airflow

Helm chart

Last changed

Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Tag:

# Licensed to the Apache Software Foundation (ASF) under one

# or more contributor license agreements. See the NOTICE file

# distributed with this work for additional information

# regarding copyright ownership. The ASF licenses this file

# to you under the Apache License, Version 2.0 (the

# "License"); you may not use this file except in compliance

# with the License. You may obtain a copy of the License at

# http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing,

# software distributed under the License is distributed on an

# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

# KIND, either express or implied. See the License for the

# specific language governing permissions and limitations

# under the License.

# Provide a name to substitute for the full names of resources

fullnameOverride: ""

# Default values for airflow.

# This is a YAML-formatted file.

# Declare variables to be passed into your templates.

# Provide a name to substitute for the name of the chart

nameOverride: ""

# Use standard naming for all resources using airflow.fullname template

# Consider removing this later and default it to true

# to make this chart follow standard naming conventions using the fullname template.

# For now this is an opt-in switch for backwards compatibility to leverage the standard naming convention

# and being able to use fully fullnameOverride and nameOverride in all resources

# For new installations - it is recommended to set it to True to follow standard naming conventions

# For existing installations, this will rename and redeploy your resources with the new names. Be aware that

# this will recreate your deployment/statefulsets along with their persistent volume claims and data storage

# migration may be needed to keep your old data

# Note:fernet-key,redis-password and broker-url secrets don't use this logic yet,

# as this may break existing installations due to how they get installed via pre-install hook.

useStandardNaming: false

# Max number of old replicasets to retain. Can be overridden by each deployment's revisionHistoryLimit

revisionHistoryLimit: ~

# User and group of airflow user

uid: 50000

gid: 0

# Default security context for airflow (deprecated, use `securityContexts` instead)

securityContext: {}

# runAsUser: 50000

# fsGroup: 0

# runAsGroup: 0

# Detailed default security context for airflow deployments

securityContexts:

pod: {}

containers: {}

# Global container lifecycle hooks for airflow containers

containerLifecycleHooks: {}

# Airflow home directory

# Used for mount paths

airflowHome: /opt/airflow

# Default airflow repository -- overridden by all the specific images below

defaultAirflowRepository: cgr.dev/chainguard-private/airflow

# Default airflow tag to deploy

defaultAirflowTag: latest

# Default airflow digest. If specified, it takes precedence over tag

defaultAirflowDigest: sha256:dbbaee231d6387114f5af0d70d4ef4a6ea2a31234b7d80a8b64681664c7b63b1

# Airflow version (Used to make some decisions based on Airflow Version being deployed)

airflowVersion: "3.1.7"

# Images

images:

airflow:

repository: ~

tag: ~

# Specifying digest takes precedence over tag.

digest: ~

pullPolicy: IfNotPresent

# To avoid images with user code, you can turn this to 'true' and

# all the 'run-airflow-migrations' and 'wait-for-airflow-migrations' containers/jobs

# will use the images from 'defaultAirflowRepository:defaultAirflowTag' values

# to run and wait for DB migrations .

useDefaultImageForMigration: false

# timeout (in seconds) for airflow-migrations to complete

migrationsWaitTimeout: 60

pod_template:

# Note that `images.pod_template.repository` and `images.pod_template.tag` parameters

# can be overridden in `config.kubernetes` section. So for these parameters to have effect

# `config.kubernetes.worker_container_repository` and `config.kubernetes.worker_container_tag`

# must be not set .

repository: ~

tag: ~

pullPolicy: IfNotPresent

flower:

repository: cgr.dev/chainguard-private/flower

tag: latest@sha256:1e28cc43790a9535bbb09308ce40cf5eabaeb57ed7dbb26b5190c36f4f2a5331

pullPolicy: IfNotPresent

statsd:

repository: cgr.dev/chainguard-private/prometheus-statsd-exporter

tag: latest@sha256:d07f7a950e884cde659f45ee394c84ba5704ca474fefcc9bb190264b481b9ce7

pullPolicy: IfNotPresent

redis:

repository: cgr.dev/chainguard-private/redis

# Redis is limited to 7.2-bookworm due to licencing change

100

# https://redis.io/blog/redis-adopts-dual-source-available-licensing/

101

tag: latest@sha256:779a0e2490bf5e72449246444bc9b13034f0c3e932b6c4dc84a6d668bceccf5a

102

pullPolicy: IfNotPresent

103

pgbouncer:

104

repository: cgr.dev/chainguard-private/pgbouncer

105

tag: latest@sha256:df7c7e82944894fa3a759b765b14bd5171780dfd37da17d7fc86cc9e5435afdf

106

pullPolicy: IfNotPresent

107

pgbouncerExporter:

108

repository: cgr.dev/chainguard-private/prometheus-pgbouncer-exporter

109

tag: latest@sha256:4f333c951bb4b3d80cbaf5a46ecaca2ced50b646f30604a38c1dd34d341091b4

110

pullPolicy: IfNotPresent

111

gitSync:

112

repository: cgr.dev/chainguard-private/git-sync

113

tag: latest@sha256:8d3c14b6b4f574d2e86766d65d343989af61e5a040253c75061487fb4d7b4267

114

pullPolicy: IfNotPresent

115

# Select certain nodes for airflow pods.

116

nodeSelector: {}

117

affinity: {}

118

tolerations: []

119

topologySpreadConstraints: []

120

schedulerName: ~

121

# Add common labels to all objects and pods defined in this chart.

122

labels: {}

123

# List of existing Kubernetes secrets containing Base64 encoded credentials to connect to private

124

# registries. Items can be either strings or {name: secret} objects.

125

imagePullSecrets: []

126

# Ingress configuration

127

ingress:

128

# Enable all ingress resources

129

# (deprecated - use ingress.web.enabled, ingress.apiServer.enabled and ingress.flower.enabled)

130

enabled: ~

131

# Configs for the Ingress of the API Server (Airflow 3+)

132

apiServer:

133

# Enable API Server ingress resource

134

enabled: false

135

# Annotations for the API Server Ingress

136

annotations: {}

137

# The path for the API Server Ingress

138

path: "/"

139

# The pathType for the above path (used only with Kubernetes v1.19 and above)

140

pathType: "ImplementationSpecific"

141

# The hostname for the API Server Ingress (Deprecated - renamed to `ingress.apiServer.hosts`)

142

host: ""

143

# The hostnames or hosts configuration for the API Server Ingress

144

hosts: []

145

# # The hostname for the web Ingress (templated)

146

# - name: ""

147

# # configs for API Server Ingress TLS

148

# tls:

149

# # Enable TLS termination for the API Server Ingress

150

# enabled: false

151

# # the name of a pre-created Secret containing a TLS private key and certificate

152

# secretName: ""

153

154

# The Ingress Class for the API Server Ingress (used only with Kubernetes v1.19 and above)

155

ingressClassName: ""

156

# configs for API Server Ingress TLS (Deprecated - renamed to `ingress.apiServer.hosts[*].tls`)

157

tls:

158

# Enable TLS termination for the API Server Ingress

159

enabled: false

160

# the name of a pre-created Secret containing a TLS private key and certificate

161

secretName: ""

162

# HTTP paths to add to the API Server Ingress before the default path

163

precedingPaths: []

164

# Http paths to add to the API Server Ingress after the default path

165

succeedingPaths: []

166

# Configs for the Ingress of the web Service (Airflow 2.x)

167

web:

168

# Enable web ingress resource

169

enabled: false

170

# Annotations for the web Ingress

171

annotations: {}

172

# The path for the web Ingress

173

path: "/"

174

# The pathType for the above path (used only with Kubernetes v1.19 and above)

175

pathType: "ImplementationSpecific"

176

# The hostname for the web Ingress (Deprecated - renamed to `ingress.web.hosts`)

177

host: ""

178

# The hostnames or hosts configuration for the web Ingress

179

hosts: []

180

# # The hostname for the web Ingress (templated)

181

# - name: ""

182

# # configs for web Ingress TLS

183

# tls:

184

# # Enable TLS termination for the web Ingress

185

# enabled: false

186

# # the name of a pre-created Secret containing a TLS private key and certificate

187

# secretName: ""

188

189

# The Ingress Class for the web Ingress (used only with Kubernetes v1.19 and above)

190

ingressClassName: ""

191

# configs for web Ingress TLS (Deprecated - renamed to `ingress.web.hosts[*].tls`)

192

tls:

193

# Enable TLS termination for the web Ingress

194

enabled: false

195

# the name of a pre-created Secret containing a TLS private key and certificate

196

secretName: ""

197

# HTTP paths to add to the web Ingress before the default path

198

precedingPaths: []

199

# Http paths to add to the web Ingress after the default path

200

succeedingPaths: []

201

# Configs for the Ingress of the flower Service

202

flower:

203

# Enable web ingress resource

204

enabled: false

205

# Annotations for the flower Ingress

206

annotations: {}

207

# The path for the flower Ingress

208

path: "/"

209

# The pathType for the above path (used only with Kubernetes v1.19 and above)

210

pathType: "ImplementationSpecific"

211

# The hostname for the flower Ingress (Deprecated - renamed to `ingress.flower.hosts`)

212

host: ""

213

# The hostnames or hosts configuration for the flower Ingress

214

hosts: []

215

# # The hostname for the flower Ingress (templated)

216

# - name: ""

217

# tls:

218

# # Enable TLS termination for the flower Ingress

219

# enabled: false

220

# # the name of a pre-created Secret containing a TLS private key and certificate

221

# secretName: ""

222

223

# The Ingress Class for the flower Ingress (used only with Kubernetes v1.19 and above)

224

ingressClassName: ""

225

# configs for flower Ingress TLS (Deprecated - renamed to `ingress.flower.hosts[*].tls`)

226

tls:

227

# Enable TLS termination for the flower Ingress

228

enabled: false

229

# the name of a pre-created Secret containing a TLS private key and certificate

230

secretName: ""

231

# Configs for the Ingress of the statsd Service

232

statsd:

233

# Enable web ingress resource

234

enabled: false

235

# Annotations for the statsd Ingress

236

annotations: {}

237

# The path for the statsd Ingress

238

path: "/metrics"

239

# The pathType for the above path (used only with Kubernetes v1.19 and above)

240

pathType: "ImplementationSpecific"

241

# The hostname for the statsd Ingress (Deprecated - renamed to `ingress.statsd.hosts`)

242

host: ""

243

# The hostnames or hosts configuration for the statsd Ingress

244

hosts: []

245

# # The hostname for the statsd Ingress (templated)

246

# - name: ""

247

# tls:

248

# # Enable TLS termination for the statsd Ingress

249

# enabled: false

250

# # the name of a pre-created Secret containing a TLS private key and certificate

251

# secretName: ""

252

253

# The Ingress Class for the statsd Ingress (used only with Kubernetes v1.19 and above)

254

ingressClassName: ""

255

# Configs for the Ingress of the pgbouncer Service

256

pgbouncer:

257

# Enable web ingress resource

258

enabled: false

259

# Annotations for the pgbouncer Ingress

260

annotations: {}

261

# The path for the pgbouncer Ingress

262

path: "/metrics"

263

# The pathType for the above path (used only with Kubernetes v1.19 and above)

264

pathType: "ImplementationSpecific"

265

# The hostname for the pgbouncer Ingress (Deprecated - renamed to `ingress.pgbouncer.hosts`)

266

host: ""

267

# The hostnames or hosts configuration for the pgbouncer Ingress

268

hosts: []

269

# # The hostname for the statsd Ingress (templated)

270

# - name: ""

271

# tls:

272

# # Enable TLS termination for the pgbouncer Ingress

273

# enabled: false

274

# # the name of a pre-created Secret containing a TLS private key and certificate

275

# secretName: ""

276

277

# The Ingress Class for the pgbouncer Ingress (used only with Kubernetes v1.19 and above)

278

ingressClassName: ""

279

# Network policy configuration

280

networkPolicies:

281

# Enabled network policies

282

enabled: false

283

# Extra annotations to apply to all

284

# Airflow pods

285

airflowPodAnnotations: {}

286

# Extra annotations to apply to

287

# main Airflow configmap

288

airflowConfigAnnotations: {}

289

# `airflow_local_settings` file as a string (templated).

290

airflowLocalSettings: |-

291

292

{{- if not (or .Values.webserverSecretKey .Values.webserverSecretKeySecretName) }}

293

from airflow.www.utils import UIAlert

294

295

DASHBOARD_UIALERTS = [

296

UIAlert(

297

'Usage of a dynamic webserver secret key detected. We recommend a static webserver secret key instead.'

298

' See the <a href='

299

'"https://airflow.apache.org/docs/helm-chart/stable/production-guide.html#webserver-secret-key" '

300

'target="_blank" rel="noopener noreferrer">'

301

'Helm Chart Production Guide</a> for more details.',

302

category="warning",

303

roles=["Admin"],

304

html=True,

305

)

306

]

307

308

309

# Enable RBAC (default on most clusters these days)

310

rbac:

311

# Specifies whether RBAC resources should be created

312

create: true

313

createSCCRoleBinding: false

314

# Airflow executor

315

# One or multiple of: LocalExecutor, CeleryExecutor, KubernetesExecutor

316

# For Airflow <3.0, LocalKubernetesExecutor and CeleryKubernetesExecutor are also supported.

317

# Specify executors in a prioritized list to leverage multiple execution environments as needed:

318

# https://airflow.apache.org/docs/apache-airflow/stable/core-concepts/executor/index.html#using-multiple-executors-concurrently

319

executor: "CeleryExecutor"

320

# If this is true and using LocalExecutor/KubernetesExecutor/CeleryKubernetesExecutor, the scheduler's

321

# service account will have access to communicate with the api-server and launch pods.

322

# If this is true and using CeleryExecutor/KubernetesExecutor/CeleryKubernetesExecutor, the workers

323

# will be able to launch pods.

324

allowPodLaunching: true

325

allowJobLaunching: false

326

# Environment variables for all airflow containers

327

env: []

328

# - name: ""

329

# value: ""

330

331

# Volumes for all airflow containers

332

volumes: []

333

# VolumeMounts for all airflow containers

334

volumeMounts: []

335

# Secrets for all airflow containers

336

secret: []

337

# - envName: ""

338

# secretName: ""

339

# secretKey: ""

340

341

# Enables selected built-in secrets that are set via environment variables by default.

342

# Those secrets are provided by the Helm Chart secrets by default but in some cases you

343

# might want to provide some of those variables with _CMD or _SECRET variable, and you should

344

# in this case disable setting of those variables by setting the relevant configuration to false.

345

enableBuiltInSecretEnvVars:

346

AIRFLOW__CORE__FERNET_KEY: true

347

# For Airflow <2.3, backward compatibility; moved to [database] in 2.3

348

AIRFLOW__CORE__SQL_ALCHEMY_CONN: true

349

AIRFLOW__DATABASE__SQL_ALCHEMY_CONN: true

350

AIRFLOW_CONN_AIRFLOW_DB: true

351

AIRFLOW__API__SECRET_KEY: true

352

AIRFLOW__API_AUTH__JWT_SECRET: true

353

AIRFLOW__WEBSERVER__SECRET_KEY: true

354

AIRFLOW__CELERY__CELERY_RESULT_BACKEND: true

355

AIRFLOW__CELERY__RESULT_BACKEND: true

356

AIRFLOW__CELERY__BROKER_URL: true

357

AIRFLOW__ELASTICSEARCH__HOST: true

358

AIRFLOW__ELASTICSEARCH__ELASTICSEARCH_HOST: true

359

AIRFLOW__OPENSEARCH__HOST: true

360

# Priority Classes that will be installed by charts.

361

# Ideally, there should be an entry for dagProcessor, flower,

362

# pgbouncer, scheduler, statsd, triggerer, webserver, worker.

363

# The format for priorityClasses is an array with each element having:

364

# * name is the name of the priorityClass. Ensure the same name is given to the respective section as well

365

# * preemptionPolicy for the priorityClass

366

# * value is the preemption value for the priorityClass

367

priorityClasses: []

368

# - name: class1 (if this is for dagProcessor, ensure overriding .Values.dagProcessor.priorityClass too)

369

# preemptionPolicy: PreemptLowerPriority

370

# value: 10000

371

# - name: class2

372

# preemptionPolicy: Never

373

# value: 100000

374

375

# Extra secrets that will be managed by the chart

376

# (You can use them with extraEnv or extraEnvFrom or some of the extraVolumes values).

377

# The format for secret data is "key/value" where

378

# * key (templated) is the name of the secret that will be created

379

# * value: an object with the standard 'data' or 'stringData' key (or both).

380

# The value associated with those keys must be a string (templated)

381

extraSecrets: {}

382

# eg:

383

# extraSecrets:

384

# '{{ .Release.Name }}-airflow-connections':

385

# type: 'Opaque'

386

# labels:

387

# my.custom.label/v1: my_custom_label_value_1

388

# data: |

389

# AIRFLOW_CONN_GCP: 'base64_encoded_gcp_conn_string'

390

# AIRFLOW_CONN_AWS: 'base64_encoded_aws_conn_string'

391

# stringData: |

392

# AIRFLOW_CONN_OTHER: 'other_conn'

393

# '{{ .Release.Name }}-other-secret-name-suffix':

394

# data: |

395

# ...

396

# 'proxy-config':

397

# stringData: |

398

# HTTP_PROXY: http://proxy_user:proxy_password@192.168.0.10:2080

399

# HTTPS_PROXY: http://proxy_user:proxy_password@192.168.0.10:2080

400

# NO_PROXY: "localhost,127.0.0.1,.svc.cluster.local,kubernetes.default.svc"

401

402

# Extra ConfigMaps that will be managed by the chart

403

# (You can use them with extraEnv or extraEnvFrom or some of the extraVolumes values).

404

# The format for configmap data is "key/value" where

405

# * key (templated) is the name of the configmap that will be created

406

# * value: an object with the standard 'data' key.

407

# The value associated with this keys must be a string (templated)

408

extraConfigMaps: {}

409

# eg:

410

# extraConfigMaps:

411

# '{{ .Release.Name }}-airflow-variables':

412

# labels:

413

# my.custom.label/v2: my_custom_label_value_2

414

# data: |

415

# AIRFLOW_VAR_HELLO_MESSAGE: "Hi!"

416

# AIRFLOW_VAR_KUBERNETES_NAMESPACE: "{{ .Release.Namespace }}"

417

418

# Extra env 'items' that will be added to the definition of airflow containers

419

# a string is expected (templated).

420

# TODO: difference from `env`? This is a templated string. Probably should template `env` and remove this.

421

extraEnv: ~

422

# eg:

423

# extraEnv: |

424

# - name: AIRFLOW__CORE__LOAD_EXAMPLES

425

# value: 'True'

426

427

# Extra envFrom 'items' that will be added to the definition of airflow containers

428

# A string is expected (templated).

429

extraEnvFrom: ~

430

# eg:

431

# extraEnvFrom: |

432

# - secretRef:

433

# name: '{{ .Release.Name }}-airflow-connections'

434

# - configMapRef:

435

# name: '{{ .Release.Name }}-airflow-variables'

436

437

# Airflow database & redis config

438

data:

439

# If secret names are provided, use those secrets

440

# These secrets must be created manually, eg:

441

442

# kind: Secret

443

# apiVersion: v1

444

# metadata:

445

# name: custom-airflow-metadata-secret

446

# type: Opaque

447

# data:

448

# connection: base64_encoded_connection_string

449

metadataSecretName: ~

450

# When providing secret names and using the same database for metadata and

451

# result backend, for Airflow < 2.4.0 it is necessary to create a separate

452

# secret for result backend but with a db+ scheme prefix.

453

# For Airflow >= 2.4.0 it is possible to not specify the secret again,

454

# as Airflow will use sql_alchemy_conn with a db+ scheme prefix by default.

455

resultBackendSecretName: ~

456

brokerUrlSecretName: ~

457

# Otherwise pass connection values in

458

metadataConnection:

459

user: postgres

460

pass: postgres

461

protocol: postgresql

462

host: ~

463

port: 5432

464

db: postgres

465

sslmode: disable

466

# Add custom annotations to the metadata connection secret

467

secretAnnotations: {}

468

# resultBackendConnection defaults to the same database as metadataConnection

469

resultBackendConnection: ~

470

# Add custom annotations to the result backend connection secret

471

resultBackendConnectionSecretAnnotations: {}

472

# or, you can use a different database

473

# resultBackendConnection:

474

# user: postgres

475

# pass: postgres

476

# protocol: postgresql

477

# host: ~

478

# port: 5432

479

# db: postgres

480

# sslmode: disable

481

# Note: brokerUrl can only be set during install, not upgrade

482

brokerUrl: ~

483

# Add custom annotations to the broker url secret

484

brokerUrlSecretAnnotations: {}

485

# Fernet key settings

486

# Note: fernetKey can only be set during install, not upgrade

487

fernetKey: ~

488

fernetKeySecretName: ~

489

# Add custom annotations to the fernet key secret

490

fernetKeySecretAnnotations: {}

491

# Flask secret key for Airflow 3+ Api: `[api] secret_key` in airflow.cfg

492

apiSecretKey: ~

493

# Add custom annotations to the api secret

494

apiSecretAnnotations: {}

495

apiSecretKeySecretName: ~

496

# Secret key used to encode and decode JWTs: `[api_auth] jwt_secret` in airflow.cfg

497

jwtSecret: ~

498

# Add custom annotations to the JWT secret

499

jwtSecretAnnotations: {}

500

jwtSecretName: ~

501

# Flask secret key for Airflow <3 Webserver: `[webserver] secret_key` in airflow.cfg

502

webserverSecretKey: ~

503

# Add custom annotations to the webserver secret

504

webserverSecretAnnotations: {}

505

webserverSecretKeySecretName: ~

506

# In order to use kerberos you need to create secret containing the keytab file

507

# The secret name should follow naming convention of the application where resources are

508

# name {{ .Release-name }}-<POSTFIX>. In case of the keytab file, the postfix is "kerberos-keytab"

509

# So if your release is named "my-release" the name of the secret should be "my-release-kerberos-keytab"

510

511

# The Keytab content should be available in the "kerberos.keytab" key of the secret.

512

513

# apiVersion: v1

514

# kind: Secret

515

# data:

516

# kerberos.keytab: <base64_encoded keytab file content>

517

# type: Opaque

518

519

520

# If you have such keytab file you can do it with similar

521

522

# kubectl create secret generic {{ .Release.name }}-kerberos-keytab --from-file=kerberos.keytab

523

524

525

# Alternatively, instead of manually creating the secret, it is possible to specify

526

# kerberos.keytabBase64Content parameter. This parameter should contain base64 encoded keytab.

527

528

kerberos:

529

enabled: false

530

ccacheMountPath: /var/kerberos-ccache

531

ccacheFileName: cache

532

configPath: /etc/krb5.conf

533

keytabBase64Content: ~

534

keytabPath: /etc/airflow.keytab

535

principal: airflow@FOO.COM

536

reinitFrequency: 3600

537

config: |

538

# This is an example config showing how you can use templating and how "example" config

539

# might look like. It works with the test kerberos server that we are using during integration

540

# testing at Apache Airflow (see `scripts/ci/docker-compose/integration-kerberos.yml` but in

541

# order to make it production-ready you must replace it with your own configuration that

542

# Matches your kerberos deployment. Administrators of your Kerberos instance should

543

# provide the right configuration.

544

545

[logging]

546

default = "FILE:{{ template "airflow_logs_no_quote" . }}/kerberos_libs.log"

547

kdc = "FILE:{{ template "airflow_logs_no_quote" . }}/kerberos_kdc.log"

548

admin_server = "FILE:{{ template "airflow_logs_no_quote" . }}/kadmind.log"

549

550

[libdefaults]

551

default_realm = FOO.COM

552

ticket_lifetime = 10h

553

renew_lifetime = 7d

554

forwardable = true

555

556

[realms]

557

FOO.COM = {

558

kdc = kdc-server.foo.com

559

admin_server = admin_server.foo.com

560

}

561

# Airflow Worker Config

562

workers:

563

# Number of Airflow Celery workers (deprecated, use `workers.celery.replicas` instead)

564

replicas: 1

565

# Max number of old Airflow Celery workers ReplicaSets to retain

566

# (deprecated, use `workers.celery.revisionHistoryLimit` instead)

567

revisionHistoryLimit: ~

568

# Command to use when running Airflow Celery workers and using pod-template-file (templated)

569

# Use workers.celery.command and/or workers.kubernetes.command to separate value between

570

# Celery workers and pod-template-file

571

command: ~

572

# Args to use when running Airflow Celery workers (templated)

573

# (deprecated, use `workers.celery.args` instead)

574

args:

575

- "bash"

576

- "-c"

577

# The format below is necessary to get `helm lint` happy

578

- |-

579

exec \

580

airflow {{ semverCompare ">=2.0.0" .Values.airflowVersion | ternary "celery worker" "worker" }}

581

{{- if and .Values.workers.queue (ne .Values.workers.queue "default") }}

582

583

584

# If the Airflow Celery worker stops responding for 5 minutes (5*60s)

585

# kill the worker and let Kubernetes restart it

586

# (deprecated, use `workers.celery.livenessProbe` section instead)

587

livenessProbe:

588

# (deprecated, use `workers.celery.livenessProbe.enabled` instead)

589

enabled: true

590

# (deprecated, use `workers.celery.livenessProbe.initialDelaySeconds` instead)

591

initialDelaySeconds: 10

592

# (deprecated, use `workers.celery.livenessProbe.timeoutSeconds` instead)

593

timeoutSeconds: 20

594

# (deprecated, use `workers.celery.livenessProbe.failureThreshold` instead)

595

failureThreshold: 5

596

# (deprecated, use `workers.celery.livenessProbe.periodSeconds` instead)

597

periodSeconds: 60

598

# (deprecated, use `workers.celery.livenessProbe.command` instead)

599

command: ~

600

# Update Strategy when Airflow Celery worker is deployed as a StatefulSet

601

# (deprecated, use `workers.celery.updateStrategy` instead)

602

updateStrategy: ~

603

# Update Strategy when Airflow Celery worker is deployed as a Deployment

604

# (deprecated, use `workers.celery.strategy` instead)

605

strategy:

606

rollingUpdate:

607

maxSurge: "100%"

608

maxUnavailable: "50%"

609

# Allow relaxing ordering guarantees for Airflow Celery worker while preserving its uniqueness and identity

610

# (deprecated, use `workers.celery.podManagementPolicy` instead)

611

# podManagementPolicy: Parallel

612

613

# When not set, the values defined in the global securityContext will

614

# be used in Airflow Celery workers and pod-template-file

615

securityContext: {}

616

# runAsUser: 50000

617

# fsGroup: 0

618

# runAsGroup: 0

619

620

# Detailed default security context for the

621

# Airflow Celery workers and pod-template-file on container and pod level

622

# Use workers.celery.securityContexts and/or workers.kubernetes.securityContexts to separate value between

623

# Celery workers and pod-template-file

624

securityContexts:

625

pod: {}

626

container: {}

627

# Container level Lifecycle Hooks definition for

628

# Airflow Celery workers and pods created with pod-template-file

629

containerLifecycleHooks: {}

630

# Worker pod disruption budget

631

podDisruptionBudget:

632

enabled: false

633

# PDB configuration

634

config:

635

# minAvailable and maxUnavailable are mutually exclusive

636

maxUnavailable: 1

637

# minAvailable: 1

638

# Create ServiceAccount for Airflow Celery workers and pods created with pod-template-file

639

serviceAccount:

640

# default value is true

641

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

642

automountServiceAccountToken: true

643

# Specifies whether a ServiceAccount should be created

644

create: true

645

# The name of the ServiceAccount to use.

646

# If not set and create is true, a name is generated using the release name

647

648

# Annotations to add to worker kubernetes service account.

649

annotations: {}

650

# Allow KEDA autoscaling for Airflow Celery workers

651

keda:

652

enabled: false

653

namespaceLabels: {}

654

# How often KEDA polls the airflow DB to report new scale requests to the HPA

655

pollingInterval: 5

656

# How many seconds KEDA will wait before scaling to zero.

657

# Note that HPA has a separate cooldown period for scale-downs

658

cooldownPeriod: 30

659

# Minimum number of Airflow Celery workers created by keda

660

minReplicaCount: 0

661

# Maximum number of Airflow Celery workers created by keda

662

maxReplicaCount: 10

663

# Specify HPA related options

664

advanced: {}

665

# horizontalPodAutoscalerConfig:

666

# behavior:

667

# scaleDown:

668

# stabilizationWindowSeconds: 300

669

# policies:

670

# - type: Percent

671

# value: 100

672

# periodSeconds: 15

673

674

# Query to use for KEDA autoscaling. Must return a single integer.

675

query: >-

676

SELECT ceil(COUNT(*)::decimal / {{ .Values.config.celery.worker_concurrency }}) FROM task_instance WHERE (state='running' OR state='queued') AND queue IN ( {{- range $i, $q := splitList "," .Values.workers.queue -}} {{- if $i }},{{ end }}'{{ $q | trim }}' {{- end -}} ) {{- if contains "CeleryKubernetesExecutor" .Values.executor }} AND queue != '{{ .Values.config.celery_kubernetes_executor.kubernetes_queue }}' {{- else if contains "KubernetesExecutor" .Values.executor }} AND executor IS DISTINCT FROM 'KubernetesExecutor' {{- else if contains "airflow.providers.edge3.executors.EdgeExecutor" .Values.executor }} AND executor IS DISTINCT FROM 'EdgeExecutor' {{- end }}

677

# Weather to use PGBouncer to connect to the database or not when it is enabled

678

# This configuration will be ignored if PGBouncer is not enabled

679

usePgbouncer: true

680

# Allow HPA for Airflow Celery workers (KEDA must be disabled)

681

hpa:

682

enabled: false

683

# Minimum number of Airflow Celery workers created by HPA

684

minReplicaCount: 0

685

# Maximum number of Airflow Celery workers created by HPA

686

maxReplicaCount: 5

687

# Specifications for which to use to calculate the desired replica count

688

metrics:

689

- type: Resource

690

resource:

691

692

target:

693

type: Utilization

694

averageUtilization: 80

695

# Scaling behavior of the target in both Up and Down directions

696

behavior: {}

697

# Persistence volume configuration for Airflow Celery workers

698

# (deprecated, use `workers.celery.persistence` instead)

699

persistence:

700

# Enable persistent volumes (deprecated, use `workers.celery.persistence.enabled` instead)

701

enabled: true

702

# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed

703

# (deprecated, use `workers.celery.persistence.persistentVolumeClaimRetentionPolicy` instead)

704

persistentVolumeClaimRetentionPolicy: ~

705

# persistentVolumeClaimRetentionPolicy:

706

# whenDeleted: Delete

707

# whenScaled: Delete

708

709

# Volume size for Airflow Celery worker StatefulSet

710

# (deprecated, use `workers.celery.persistence.size` instead)

711

size: 100Gi

712

# If using a custom storageClass, pass name ref to all StatefulSets here

713

# (deprecated, use `workers.celery.persistence.storageClassName` instead)

714

storageClassName:

715

# Execute init container to chown log directory.

716

# This is currently only needed in kind, due to usage

717

# of local-path provisioner.

718

# (deprecated, use `workers.celery.persistence.fixPermissions` instead)

719

fixPermissions: false

720

# Annotations to add to Airflow Celery worker volumes

721

# (deprecated, use `workers.celery.persistence.annotations` instead)

722

annotations: {}

723

# Detailed default security context for persistence on container level

724

# (deprecated, use `workers.celery.persistence.securityContexts` instead)

725

securityContexts:

726

# (deprecated, use `workers.celery.persistence.securityContexts.container` instead)

727

container: {}

728

# Kerberos sidecar configuration for Airflow Celery workers and pods created with pod-template-file

729

kerberosSidecar:

730

# Enable kerberos sidecar

731

enabled: false

732

resources: {}

733

# limits:

734

# cpu: 100m

735

# memory: 128Mi

736

# requests:

737

# cpu: 100m

738

# memory: 128Mi

739

740

# Detailed default security context for kerberos sidecar on container level

741

securityContexts:

742

container: {}

743

# Container level lifecycle hooks

744

containerLifecycleHooks: {}

745

# Kerberos init container configuration for Airflow Celery workers and pods created with pod-template-file

746

# Use workers.celery.kerberosInitContainer and/or workers.kubernetes.kerberosInitContainer to separate

747

# value between Celery workers and pod-template-file

748

kerberosInitContainer:

749

# Enable kerberos init container

750

enabled: false

751

resources: {}

752

# limits:

753

# cpu: 100m

754

# memory: 128Mi

755

# requests:

756

# cpu: 100m

757

# memory: 128Mi

758

759

# Detailed default security context for kerberos init container

760

securityContexts:

761

container: {}

762

# Container level lifecycle hooks

763

containerLifecycleHooks: {}

764

# Resource configuration for Airflow Celery workers and pods created with pod-template-file

765

resources: {}

766

# limits:

767

# cpu: 100m

768

# memory: 128Mi

769

# requests:

770

# cpu: 100m

771

# memory: 128Mi

772

773

# Grace period for tasks to finish after SIGTERM is sent from kubernetes.

774

# It is used by Airflow Celery workers and pod-template-file.

775

terminationGracePeriodSeconds: 600

776

# This setting tells kubernetes that its ok to evict when it wants to scale a node down.

777

# It is used by Airflow Celery workers and pod-template-file.

778

safeToEvict: false

779

# Launch additional containers into Airflow Celery worker

780

# and pods created with pod-template-file (templated).

781

# Note: If used with KubernetesExecutor, you are responsible for signaling sidecars to exit when the main

782

# container finishes so Airflow can continue the worker shutdown process!

783

extraContainers: []

784

# Add additional init containers into Airflow Celery workers

785

# and pods created with pod-template-file (templated).

786

extraInitContainers: []

787

# Additional volumes and volume mounts attached to the

788

# Airflow Celery workers and pods created with pod-template-file

789

extraVolumes: []

790

extraVolumeMounts: []

791

# Mount additional volumes into workers pods. It can be templated like in the following example:

792

# extraVolumes:

793

# - name: my-templated-extra-volume

794

# secret:

795

# secretName: '{{ include "my_secret_template" . }}'

796

# defaultMode: 0640

797

# optional: true

798

799

# extraVolumeMounts:

800

# - name: my-templated-extra-volume

801

# mountPath: "{{ .Values.my_custom_path }}"

802

# readOnly: true

803

804

# Expose additional ports of Airflow Celery workers. These can be used for additional metric collection.

805

extraPorts: []

806

# Select certain nodes for Airflow Celery worker pods and pods created with pod-template-file

807

nodeSelector: {}

808

runtimeClassName: ~

809

priorityClassName: ~

810

affinity: {}

811

# Default Airflow Celery worker affinity is:

812

# podAntiAffinity:

813

# preferredDuringSchedulingIgnoredDuringExecution:

814

# - podAffinityTerm:

815

# labelSelector:

816

# matchLabels:

817

# component: worker

818

# topologyKey: kubernetes.io/hostname

819

# weight: 100

820

tolerations: []

821

topologySpreadConstraints: []

822

# hostAliases to use in Airflow Celery worker pods and pods created with pod-template-file

823

# See:

824

# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

825

hostAliases: []

826

# - ip: "127.0.0.2"

827

# hostnames:

828

# - "test.hostname.one"

829

# - ip: "127.0.0.3"

830

# hostnames:

831

# - "test.hostname.two"

832

833

# Annotations for the Airflow Celery worker resource

834

annotations: {}

835

# Pod annotations for the Airflow Celery workers and pods created with pod-template-file

836

podAnnotations: {}

837

# Labels specific to Airflow Celery workers objects and pods created with pod-template-file

838

labels: {}

839

# Log groomer configuration for Airflow Celery workers

840

logGroomerSidecar:

841

# Whether to deploy the Airflow Celery worker log groomer sidecar

842

enabled: true

843

# Command to use when running the Airflow Celery worker log groomer sidecar (templated)

844

command: ~

845

# Args to use when running the Airflow Celery worker log groomer sidecar (templated)

846

args: ["bash", "/clean-logs"]

847

# Number of days to retain logs

848

retentionDays: 15

849

# Frequency to attempt to groom logs (in minutes)

850

frequencyMinutes: 15

851

resources: {}

852

# limits:

853

# cpu: 100m

854

# memory: 128Mi

855

# requests:

856

# cpu: 100m

857

# memory: 128Mi

858

859

# Detailed default security context for logGroomerSidecar for container level

860

securityContexts:

861

container: {}

862

env: []

863

# Configuration of wait-for-airflow-migration init container for Airflow Celery workers

864

waitForMigrations:

865

# Whether to create init container to wait for db migrations

866

enabled: true

867

env: []

868

# Detailed default security context for wait-for-airflow-migrations container

869

securityContexts:

870

container: {}

871

# Additional env variable configuration for Airflow Celery workers and pods created with pod-template-file

872

env: []

873

# Additional volume claim templates for Airflow Celery workers

874

volumeClaimTemplates: []

875

# Comment out the above and uncomment the section below to enable it.

876

# Make sure to mount it under extraVolumeMounts.

877

# volumeClaimTemplates:

878

# - metadata:

879

# name: data-volume-1

880

# spec:

881

# storageClassName: "storage-class-1"

882

# accessModes:

883

# - "ReadWriteOnce"

884

# resources:

885

# requests:

886

# storage: "10Gi"

887

# - metadata:

888

# name: data-volume-2

889

# spec:

890

# storageClassName: "storage-class-2"

891

# accessModes:

892

# - "ReadWriteOnce"

893

# resources:

894

# requests:

895

# storage: "20Gi"

896

897

celery:

898

# Number of Airflow Celery workers

899

replicas: ~

900

# Max number of old Airflow Celery workers ReplicaSets to retain

901

revisionHistoryLimit: ~

902

# Command to use when running Airflow Celery workers (templated)

903

command: ~

904

# Args to use when running Airflow Celery workers (templated)

905

args: ~

906

# If the Airflow Celery worker stops responding for 5 minutes (5*60s)

907

# kill the worker and let Kubernetes restart it

908

livenessProbe:

909

enabled: ~

910

initialDelaySeconds: ~

911

timeoutSeconds: ~

912

failureThreshold: ~

913

periodSeconds: ~

914

command: ~

915

# Enable the default workers defined by the root `workers` and `workers.celery`

916

# configurations to be created.

917

# If false, only dedicated workers defined in 'sets' will be created.

918

enableDefault: true

919

# Queue name for the default workers

920

queue: "default"

921

# List of worker sets. Each item can overwrite values from the parent `workers` and `workers.celery`

922

# section.

923

sets: []

924

# sets:

925

# - name: highcpu

926

# replicas: 2

927

# queue: "highcpu"

928

# resources:

929

# requests:

930

# memory: "2Gi"

931

# cpu: "4000m"

932

# limits:

933

# memory: "4Gi"

934

# cpu: "8000m"

935

# - name: highmem

936

# replicas: 2

937

# queue: "highmem"

938

# resources:

939

# requests:

940

# memory: "4Gi"

941

# cpu: "2000m"

942

# limits:

943

# memory: "8Gi"

944

# cpu: "4000m"

945

946

# Update Strategy when Airflow Celery worker is deployed as a StatefulSet

947

updateStrategy: ~

948

# Update Strategy when Airflow Celery worker is deployed as a Deployment

949

strategy: ~

950

# Allow relaxing ordering guarantees for Airflow Celery worker

951

# while preserving its uniqueness and identity

952

# podManagementPolicy: Parallel

953

954

# Detailed default security context for Airflow Celery workers for container and pod level

955

# If not set, the values from `workers.securityContexts` section will be used.

956

securityContexts:

957

pod: {}

958

container: {}

959

# Persistence volume configuration for Airflow Celery workers

960

persistence:

961

# Enable persistent volumes

962

enabled: ~

963

# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed

964

persistentVolumeClaimRetentionPolicy: ~

965

# persistentVolumeClaimRetentionPolicy:

966

# whenDeleted: Delete

967

# whenScaled: Delete

968

969

# Volume size for Airflow Celery worker StatefulSet

970

size: ~

971

# If using a custom storageClass, pass name ref to all StatefulSets here

972

storageClassName:

973

# Execute init container to chown log directory.

974

# This is currently only needed in kind, due to usage

975

# of local-path provisioner.

976

fixPermissions: ~

977

# Annotations to add to Airflow Celery worker volumes

978

annotations: {}

979

# Detailed default security context for persistence on container level

980

securityContexts:

981

container: {}

982

# Kerberos init container configuration for Airflow Celery workers

983

# If not set, the values from `workers.kubernetesInitContainer` section will be used.

984

kerberosInitContainer:

985

# Enable kerberos init container

986

# If workers.kerberosInitContainer.enabled is set to True, this flag has no effect

987

enabled: ~

988

resources: {}

989

# limits:

990

# cpu: 100m

991

# memory: 128Mi

992

# requests:

993

# cpu: 100m

994

# memory: 128Mi

995

996

# Detailed default security context for kerberos init container

997

securityContexts:

998

container: {}

999

# Container level lifecycle hooks

1000

containerLifecycleHooks: {}

1001

kubernetes:

1002

# Command to use in pod-template-file (templated)

1003

command: ~

1004

# Detailed default security context for pod-template-file for container and pod level

1005

# If not set, the values from `workers.securityContexts` section will be used.

1006

securityContexts:

1007

pod: {}

1008

container: {}

1009

# Kerberos init container configuration for pods created with pod-template-file

1010

# If not set, the values from `workers.kubernetesInitContainer` section will be used.

1011

kerberosInitContainer:

1012

# Enable kerberos init container

1013

# If workers.kerberosInitContainer.enabled is set to True, this flag has no effect

1014

enabled: ~

1015

resources: {}

1016

# limits:

1017

# cpu: 100m

1018

# memory: 128Mi

1019

# requests:

1020

# cpu: 100m

1021

# memory: 128Mi

1022

1023

# Detailed default security context for kerberos init container

1024

securityContexts:

1025

container: {}

1026

# Container level lifecycle hooks

1027

containerLifecycleHooks: {}

1028

# Airflow scheduler settings

1029

scheduler:

1030

enabled: true

1031

# hostAliases for the scheduler pod

1032

hostAliases: []

1033

# - ip: "127.0.0.1"

1034

# hostnames:

1035

# - "foo.local"

1036

# - ip: "10.1.2.3"

1037

# hostnames:

1038

# - "foo.remote"

1039

1040

# If the scheduler stops heartbeating for 5 minutes (5*60s) kill the

1041

# scheduler and let Kubernetes restart it

1042

livenessProbe:

1043

initialDelaySeconds: 10

1044

timeoutSeconds: 20

1045

failureThreshold: 5

1046

periodSeconds: 60

1047

command: ~

1048

# Wait for at most 1 minute (6*10s) for the scheduler container to startup.

1049

# livenessProbe kicks in after the first successful startupProbe

1050

startupProbe:

1051

initialDelaySeconds: 0

1052

failureThreshold: 6

1053

periodSeconds: 10

1054

timeoutSeconds: 20

1055

command: ~

1056

# Airflow 2.0 allows users to run multiple schedulers,

1057

# However this feature is only recommended for MySQL 8+ and Postgres

1058

replicas: 1

1059

# Max number of old replicasets to retain

1060

revisionHistoryLimit: ~

1061

# Command to use when running the Airflow scheduler (templated).

1062

command: ~

1063

# Args to use when running the Airflow scheduler (templated).

1064

args: ["bash", "-c", "exec airflow scheduler"]

1065

# Update Strategy when scheduler is deployed as a StatefulSet

1066

# (when using LocalExecutor and workers.persistence)

1067

updateStrategy: ~

1068

# Update Strategy when scheduler is deployed as a Deployment

1069

# (when not using LocalExecutor and workers.persistence)

1070

strategy: ~

1071

# When not set, the values defined in the global securityContext will be used

1072

# (deprecated, use `securityContexts` instead)

1073

securityContext: {}

1074

# runAsUser: 50000

1075

# fsGroup: 0

1076

# runAsGroup: 0

1077

1078

# Detailed default security context for scheduler deployments for container and pod level

1079

securityContexts:

1080

pod: {}

1081

container: {}

1082

# container level lifecycle hooks

1083

containerLifecycleHooks: {}

1084

# Grace period for tasks to finish after SIGTERM is sent from kubernetes

1085

terminationGracePeriodSeconds: 10

1086

# Create ServiceAccount

1087

serviceAccount:

1088

# affects all executors that launch pods, default value is true

1089

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1090

automountServiceAccountToken: true

1091

# Specifies whether a ServiceAccount should be created

1092

create: true

1093

# The name of the ServiceAccount to use.

1094

# If not set and create is true, a name is generated using the release name

1095

1096

# Annotations to add to scheduler kubernetes service account.

1097

annotations: {}

1098

# Service Account Token Volume configuration

1099

# This is only used when automountServiceAccountToken is false

1100

# and allows manual configuration of the service account token volume

1101

serviceAccountTokenVolume:

1102

# Enable manual service account token volume configuration

1103

enabled: false

1104

# Path where the service account token should be mounted

1105

mountPath: /var/run/secrets/kubernetes.io/serviceaccount

1106

# Name of the volume

1107

volumeName: kube-api-access

1108

# Token expiration in seconds (default: 1 hour)

1109

expirationSeconds: 3600

1110

# Audience for the token

1111

audience: ~

1112

# Scheduler pod disruption budget

1113

podDisruptionBudget:

1114

enabled: false

1115

# PDB configuration

1116

config:

1117

# minAvailable and maxUnavailable are mutually exclusive

1118

maxUnavailable: 1

1119

# minAvailable: 1

1120

resources: {}

1121

# limits:

1122

# cpu: 100m

1123

# memory: 128Mi

1124

# requests:

1125

# cpu: 100m

1126

# memory: 128Mi

1127

1128

# This setting tells kubernetes that its ok to evict

1129

# when it wants to scale a node down.

1130

safeToEvict: true

1131

# Launch additional containers into scheduler (templated).

1132

extraContainers: []

1133

# Add additional init containers into scheduler (templated).

1134

extraInitContainers: []

1135

# Mount additional volumes into scheduler. It can be templated like in the following example:

1136

# extraVolumes:

1137

# - name: my-templated-extra-volume

1138

# secret:

1139

# secretName: '{{ include "my_secret_template" . }}'

1140

# defaultMode: 0640

1141

# optional: true

1142

1143

# extraVolumeMounts:

1144

# - name: my-templated-extra-volume

1145

# mountPath: "{{ .Values.my_custom_path }}"

1146

# readOnly: true

1147

extraVolumes: []

1148

extraVolumeMounts: []

1149

# Select certain nodes for airflow scheduler pods.

1150

nodeSelector: {}

1151

affinity: {}

1152

# default scheduler affinity is:

1153

# podAntiAffinity:

1154

# preferredDuringSchedulingIgnoredDuringExecution:

1155

# - podAffinityTerm:

1156

# labelSelector:

1157

# matchLabels:

1158

# component: scheduler

1159

# topologyKey: kubernetes.io/hostname

1160

# weight: 100

1161

tolerations: []

1162

topologySpreadConstraints: []

1163

priorityClassName: ~

1164

# annotations for scheduler deployment

1165

annotations: {}

1166

podAnnotations: {}

1167

# Labels specific to scheduler objects and pods

1168

labels: {}

1169

logGroomerSidecar:

1170

# Whether to deploy the Airflow scheduler log groomer sidecar.

1171

enabled: true

1172

# Command to use when running the Airflow scheduler log groomer sidecar (templated).

1173

command: ~

1174

# Args to use when running the Airflow scheduler log groomer sidecar (templated).

1175

args: ["bash", "/clean-logs"]

1176

# Number of days to retain logs

1177

retentionDays: 15

1178

# frequency to attempt to groom logs, in minutes

1179

frequencyMinutes: 15

1180

resources: {}

1181

# limits:

1182

# cpu: 100m

1183

# memory: 128Mi

1184

# requests:

1185

# cpu: 100m

1186

# memory: 128Mi

1187

# Detailed default security context for logGroomerSidecar for container level

1188

securityContexts:

1189

container: {}

1190

# container level lifecycle hooks

1191

containerLifecycleHooks: {}

1192

env: []

1193

waitForMigrations:

1194

# Whether to create init container to wait for db migrations

1195

enabled: true

1196

env: []

1197

# Detailed default security context for waitForMigrations for container level

1198

securityContexts:

1199

container: {}

1200

env: []

1201

# Airflow create user job settings

1202

createUserJob:

1203

# Whether the create user job should be created

1204

enabled: true

1205

# Create initial user.

1206

defaultUser:

1207

role: Admin

1208

username: admin

1209

email: admin@example.com

1210

firstName: admin

1211

lastName: user

1212

password: admin

1213

# Limit the lifetime of the job object after it finished execution.

1214

ttlSecondsAfterFinished: 300

1215

# Command to use when running the create user job (templated).

1216

command: ~

1217

# Args to use when running the create user job (templated).

1218

args:

1219

- "bash"

1220

- "-c"

1221

# The format below is necessary to get `helm lint` happy

1222

- |-

1223

exec \

1224

airflow {{ semverCompare ">=2.0.0" .Values.airflowVersion | ternary "users create" "create_user" }} "$@"

1225

- --

1226

# yamllint disable rule:line-length

1227

- "-r"

1228

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.role }}{{ else }}{{ .Values.createUserJob.defaultUser.role }}{{ end }}"

1229

- "-u"

1230

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.username }}{{ else }}{{ .Values.createUserJob.defaultUser.username }}{{ end }}"

1231

- "-e"

1232

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.email }}{{ else }}{{ .Values.createUserJob.defaultUser.email }}{{ end }}"

1233

- "-f"

1234

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.firstName }}{{ else }}{{ .Values.createUserJob.defaultUser.firstName }}{{ end }}"

1235

- "-l"

1236

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.lastName }}{{ else }}{{ .Values.createUserJob.defaultUser.lastName }}{{ end }}"

1237

- "-p"

1238

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.password }}{{ else }}{{ .Values.createUserJob.defaultUser.password }}{{ end }}"

1239

# Annotations on the create user job pod

1240

annotations: {}

1241

# jobAnnotations are annotations on the create user job

1242

jobAnnotations: {}

1243

restartPolicy: OnFailure

1244

# Labels specific to createUserJob objects and pods

1245

labels: {}

1246

# When not set, the values defined in the global securityContext will be used

1247

securityContext: {}

1248

# runAsUser: 50000

1249

# fsGroup: 0

1250

# runAsGroup: 0

1251

1252

# Detailed default security context for createUserJob for container and pod level

1253

securityContexts:

1254

pod: {}

1255

container: {}

1256

# container level lifecycle hooks

1257

containerLifecycleHooks: {}

1258

# Create ServiceAccount

1259

serviceAccount:

1260

# default value is true

1261

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1262

automountServiceAccountToken: true

1263

# Specifies whether a ServiceAccount should be created

1264

create: true

1265

# The name of the ServiceAccount to use.

1266

# If not set and create is true, a name is generated using the release name

1267

1268

# Annotations to add to create user kubernetes service account.

1269

annotations: {}

1270

# Launch additional containers into user creation job

1271

extraContainers: []

1272

# Add additional init containers into user creation job (templated).

1273

extraInitContainers: []

1274

# Mount additional volumes into user creation job. It can be templated like in the following example:

1275

# extraVolumes:

1276

# - name: my-templated-extra-volume

1277

# secret:

1278

# secretName: '{{ include "my_secret_template" . }}'

1279

# defaultMode: 0640

1280

# optional: true

1281

1282

# extraVolumeMounts:

1283

# - name: my-templated-extra-volume

1284

# mountPath: "{{ .Values.my_custom_path }}"

1285

# readOnly: true

1286

extraVolumes: []

1287

extraVolumeMounts: []

1288

nodeSelector: {}

1289

affinity: {}

1290

tolerations: []

1291

topologySpreadConstraints: []

1292

priorityClassName: ~

1293

# In case you need to disable the helm hooks that create the jobs after install.

1294

# Disable this if you are using ArgoCD for example

1295

useHelmHooks: true

1296

applyCustomEnv: true

1297

env: []

1298

resources: {}

1299

# limits:

1300

# cpu: 100m

1301

# memory: 128Mi

1302

# requests:

1303

# cpu: 100m

1304

# memory: 128Mi

1305

# Airflow database migration job settings

1306

migrateDatabaseJob:

1307

enabled: true

1308

# Limit the lifetime of the job object after it finished execution.

1309

ttlSecondsAfterFinished: 300

1310

# Command to use when running the migrate database job (templated).

1311

command: ~

1312

# Args to use when running the migrate database job (templated).

1313

args:

1314

- "bash"

1315

- "-c"

1316

- >-

1317

exec \

1318

1319

airflow {{ semverCompare ">=2.7.0" .Values.airflowVersion | ternary "db migrate" (semverCompare ">=2.0.0" .Values.airflowVersion | ternary "db upgrade" "upgradedb") }}

1320

# Annotations on the database migration pod

1321

annotations: {}

1322

# jobAnnotations are annotations on the database migration job

1323

jobAnnotations: {}

1324

restartPolicy: OnFailure

1325

# Labels specific to migrate database job objects and pods

1326

labels: {}

1327

# When not set, the values defined in the global securityContext will be used

1328

securityContext: {}

1329

# runAsUser: 50000

1330

# fsGroup: 0

1331

# runAsGroup: 0

1332

1333

# Detailed default security context for migrateDatabaseJob for container and pod level

1334

securityContexts:

1335

pod: {}

1336

container: {}

1337

# container level lifecycle hooks

1338

containerLifecycleHooks: {}

1339

# Create ServiceAccount

1340

serviceAccount:

1341

# default value is true

1342

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1343

automountServiceAccountToken: true

1344

# Specifies whether a ServiceAccount should be created

1345

create: true

1346

# The name of the ServiceAccount to use.

1347

# If not set and create is true, a name is generated using the release name

1348

1349

# Annotations to add to migrate database job kubernetes service account.

1350

annotations: {}

1351

resources: {}

1352

# limits:

1353

# cpu: 100m

1354

# memory: 128Mi

1355

# requests:

1356

# cpu: 100m

1357

# memory: 128Mi

1358

1359

# Launch additional containers into database migration job

1360

extraContainers: []

1361

# Add additional init containers into migrate database job (templated).

1362

extraInitContainers: []

1363

# Mount additional volumes into database migration job. It can be templated like in the following example:

1364

# extraVolumes:

1365

# - name: my-templated-extra-volume

1366

# secret:

1367

# secretName: '{{ include "my_secret_template" . }}'

1368

# defaultMode: 0640

1369

# optional: true

1370

1371

# extraVolumeMounts:

1372

# - name: my-templated-extra-volume

1373

# mountPath: "{{ .Values.my_custom_path }}"

1374

# readOnly: true

1375

extraVolumes: []

1376

extraVolumeMounts: []

1377

nodeSelector: {}

1378

affinity: {}

1379

tolerations: []

1380

topologySpreadConstraints: []

1381

priorityClassName: ~

1382

# In case you need to disable the helm hooks that create the jobs after install.

1383

# Disable this if you are using ArgoCD for example

1384

useHelmHooks: true

1385

applyCustomEnv: true

1386

env: []

1387

apiServer:

1388

enabled: true

1389

# Number of Airflow API servers in the deployment

1390

# This setting is ignored when HPA (Horizontal Pod Autoscaler) is enabled,

1391

# as HPA will automatically manage the number of replicas based on the configured metrics.

1392

replicas: 1

1393

# Max number of old replicasets to retain

1394

revisionHistoryLimit: ~

1395

# Labels specific to Airflow API server objects and pods

1396

labels: {}

1397

# Command to use when running the Airflow API server (templated).

1398

command: ~

1399

# Args to use when running the Airflow API server (templated).

1400

# Example: To enable proxy headers support when running behind a reverse proxy:

1401

# args: ["bash", "-c", "exec airflow api-server --proxy-headers"]

1402

args: ["bash", "-c", "exec airflow api-server"]

1403

allowPodLogReading: true

1404

# Environment variables for the Airflow API server.

1405

# Example: To configure FORWARDED_ALLOW_IPS when running behind a reverse proxy:

1406

# env:

1407

# - name: FORWARDED_ALLOW_IPS

1408

# value: "*" # Use "*" for trusted environments, or specify proxy IP ranges for production

1409

env: []

1410

# Allow Horizontal Pod Autoscaler (HPA) configuration for apiServer. (optional)

1411

# HPA automatically scales the number of apiServer pods based on observed metrics.

1412

# HPA automatically adjusts apiServer replicas between minReplicaCount and maxReplicaCount based on metrics.

1413

hpa:

1414

enabled: false

1415

# Minimum number of api-servers created by HPA

1416

minReplicaCount: 1

1417

# Maximum number of api-servers created by HPA

1418

maxReplicaCount: 5

1419

# Specifications for which to use to calculate the desired replica count

1420

metrics:

1421

- type: Resource

1422

resource:

1423

1424

target:

1425

type: Utilization

1426

averageUtilization: 50

1427

# Scaling behavior of the target in both Up and Down directions

1428

behavior: {}

1429

serviceAccount:

1430

# default value is true

1431

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1432

automountServiceAccountToken: true

1433

# Specifies whether a ServiceAccount should be created

1434

create: true

1435

# The name of the ServiceAccount to use.

1436

# If not set and create is true, a name is generated using the release name

1437

1438

# Annotations to add to Airflow API server kubernetes service account.

1439

annotations: {}

1440

service:

1441

type: ClusterIP

1442

## service annotations

1443

annotations: {}

1444

ports:

1445

- name: api-server

1446

port: "{{ .Values.ports.apiServer }}"

1447

loadBalancerIP: ~

1448

## Limit load balancer source ips to list of CIDRs

1449

# loadBalancerSourceRanges:

1450

# - "10.123.0.0/16"

1451

loadBalancerSourceRanges: []

1452

podDisruptionBudget:

1453

enabled: false

1454

# PDB configuration

1455

config:

1456

# minAvailable and maxUnavailable are mutually exclusive

1457

maxUnavailable: 1

1458

# minAvailable: 1

1459

# Allow overriding Update Strategy for API server

1460

strategy: ~

1461

# Detailed default security contexts for Airflow API server deployments for container and pod level

1462

securityContexts:

1463

pod: {}

1464

container: {}

1465

# container level lifecycle hooks

1466

containerLifecycleHooks: {}

1467

waitForMigrations:

1468

# Whether to create init container to wait for db migrations

1469

enabled: true

1470

env: []

1471

# Detailed default security context for waitForMigrations for container level

1472

securityContexts:

1473

container: {}

1474

# Launch additional containers into the Airflow API server pods.

1475

extraContainers: []

1476

# Add additional init containers into API server (templated).

1477

extraInitContainers: []

1478

# Mount additional volumes into API server. It can be templated like in the following example:

1479

# extraVolumes:

1480

# - name: my-templated-extra-volume

1481

# secret:

1482

# secretName: '{{ include "my_secret_template" . }}'

1483

# defaultMode: 0640

1484

# optional: true

1485

1486

# extraVolumeMounts:

1487

# - name: my-templated-extra-volume

1488

# mountPath: "{{ .Values.my_custom_path }}"

1489

# readOnly: true

1490

extraVolumes: []

1491

extraVolumeMounts: []

1492

# Select certain nodes for Airflow API server pods.

1493

nodeSelector: {}

1494

affinity: {}

1495

tolerations: []

1496

topologySpreadConstraints: []

1497

priorityClassName: ~

1498

# hostAliases for API server pod

1499

hostAliases: []

1500

# annotations for Airflow API server deployment

1501

annotations: {}

1502

podAnnotations: {}

1503

networkPolicy:

1504

ingress:

1505

# Peers for Airflow API server NetworkPolicy ingress

1506

from: []

1507

# Ports for Airflow API server NetworkPolicy ingress (if `from` is set)

1508

ports:

1509

- port: "{{ .Values.ports.apiServer }}"

1510

resources: {}

1511

# limits:

1512

# cpu: 100m

1513

# memory: 128Mi

1514

# requests:

1515

# cpu: 100m

1516

# memory: 128Mi

1517

1518

# Add custom annotations to the apiServer configmap

1519

configMapAnnotations: {}

1520

# This string (templated) will be mounted into the Airflow API Server

1521

# as a custom webserver_config.py. You can bake a webserver_config.py in to

1522

# your image instead or specify a configmap containing the

1523

# webserver_config.py.

1524

apiServerConfig: ~

1525

# apiServerConfig: |

1526

# from airflow import configuration as conf

1527

1528

# # The SQLAlchemy connection string.

1529

# SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')

1530

1531

# # Flask-WTF flag for CSRF

1532

# CSRF_ENABLED = True

1533

apiServerConfigConfigMapName: ~

1534

livenessProbe:

1535

initialDelaySeconds: 15

1536

timeoutSeconds: 5

1537

failureThreshold: 5

1538

periodSeconds: 10

1539

scheme: HTTP

1540

readinessProbe:

1541

initialDelaySeconds: 15

1542

timeoutSeconds: 5

1543

failureThreshold: 5

1544

periodSeconds: 10

1545

scheme: HTTP

1546

startupProbe:

1547

initialDelaySeconds: 0

1548

timeoutSeconds: 20

1549

failureThreshold: 6

1550

periodSeconds: 10

1551

scheme: HTTP

1552

# Airflow webserver settings

1553

webserver:

1554

enabled: true

1555

# Add custom annotations to the webserver configmap

1556

configMapAnnotations: {}

1557

# hostAliases for the webserver pod

1558

hostAliases: []

1559

# - ip: "127.0.0.1"

1560

# hostnames:

1561

# - "foo.local"

1562

# - ip: "10.1.2.3"

1563

# hostnames:

1564

# - "foo.remote"

1565

allowPodLogReading: true

1566

livenessProbe:

1567

initialDelaySeconds: 15

1568

timeoutSeconds: 5

1569

failureThreshold: 5

1570

periodSeconds: 10

1571

scheme: HTTP

1572

readinessProbe:

1573

initialDelaySeconds: 15

1574

timeoutSeconds: 5

1575

failureThreshold: 5

1576

periodSeconds: 10

1577

scheme: HTTP

1578

# Wait for at most 1 minute (6*10s) for the webserver container to startup.

1579

# livenessProbe kicks in after the first successful startupProbe

1580

startupProbe:

1581

initialDelaySeconds: 0

1582

timeoutSeconds: 20

1583

failureThreshold: 6

1584

periodSeconds: 10

1585

scheme: HTTP

1586

# Number of webservers

1587

replicas: 1

1588

# Max number of old replicasets to retain

1589

revisionHistoryLimit: ~

1590

# Command to use when running the Airflow webserver (templated).

1591

command: ~

1592

# Args to use when running the Airflow webserver (templated).

1593

args: ["bash", "-c", "exec airflow webserver"]

1594

# Grace period for webserver to finish after SIGTERM is sent from kubernetes

1595

terminationGracePeriodSeconds: 30

1596

# Allow HPA

1597

hpa:

1598

enabled: false

1599

# Minimum number of webservers created by HPA

1600

minReplicaCount: 1

1601

# Maximum number of webservers created by HPA

1602

maxReplicaCount: 5

1603

# Specifications for which to use to calculate the desired replica count

1604

metrics:

1605

- type: Resource

1606

resource:

1607

1608

target:

1609

type: Utilization

1610

averageUtilization: 80

1611

# Scaling behavior of the target in both Up and Down directions

1612

behavior: {}

1613

# Create ServiceAccount

1614

serviceAccount:

1615

# default value is true

1616

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1617

automountServiceAccountToken: true

1618

# Specifies whether a ServiceAccount should be created

1619

create: true

1620

# The name of the ServiceAccount to use.

1621

# If not set and create is true, a name is generated using the release name

1622

1623

# Annotations to add to webserver kubernetes service account.

1624

annotations: {}

1625

# Webserver pod disruption budget

1626

podDisruptionBudget:

1627

enabled: false

1628

# PDB configuration

1629

config:

1630

# minAvailable and maxUnavailable are mutually exclusive

1631

maxUnavailable: 1

1632

# minAvailable: 1

1633

# Allow overriding Update Strategy for Webserver

1634

strategy: ~

1635

# When not set, the values defined in the global securityContext will be used

1636

# (deprecated, use `securityContexts` instead)

1637

securityContext: {}

1638

# runAsUser: 50000

1639

# fsGroup: 0

1640

# runAsGroup: 0

1641

1642

# Detailed default security contexts for webserver deployments for container and pod level

1643

securityContexts:

1644

pod: {}

1645

container: {}

1646

# container level lifecycle hooks

1647

containerLifecycleHooks: {}

1648

# Additional network policies as needed (Deprecated - renamed to `webserver.networkPolicy.ingress.from`)

1649

extraNetworkPolicies: []

1650

networkPolicy:

1651

ingress:

1652

# Peers for webserver NetworkPolicy ingress

1653

from: []

1654

# Ports for webserver NetworkPolicy ingress (if `from` is set)

1655

ports:

1656

- port: "{{ .Values.ports.airflowUI }}"

1657

resources: {}

1658

# limits:

1659

# cpu: 100m

1660

# memory: 128Mi

1661

# requests:

1662

# cpu: 100m

1663

# memory: 128Mi

1664

1665

# Create initial user. (Note: Deprecated, use createUserJob section instead)

1666

# defaultUser:

1667

# enabled: true

1668

# role: Admin

1669

# username: admin

1670

# email: admin@example.com

1671

# firstName: admin

1672

# lastName: user

1673

# password: admin

1674

1675

# Launch additional containers into webserver (templated).

1676

extraContainers: []

1677

# Add additional init containers into webserver (templated).

1678

extraInitContainers: []

1679

# Mount additional volumes into webserver. It can be templated like in the following example:

1680

# extraVolumes:

1681

# - name: my-templated-extra-volume

1682

# secret:

1683

# secretName: '{{ include "my_secret_template" . }}'

1684

# defaultMode: 0640

1685

# optional: true

1686

1687

# extraVolumeMounts:

1688

# - name: my-templated-extra-volume

1689

# mountPath: "{{ .Values.my_custom_path }}"

1690

# readOnly: true

1691

extraVolumes: []

1692

extraVolumeMounts: []

1693

# This string (templated) will be mounted into the Airflow Webserver

1694

# as a custom webserver_config.py. You can bake a webserver_config.py in to

1695

# your image instead or specify a configmap containing the

1696

# webserver_config.py.

1697

webserverConfig: ~

1698

# webserverConfig: |

1699

# from airflow import configuration as conf

1700

1701

# # The SQLAlchemy connection string.

1702

# SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')

1703

1704

# # Flask-WTF flag for CSRF

1705

# CSRF_ENABLED = True

1706

webserverConfigConfigMapName: ~

1707

service:

1708

type: ClusterIP

1709

## service annotations

1710

annotations: {}

1711

ports:

1712

- name: airflow-ui

1713

port: "{{ .Values.ports.airflowUI }}"

1714

# To change the port used to access the webserver:

1715

# ports:

1716

# - name: airflow-ui

1717

# port: 80

1718

# targetPort: airflow-ui

1719

# To only expose a sidecar, not the webserver directly:

1720

# ports:

1721

# - name: only_sidecar

1722

# port: 80

1723

# targetPort: 8888

1724

# If you have a public IP, set NodePort to set an external port.

1725

# Service type must be 'NodePort':

1726

# ports:

1727

# - name: airflow-ui

1728

# port: 8080

1729

# targetPort: 8080

1730

# nodePort: 31151

1731

loadBalancerIP: ~

1732

## Limit load balancer source ips to list of CIDRs

1733

# loadBalancerSourceRanges:

1734

# - "10.123.0.0/16"

1735

loadBalancerSourceRanges: []

1736

# Select certain nodes for airflow webserver pods.

1737

nodeSelector: {}

1738

priorityClassName: ~

1739

affinity: {}

1740

# default webserver affinity is:

1741

# podAntiAffinity:

1742

# preferredDuringSchedulingIgnoredDuringExecution:

1743

# - podAffinityTerm:

1744

# labelSelector:

1745

# matchLabels:

1746

# component: webserver

1747

# topologyKey: kubernetes.io/hostname

1748

# weight: 100

1749

tolerations: []

1750

topologySpreadConstraints: []

1751

# annotations for webserver deployment

1752

annotations: {}

1753

podAnnotations: {}

1754

# Labels specific webserver app

1755

labels: {}

1756

waitForMigrations:

1757

# Whether to create init container to wait for db migrations

1758

enabled: true

1759

env: []

1760

# Detailed default security context for waitForMigrations for container level

1761

securityContexts:

1762

container: {}

1763

env: []

1764

# Airflow Triggerer Config

1765

triggerer:

1766

enabled: true

1767

# Number of airflow triggerers in the deployment

1768

replicas: 1

1769

# Max number of old replicasets to retain

1770

revisionHistoryLimit: ~

1771

# Command to use when running Airflow triggerers (templated).

1772

command: ~

1773

# Args to use when running Airflow triggerer (templated).

1774

args: ["bash", "-c", "exec airflow triggerer"]

1775

# Update Strategy when triggerer is deployed as a StatefulSet

1776

updateStrategy: ~

1777

# Update Strategy when triggerer is deployed as a Deployment

1778

strategy:

1779

rollingUpdate:

1780

maxSurge: "100%"

1781

maxUnavailable: "50%"

1782

# If the triggerer stops heartbeating for 5 minutes (5*60s) kill the

1783

# triggerer and let Kubernetes restart it

1784

livenessProbe:

1785

initialDelaySeconds: 10

1786

timeoutSeconds: 20

1787

failureThreshold: 5

1788

periodSeconds: 60

1789

command: ~

1790

# Create ServiceAccount

1791

serviceAccount:

1792

# default value is true

1793

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1794

automountServiceAccountToken: true

1795

# Specifies whether a ServiceAccount should be created

1796

create: true

1797

# The name of the ServiceAccount to use.

1798

# If not set and create is true, a name is generated using the release name

1799

1800

# Annotations to add to triggerer kubernetes service account.

1801

annotations: {}

1802

# When not set, the values defined in the global securityContext will be used

1803

securityContext: {}

1804

# runAsUser: 50000

1805

# fsGroup: 0

1806

# runAsGroup: 0

1807

1808

# Detailed default security context for triggerer for container and pod level

1809

securityContexts:

1810

pod: {}

1811

container: {}

1812

# container level lifecycle hooks

1813

containerLifecycleHooks: {}

1814

persistence:

1815

# Enable persistent volumes

1816

enabled: true

1817

# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed.

1818

persistentVolumeClaimRetentionPolicy: ~

1819

# Volume size for triggerer StatefulSet

1820

size: 100Gi

1821

# If using a custom storageClass, pass name ref to all statefulSets here

1822

storageClassName:

1823

# Execute init container to chown log directory.

1824

# This is currently only needed in kind, due to usage

1825

# of local-path provisioner.

1826

fixPermissions: false

1827

# Annotations to add to triggerer volumes

1828

annotations: {}

1829

# Triggerer pod disruption budget

1830

podDisruptionBudget:

1831

enabled: false

1832

# PDB configuration

1833

config:

1834

# minAvailable and maxUnavailable are mutually exclusive

1835

maxUnavailable: 1

1836

# minAvailable: 1

1837

resources: {}

1838

# limits:

1839

# cpu: 100m

1840

# memory: 128Mi

1841

# requests:

1842

# cpu: 100m

1843

# memory: 128Mi

1844

1845

# Grace period for triggerer to finish after SIGTERM is sent from kubernetes

1846

terminationGracePeriodSeconds: 60

1847

# This setting tells kubernetes that its ok to evict

1848

# when it wants to scale a node down.

1849

safeToEvict: true

1850

# Launch additional containers into triggerer (templated).

1851

extraContainers: []

1852

# Add additional init containers into triggerers (templated).

1853

extraInitContainers: []

1854

# Mount additional volumes into triggerer. It can be templated like in the following example:

1855

# extraVolumes:

1856

# - name: my-templated-extra-volume

1857

# secret:

1858

# secretName: '{{ include "my_secret_template" . }}'

1859

# defaultMode: 0640

1860

# optional: true

1861

1862

# extraVolumeMounts:

1863

# - name: my-templated-extra-volume

1864

# mountPath: "{{ .Values.my_custom_path }}"

1865

# readOnly: true

1866

extraVolumes: []

1867

extraVolumeMounts: []

1868

# Select certain nodes for airflow triggerer pods.

1869

nodeSelector: {}

1870

affinity: {}

1871

# default triggerer affinity is:

1872

# podAntiAffinity:

1873

# preferredDuringSchedulingIgnoredDuringExecution:

1874

# - podAffinityTerm:

1875

# labelSelector:

1876

# matchLabels:

1877

# component: triggerer

1878

# topologyKey: kubernetes.io/hostname

1879

# weight: 100

1880

tolerations: []

1881

topologySpreadConstraints: []

1882

# hostAliases for the triggerer pod

1883

hostAliases: []

1884

# - ip: "127.0.0.1"

1885

# hostnames:

1886

# - "foo.local"

1887

# - ip: "10.1.2.3"

1888

# hostnames:

1889

# - "foo.remote"

1890

1891

priorityClassName: ~

1892

# annotations for the triggerer deployment

1893

annotations: {}

1894

podAnnotations: {}

1895

# Labels specific to triggerer objects and pods

1896

labels: {}

1897

logGroomerSidecar:

1898

# Whether to deploy the Airflow triggerer log groomer sidecar.

1899

enabled: true

1900

# Command to use when running the Airflow triggerer log groomer sidecar (templated).

1901

command: ~

1902

# Args to use when running the Airflow triggerer log groomer sidecar (templated).

1903

args: ["bash", "/clean-logs"]

1904

# Number of days to retain logs

1905

retentionDays: 15

1906

# frequency to attempt to groom logs, in minutes

1907

frequencyMinutes: 15

1908

resources: {}

1909

# limits:

1910

# cpu: 100m

1911

# memory: 128Mi

1912

# requests:

1913

# cpu: 100m

1914

# memory: 128Mi

1915

# Detailed default security context for logGroomerSidecar for container level

1916

securityContexts:

1917

container: {}

1918

# container level lifecycle hooks

1919

containerLifecycleHooks: {}

1920

env: []

1921

waitForMigrations:

1922

# Whether to create init container to wait for db migrations

1923

enabled: true

1924

env: []

1925

# Detailed default security context for waitForMigrations for container level

1926

securityContexts:

1927

container: {}

1928

env: []

1929

# Allow KEDA autoscaling.

1930

keda:

1931

enabled: false

1932

namespaceLabels: {}

1933

# How often KEDA polls the airflow DB to report new scale requests to the HPA

1934

pollingInterval: 5

1935

# How many seconds KEDA will wait before scaling to zero.

1936

# Note that HPA has a separate cooldown period for scale-downs

1937

cooldownPeriod: 30

1938

# Minimum number of triggerers created by keda

1939

minReplicaCount: 0

1940

# Maximum number of triggerers created by keda

1941

maxReplicaCount: 10

1942

# Specify HPA related options

1943

advanced: {}

1944

# horizontalPodAutoscalerConfig:

1945

# behavior:

1946

# scaleDown:

1947

# stabilizationWindowSeconds: 300

1948

# policies:

1949

# - type: Percent

1950

# value: 100

1951

# periodSeconds: 15

1952

1953

# Query to use for KEDA autoscaling. Must return a single integer.

1954

query: >-

1955

SELECT ceil(COUNT(*)::decimal / {{ include "triggerer.capacity" . }}) FROM trigger

1956

# Whether to use PGBouncer to connect to the database or not when it is enabled

1957

# This configuration will be ignored if PGBouncer is not enabled

1958

usePgbouncer: false

1959

# Airflow Dag Processor Config

1960

dagProcessor:

1961

enabled: ~

1962

# Dag Bundle Configuration

1963

# Define Dag bundles in a structured YAML format. This will be automatically

1964

# converted to JSON string format for config.dag_processor.dag_bundle_config_list.

1965

dagBundleConfigList:

1966

- name: dags-folder

1967

classpath: "airflow.dag_processing.bundles.local.LocalDagBundle"

1968

kwargs: {}

1969

# Example:

1970

# dagBundleConfigList:

1971

# - name: bundle1

1972

# classpath: "airflow.providers.git.bundles.git.GitDagBundle"

1973

# kwargs:

1974

# git_conn_id: "GITHUB__repo1"

1975

# subdir: "dags"

1976

# tracking_ref: "main"

1977

# refresh_interval: 60

1978

# - name: bundle2

1979

# classpath: "airflow.providers.git.bundles.git.GitDagBundle"

1980

# kwargs:

1981

# git_conn_id: "GITHUB__repo2"

1982

# subdir: "dags"

1983

# tracking_ref: "develop"

1984

# refresh_interval: 120

1985

# - name: dags-folder

1986

# classpath: "airflow.dag_processing.bundles.local.LocalDagBundle"

1987

# kwargs: {}

1988

1989

# Number of airflow dag processors in the deployment

1990

replicas: 1

1991

# Max number of old replicasets to retain

1992

revisionHistoryLimit: ~

1993

# Command to use when running Airflow dag processors (templated).

1994

command: ~

1995

# Args to use when running Airflow dag processor (templated).

1996

args: ["bash", "-c", "exec airflow dag-processor"]

1997

# Update Strategy for dag processors

1998

strategy:

1999

rollingUpdate:

2000

maxSurge: "100%"

2001

maxUnavailable: "50%"

2002

# If the dag processor stops heartbeating for 5 minutes (5*60s) kill the

2003

# dag processor and let Kubernetes restart it

2004

livenessProbe:

2005

initialDelaySeconds: 10

2006

timeoutSeconds: 20

2007

failureThreshold: 5

2008

periodSeconds: 60

2009

command: ~

2010

# Create ServiceAccount

2011

serviceAccount:

2012

# default value is true

2013

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2014

automountServiceAccountToken: true

2015

# Specifies whether a ServiceAccount should be created

2016

create: true

2017

# The name of the ServiceAccount to use.

2018

# If not set and create is true, a name is generated using the release name

2019

2020

# Annotations to add to dag processor kubernetes service account.

2021

annotations: {}

2022

# Dag processor pod disruption budget

2023

podDisruptionBudget:

2024

enabled: false

2025

# PDB configuration

2026

config:

2027

# minAvailable and maxUnavailable are mutually exclusive

2028

maxUnavailable: 1

2029

# minAvailable: 1

2030

# When not set, the values defined in the global securityContext will be used

2031

securityContext: {}

2032

# runAsUser: 50000

2033

# fsGroup: 0

2034

# runAsGroup: 0

2035

2036

# Detailed default security context for dagProcessor for container and pod level

2037

securityContexts:

2038

pod: {}

2039

container: {}

2040

# container level lifecycle hooks

2041

containerLifecycleHooks: {}

2042

resources: {}

2043

# limits:

2044

# cpu: 100m

2045

# memory: 128Mi

2046

# requests:

2047

# cpu: 100m

2048

# memory: 128Mi

2049

2050

# Grace period for dag processor to finish after SIGTERM is sent from kubernetes

2051

terminationGracePeriodSeconds: 60

2052

# This setting tells kubernetes that its ok to evict

2053

# when it wants to scale a node down.

2054

safeToEvict: true

2055

# Launch additional containers into dag processor (templated).

2056

extraContainers: []

2057

# Add additional init containers into dag processors (templated).

2058

extraInitContainers: []

2059

# Mount additional volumes into dag processor. It can be templated like in the following example:

2060

# extraVolumes:

2061

# - name: my-templated-extra-volume

2062

# secret:

2063

# secretName: '{{ include "my_secret_template" . }}'

2064

# defaultMode: 0640

2065

# optional: true

2066

2067

# extraVolumeMounts:

2068

# - name: my-templated-extra-volume

2069

# mountPath: "{{ .Values.my_custom_path }}"

2070

# readOnly: true

2071

extraVolumes: []

2072

extraVolumeMounts: []

2073

# Select certain nodes for airflow dag processor pods.

2074

nodeSelector: {}

2075

affinity: {}

2076

# default dag processor affinity is:

2077

# podAntiAffinity:

2078

# preferredDuringSchedulingIgnoredDuringExecution:

2079

# - podAffinityTerm:

2080

# labelSelector:

2081

# matchLabels:

2082

# component: dag-processor

2083

# topologyKey: kubernetes.io/hostname

2084

# weight: 100

2085

tolerations: []

2086

topologySpreadConstraints: []

2087

priorityClassName: ~

2088

# annotations for the dag processor deployment

2089

annotations: {}

2090

podAnnotations: {}

2091

logGroomerSidecar:

2092

# Whether to deploy the Airflow dag processor log groomer sidecar.

2093

enabled: true

2094

# Command to use when running the Airflow dag processor log groomer sidecar (templated).

2095

command: ~

2096

# Args to use when running the Airflow dag processor log groomer sidecar (templated).

2097

args: ["bash", "/clean-logs"]

2098

# Number of days to retain logs

2099

retentionDays: 15

2100

# frequency to attempt to groom logs, in minutes

2101

frequencyMinutes: 15

2102

resources: {}

2103

# limits:

2104

# cpu: 100m

2105

# memory: 128Mi

2106

# requests:

2107

# cpu: 100m

2108

# memory: 128Mi

2109

securityContexts:

2110

container: {}

2111

env: []

2112

waitForMigrations:

2113

# Whether to create init container to wait for db migrations

2114

enabled: true

2115

env: []

2116

# Detailed default security context for waitForMigrations for container level

2117

securityContexts:

2118

container: {}

2119

# Labels specific to dag processor objects

2120

labels: {}

2121

# Environment variables to add to dag processor container

2122

env: []

2123

# Flower settings

2124

flower:

2125

# Enable flower.

2126

# If True, and using CeleryExecutor/CeleryKubernetesExecutor, will deploy flower app.

2127

enabled: false

2128

livenessProbe:

2129

initialDelaySeconds: 10

2130

timeoutSeconds: 5

2131

failureThreshold: 10

2132

periodSeconds: 5

2133

readinessProbe:

2134

initialDelaySeconds: 10

2135

timeoutSeconds: 5

2136

failureThreshold: 10

2137

periodSeconds: 5

2138

# Wait for at most 1 minute (6*10s) for the flower container to startup.

2139

# livenessProbe kicks in after the first successful startupProbe

2140

startupProbe:

2141

initialDelaySeconds: 0

2142

timeoutSeconds: 20

2143

failureThreshold: 6

2144

periodSeconds: 10

2145

# Max number of old replicasets to retain

2146

revisionHistoryLimit: ~

2147

# Command to use when running flower (templated).

2148

command: ~

2149

# Args to use when running flower (templated).

2150

args:

2151

- "bash"

2152

- "-c"

2153

# The format below is necessary to get `helm lint` happy

2154

- |-

2155

exec \

2156

airflow {{ semverCompare ">=2.0.0" .Values.airflowVersion | ternary "celery flower" "flower" }}

2157

# Additional network policies as needed (Deprecated - renamed to `flower.networkPolicy.ingress.from`)

2158

extraNetworkPolicies: []

2159

networkPolicy:

2160

ingress:

2161

# Peers for flower NetworkPolicy ingress

2162

from: []

2163

# Ports for flower NetworkPolicy ingress (if ingressPeers is set)

2164

ports:

2165

- port: "{{ .Values.ports.flowerUI }}"

2166

resources: {}

2167

# limits:

2168

# cpu: 100m

2169

# memory: 128Mi

2170

# requests:

2171

# cpu: 100m

2172

# memory: 128Mi

2173

2174

# When not set, the values defined in the global securityContext will be used

2175

securityContext: {}

2176

# runAsUser: 50000

2177

# fsGroup: 0

2178

# runAsGroup: 0

2179

2180

# Detailed default security context for flower for container and pod level

2181

securityContexts:

2182

pod: {}

2183

container: {}

2184

# container level lifecycle hooks

2185

containerLifecycleHooks: {}

2186

# Create ServiceAccount

2187

serviceAccount:

2188

# default value is true

2189

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2190

automountServiceAccountToken: true

2191

# Specifies whether a ServiceAccount should be created

2192

create: true

2193

# The name of the ServiceAccount to use.

2194

# If not set and create is true, a name is generated using the release name

2195

2196

# Annotations to add to worker kubernetes service account.

2197

annotations: {}

2198

# A secret containing the connection

2199

secretName: ~

2200

# Add custom annotations to the flower secret

2201

secretAnnotations: {}

2202

# Else, if username and password are set, create secret from username and password

2203

username: ~

2204

password: ~

2205

service:

2206

type: ClusterIP

2207

## service annotations

2208

annotations: {}

2209

ports:

2210

- name: flower-ui

2211

port: "{{ .Values.ports.flowerUI }}"

2212

# To change the port used to access flower:

2213

# ports:

2214

# - name: flower-ui

2215

# port: 8080

2216

# targetPort: flower-ui

2217

loadBalancerIP: ~

2218

## Limit load balancer source ips to list of CIDRs

2219

# loadBalancerSourceRanges:

2220

# - "10.123.0.0/16"

2221

loadBalancerSourceRanges: []

2222

# Launch additional containers into the flower pods.

2223

extraContainers: []

2224

# Mount additional volumes into the flower pods. It can be templated like in the following example:

2225

# extraVolumes:

2226

# - name: my-templated-extra-volume

2227

# secret:

2228

# secretName: '{{ include "my_secret_template" . }}'

2229

# defaultMode: 0640

2230

# optional: true

2231

2232

# extraVolumeMounts:

2233

# - name: my-templated-extra-volume

2234

# mountPath: "{{ .Values.my_custom_path }}"

2235

# readOnly: true

2236

extraVolumes: []

2237

extraVolumeMounts: []

2238

# Select certain nodes for airflow flower pods.

2239

nodeSelector: {}

2240

affinity: {}

2241

tolerations: []

2242

topologySpreadConstraints: []

2243

priorityClassName: ~

2244

# annotations for the flower deployment

2245

annotations: {}

2246

podAnnotations: {}

2247

# Labels specific to flower objects and pods

2248

labels: {}

2249

env: []

2250

# StatsD settings

2251

statsd:

2252

# Add custom annotations to the statsd configmap

2253

configMapAnnotations: {}

2254

enabled: true

2255

# Max number of old replicasets to retain

2256

revisionHistoryLimit: ~

2257

# Arguments for StatsD exporter command.

2258

args: ["--statsd.mapping-config=/etc/statsd-exporter/mappings.yml"]

2259

# If you ever need to fully override the entire args list, you can

2260

# supply your own array here; if set, all below flag-specific values

2261

# (mappingConfig, cache-size, cache-type, ttl) are ignored.

2262

# args:

2263

# - "--statsd.cache-size=1000"

2264

# - "--statsd.cache-type=random"

2265

# - "--ttl=10m"

2266

# -------------------------------------------------------------------

2267

2268

# Path in the container to the mapping config file.

2269

cache:

2270

# Maximum number of metric‐mapping entries to keep in cache.

2271

# When you send more distinct metric names than this, older entries

2272

# will be evicted according to cacheType.

2273

# Default: 1000

2274

size: 1000

2275

# Metrics Eviction policy for the mapping cache.

2276

# - lru → Least‐Recently‐Used eviction

2277

# - random → Random eviction

2278

# Default: lru

2279

type: lru

2280

# Per‐metric time‐to‐live. When set to a non‐zero duration, any metric

2281

# series that hasn't received an update in this interval will be dropped

2282

# from the exported /metrics output.

2283

# Format: Go duration string (e.g. "30s", "5m", "1h")

2284

# Default: "0s" (disabled, never expires)

2285

ttl: "0s"

2286

# Annotations to add to the StatsD Deployment.

2287

annotations: {}

2288

# Grace period for statsd to finish after SIGTERM is sent from kubernetes

2289

terminationGracePeriodSeconds: 30

2290

# Create ServiceAccount

2291

serviceAccount:

2292

# default value is true

2293

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2294

automountServiceAccountToken: true

2295

# Specifies whether a ServiceAccount should be created

2296

create: true

2297

# The name of the ServiceAccount to use.

2298

# If not set and create is true, a name is generated using the release name

2299

2300

# Annotations to add to worker kubernetes service account.

2301

annotations: {}

2302

uid: 65534

2303

# When not set, `statsd.uid` will be used

2304

2305

# (deprecated, use `securityContexts` instead)

2306

securityContext: {}

2307

# runAsUser: 65534

2308

# fsGroup: 0

2309

# runAsGroup: 0

2310

2311

# Detailed default security context for statsd deployments for container and pod level

2312

securityContexts:

2313

pod: {}

2314

container: {}

2315

# container level lifecycle hooks

2316

containerLifecycleHooks: {}

2317

# Additional network policies as needed

2318

extraNetworkPolicies: []

2319

resources: {}

2320

# limits:

2321

# cpu: 100m

2322

# memory: 128Mi

2323

# requests:

2324

# cpu: 100m

2325

# memory: 128Mi

2326

2327

service:

2328

extraAnnotations: {}

2329

# Select certain nodes for StatsD pods.

2330

nodeSelector: {}

2331

affinity: {}

2332

tolerations: []

2333

topologySpreadConstraints: []

2334

priorityClassName: ~

2335

# Additional mappings for StatsD exporter.

2336

# If set, will merge default mapping and extra mappings, default mapping has higher priority.

2337

# So, if you want to change some default mapping, please use `overrideMappings`

2338

extraMappings: []

2339

# Override mappings for StatsD exporter.

2340

# If set, will ignore setting item in default and `extraMappings`.

2341

# So, If you use it, ensure all mapping item contains in it.

2342

overrideMappings: []

2343

podAnnotations: {}

2344

# Labels specific to statsd objects and pods

2345

labels: {}

2346

# Environment variables to add to statsd container

2347

env: []

2348

# PgBouncer settings

2349

pgbouncer:

2350

# Enable PgBouncer

2351

enabled: false

2352

# Number of PgBouncer replicas to run in Deployment

2353

replicas: 1

2354

# Max number of old replicasets to retain

2355

revisionHistoryLimit: ~

2356

# Command to use for PgBouncer(templated).

2357

command: ["pgbouncer", "-u", "nobody", "/etc/pgbouncer/pgbouncer.ini"]

2358

# Args to use for PgBouncer(templated).

2359

args: ~

2360

auth_type: scram-sha-256

2361

auth_file: /etc/pgbouncer/users.txt

2362

# Whether to mount the config secret files at a default location (/etc/pgbouncer/*).

2363

# Can be skipped to allow for other means to get the values, e.g. secrets provider class.

2364

mountConfigSecret: true

2365

# annotations to be added to the PgBouncer deployment

2366

annotations: {}

2367

podAnnotations: {}

2368

# Add custom annotations to the pgbouncer certificates secret

2369

certificatesSecretAnnotations: {}

2370

# Create ServiceAccount

2371

serviceAccount:

2372

# default value is true

2373

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2374

automountServiceAccountToken: true

2375

# Specifies whether a ServiceAccount should be created

2376

create: true

2377

# The name of the ServiceAccount to use.

2378

# If not set and create is true, a name is generated using the release name

2379

2380

# Annotations to add to worker kubernetes service account.

2381

annotations: {}

2382

# Additional network policies as needed

2383

extraNetworkPolicies: []

2384

# Pool sizes

2385

metadataPoolSize: 10

2386

resultBackendPoolSize: 5

2387

# Maximum clients that can connect to PgBouncer (higher = more file descriptors)

2388

maxClientConn: 100

2389

# supply the name of existing secret with pgbouncer.ini and users.txt defined

2390

# you can load them to a k8s secret like the one below

2391

# apiVersion: v1

2392

# kind: Secret

2393

# metadata:

2394

# name: pgbouncer-config-secret

2395

# data:

2396

# pgbouncer.ini: <base64_encoded pgbouncer.ini file content>

2397

# users.txt: <base64_encoded users.txt file content>

2398

# type: Opaque

2399

2400

# configSecretName: pgbouncer-config-secret

2401

2402

configSecretName: ~

2403

# Add custom annotations to the pgbouncer config secret

2404

configSecretAnnotations: {}

2405

# PgBouncer pod disruption budget

2406

podDisruptionBudget:

2407

enabled: false

2408

# PDB configuration

2409

config:

2410

# minAvailable and maxUnavailable are mutually exclusive

2411

maxUnavailable: 1

2412

# minAvailable: 1

2413

# Limit the resources to PgBouncer.

2414

# When you specify the resource request the k8s scheduler uses this information to decide which node to

2415

# place the Pod on. When you specify a resource limit for a Container, the kubelet enforces those limits so

2416

# that the running container is not allowed to use more of that resource than the limit you set.

2417

# See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

2418

# Example:

2419

2420

# resource:

2421

# limits:

2422

# cpu: 100m

2423

# memory: 128Mi

2424

# requests:

2425

# cpu: 100m

2426

# memory: 128Mi

2427

resources: {}

2428

service:

2429

extraAnnotations: {}

2430

clusterIp: ~

2431

# https://www.pgbouncer.org/config.html

2432

verbose: 0

2433

logDisconnections: 0

2434

logConnections: 0

2435

sslmode: "prefer"

2436

ciphers: "normal"

2437

ssl:

2438

ca: ~

2439

cert: ~

2440

key: ~

2441

# Add extra PgBouncer ini configuration in the databases section:

2442

# https://www.pgbouncer.org/config.html#section-databases

2443

extraIniMetadata: ~

2444

extraIniResultBackend: ~

2445

# Add extra general PgBouncer ini configuration: https://www.pgbouncer.org/config.html

2446

extraIni: ~

2447

# Mount additional volumes into pgbouncer. It can be templated like in the following example:

2448

# extraVolumes:

2449

# - name: my-templated-extra-volume

2450

# secret:

2451

# secretName: '{{ include "my_secret_template" . }}'

2452

# defaultMode: 0640

2453

# optional: true

2454

2455

# extraVolumeMounts:

2456

# - name: my-templated-extra-volume

2457

# mountPath: "{{ .Values.my_custom_path }}"

2458

# readOnly: true

2459

# Volumes apply to all pgbouncer containers, while volume mounts apply to the pgbouncer

2460

# container itself. Metrics exporter container has its own mounts.

2461

extraVolumes: []

2462

extraVolumeMounts: []

2463

# Launch additional containers into pgbouncer.

2464

extraContainers: []

2465

# Select certain nodes for PgBouncer pods.

2466

nodeSelector: {}

2467

affinity: {}

2468

tolerations: []

2469

topologySpreadConstraints: []

2470

priorityClassName: ~

2471

uid: 65534

2472

# Detailed default security context for pgbouncer for container level

2473

securityContexts:

2474

pod: {}

2475

container: {}

2476

# container level lifecycle hooks

2477

containerLifecycleHooks:

2478

preStop:

2479

exec:

2480

# Allow existing queries clients to complete within 120 seconds

2481

command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"]

2482

metricsExporterSidecar:

2483

resources: {}

2484

# limits:

2485

# cpu: 100m

2486

# memory: 128Mi

2487

# requests:

2488

# cpu: 100m

2489

# memory: 128Mi

2490

sslmode: "disable"

2491

# supply the name of existing secret with PGBouncer connection URI containing

2492

# stats user and password.

2493

# you can load them to a k8s secret like the one below

2494

# apiVersion: v1

2495

# kind: Secret

2496

# metadata:

2497

# name: pgbouncer-stats-secret

2498

# data:

2499

# connection: postgresql://<stats user>:<password>@127.0.0.1:6543/pgbouncer?<connection params>

2500

# type: Opaque

2501

2502

# statsSecretName: pgbouncer-stats-secret

2503

2504

statsSecretName: ~

2505

# Key containing the PGBouncer connection URI, defaults to `connection` if not defined

2506

statsSecretKey: ~

2507

# Add custom annotations to the pgbouncer stats secret

2508

statsSecretAnnotations: {}

2509

# Detailed default security context for metricsExporterSidecar for container level

2510

securityContexts:

2511

container: {}

2512

# container level lifecycle hooks

2513

containerLifecycleHooks: {}

2514

livenessProbe:

2515

initialDelaySeconds: 10

2516

periodSeconds: 10

2517

timeoutSeconds: 1

2518

readinessProbe:

2519

initialDelaySeconds: 10

2520

periodSeconds: 10

2521

timeoutSeconds: 1

2522

# Mount additional volumes into the metrics exporter. It can be templated like in the following example:

2523

# extraVolumeMounts:

2524

# - name: my-templated-extra-volume

2525

# mountPath: "{{ .Values.my_custom_path }}"

2526

# readOnly: true

2527

extraVolumeMounts: []

2528

# Labels specific to pgbouncer objects and pods

2529

labels: {}

2530

# Environment variables to add to pgbouncer container

2531

env: []

2532

# Configuration for the redis provisioned by the chart

2533

redis:

2534

enabled: true

2535

terminationGracePeriodSeconds: 600

2536

# Annotations for Redis Statefulset

2537

annotations: {}

2538

# Create ServiceAccount

2539

serviceAccount:

2540

# default value is true

2541

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2542

automountServiceAccountToken: true

2543

# Specifies whether a ServiceAccount should be created

2544

create: true

2545

# The name of the ServiceAccount to use.

2546

# If not set and create is true, a name is generated using the release name

2547

2548

# Annotations to add to worker kubernetes service account.

2549

annotations: {}

2550

service:

2551

# service type, default: ClusterIP

2552

type: "ClusterIP"

2553

# If using ClusterIP service type, custom IP address can be specified

2554

clusterIP:

2555

# If using NodePort service type, custom node port can be specified

2556

nodePort:

2557

persistence:

2558

# Enable persistent volumes

2559

enabled: true

2560

# Volume size for worker StatefulSet

2561

size: 1Gi

2562

# If using a custom storageClass, pass name ref to all statefulSets here

2563

storageClassName:

2564

# Annotations to add to redis volumes

2565

annotations: {}

2566

# the name of an existing PVC to use

2567

existingClaim:

2568

persistentVolumeClaimRetentionPolicy: ~

2569

# persistentVolumeClaimRetentionPolicy:

2570

# whenDeleted: Delete

2571

# whenScaled: Delete

2572

# Configuration for empty dir volume (if redis.persistence.enabled == false)

2573

# emptyDirConfig:

2574

# sizeLimit: 1Gi

2575

# medium: Memory

2576

resources: {}

2577

# limits:

2578

# cpu: 100m

2579

# memory: 128Mi

2580

# requests:

2581

# cpu: 100m

2582

# memory: 128Mi

2583

2584

# If set use as redis secret. Make sure to also set data.brokerUrlSecretName value.

2585

passwordSecretName: ~

2586

# Else, if password is set, create secret with it,

2587

# Otherwise a new password will be generated on install

2588

# Note: password can only be set during install, not upgrade.

2589

password: ~

2590

# Add custom annotations to the redis password secret

2591

passwordSecretAnnotations: {}

2592

# This setting tells kubernetes that its ok to evict

2593

# when it wants to scale a node down.

2594

safeToEvict: true

2595

# Select certain nodes for redis pods.

2596

nodeSelector: {}

2597

affinity: {}

2598

tolerations: []

2599

topologySpreadConstraints: []

2600

priorityClassName: ~

2601

# Set to 0 for backwards-compatibility

2602

uid: 0

2603

# If not set, `redis.uid` will be used

2604

securityContext: {}

2605

# runAsUser: 999

2606

# runAsGroup: 0

2607

2608

# Detailed default security context for redis for container and pod level

2609

securityContexts:

2610

pod: {}

2611

container: {}

2612

# container level lifecycle hooks

2613

containerLifecycleHooks: {}

2614

# Labels specific to redis objects and pods

2615

labels: {}

2616

podAnnotations: {}

2617

# Auth secret for a private registry (Deprecated - use `imagePullSecrets` instead)

2618

# This is used if pulling airflow images from a private registry

2619

registry:

2620

# Name of the Kubernetes secret containing Base64 encoded credentials to connect to a private registry

2621

# (Deprecated - renamed to `imagePullSecrets`).

2622

secretName: ~

2623

# Credentials to connect to a private registry, these will get Base64 encoded and stored in a secret

2624

# (Deprecated - create manually the credentials secret and add to `imagePullSecrets` instead).

2625

# Example:

2626

# connection:

2627

# user: ~

2628

# pass: ~

2629

# host: ~

2630

# email: ~

2631

connection: {}

2632

# Elasticsearch logging configuration

2633

elasticsearch:

2634

# Enable elasticsearch task logging

2635

enabled: false

2636

# A secret containing the connection

2637

secretName: ~

2638

# Add custom annotations to the elasticsearch secret

2639

secretAnnotations: {}

2640

# Or an object representing the connection

2641

# Example:

2642

# connection:

2643

# scheme: ~

2644

# user: ~

2645

# pass: ~

2646

# host: ~

2647

# port: ~

2648

connection: {}

2649

# OpenSearch logging configuration

2650

opensearch:

2651

# Enable opensearch task logging

2652

enabled: false

2653

# A secret containing the connection

2654

secretName: ~

2655

# Or an object representing the connection

2656

# Example:

2657

# connection:

2658

# scheme: ~

2659

# user: ~

2660

# pass: ~

2661

# host: ~

2662

# port: ~

2663

connection: {}

2664

# All ports used by chart

2665

ports:

2666

flowerUI: 5555

2667

airflowUI: 8080

2668

workerLogs: 8793

2669

triggererLogs: 8794

2670

redisDB: 6379

2671

statsdIngest: 9125

2672

statsdScrape: 9102

2673

pgbouncer: 6543

2674

pgbouncerScrape: 9127

2675

apiServer: 8080

2676

# Define any ResourceQuotas for namespace

2677

quotas: {}

2678

# Define default/max/min values for pods and containers in namespace

2679

limits: []

2680

# This runs as a CronJob to cleanup old pods spawned by the KubernetesExecutor.

2681

# It is required to have KubernetesExecutor enabled.

2682

cleanup:

2683

enabled: false

2684

# Run every 15 minutes (templated).

2685

schedule: "*/15 * * * *"

2686

# To select a random-ish, deterministic starting minute between 3 and 12 inclusive for each release:

2687

# '{{- add 3 (regexFind ".$" (adler32sum .Release.Name)) -}}-59/15 * * * *'

2688

# To select the last digit of unix epoch time as the starting minute on each deploy:

2689

# '{{- now | unixEpoch | trunc -1 -}}-59/* * * * *'

2690

2691

# Command to use when running the cleanup cronjob (templated).

2692

command: ~

2693

# Args to use when running the cleanup cronjob (templated).

2694

args: ["bash", "-c", "exec airflow kubernetes cleanup-pods --namespace={{ .Release.Namespace }}"]

2695

# jobAnnotations are annotations on the cleanup CronJob

2696

jobAnnotations: {}

2697

# Select certain nodes for airflow cleanup pods.

2698

nodeSelector: {}

2699

affinity: {}

2700

tolerations: []

2701

topologySpreadConstraints: []

2702

priorityClassName: ~

2703

podAnnotations: {}

2704

# Labels specific to cleanup objects and pods

2705

labels: {}

2706

resources: {}

2707

# limits:

2708

# cpu: 100m

2709

# memory: 128Mi

2710

# requests:

2711

# cpu: 100m

2712

# memory: 128Mi

2713

2714

# Create ServiceAccount

2715

serviceAccount:

2716

# default value is true

2717

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2718

automountServiceAccountToken: true

2719

# Specifies whether a ServiceAccount should be created

2720

create: true

2721

# The name of the ServiceAccount to use.

2722

# If not set and create is true, a name is generated using the release name

2723

2724

# Annotations to add to cleanup cronjob kubernetes service account.

2725

annotations: {}

2726

# When not set, the values defined in the global securityContext will be used

2727

securityContext: {}

2728

# runAsUser: 50000

2729

# runAsGroup: 0

2730

env: []

2731

# Detailed default security context for cleanup for container level

2732

securityContexts:

2733

pod: {}

2734

container: {}

2735

# container level lifecycle hooks

2736

containerLifecycleHooks: {}

2737

# Specify history limit

2738

# When set, overwrite the default k8s number of successful and failed CronJob executions that are saved.

2739

failedJobsHistoryLimit: ~

2740

successfulJobsHistoryLimit: ~

2741

# This runs as a CronJob to cleanup database for old entries.

2742

databaseCleanup:

2743

enabled: false

2744

applyCustomEnv: true

2745

# Run every week on Sunday at midnight (templated).

2746

schedule: "0 0 * * 0"

2747

# Command to use when running the database cleanup cronjob (templated).

2748

command:

2749

- "bash"

2750

# Args to use when running the database cleanup cronjob (templated).

2751

args:

2752

- "-c"

2753

- >-

2754

CLEAN_TS=$(date -d "-{{ .Values.databaseCleanup.retentionDays }} days" +"%Y-%m-%dT%H:%M:%S"); echo "Cleaning up metadata DB entries older than ${CLEAN_TS}"; exec airflow db clean --clean-before-timestamp "${CLEAN_TS}" --yes {{- if .Values.databaseCleanup.skipArchive }} --skip-archive{{ end }} {{- if .Values.databaseCleanup.verbose }} --verbose{{ end }} {{- with .Values.databaseCleanup.batchSize }} --batch-size {{ . }}{{ end }} {{- with .Values.databaseCleanup.tables }} --tables {{ . | join "," }}{{ end }}

2755

# Number of days to retain entries in the metadata database.

2756

retentionDays: 90

2757

# Don't preserve purged records in an archive table

2758

skipArchive: false

2759

# Table names to perform maintenance on. Supported values in:

2760

# https://airflow.apache.org/docs/apache-airflow/stable/cli-and-env-variables-ref.html#clean

2761

tables: []

2762

# Maximum number of rows to delete or archive in a single transaction

2763

batchSize: ~

2764

# Make logging output more verbose

2765

verbose: true

2766

# jobAnnotations are annotations on the database cleanup CronJob

2767

jobAnnotations: {}

2768

# Select certain nodes for airflow database cleanup pods.

2769

nodeSelector: {}

2770

affinity: {}

2771

tolerations: []

2772

topologySpreadConstraints: []

2773

priorityClassName: ~

2774

podAnnotations: {}

2775

# Labels specific to database cleanup objects and pods

2776

labels: {}

2777

resources: {}

2778

# limits:

2779

# cpu: 100m

2780

# memory: 128Mi

2781

# requests:

2782

# cpu: 100m

2783

# memory: 128Mi

2784

2785

# Create ServiceAccount

2786

serviceAccount:

2787

# default value is true

2788

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2789

automountServiceAccountToken: true

2790

# Specifies whether a ServiceAccount should be created

2791

create: true

2792

# The name of the ServiceAccount to use.

2793

# If not set and create is true, a name is generated using the release name

2794

2795

# Annotations to add to database cleanup cronjob kubernetes service account.

2796

annotations: {}

2797

env: []

2798

# Detailed default security context for database cleanup for container level

2799

securityContexts:

2800

pod: {}

2801

container: {}

2802

# container level lifecycle hooks

2803

containerLifecycleHooks: {}

2804

# Specify history limit

2805

# When set, overwrite the default k8s number of successful and failed CronJob executions that are saved.

2806

failedJobsHistoryLimit: 1

2807

successfulJobsHistoryLimit: 1

2808

# Configuration for postgresql subchart

2809

# Uses bitnamilegacy images to avoid Bitnami licensing restrictions

2810

# Not recommended for production - use external database instead

2811

postgresql:

2812

enabled: true

2813

image:

2814

repository: bitnamilegacy/postgresql

2815

tag: "16.1.0-debian-11-r15"

2816

auth:

2817

enablePostgresUser: true

2818

postgresPassword: postgres

2819

username: ""

2820

password: ""

2821

# Config settings to go into the mounted airflow.cfg

2822

2823

# Please note that these values are passed through the `tpl` function, so are

2824

# all subject to being rendered as go templates. If you need to include a

2825

# literal `{{` in a value, it must be expressed like this:

2826

2827

# a: '{{ "{{ not a template }}" }}'

2828

2829

# Do not set config containing secrets via plain text values, use Env Var or k8s secret object

2830

# yamllint disable rule:line-length

2831

config:

2832

core:

2833

dags_folder: '{{ include "airflow_dags" . }}'

2834

# This is ignored when used with the official Docker image

2835

load_examples: 'False'

2836

executor: '{{ .Values.executor }}'

2837

# For Airflow 1.10, backward compatibility; moved to [logging] in 2.0

2838

colored_console_log: 'False'

2839

remote_logging: '{{- ternary "True" "False" (or .Values.elasticsearch.enabled .Values.opensearch.enabled) }}'

2840

auth_manager: "airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager"

2841

logging:

2842

remote_logging: '{{- ternary "True" "False" (or .Values.elasticsearch.enabled .Values.opensearch.enabled) }}'

2843

colored_console_log: 'False'

2844

metrics:

2845

statsd_on: '{{ ternary "True" "False" .Values.statsd.enabled }}'

2846

statsd_port: 9125

2847

statsd_prefix: airflow

2848

statsd_host: '{{ printf "%s-statsd" (include "airflow.fullname" .) }}'

2849

fab:

2850

enable_proxy_fix: 'True'

2851

webserver:

2852

# For Airflow 2.X

2853

enable_proxy_fix: 'True'

2854

# For Airflow 1.10

2855

rbac: 'True'

2856

celery:

2857

flower_url_prefix: '{{ ternary "" .Values.ingress.flower.path (eq .Values.ingress.flower.path "/") }}'

2858

worker_concurrency: 16

2859

sync_parallelism: '{{ include "cpu_count" (((.Values.scheduler).resources).limits).cpu }}'

2860

scheduler:

2861

standalone_dag_processor: '{{ ternary "True" "False" (or (semverCompare ">=3.0.0" .Values.airflowVersion) (.Values.dagProcessor.enabled | default false)) }}'

2862

# statsd params included for Airflow 1.10 backward compatibility; moved to [metrics] in 2.0

2863

statsd_on: '{{ ternary "True" "False" .Values.statsd.enabled }}'

2864

statsd_port: 9125

2865

statsd_prefix: airflow

2866

statsd_host: '{{ printf "%s-statsd" (include "airflow.fullname" .) }}'

2867

# `run_duration` included for Airflow 1.10 backward compatibility; removed in 2.0.

2868

run_duration: 41460

2869

dag_processor:

2870

# Dag bundle configuration list in JSON string format.

2871

# This is automatically generated from .Values.dagProcessor.dagBundleConfigList using the dag_bundle_config_list helper function.

2872

# Deprecated: Direct override via config.dag_processor.dag_bundle_config_list is deprecated.

2873

# Use dagProcessor.dagBundleConfigList instead.

2874

dag_bundle_config_list: '{{ include "dag_bundle_config_list" . }}'

2875

elasticsearch:

2876

json_format: 'True'

2877

log_id_template: "{dag_id}_{task_id}_{execution_date}_{try_number}"

2878

elasticsearch_configs:

2879

max_retries: 3

2880

timeout: 30

2881

retry_timeout: 'True'

2882

kerberos:

2883

keytab: '{{ .Values.kerberos.keytabPath }}'

2884

reinit_frequency: '{{ .Values.kerberos.reinitFrequency }}'

2885

principal: '{{ .Values.kerberos.principal }}'

2886

ccache: '{{ .Values.kerberos.ccacheMountPath }}/{{ .Values.kerberos.ccacheFileName }}'

2887

celery_kubernetes_executor:

2888

kubernetes_queue: 'kubernetes'

2889

# The `kubernetes` section is deprecated in Airflow >= 2.5.0 due to an airflow.cfg schema change.

2890

# The `kubernetes` section can be removed once the helm chart no longer supports Airflow < 2.5.0.

2891

kubernetes:

2892

namespace: '{{ .Release.Namespace }}'

2893

# The following `airflow_` entries are for Airflow 1, and can be removed when it is no longer supported.

2894

airflow_configmap: '{{ include "airflow_config" . }}'

2895

airflow_local_settings_configmap: '{{ include "airflow_config" . }}'

2896

pod_template_file: '{{ include "airflow_pod_template_file" . }}/pod_template_file.yaml'

2897

worker_container_repository: '{{ .Values.images.airflow.repository | default .Values.defaultAirflowRepository }}'

2898

worker_container_tag: '{{ .Values.images.airflow.tag | default .Values.defaultAirflowTag }}'

2899

multi_namespace_mode: '{{ ternary "True" "False" .Values.multiNamespaceMode }}'

2900

# The `kubernetes_executor` section duplicates the `kubernetes` section in Airflow >= 2.5.0 due to an airflow.cfg schema change.

2901

kubernetes_executor:

2902

namespace: '{{ .Release.Namespace }}'

2903

pod_template_file: '{{ include "airflow_pod_template_file" . }}/pod_template_file.yaml'

2904

worker_container_repository: '{{ .Values.images.airflow.repository | default .Values.defaultAirflowRepository }}'

2905

worker_container_tag: '{{ .Values.images.airflow.tag | default .Values.defaultAirflowTag }}'

2906

multi_namespace_mode: '{{ ternary "True" "False" .Values.multiNamespaceMode }}'

2907

# yamllint enable rule:line-length

2908

2909

# Whether Airflow can launch workers and/or pods in multiple namespaces

2910

# If true, it creates ClusterRole/ClusterRolebinding (with access to entire cluster)

2911

multiNamespaceMode: false

2912

# `podTemplate` is a templated string which overwrites the content of `pod_template_file.yaml` used by

2913

# KubernetesExecutor. The default `podTemplate` will use `workers` configuration parameters

2914

# (e.g. `workers.resources`). As such, you normally won't need to override this directly, however,

2915

# you can still provide a completely custom `pod_template_file.yaml` if desired.

2916

# If not set, a default one is created using `files/pod-template-file.kubernetes-helm-yaml`.

2917

podTemplate: ~

2918

# The following example is NOT functional, but meant to be illustrative of how you can provide a custom

2919

# `pod_template_file`. You're better off starting with the default in

2920

# `files/pod-template-file.kubernetes-helm-yaml` and modifying from there.

2921

# We will set `priorityClassName` in this example:

2922

# podTemplate: |

2923

# apiVersion: v1

2924

# kind: Pod

2925

# metadata:

2926

# name: placeholder-name

2927

# labels:

2928

# tier: airflow

2929

# component: worker

2930

# release: {{ .Release.Name }}

2931

# spec:

2932

# priorityClassName: high-priority

2933

# containers:

2934

# - name: base

2935

# ...

2936

2937

# Git sync

2938

dags:

2939

# Where dags volume will be mounted. Works for both persistence and gitSync.

2940

# If not specified, dags mount path will be set to $AIRFLOW_HOME/dags

2941

mountPath: ~

2942

persistence:

2943

# Annotations for dags PVC

2944

annotations: {}

2945

# Enable persistent volume for storing dags

2946

enabled: false

2947

# Volume size for dags

2948

size: 1Gi

2949

# If using a custom storageClass, pass name here

2950

storageClassName:

2951

# access mode of the persistent volume

2952

accessMode: ReadWriteOnce

2953

## the name of an existing PVC to use

2954

existingClaim:

2955

## optional subpath for dag volume mount

2956

subPath: ~

2957

gitSync:

2958

enabled: false

2959

# git repo clone url

2960

# ssh example: git@github.com:apache/airflow.git

2961

# https example: https://github.com/apache/airflow.git

2962

repo: https://github.com/apache/airflow.git

2963

branch: v2-2-stable

2964

rev: HEAD

2965

# The git revision (branch, tag, or hash) to check out, v4 only

2966

ref: v2-2-stable

2967

depth: 1

2968

# the number of consecutive failures allowed before aborting

2969

maxFailures: 0

2970

# subpath within the repo where dags are located

2971

# should be "" if dags are at repo root

2972

subPath: "tests/dags"

2973

# if your repo needs a user name password

2974

# you can load them to a k8s secret like the one below

2975

# ---

2976

# apiVersion: v1

2977

# kind: Secret

2978

# metadata:

2979

# name: git-credentials

2980

# data:

2981

# # For git-sync v3

2982

# GIT_SYNC_USERNAME: <base64_encoded_git_username>

2983

# GIT_SYNC_PASSWORD: <base64_encoded_git_password>

2984

# # For git-sync v4

2985

# GITSYNC_USERNAME: <base64_encoded_git_username>

2986

# GITSYNC_PASSWORD: <base64_encoded_git_password>

2987

# and specify the name of the secret below

2988

2989

# credentialsSecret: git-credentials

2990

2991

2992

# If you are using an ssh clone url, you can load

2993

# the ssh private key to a k8s secret like the one below

2994

# ---

2995

# apiVersion: v1

2996

# kind: Secret

2997

# metadata:

2998

# name: airflow-ssh-secret

2999

# data:

3000

# # key needs to be gitSshKey

3001

# gitSshKey: <base64_encoded_data>

3002

# and specify the name of the secret below

3003

# sshKeySecret: airflow-ssh-secret

3004

3005

# Or set sshKeySecret with your key

3006

# sshKey: |

3007

# -----BEGIN {OPENSSH PRIVATE KEY}-----

3008

# ...

3009

# -----END {OPENSSH PRIVATE KEY}-----

3010

3011

# If you are using an ssh private key, you can additionally

3012

# specify the content of your known_hosts file, example:

3013

3014

# knownHosts: |

3015

# <host1>,<ip1> <key1>

3016

# <host2>,<ip2> <key2>

3017

3018

# interval between git sync attempts in seconds

3019

# high values are more likely to cause DAGs to become out of sync between different components

3020

# low values cause more traffic to the remote git repository

3021

# Go-style duration string (e.g. "100ms" or "0.1s" = 100ms).

3022

# For backwards compatibility, wait will be used if it is specified.

3023

period: 5s

3024

wait: ~

3025

# add variables from secret into gitSync containers, such proxy-config

3026

envFrom: ~

3027

# envFrom: |

3028

# - secretRef:

3029

# name: 'proxy-config'

3030

3031

containerName: git-sync

3032

uid: 65533

3033

# When not set, the values defined in the global securityContext will be used

3034

securityContext: {}

3035

# runAsUser: 65533

3036

# runAsGroup: 0

3037

3038

securityContexts:

3039

container: {}

3040

# container level lifecycle hooks

3041

containerLifecycleHooks: {}

3042

readinessProbe: {}

3043

livenessProbe: {}

3044

# Mount additional volumes into git-sync. It can be templated like in the following example:

3045

# extraVolumeMounts:

3046

# - name: my-templated-extra-volume

3047

# mountPath: "{{ .Values.my_custom_path }}"

3048

# readOnly: true

3049

extraVolumeMounts: []

3050

env: []

3051

# Supported env vars for gitsync can be found at https://github.com/kubernetes/git-sync

3052

# - name: ""

3053

# value: ""

3054

3055

# Configuration for empty dir volume

3056

# emptyDirConfig:

3057

# sizeLimit: 1Gi

3058

# medium: Memory

3059

resources: {}

3060

# limits:

3061

# cpu: 100m

3062

# memory: 128Mi

3063

# requests:

3064

# cpu: 100m

3065

# memory: 128Mi

3066

logs:

3067

# Configuration for empty dir volume (if logs.persistence.enabled == false)

3068

# emptyDirConfig:

3069

# sizeLimit: 1Gi

3070

# medium: Memory

3071

persistence:

3072

# Enable persistent volume for storing logs

3073

enabled: false

3074

# Volume size for logs

3075

size: 100Gi

3076

# Annotations for the logs PVC

3077

annotations: {}

3078

# If using a custom storageClass, pass name here

3079

storageClassName:

3080

## the name of an existing PVC to use

3081

existingClaim:

3082

## the subpath of the existing PVC to use

3083

subPath:

3084

The trusted source for open source

Talk to an expert

Privacy

Terms

© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.

airflow

The trusted source for open source

Product

Solutions

Customers

Resources

Company