611

behavior: {}

1612

serviceAccount:

1613

# default value is true

1614

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1615

automountServiceAccountToken: true

1616

# Specifies whether a ServiceAccount should be created

1617

create: true

1618

# The name of the ServiceAccount to use.

1619

# If not set and create is true, a name is generated using the release name

1620

1621

# Annotations to add to Airflow API server kubernetes service account.

1622

annotations: {}

1623

service:

1624

type: ClusterIP

1625

## service annotations

1626

annotations: {}

1627

ports:

1628

- name: api-server

1629

port: "{{ .Values.ports.apiServer }}"

1630

loadBalancerIP: ~

1631

## Limit load balancer source ips to list of CIDRs

1632

# loadBalancerSourceRanges:

1633

# - "10.123.0.0/16"

1634

loadBalancerSourceRanges: []

1635

podDisruptionBudget:

1636

enabled: false

1637

# PDB configuration

1638

config:

1639

# minAvailable and maxUnavailable are mutually exclusive

1640

maxUnavailable: 1

1641

# minAvailable: 1

1642

# Allow overriding Update Strategy for API server

1643

strategy: ~

1644

# Detailed default security contexts for Airflow API server deployments for container and pod level

1645

securityContexts:

1646

pod: {}

1647

container: {}

1648

# container level lifecycle hooks

1649

containerLifecycleHooks: {}

1650

waitForMigrations:

1651

# Whether to create init container to wait for db migrations

1652

enabled: true

1653

env: []

1654

# Detailed default security context for waitForMigrations for container level

1655

securityContexts:

1656

container: {}

1657

# Launch additional containers into the Airflow API server pods.

1658

extraContainers: []

1659

# Add additional init containers into API server (templated).

1660

extraInitContainers: []

1661

# Mount additional volumes into API server. It can be templated like in the following example:

1662

# extraVolumes:

1663

# - name: my-templated-extra-volume

1664

# secret:

1665

# secretName: '{{ include "my_secret_template" . }}'

1666

# defaultMode: 0640

1667

# optional: true

1668

1669

# extraVolumeMounts:

1670

# - name: my-templated-extra-volume

1671

# mountPath: "{{ .Values.my_custom_path }}"

1672

# readOnly: true

1673

extraVolumes: []

1674

extraVolumeMounts: []

1675

# Select certain nodes for Airflow API server pods.

1676

nodeSelector: {}

1677

affinity: {}

1678

tolerations: []

1679

topologySpreadConstraints: []

1680

priorityClassName: ~

1681

# hostAliases for API server pod

1682

hostAliases: []

1683

# annotations for Airflow API server deployment

1684

annotations: {}

1685

# Pod annotations for API server pods (templated)

1686

podAnnotations: {}

1687

networkPolicy:

1688

ingress:

1689

# Peers for Airflow API server NetworkPolicy ingress

1690

from: []

1691

# Ports for Airflow API server NetworkPolicy ingress (if `from` is set)

1692

ports:

1693

- port: "{{ .Values.ports.apiServer }}"

1694

resources: {}

1695

# limits:

1696

# cpu: 100m

1697

# memory: 128Mi

1698

# requests:

1699

# cpu: 100m

1700

# memory: 128Mi

1701

1702

# Add custom annotations to the apiServer configmap

1703

configMapAnnotations: {}

1704

# This string (templated) will be mounted into the Airflow API Server

1705

# as a custom webserver_config.py. You can bake a webserver_config.py in to

1706

# your image instead or specify a configmap containing the

1707

# webserver_config.py.

1708

apiServerConfig: ~

1709

# apiServerConfig: |

1710

# from airflow import configuration as conf

1711

1712

# # The SQLAlchemy connection string.

1713

# SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')

1714

1715

# # Flask-WTF flag for CSRF

1716

# CSRF_ENABLED = True

1717

apiServerConfigConfigMapName: ~

1718

livenessProbe:

1719

initialDelaySeconds: 15

1720

timeoutSeconds: 5

1721

failureThreshold: 5

1722

periodSeconds: 10

1723

scheme: HTTP

1724

readinessProbe:

1725

initialDelaySeconds: 15

1726

timeoutSeconds: 5

1727

failureThreshold: 5

1728

periodSeconds: 10

1729

scheme: HTTP

1730

startupProbe:

1731

initialDelaySeconds: 0

1732

timeoutSeconds: 20

1733

failureThreshold: 6

1734

periodSeconds: 10

1735

scheme: HTTP

1736

# Airflow webserver settings

1737

webserver:

1738

enabled: true

1739

# Add custom annotations to the webserver configmap

1740

configMapAnnotations: {}

1741

# hostAliases for the webserver pod

1742

hostAliases: []

1743

# - ip: "127.0.0.1"

1744

# hostnames:

1745

# - "foo.local"

1746

# - ip: "10.1.2.3"

1747

# hostnames:

1748

# - "foo.remote"

1749

allowPodLogReading: true

1750

livenessProbe:

1751

initialDelaySeconds: 15

1752

timeoutSeconds: 5

1753

failureThreshold: 5

1754

periodSeconds: 10

1755

scheme: HTTP

1756

readinessProbe:

1757

initialDelaySeconds: 15

1758

timeoutSeconds: 5

1759

failureThreshold: 5

1760

periodSeconds: 10

1761

scheme: HTTP

1762

# Wait for at most 1 minute (6*10s) for the webserver container to startup.

1763

# livenessProbe kicks in after the first successful startupProbe

1764

startupProbe:

1765

initialDelaySeconds: 0

1766

timeoutSeconds: 20

1767

failureThreshold: 6

1768

periodSeconds: 10

1769

scheme: HTTP

1770

# Number of webservers

1771

replicas: 1

1772

# Max number of old replicasets to retain

1773

revisionHistoryLimit: ~

1774

# Command to use when running the Airflow webserver (templated).

1775

command: ~

1776

# Args to use when running the Airflow webserver (templated).

1777

args: ["bash", "-c", "exec airflow webserver"]

1778

# Grace period for webserver to finish after SIGTERM is sent from kubernetes

1779

terminationGracePeriodSeconds: 30

1780

# Allow HPA

1781

hpa:

1782

enabled: false

1783

# Minimum number of webservers created by HPA

1784

minReplicaCount: 1

1785

# Maximum number of webservers created by HPA

1786

maxReplicaCount: 5

1787

# Specifications for which to use to calculate the desired replica count

1788

metrics:

1789

- type: Resource

1790

resource:

1791

1792

target:

1793

type: Utilization

1794

averageUtilization: 80

1795

# Scaling behavior of the target in both Up and Down directions

1796

behavior: {}

1797

# Create ServiceAccount

1798

serviceAccount:

1799

# default value is true

1800

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1801

automountServiceAccountToken: true

1802

# Specifies whether a ServiceAccount should be created

1803

create: true

1804

# The name of the ServiceAccount to use.

1805

# If not set and create is true, a name is generated using the release name

1806

1807

# Annotations to add to webserver kubernetes service account.

1808

annotations: {}

1809

# Webserver pod disruption budget

1810

podDisruptionBudget:

1811

enabled: false

1812

# PDB configuration

1813

config:

1814

# minAvailable and maxUnavailable are mutually exclusive

1815

maxUnavailable: 1

1816

# minAvailable: 1

1817

# Allow overriding Update Strategy for Webserver

1818

strategy: ~

1819

# When not set, the values defined in the global securityContext will be used

1820

# (deprecated, use `securityContexts` instead)

1821

securityContext: {}

1822

# runAsUser: 50000

1823

# fsGroup: 0

1824

# runAsGroup: 0

1825

1826

# Detailed default security contexts for webserver deployments for container and pod level

1827

securityContexts:

1828

pod: {}

1829

container: {}

1830

# container level lifecycle hooks

1831

containerLifecycleHooks: {}

1832

# Additional network policies as needed (Deprecated - renamed to `webserver.networkPolicy.ingress.from`)

1833

extraNetworkPolicies: []

1834

networkPolicy:

1835

ingress:

1836

# Peers for webserver NetworkPolicy ingress

1837

from: []

1838

# Ports for webserver NetworkPolicy ingress (if `from` is set)

1839

ports:

1840

- port: "{{ .Values.ports.airflowUI }}"

1841

resources: {}

1842

# limits:

1843

# cpu: 100m

1844

# memory: 128Mi

1845

# requests:

1846

# cpu: 100m

1847

# memory: 128Mi

1848

1849

# Create initial user. (Note: Deprecated, use createUserJob section instead)

1850

# defaultUser:

1851

# enabled: true

1852

# role: Admin

1853

# username: admin

1854

# email: admin@example.com

1855

# firstName: admin

1856

# lastName: user

1857

# password: admin

1858

1859

# Launch additional containers into webserver (templated).

1860

extraContainers: []

1861

# Add additional init containers into webserver (templated).

1862

extraInitContainers: []

1863

# Mount additional volumes into webserver. It can be templated like in the following example:

1864

# extraVolumes:

1865

# - name: my-templated-extra-volume

1866

# secret:

1867

# secretName: '{{ include "my_secret_template" . }}'

1868

# defaultMode: 0640

1869

# optional: true

1870

1871

# extraVolumeMounts:

1872

# - name: my-templated-extra-volume

1873

# mountPath: "{{ .Values.my_custom_path }}"

1874

# readOnly: true

1875

extraVolumes: []

1876

extraVolumeMounts: []

1877

# This string (templated) will be mounted into the Airflow Webserver

1878

# as a custom webserver_config.py. You can bake a webserver_config.py in to

1879

# your image instead or specify a configmap containing the

1880

# webserver_config.py.

1881

webserverConfig: ~

1882

# webserverConfig: |

1883

# from airflow import configuration as conf

1884

1885

# # The SQLAlchemy connection string.

1886

# SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')

1887

1888

# # Flask-WTF flag for CSRF

1889

# CSRF_ENABLED = True

1890

webserverConfigConfigMapName: ~

1891

service:

1892

type: ClusterIP

1893

## service annotations

1894

annotations: {}

1895

ports:

1896

- name: airflow-ui

1897

port: "{{ .Values.ports.airflowUI }}"

1898

# To change the port used to access the webserver:

1899

# ports:

1900

# - name: airflow-ui

1901

# port: 80

1902

# targetPort: airflow-ui

1903

# To only expose a sidecar, not the webserver directly:

1904

# ports:

1905

# - name: only_sidecar

1906

# port: 80

1907

# targetPort: 8888

1908

# If you have a public IP, set NodePort to set an external port.

1909

# Service type must be 'NodePort':

1910

# ports:

1911

# - name: airflow-ui

1912

# port: 8080

1913

# targetPort: 8080

1914

# nodePort: 31151

1915

loadBalancerIP: ~

1916

## Limit load balancer source ips to list of CIDRs

1917

# loadBalancerSourceRanges:

1918

# - "10.123.0.0/16"

1919

loadBalancerSourceRanges: []

1920

# Select certain nodes for airflow webserver pods.

1921

nodeSelector: {}

1922

priorityClassName: ~

1923

affinity: {}

1924

# default webserver affinity is:

1925

# podAntiAffinity:

1926

# preferredDuringSchedulingIgnoredDuringExecution:

1927

# - podAffinityTerm:

1928

# labelSelector:

1929

# matchLabels:

1930

# component: webserver

1931

# topologyKey: kubernetes.io/hostname

1932

# weight: 100

1933

tolerations: []

1934

topologySpreadConstraints: []

1935

# annotations for webserver deployment

1936

annotations: {}

1937

# Pod annotations for webserver pods (templated)

1938

podAnnotations: {}

1939

# Labels specific webserver app

1940

labels: {}

1941

waitForMigrations:

1942

# Whether to create init container to wait for db migrations

1943

enabled: true

1944

env: []

1945

# Detailed default security context for waitForMigrations for container level

1946

securityContexts:

1947

container: {}

1948

env: []

1949

# Airflow Triggerer Config

1950

triggerer:

1951

enabled: true

1952

# Number of airflow triggerers in the deployment

1953

replicas: 1

1954

# Max number of old replicasets to retain

1955

revisionHistoryLimit: ~

1956

# Command to use when running Airflow triggerers (templated).

1957

command: ~

1958

# Args to use when running Airflow triggerer (templated).

1959

args: ["bash", "-c", "exec airflow triggerer"]

1960

# Update Strategy when triggerer is deployed as a StatefulSet

1961

updateStrategy: ~

1962

# Update Strategy when triggerer is deployed as a Deployment

1963

strategy:

1964

rollingUpdate:

1965

maxSurge: "100%"

1966

maxUnavailable: "50%"

1967

# If the triggerer stops heartbeating for 5 minutes (5*60s) kill the

1968

# triggerer and let Kubernetes restart it

1969

livenessProbe:

1970

initialDelaySeconds: 10

1971

timeoutSeconds: 20

1972

failureThreshold: 5

1973

periodSeconds: 60

1974

command: ~

1975

# Create ServiceAccount

1976

serviceAccount:

1977

# default value is true

1978

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1979

automountServiceAccountToken: true

1980

# Specifies whether a ServiceAccount should be created

1981

create: true

1982

# The name of the ServiceAccount to use.

1983

# If not set and create is true, a name is generated using the release name

1984

1985

# Annotations to add to triggerer kubernetes service account.

1986

annotations: {}

1987

# When not set, the values defined in the global securityContext will be used

1988

securityContext: {}

1989

# runAsUser: 50000

1990

# fsGroup: 0

1991

# runAsGroup: 0

1992

1993

# Detailed default security context for triggerer for container and pod level

1994

securityContexts:

1995

pod: {}

1996

container: {}

1997

# container level lifecycle hooks

1998

containerLifecycleHooks: {}

1999

persistence:

2000

# Enable persistent volumes

2001

enabled: true

2002

# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed.

2003

persistentVolumeClaimRetentionPolicy: ~

2004

# Volume size for triggerer StatefulSet

2005

size: 100Gi

2006

# If using a custom storageClass, pass name ref to all statefulSets here

2007

storageClassName:

2008

# Execute init container to chown log directory.

2009

# This is currently only needed in kind, due to usage

2010

# of local-path provisioner.

2011

fixPermissions: false

2012

# Annotations to add to triggerer volumes

2013

annotations: {}

2014

# Triggerer pod disruption budget

2015

podDisruptionBudget:

2016

enabled: false

2017

# PDB configuration

2018

config:

2019

# minAvailable and maxUnavailable are mutually exclusive

2020

maxUnavailable: 1

2021

# minAvailable: 1

2022

resources: {}

2023

# limits:

2024

# cpu: 100m

2025

# memory: 128Mi

2026

# requests:

2027

# cpu: 100m

2028

# memory: 128Mi

2029

2030

# Grace period for triggerer to finish after SIGTERM is sent from kubernetes

2031

terminationGracePeriodSeconds: 60

2032

# This setting tells kubernetes that its ok to evict

2033

# when it wants to scale a node down.

2034

safeToEvict: true

2035

# Launch additional containers into triggerer (templated).

2036

extraContainers: []

2037

# Add additional init containers into triggerers (templated).

2038

extraInitContainers: []

2039

# Mount additional volumes into triggerer. It can be templated like in the following example:

2040

# extraVolumes:

2041

# - name: my-templated-extra-volume

2042

# secret:

2043

# secretName: '{{ include "my_secret_template" . }}'

2044

# defaultMode: 0640

2045

# optional: true

2046

2047

# extraVolumeMounts:

2048

# - name: my-templated-extra-volume

2049

# mountPath: "{{ .Values.my_custom_path }}"

2050

# readOnly: true

2051

extraVolumes: []

2052

extraVolumeMounts: []

2053

# Select certain nodes for airflow triggerer pods.

2054

nodeSelector: {}

2055

affinity: {}

2056

# default triggerer affinity is:

2057

# podAntiAffinity:

2058

# preferredDuringSchedulingIgnoredDuringExecution:

2059

# - podAffinityTerm:

2060

# labelSelector:

2061

# matchLabels:

2062

# component: triggerer

2063

# topologyKey: kubernetes.io/hostname

2064

# weight: 100

2065

tolerations: []

2066

topologySpreadConstraints: []

2067

# hostAliases for the triggerer pod

2068

hostAliases: []

2069

# - ip: "127.0.0.1"

2070

# hostnames:

2071

# - "foo.local"

2072

# - ip: "10.1.2.3"

2073

# hostnames:

2074

# - "foo.remote"

2075

2076

priorityClassName: ~

2077

# annotations for the triggerer deployment

2078

annotations: {}

2079

# Pod annotations for triggerer pods (templated)

2080

podAnnotations: {}

2081

# Labels specific to triggerer objects and pods

2082

labels: {}

2083

logGroomerSidecar:

2084

# Whether to deploy the Airflow triggerer log groomer sidecar.

2085

enabled: true

2086

# Command to use when running the Airflow triggerer log groomer sidecar (templated).

2087

command: ~

2088

# Args to use when running the Airflow triggerer log groomer sidecar (templated).

2089

args: ["bash", "/clean-logs"]

2090

# Number of days to retain logs

2091

retentionDays: 15

2092

# Number of minutes to retain logs.

2093

# This can be used for finer granularity than days.

2094

# Total retention is retentionDays + retentionMinutes.

2095

retentionMinutes: 0

2096

# frequency to attempt to groom logs, in minutes

2097

frequencyMinutes: 15

2098

# Max size of logs in bytes. 0 = disabled

2099

maxSizeBytes: 0

2100

# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if maxSizeBytes is set.

2101

maxSizePercent: 0

2102

resources: {}

2103

# limits:

2104

# cpu: 100m

2105

# memory: 128Mi

2106

# requests:

2107

# cpu: 100m

2108

# memory: 128Mi

2109

# Detailed default security context for logGroomerSidecar for container level

2110

securityContexts:

2111

container: {}

2112

# container level lifecycle hooks

2113

containerLifecycleHooks: {}

2114

env: []

2115

waitForMigrations:

2116

# Whether to create init container to wait for db migrations

2117

enabled: true

2118

env: []

2119

# Detailed default security context for waitForMigrations for container level

2120

securityContexts:

2121

container: {}

2122

env: []

2123

# Allow KEDA autoscaling.

2124

keda:

2125

enabled: false

2126

namespaceLabels: {}

2127

# How often KEDA polls the airflow DB to report new scale requests to the HPA

2128

pollingInterval: 5

2129

# How many seconds KEDA will wait before scaling to zero.

2130

# Note that HPA has a separate cooldown period for scale-downs

2131

cooldownPeriod: 30

2132

# Minimum number of triggerers created by keda

2133

minReplicaCount: 0

2134

# Maximum number of triggerers created by keda

2135

maxReplicaCount: 10

2136

# Specify HPA related options

2137

advanced: {}

2138

# horizontalPodAutoscalerConfig:

2139

# behavior:

2140

# scaleDown:

2141

# stabilizationWindowSeconds: 300

2142

# policies:

2143

# - type: Percent

2144

# value: 100

2145

# periodSeconds: 15

2146

2147

# Query to use for KEDA autoscaling. Must return a single integer.

2148

query: >-

2149

SELECT ceil(COUNT(*)::decimal / {{ include "triggerer.capacity" . }}) FROM trigger

2150

# Whether to use PGBouncer to connect to the database or not when it is enabled

2151

# This configuration will be ignored if PGBouncer is not enabled

2152

usePgbouncer: false

2153

# Airflow Dag Processor Config

2154

dagProcessor:

2155

enabled: ~

2156

# Dag Bundle Configuration

2157

# Define Dag bundles in a structured YAML format. This will be automatically

2158

# converted to JSON string format for config.dag_processor.dag_bundle_config_list.

2159

dagBundleConfigList:

2160

- name: dags-folder

2161

classpath: "airflow.dag_processing.bundles.local.LocalDagBundle"

2162

kwargs: {}

2163

# Example:

2164

# dagBundleConfigList:

2165

# - name: bundle1

2166

# classpath: "airflow.providers.git.bundles.git.GitDagBundle"

2167

# kwargs:

2168

# git_conn_id: "GITHUB__repo1"

2169

# subdir: "dags"

2170

# tracking_ref: "main"

2171

# refresh_interval: 60

2172

# - name: bundle2

2173

# classpath: "airflow.providers.git.bundles.git.GitDagBundle"

2174

# kwargs:

2175

# git_conn_id: "GITHUB__repo2"

2176

# subdir: "dags"

2177

# tracking_ref: "develop"

2178

# refresh_interval: 120

2179

# - name: dags-folder

2180

# classpath: "airflow.dag_processing.bundles.local.LocalDagBundle"

2181

# kwargs: {}

2182

2183

# Number of airflow dag processors in the deployment

2184

replicas: 1

2185

# Max number of old replicasets to retain

2186

revisionHistoryLimit: ~

2187

# Command to use when running Airflow dag processors (templated).

2188

command: ~

2189

# Args to use when running Airflow dag processor (templated).

2190

args: ["bash", "-c", "exec airflow dag-processor"]

2191

# Update Strategy for dag processors

2192

strategy:

2193

rollingUpdate:

2194

maxSurge: "100%"

2195

maxUnavailable: "50%"

2196

# If the dag processor stops heartbeating for 5 minutes (5*60s) kill the

2197

# dag processor and let Kubernetes restart it

2198

livenessProbe:

2199

initialDelaySeconds: 10

2200

timeoutSeconds: 20

2201

failureThreshold: 5

2202

periodSeconds: 60

2203

command: ~

2204

# Create ServiceAccount

2205

serviceAccount:

2206

# default value is true

2207

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2208

automountServiceAccountToken: true

2209

# Specifies whether a ServiceAccount should be created

2210

create: true

2211

# The name of the ServiceAccount to use.

2212

# If not set and create is true, a name is generated using the release name

2213

2214

# Annotations to add to dag processor kubernetes service account.

2215

annotations: {}

2216

# Dag processor pod disruption budget

2217

podDisruptionBudget:

2218

enabled: false

2219

# PDB configuration

2220

config:

2221

# minAvailable and maxUnavailable are mutually exclusive

2222

maxUnavailable: 1

2223

# minAvailable: 1

2224

# When not set, the values defined in the global securityContext will be used

2225

securityContext: {}

2226

# runAsUser: 50000

2227

# fsGroup: 0

2228

# runAsGroup: 0

2229

2230

# Detailed default security context for dagProcessor for container and pod level

2231

securityContexts:

2232

pod: {}

2233

container: {}

2234

# container level lifecycle hooks

2235

containerLifecycleHooks: {}

2236

resources: {}

2237

# limits:

2238

# cpu: 100m

2239

# memory: 128Mi

2240

# requests:

2241

# cpu: 100m

2242

# memory: 128Mi

2243

2244

# Grace period for dag processor to finish after SIGTERM is sent from kubernetes

2245

terminationGracePeriodSeconds: 60

2246

# This setting tells kubernetes that its ok to evict

2247

# when it wants to scale a node down.

2248

safeToEvict: true

2249

# Launch additional containers into dag processor (templated).

2250

extraContainers: []

2251

# Add additional init containers into dag processors (templated).

2252

extraInitContainers: []

2253

# Mount additional volumes into dag processor. It can be templated like in the following example:

2254

# extraVolumes:

2255

# - name: my-templated-extra-volume

2256

# secret:

2257

# secretName: '{{ include "my_secret_template" . }}'

2258

# defaultMode: 0640

2259

# optional: true

2260

2261

# extraVolumeMounts:

2262

# - name: my-templated-extra-volume

2263

# mountPath: "{{ .Values.my_custom_path }}"

2264

# readOnly: true

2265

extraVolumes: []

2266

extraVolumeMounts: []

2267

# Select certain nodes for airflow dag processor pods.

2268

nodeSelector: {}

2269

affinity: {}

2270

# default dag processor affinity is:

2271

# podAntiAffinity:

2272

# preferredDuringSchedulingIgnoredDuringExecution:

2273

# - podAffinityTerm:

2274

# labelSelector:

2275

# matchLabels:

2276

# component: dag-processor

2277

# topologyKey: kubernetes.io/hostname

2278

# weight: 100

2279

tolerations: []

2280

topologySpreadConstraints: []

2281

priorityClassName: ~

2282

# annotations for the dag processor deployment

2283

annotations: {}

2284

# Pod annotations for dag processor pods (templated)

2285

podAnnotations: {}

2286

logGroomerSidecar:

2287

# Whether to deploy the Airflow dag processor log groomer sidecar.

2288

enabled: true

2289

# Command to use when running the Airflow dag processor log groomer sidecar (templated).

2290

command: ~

2291

# Args to use when running the Airflow dag processor log groomer sidecar (templated).

2292

args: ["bash", "/clean-logs"]

2293

# Number of days to retain logs

2294

retentionDays: 15

2295

# Number of minutes to retain logs.

2296

# This can be used for finer granularity than days.

2297

# Total retention is retentionDays + retentionMinutes.

2298

retentionMinutes: 0

2299

# frequency to attempt to groom logs, in minutes

2300

frequencyMinutes: 15

2301

# Max size of logs in bytes. 0 = disabled

2302

maxSizeBytes: 0

2303

# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if maxSizeBytes is set.

2304

maxSizePercent: 0

2305

resources: {}

2306

# limits:

2307

# cpu: 100m

2308

# memory: 128Mi

2309

# requests:

2310

# cpu: 100m

2311

# memory: 128Mi

2312

securityContexts:

2313

container: {}

2314

env: []

2315

waitForMigrations:

2316

# Whether to create init container to wait for db migrations

2317

enabled: true

2318

env: []

2319

# Detailed default security context for waitForMigrations for container level

2320

securityContexts:

2321

container: {}

2322

# Labels specific to dag processor objects

2323

labels: {}

2324

# Environment variables to add to dag processor container

2325

env: []

2326

# Flower settings

2327

flower:

2328

# Enable flower.

2329

# If True, and using CeleryExecutor/CeleryKubernetesExecutor, will deploy flower app.

2330

enabled: false

2331

livenessProbe:

2332

initialDelaySeconds: 10

2333

timeoutSeconds: 5

2334

failureThreshold: 10

2335

periodSeconds: 5

2336

readinessProbe:

2337

initialDelaySeconds: 10

2338

timeoutSeconds: 5

2339

failureThreshold: 10

2340

periodSeconds: 5

2341

# Wait for at most 1 minute (6*10s) for the flower container to startup.

2342

# livenessProbe kicks in after the first successful startupProbe

2343

startupProbe:

2344

initialDelaySeconds: 0

2345

timeoutSeconds: 20

2346

failureThreshold: 6

2347

periodSeconds: 10

2348

# Max number of old replicasets to retain

2349

revisionHistoryLimit: ~

2350

# Command to use when running flower (templated).

2351

command: ~

2352

# Args to use when running flower (templated).

2353

args:

2354

- "bash"

2355

- "-c"

2356

# The format below is necessary to get `helm lint` happy

2357

- |-

2358

exec \

2359

airflow celery flower

2360

# Additional network policies as needed (Deprecated - renamed to `flower.networkPolicy.ingress.from`)

2361

extraNetworkPolicies: []

2362

networkPolicy:

2363

ingress:

2364

# Peers for flower NetworkPolicy ingress

2365

from: []

2366

# Ports for flower NetworkPolicy ingress (if ingressPeers is set)

2367

ports:

2368

- port: "{{ .Values.ports.flowerUI }}"

2369

resources: {}

2370

# limits:

2371

# cpu: 100m

2372

# memory: 128Mi

2373

# requests:

2374

# cpu: 100m

2375

# memory: 128Mi

2376

2377

# When not set, the values defined in the global securityContext will be used

2378

securityContext: {}

2379

# runAsUser: 50000

2380

# fsGroup: 0

2381

# runAsGroup: 0

2382

2383

# Detailed default security context for flower for container and pod level

2384

securityContexts:

2385

pod: {}

2386

container: {}

2387

# container level lifecycle hooks

2388

containerLifecycleHooks: {}

2389

# Create ServiceAccount

2390

serviceAccount:

2391

# default value is true

2392

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2393

automountServiceAccountToken: true

2394

# Specifies whether a ServiceAccount should be created

2395

create: true

2396

# The name of the ServiceAccount to use.

2397

# If not set and create is true, a name is generated using the release name

2398

2399

# Annotations to add to worker kubernetes service account.

2400

annotations: {}

2401

# A secret containing the connection

2402

secretName: ~

2403

# Add custom annotations to the flower secret

2404

secretAnnotations: {}

2405

# Else, if username and password are set, create secret from username and password

2406

username: ~

2407

password: ~

2408

service:

2409

type: ClusterIP

2410

## service annotations

2411

annotations: {}

2412

ports:

2413

- name: flower-ui

2414

port: "{{ .Values.ports.flowerUI }}"

2415

# To change the port used to access flower:

2416

# ports:

2417

# - name: flower-ui

2418

# port: 8080

2419

# targetPort: flower-ui

2420

loadBalancerIP: ~

2421

## Limit load balancer source ips to list of CIDRs

2422

# loadBalancerSourceRanges:

2423

# - "10.123.0.0/16"

2424

loadBalancerSourceRanges: []

2425

# Launch additional containers into the flower pods.

2426

extraContainers: []

2427

# Mount additional volumes into the flower pods. It can be templated like in the following example:

2428

# extraVolumes:

2429

# - name: my-templated-extra-volume

2430

# secret:

2431

# secretName: '{{ include "my_secret_template" . }}'

2432

# defaultMode: 0640

2433

# optional: true

2434

2435

# extraVolumeMounts:

2436

# - name: my-templated-extra-volume

2437

# mountPath: "{{ .Values.my_custom_path }}"

2438

# readOnly: true

2439

extraVolumes: []

2440

extraVolumeMounts: []

2441

# Select certain nodes for airflow flower pods.

2442

nodeSelector: {}

2443

affinity: {}

2444

tolerations: []

2445

topologySpreadConstraints: []

2446

priorityClassName: ~

2447

# annotations for the flower deployment

2448

annotations: {}

2449

# Pod annotations for flower pods (templated)

2450

podAnnotations: {}

2451

# Labels specific to flower objects and pods

2452

labels: {}

2453

env: []

2454

# StatsD settings

2455

statsd:

2456

# Add custom annotations to the statsd configmap

2457

configMapAnnotations: {}

2458

enabled: true

2459

# Max number of old replicasets to retain

2460

revisionHistoryLimit: ~

2461

# Arguments for StatsD exporter command.

2462

args: ["--statsd.mapping-config=/etc/statsd-exporter/mappings.yml"]

2463

# If you ever need to fully override the entire args list, you can

2464

# supply your own array here; if set, all below flag-specific values

2465

# (mappingConfig, cache-size, cache-type, ttl) are ignored.

2466

# args:

2467

# - "--statsd.cache-size=1000"

2468

# - "--statsd.cache-type=random"

2469

# - "--ttl=10m"

2470

# -------------------------------------------------------------------

2471

2472

# Path in the container to the mapping config file.

2473

cache:

2474

# Maximum number of metric‐mapping entries to keep in cache.

2475

# When you send more distinct metric names than this, older entries

2476

# will be evicted according to cacheType.

2477

# Default: 1000

2478

size: 1000

2479

# Metrics Eviction policy for the mapping cache.

2480

# - lru → Least‐Recently‐Used eviction

2481

# - random → Random eviction

2482

# Default: lru

2483

type: lru

2484

# Per‐metric time‐to‐live. When set to a non‐zero duration, any metric

2485

# series that hasn't received an update in this interval will be dropped

2486

# from the exported /metrics output.

2487

# Format: Go duration string (e.g. "30s", "5m", "1h")

2488

# Default: "0s" (disabled, never expires)

2489

ttl: "0s"

2490

# Annotations to add to the StatsD Deployment.

2491

annotations: {}

2492

# Grace period for statsd to finish after SIGTERM is sent from kubernetes

2493

terminationGracePeriodSeconds: 30

2494

# Create ServiceAccount

2495

serviceAccount:

2496

# default value is true

2497

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2498

automountServiceAccountToken: true

2499

# Specifies whether a ServiceAccount should be created

2500

create: true

2501

# The name of the ServiceAccount to use.

2502

# If not set and create is true, a name is generated using the release name

2503

2504

# Annotations to add to worker kubernetes service account.

2505

annotations: {}

2506

uid: 65534

2507

# When not set, `statsd.uid` will be used

2508

2509

# (deprecated, use `securityContexts` instead)

2510

securityContext: {}

2511

# runAsUser: 65534

2512

# fsGroup: 0

2513

# runAsGroup: 0

2514

2515

# Detailed default security context for statsd deployments for container and pod level

2516

securityContexts:

2517

pod: {}

2518

container: {}

2519

# container level lifecycle hooks

2520

containerLifecycleHooks: {}

2521

# Additional network policies as needed

2522

extraNetworkPolicies: []

2523

resources: {}

2524

# limits:

2525

# cpu: 100m

2526

# memory: 128Mi

2527

# requests:

2528

# cpu: 100m

2529

# memory: 128Mi

2530

2531

service:

2532

extraAnnotations: {}

2533

# Select certain nodes for StatsD pods.

2534

nodeSelector: {}

2535

affinity: {}

2536

tolerations: []

2537

topologySpreadConstraints: []

2538

priorityClassName: ~

2539

# Additional mappings for StatsD exporter.

2540

# If set, will merge default mapping and extra mappings, default mapping has higher priority.

2541

# So, if you want to change some default mapping, please use `overrideMappings`

2542

extraMappings: []

2543

# Override mappings for StatsD exporter.

2544

# If set, will ignore setting item in default and `extraMappings`.

2545

# So, If you use it, ensure all mapping item contains in it.

2546

overrideMappings: []

2547

# Pod annotations for StatsD pods (templated)

2548

podAnnotations: {}

2549

# Labels specific to statsd objects and pods

2550

labels: {}

2551

# Environment variables to add to statsd container

2552

env: []

2553

# PgBouncer settings

2554

pgbouncer:

2555

# Enable PgBouncer

2556

enabled: false

2557

# Number of PgBouncer replicas to run in Deployment

2558

replicas: 1

2559

# Max number of old replicasets to retain

2560

revisionHistoryLimit: ~

2561

# Command to use for PgBouncer(templated).

2562

command: ["pgbouncer", "-u", "nobody", "/etc/pgbouncer/pgbouncer.ini"]

2563

# Args to use for PgBouncer(templated).

2564

args: ~

2565

auth_type: scram-sha-256

2566

auth_file: /etc/pgbouncer/users.txt

2567

# Whether to mount the config secret files at a default location (/etc/pgbouncer/*).

2568

# Can be skipped to allow for other means to get the values, e.g. secrets provider class.

2569

mountConfigSecret: true

2570

# annotations to be added to the PgBouncer deployment

2571

annotations: {}

2572

# Pod annotations for PgBouncer pods (templated)

2573

podAnnotations: {}

2574

# Add custom annotations to the pgbouncer certificates secret

2575

certificatesSecretAnnotations: {}

2576

# Create ServiceAccount

2577

serviceAccount:

2578

# default value is true

2579

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2580

automountServiceAccountToken: true

2581

# Specifies whether a ServiceAccount should be created

2582

create: true

2583

# The name of the ServiceAccount to use.

2584

# If not set and create is true, a name is generated using the release name

2585

2586

# Annotations to add to worker kubernetes service account.

2587

annotations: {}

2588

# Additional network policies as needed

2589

extraNetworkPolicies: []

2590

# Pool sizes

2591

metadataPoolSize: 10

2592

resultBackendPoolSize: 5

2593

# Maximum clients that can connect to PgBouncer (higher = more file descriptors)

2594

maxClientConn: 100

2595

# supply the name of existing secret with pgbouncer.ini and users.txt defined

2596

# you can load them to a k8s secret like the one below

2597

# apiVersion: v1

2598

# kind: Secret

2599

# metadata:

2600

# name: pgbouncer-config-secret

2601

# data:

2602

# pgbouncer.ini: <base64_encoded pgbouncer.ini file content>

2603

# users.txt: <base64_encoded users.txt file content>

2604

# type: Opaque

2605

2606

# configSecretName: pgbouncer-config-secret

2607

2608

configSecretName: ~

2609

# Add custom annotations to the pgbouncer config secret

2610

configSecretAnnotations: {}

2611

# PgBouncer pod disruption budget

2612

podDisruptionBudget:

2613

enabled: false

2614

# PDB configuration

2615

config:

2616

# minAvailable and maxUnavailable are mutually exclusive

2617

maxUnavailable: 1

2618

# minAvailable: 1

2619

# Limit the resources to PgBouncer.

2620

# When you specify the resource request the k8s scheduler uses this information to decide which node to

2621

# place the Pod on. When you specify a resource limit for a Container, the kubelet enforces those limits so

2622

# that the running container is not allowed to use more of that resource than the limit you set.

2623

# See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

2624

# Example:

2625

2626

# resource:

2627

# limits:

2628

# cpu: 100m

2629

# memory: 128Mi

2630

# requests:

2631

# cpu: 100m

2632

# memory: 128Mi

2633

resources: {}

2634

service:

2635

extraAnnotations: {}

2636

clusterIp: ~

2637

# https://www.pgbouncer.org/config.html

2638

verbose: 0

2639

logDisconnections: 0

2640

logConnections: 0

2641

sslmode: "prefer"

2642

ciphers: "normal"

2643

ssl:

2644

ca: ~

2645

cert: ~

2646

key: ~

2647

# Add extra PgBouncer ini configuration in the databases section:

2648

# https://www.pgbouncer.org/config.html#section-databases

2649

extraIniMetadata: ~

2650

extraIniResultBackend: ~

2651

# Add extra general PgBouncer ini configuration: https://www.pgbouncer.org/config.html

2652

extraIni: ~

2653

# Mount additional volumes into pgbouncer. It can be templated like in the following example:

2654

# extraVolumes:

2655

# - name: my-templated-extra-volume

2656

# secret:

2657

# secretName: '{{ include "my_secret_template" . }}'

2658

# defaultMode: 0640

2659

# optional: true

2660

2661

# extraVolumeMounts:

2662

# - name: my-templated-extra-volume

2663

# mountPath: "{{ .Values.my_custom_path }}"

2664

# readOnly: true

2665

# Volumes apply to all pgbouncer containers, while volume mounts apply to the pgbouncer

2666

# container itself. Metrics exporter container has its own mounts.

2667

extraVolumes: []

2668

extraVolumeMounts: []

2669

# Launch additional containers into pgbouncer.

2670

extraContainers: []

2671

# Select certain nodes for PgBouncer pods.

2672

nodeSelector: {}

2673

affinity: {}

2674

tolerations: []

2675

topologySpreadConstraints: []

2676

priorityClassName: ~

2677

uid: 65534

2678

# Detailed default security context for pgbouncer for container level

2679

securityContexts:

2680

pod: {}

2681

container: {}

2682

# container level lifecycle hooks

2683

containerLifecycleHooks:

2684

preStop:

2685

exec:

2686

# Allow existing queries clients to complete within 120 seconds

2687

command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"]

2688

metricsExporterSidecar:

2689

resources: {}

2690

# limits:

2691

# cpu: 100m

2692

# memory: 128Mi

2693

# requests:

2694

# cpu: 100m

2695

# memory: 128Mi

2696

sslmode: "disable"

2697

# supply the name of existing secret with PGBouncer connection URI containing

2698

# stats user and password.

2699

# you can load them to a k8s secret like the one below

2700

# apiVersion: v1

2701

# kind: Secret

2702

# metadata:

2703

# name: pgbouncer-stats-secret

2704

# data:

2705

# connection: postgresql://<stats user>:<password>@127.0.0.1:6543/pgbouncer?<connection params>

2706

# type: Opaque

2707

2708

# statsSecretName: pgbouncer-stats-secret

2709

2710

statsSecretName: ~

2711

# Key containing the PGBouncer connection URI, defaults to `connection` if not defined

2712

statsSecretKey: ~

2713

# Add custom annotations to the pgbouncer stats secret

2714

statsSecretAnnotations: {}

2715

# Detailed default security context for metricsExporterSidecar for container level

2716

securityContexts:

2717

container: {}

2718

# container level lifecycle hooks

2719

containerLifecycleHooks: {}

2720

livenessProbe:

2721

initialDelaySeconds: 10

2722

periodSeconds: 10

2723

timeoutSeconds: 1

2724

readinessProbe:

2725

initialDelaySeconds: 10

2726

periodSeconds: 10

2727

timeoutSeconds: 1

2728

# Mount additional volumes into the metrics exporter. It can be templated like in the following example:

2729

# extraVolumeMounts:

2730

# - name: my-templated-extra-volume

2731

# mountPath: "{{ .Values.my_custom_path }}"

2732

# readOnly: true

2733

extraVolumeMounts: []

2734

# Labels specific to pgbouncer objects and pods

2735

labels: {}

2736

# Environment variables to add to pgbouncer container

2737

env: []

2738

# Configuration for the redis provisioned by the chart

2739

redis:

2740

enabled: true

2741

terminationGracePeriodSeconds: 600

2742

# Annotations for Redis Statefulset

2743

annotations: {}

2744

# Create ServiceAccount

2745

serviceAccount:

2746

# default value is true

2747

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2748

automountServiceAccountToken: true

2749

# Specifies whether a ServiceAccount should be created

2750

create: true

2751

# The name of the ServiceAccount to use.

2752

# If not set and create is true, a name is generated using the release name

2753

2754

# Annotations to add to worker kubernetes service account.

2755

annotations: {}

2756

service:

2757

# service type, default: ClusterIP

2758

type: "ClusterIP"

2759

# If using ClusterIP service type, custom IP address can be specified

2760

clusterIP:

2761

# If using NodePort service type, custom node port can be specified

2762

nodePort:

2763

persistence:

2764

# Enable persistent volumes

2765

enabled: true

2766

# Volume size for worker StatefulSet

2767

size: 1Gi

2768

# If using a custom storageClass, pass name ref to all statefulSets here

2769

storageClassName:

2770

# Annotations to add to redis volumes

2771

annotations: {}

2772

# the name of an existing PVC to use

2773

existingClaim:

2774

persistentVolumeClaimRetentionPolicy: ~

2775

# persistentVolumeClaimRetentionPolicy:

2776

# whenDeleted: Delete

2777

# whenScaled: Delete

2778

# Configuration for empty dir volume (if redis.persistence.enabled == false)

2779

# emptyDirConfig:

2780

# sizeLimit: 1Gi

2781

# medium: Memory

2782

resources: {}

2783

# limits:

2784

# cpu: 100m

2785

# memory: 128Mi

2786

# requests:

2787

# cpu: 100m

2788

# memory: 128Mi

2789

2790

# If set use as redis secret. Make sure to also set data.brokerUrlSecretName value.

2791

passwordSecretName: ~

2792

# Else, if password is set, create secret with it,

2793

# Otherwise a new password will be generated on install

2794

# Note: password can only be set during install, not upgrade.

2795

password: ~

2796

# Add custom annotations to the redis password secret

2797

passwordSecretAnnotations: {}

2798

# This setting tells kubernetes that its ok to evict

2799

# when it wants to scale a node down.

2800

safeToEvict: true

2801

# Select certain nodes for redis pods.

2802

nodeSelector: {}

2803

affinity: {}

2804

tolerations: []

2805

topologySpreadConstraints: []

2806

priorityClassName: ~

2807

# Set to 0 for backwards-compatibility

2808

uid: 0

2809

# If not set, `redis.uid` will be used

2810

securityContext: {}

2811

# runAsUser: 999

2812

# runAsGroup: 0

2813

2814

# Detailed default security context for redis for container and pod level

2815

securityContexts:

2816

pod: {}

2817

container: {}

2818

# container level lifecycle hooks

2819

containerLifecycleHooks: {}

2820

# Labels specific to redis objects and pods

2821

labels: {}

2822

# Pod annotations for Redis pods (templated)

2823

podAnnotations: {}

2824

# Auth secret for a private registry (Deprecated - use `imagePullSecrets` instead)

2825

# This is used if pulling airflow images from a private registry

2826

registry:

2827

# Name of the Kubernetes secret containing Base64 encoded credentials to connect to a private registry

2828

# (Deprecated - renamed to `imagePullSecrets`).

2829

secretName: ~

2830

# Credentials to connect to a private registry, these will get Base64 encoded and stored in a secret

2831

# (Deprecated - create manually the credentials secret and add to `imagePullSecrets` instead).

2832

# Example:

2833

# connection:

2834

# user: ~

2835

# pass: ~

2836

# host: ~

2837

# email: ~

2838

connection: {}

2839

# Elasticsearch logging configuration

2840

elasticsearch:

2841

# Enable elasticsearch task logging

2842

enabled: false

2843

# A secret containing the connection

2844

secretName: ~

2845

# Add custom annotations to the elasticsearch secret

2846

secretAnnotations: {}

2847

# Or an object representing the connection

2848

# Example:

2849

# connection:

2850

# scheme: ~

2851

# user: ~

2852

# pass: ~

2853

# host: ~

2854

# port: ~

2855

connection: {}

2856

# OpenSearch logging configuration

2857

opensearch:

2858

# Enable opensearch task logging

2859

enabled: false

2860

# A secret containing the connection

2861

secretName: ~

2862

# Or an object representing the connection

2863

# Example:

2864

# connection:

2865

# scheme: ~

2866

# user: ~

2867

# pass: ~

2868

# host: ~

2869

# port: ~

2870

connection: {}

2871

# All ports used by chart

2872

ports:

2873

flowerUI: 5555

2874

airflowUI: 8080

2875

workerLogs: 8793

2876

triggererLogs: 8794

2877

redisDB: 6379

2878

statsdIngest: 9125

2879

statsdScrape: 9102

2880

pgbouncer: 6543

2881

pgbouncerScrape: 9127

2882

apiServer: 8080

2883

# Define any ResourceQuotas for namespace

2884

quotas: {}

2885

# Define default/max/min values for pods and containers in namespace

2886

limits: []

2887

# This runs as a CronJob to cleanup old pods spawned by the KubernetesExecutor.

2888

# It is required to have KubernetesExecutor enabled.

2889

cleanup:

2890

enabled: false

2891

# Run every 15 minutes (templated).

2892

schedule: "*/15 * * * *"

2893

# To select a random-ish, deterministic starting minute between 3 and 12 inclusive for each release:

2894

# '{{- add 3 (regexFind ".$" (adler32sum .Release.Name)) -}}-59/15 * * * *'

2895

# To select the last digit of unix epoch time as the starting minute on each deploy:

2896

# '{{- now | unixEpoch | trunc -1 -}}-59/* * * * *'

2897

2898

# Command to use when running the cleanup cronjob (templated).

2899

command: ~

2900

# Args to use when running the cleanup cronjob (templated).

2901

args: ["bash", "-c", "exec airflow kubernetes cleanup-pods --namespace={{ .Release.Namespace }}"]

2902

# jobAnnotations are annotations on the cleanup CronJob

2903

jobAnnotations: {}

2904

# Select certain nodes for airflow cleanup pods.

2905

nodeSelector: {}

2906

affinity: {}

2907

tolerations: []

2908

topologySpreadConstraints: []

2909

priorityClassName: ~

2910

# Pod annotations for cleanup pods (templated)

2911

podAnnotations: {}

2912

# Labels specific to cleanup objects and pods

2913

labels: {}

2914

resources: {}

2915

# limits:

2916

# cpu: 100m

2917

# memory: 128Mi

2918

# requests:

2919

# cpu: 100m

2920

# memory: 128Mi

2921

2922

# Create ServiceAccount

2923

serviceAccount:

2924

# default value is true

2925

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2926

automountServiceAccountToken: true

2927

# Specifies whether a ServiceAccount should be created

2928

create: true

2929

# The name of the ServiceAccount to use.

2930

# If not set and create is true, a name is generated using the release name

2931

2932

# Annotations to add to cleanup cronjob kubernetes service account.

2933

annotations: {}

2934

# When not set, the values defined in the global securityContext will be used

2935

securityContext: {}

2936

# runAsUser: 50000

2937

# runAsGroup: 0

2938

env: []

2939

# Detailed default security context for cleanup for container level

2940

securityContexts:

2941

pod: {}

2942

container: {}

2943

# container level lifecycle hooks

2944

containerLifecycleHooks: {}

2945

# Specify history limit

2946

# When set, overwrite the default k8s number of successful and failed CronJob executions that are saved.

2947

failedJobsHistoryLimit: ~

2948

successfulJobsHistoryLimit: ~

2949

# This runs as a CronJob to cleanup database for old entries.

2950

databaseCleanup:

2951

enabled: false

2952

applyCustomEnv: true

2953

# Run every week on Sunday at midnight (templated).

2954

schedule: "0 0 * * 0"

2955

# Command to use when running the database cleanup cronjob (templated).

2956

command:

2957

- "bash"

2958

# Args to use when running the database cleanup cronjob (templated).

2959

args:

2960

- "-c"

2961

- >-

2962

CLEAN_TS=$(date -d "-{{ .Values.databaseCleanup.retentionDays }} days" +"%Y-%m-%dT%H:%M:%S"); echo "Cleaning up metadata DB entries older than ${CLEAN_TS}"; exec airflow db clean --clean-before-timestamp "${CLEAN_TS}" --yes {{- if .Values.databaseCleanup.skipArchive }} --skip-archive{{ end }} {{- if .Values.databaseCleanup.verbose }} --verbose{{ end }} {{- with .Values.databaseCleanup.batchSize }} --batch-size {{ . }}{{ end }} {{- with .Values.databaseCleanup.tables }} --tables {{ . | join "," }}{{ end }}

2963

# Number of days to retain entries in the metadata database.

2964

retentionDays: 90

2965

# Don't preserve purged records in an archive table

2966

skipArchive: false

2967

# Table names to perform maintenance on. Supported values in:

2968

# https://airflow.apache.org/docs/apache-airflow/stable/cli-and-env-variables-ref.html#clean

2969

tables: []

2970

# Maximum number of rows to delete or archive in a single transaction

2971

batchSize: ~

2972

# Make logging output more verbose

2973

verbose: true

2974

# jobAnnotations are annotations on the database cleanup CronJob

2975

jobAnnotations: {}

2976

# Select certain nodes for airflow database cleanup pods.

2977

nodeSelector: {}

2978

affinity: {}

2979

tolerations: []

2980

topologySpreadConstraints: []

2981

priorityClassName: ~

2982

# Pod annotations for database cleanup pods (templated)

2983

podAnnotations: {}

2984

# Labels specific to database cleanup objects and pods

2985

labels: {}

2986

resources: {}

2987

# limits:

2988

# cpu: 100m

2989

# memory: 128Mi

2990

# requests:

2991

# cpu: 100m

2992

# memory: 128Mi

2993

2994

# Create ServiceAccount

2995

serviceAccount:

2996

# default value is true

2997

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2998

automountServiceAccountToken: true

2999

# Specifies whether a ServiceAccount should be created

3000

create: true

3001

# The name of the ServiceAccount to use.

3002

# If not set and create is true, a name is generated using the release name

3003

3004

# Annotations to add to database cleanup cronjob kubernetes service account.

3005

annotations: {}

3006

env: []

3007

# Detailed default security context for database cleanup for container level

3008

securityContexts:

3009

pod: {}

3010

container: {}

3011

# container level lifecycle hooks

3012

containerLifecycleHooks: {}

3013

# Specify history limit

3014

# When set, overwrite the default k8s number of successful and failed CronJob executions that are saved.

3015

failedJobsHistoryLimit: 1

3016

successfulJobsHistoryLimit: 1

3017

# Configuration for postgresql subchart

3018

# Uses bitnamilegacy images to avoid Bitnami licensing restrictions

3019

# Not recommended for production - use external database instead

3020

postgresql:

3021

enabled: true

3022

image:

3023

repository: bitnamilegacy/postgresql

3024

tag: "16.1.0-debian-11-r15"

3025

auth:

3026

enablePostgresUser: true

3027

postgresPassword: postgres

3028

username: ""

3029

password: ""

3030

# Config settings to go into the mounted airflow.cfg

3031

3032

# Please note that these values are passed through the `tpl` function, so are

3033

# all subject to being rendered as go templates. If you need to include a

3034

# literal `{{` in a value, it must be expressed like this:

3035

3036

# a: '{{ "{{ not a template }}" }}'

3037

3038

# Do not set config containing secrets via plain text values, use Env Var or k8s secret object

3039

# yamllint disable rule:line-length

3040

config:

3041

core:

3042

dags_folder: '{{ include "airflow_dags" . }}'

3043

# This is ignored when used with the official Docker image

3044

load_examples: 'False'

3045

executor: '{{ .Values.executor }}'

3046

auth_manager: "airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager"

3047

logging:

3048

remote_logging: '{{- ternary "True" "False" (or .Values.elasticsearch.enabled .Values.opensearch.enabled) }}'

3049

colored_console_log: 'False'

3050

metrics:

3051

statsd_on: '{{ ternary "True" "False" .Values.statsd.enabled }}'

3052

statsd_port: 9125

3053

statsd_prefix: airflow

3054

statsd_host: '{{ printf "%s-statsd" (include "airflow.fullname" .) }}'

3055

fab:

3056

enable_proxy_fix: 'True'

3057

webserver:

3058

# For Airflow 2.X

3059

enable_proxy_fix: 'True'

3060

celery:

3061

flower_url_prefix: '{{ ternary "" .Values.ingress.flower.path (eq .Values.ingress.flower.path "/") }}'

3062

worker_concurrency: 16

3063

sync_parallelism: '{{ include "cpu_count" (((.Values.scheduler).resources).limits).cpu }}'

3064

scheduler:

3065

standalone_dag_processor: '{{ ternary "True" "False" (or (semverCompare ">=3.0.0" .Values.airflowVersion) (.Values.dagProcessor.enabled | default false)) }}'

3066

dag_processor:

3067

# Dag bundle configuration list in JSON string format.

3068

# This is automatically generated from .Values.dagProcessor.dagBundleConfigList using the dag_bundle_config_list helper function.

3069

# Deprecated: Direct override via config.dag_processor.dag_bundle_config_list is deprecated.

3070

# Use dagProcessor.dagBundleConfigList instead.

3071

dag_bundle_config_list: '{{ include "dag_bundle_config_list" . }}'

3072

elasticsearch:

3073

json_format: 'True'

3074

log_id_template: "{dag_id}_{task_id}_{execution_date}_{try_number}"

3075

elasticsearch_configs:

3076

max_retries: 3

3077

timeout: 30

3078

retry_timeout: 'True'

3079

kerberos:

3080

keytab: '{{ .Values.kerberos.keytabPath }}'

3081

reinit_frequency: '{{ .Values.kerberos.reinitFrequency }}'

3082

principal: '{{ .Values.kerberos.principal }}'

3083

ccache: '{{ .Values.kerberos.ccacheMountPath }}/{{ .Values.kerberos.ccacheFileName }}'

3084

celery_kubernetes_executor:

3085

kubernetes_queue: 'kubernetes'

3086

kubernetes_executor:

3087

namespace: '{{ .Release.Namespace }}'

3088

pod_template_file: '{{ include "airflow_pod_template_file" . }}/pod_template_file.yaml'

3089

worker_container_repository: '{{ .Values.images.airflow.repository | default .Values.defaultAirflowRepository }}'

3090

worker_container_tag: '{{ .Values.images.airflow.tag | default .Values.defaultAirflowTag }}'

3091

multi_namespace_mode: '{{ ternary "True" "False" .Values.multiNamespaceMode }}'

3092

# yamllint enable rule:line-length

3093

3094

# Whether Airflow can launch workers and/or pods in multiple namespaces

3095

# If true, it creates ClusterRole/ClusterRolebinding (with access to entire cluster)

3096

multiNamespaceMode: false

3097

# `podTemplate` is a templated string which overwrites the content of `pod_template_file.yaml` used by

3098

# KubernetesExecutor. The default `podTemplate` will use `workers` configuration parameters

3099

# (e.g. `workers.resources`). As such, you normally won't need to override this directly, however,

3100

# you can still provide a completely custom `pod_template_file.yaml` if desired.

3101

# If not set, a default one is created using `files/pod-template-file.kubernetes-helm-yaml`.

3102

podTemplate: ~

3103

# The following example is NOT functional, but meant to be illustrative of how you can provide a custom

3104

# `pod_template_file`. You're better off starting with the default in

3105

# `files/pod-template-file.kubernetes-helm-yaml` and modifying from there.

3106

# We will set `priorityClassName` in this example:

3107

# podTemplate: |

3108

# apiVersion: v1

3109

# kind: Pod

3110

# metadata:

3111

# name: placeholder-name

3112

# labels:

3113

# tier: airflow

3114

# component: worker

3115

# release: {{ .Release.Name }}

3116

# spec:

3117

# priorityClassName: high-priority

3118

# containers:

3119

# - name: base

3120

# ...

3121

3122

# Git sync

3123

dags:

3124

# Where dags volume will be mounted. Works for both persistence and gitSync.

3125

# If not specified, dags mount path will be set to $AIRFLOW_HOME/dags

3126

mountPath: ~

3127

persistence:

3128

# Annotations for dags PVC

3129

annotations: {}

3130

# Enable persistent volume for storing dags

3131

enabled: false

3132

# Volume size for dags

3133

size: 1Gi

3134

# If using a custom storageClass, pass name here

3135

storageClassName:

3136

# access mode of the persistent volume

3137

accessMode: ReadWriteOnce

3138

## the name of an existing PVC to use

3139

existingClaim:

3140

## optional subpath for dag volume mount

3141

subPath: ~

3142

gitSync:

3143

enabled: false

3144

# git repo clone url

3145

# ssh example: git@github.com:apache/airflow.git

3146

# https example: https://github.com/apache/airflow.git

3147

repo: https://github.com/apache/airflow.git

3148

branch: v2-2-stable

3149

rev: HEAD

3150

# The git revision (branch, tag, or hash) to check out, v4 only

3151

ref: v2-2-stable

3152

depth: 1

3153

# the number of consecutive failures allowed before aborting

3154

maxFailures: 0

3155

# subpath within the repo where dags are located

3156

# should be "" if dags are at repo root

3157

subPath: "tests/dags"

3158

# if your repo needs a user name password

3159

# you can load them to a k8s secret like the one below

3160

# ---

3161

# apiVersion: v1

3162

# kind: Secret

3163

# metadata:

3164

# name: git-credentials

3165

# data:

3166

# # For git-sync v3

3167

# GIT_SYNC_USERNAME: <base64_encoded_git_username>

3168

# GIT_SYNC_PASSWORD: <base64_encoded_git_password>

3169

# # For git-sync v4

3170

# GITSYNC_USERNAME: <base64_encoded_git_username>

3171

# GITSYNC_PASSWORD: <base64_encoded_git_password>

3172

# and specify the name of the secret below

3173

3174

# credentialsSecret: git-credentials

3175

3176

3177

# If you are using an ssh clone url, you can load

3178

# the ssh private key to a k8s secret like the one below

3179

# ---

3180

# apiVersion: v1

3181

# kind: Secret

3182

# metadata:

3183

# name: airflow-ssh-secret

3184

# data:

3185

# # key needs to be gitSshKey

3186

# gitSshKey: <base64_encoded_data>

3187

# and specify the name of the secret below

3188

# sshKeySecret: airflow-ssh-secret

3189

3190

# Or set sshKeySecret with your key

3191

# sshKey: |

3192

# -----BEGIN {OPENSSH PRIVATE KEY}-----

3193

# ...

3194

# -----END {OPENSSH PRIVATE KEY}-----

3195

3196

# If you are using an ssh private key, you can additionally

3197

# specify the content of your known_hosts file, example:

3198

3199

# knownHosts: |

3200

# <host1>,<ip1> <key1>

3201

# <host2>,<ip2> <key2>

3202

3203

# interval between git sync attempts in seconds

3204

# high values are more likely to cause DAGs to become out of sync between different components

3205

# low values cause more traffic to the remote git repository

3206

# Go-style duration string (e.g. "100ms" or "0.1s" = 100ms).

3207

# For backwards compatibility, wait will be used if it is specified.

3208

period: 5s

3209

wait: ~

3210

# add variables from secret into gitSync containers, such proxy-config

3211

envFrom: ~

3212

# envFrom: |

3213

# - secretRef:

3214

# name: 'proxy-config'

3215

3216

containerName: git-sync

3217

uid: 65533

3218

# When not set, the values defined in the global securityContext will be used

3219

securityContext: {}

3220

# runAsUser: 65533

3221

# runAsGroup: 0

3222

3223

securityContexts:

3224

container: {}

3225

# container level lifecycle hooks

3226

containerLifecycleHooks: {}

3227

# Git-Sync liveness service http bind port

3228

httpPort: 1234

3229

# Setting this to true, will remove readinessProbe usage and configure livenessProbe to

3230

# use a dedicated Git-Sync liveness service. In future, behaviour with value true will be

3231

# default one and old one will be removed

3232

recommendedProbeSetting: false

3233

startupProbe:

3234

enabled: true

3235

timeoutSeconds: 1

3236

initialDelaySeconds: 0

3237

periodSeconds: 5

3238

failureThreshold: 10

3239

# As Git-Sync is not service-type object, the usage of this section will be removed.

3240

# By setting dags.gitSync.recommendedProbeSetting to true, you will enable future behaviour.

3241

readinessProbe: {}

3242

# The behaviour of the livenessProbe will change with the next release of Helm Chart.

3243

# To enable future behaviour set dags.gitSync.recommendedProbeSetting to true.

3244

# New behaviour uses the recommended liveness configuration by using Git-Sync built-in

3245

# liveness service

3246

livenessProbe: {}

3247

# enabled: true

3248

# timeoutSeconds: 1

3249

# initialDelaySeconds: 0

3250

# periodSeconds: 5

3251

# failureThreshold: 10

3252

3253

# Mount additional volumes into git-sync. It can be templated like in the following example:

3254

# extraVolumeMounts:

3255

# - name: my-templated-extra-volume

3256

# mountPath: "{{ .Values.my_custom_path }}"

3257

# readOnly: true

3258

extraVolumeMounts: []

3259

env: []

3260

# Supported env vars for gitsync can be found at https://github.com/kubernetes/git-sync

3261

# - name: ""

3262

# value: ""

3263

3264

# Configuration for empty dir volume

3265

# emptyDirConfig:

3266

# sizeLimit: 1Gi

3267

# medium: Memory

3268

resources: {}

3269

# limits:

3270

# cpu: 100m

3271

# memory: 128Mi

3272

# requests:

3273

# cpu: 100m

3274

# memory: 128Mi

3275

logs:

3276

# Configuration for empty dir volume (if logs.persistence.enabled == false)

3277

# emptyDirConfig:

3278

# sizeLimit: 1Gi

3279

# medium: Memory

3280

persistence:

3281

# Enable persistent volume for storing logs

3282

enabled: false

3283

# Volume size for logs

3284

size: 100Gi

3285

# Annotations for the logs PVC

3286

annotations: {}

3287

# If using a custom storageClass, pass name here

3288

storageClassName:

3289

## the name of an existing PVC to use

3290

existingClaim:

3291

## the subpath of the existing PVC to use

3292

subPath:

3293

The trusted source for open source

Talk to an expert

Privacy

Terms

© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.

airflow

The trusted source for open source

Product

Solutions

Customers

Resources

Company