airflow
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Licensed to the Apache Software Foundation (ASF) under one
2
# or more contributor license agreements. See the NOTICE file
3
# distributed with this work for additional information
4
# regarding copyright ownership. The ASF licenses this file
5
# to you under the Apache License, Version 2.0 (the
6
# "License"); you may not use this file except in compliance
7
# with the License. You may obtain a copy of the License at
8
#
9
# http://www.apache.org/licenses/LICENSE-2.0
10
#
11
# Unless required by applicable law or agreed to in writing,
12
# software distributed under the License is distributed on an
13
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14
# KIND, either express or implied. See the License for the
15
# specific language governing permissions and limitations
16
# under the License.
17
# Provide a name to substitute for the full names of resources
18
fullnameOverride: ""
19
# Default values for Airflow.
20
# This is a YAML-formatted file.
21
# Declare variables to be passed into your templates.
22
23
# Provide a name to substitute for the name of the chart
24
nameOverride: ""
25
# Use standard naming for all resources using airflow.fullname template
26
# Consider removing this later and default it to true
27
# to make this chart follow standard naming conventions using the fullname template.
28
# For now this is an opt-in switch for backwards compatibility to leverage the standard naming convention
29
# and being able to use fully fullnameOverride and nameOverride in all resources
30
# For new installations - it is recommended to set it to True to follow standard naming conventions
31
# For existing installations, this will rename and redeploy your resources with the new names. Be aware that
32
# this will recreate your Deployment/StatefulSets along with their persistent volume claims and data storage
33
# migration may be needed to keep your old data
34
useStandardNaming: false
35
# Max number of old replicasets to retain. Can be overridden by each Deployment's revisionHistoryLimit
36
revisionHistoryLimit: ~
37
# User and group of Airflow user
38
uid: 50000
39
gid: 0
40
# Default security context for Airflow (deprecated, use `securityContexts` instead)
41
securityContext: {}
42
# runAsUser: 50000
43
# fsGroup: 0
44
# runAsGroup: 0
45
46
# Detailed default security context for Airflow Deployments
47
securityContexts:
48
pod: {}
49
containers: {}
50
# Global container lifecycle hooks for Airflow containers
51
containerLifecycleHooks: {}
52
# Airflow home directory
53
# Used for mount paths
54
airflowHome: /opt/airflow
55
# Default Airflow repository -- overridden by all the specific images below
56
defaultAirflowRepository: cgr.dev/chainguard-private/airflow
57
# Default Airflow tag to deploy
58
defaultAirflowTag: latest
59
# Default Airflow digest. If specified, it takes precedence over tag
60
defaultAirflowDigest: sha256:a090cc9e04cf683f601d85769a3036ec865c8a96f9079a199dde3629c30e1420
61
# Airflow version (Used to make some decisions based on Airflow Version being deployed)
62
# Version 2.11.0 and above is supported.
63
airflowVersion: "3.2.0"
64
images:
65
airflow:
66
repository: ~
67
tag: ~
68
# Specifying digest takes precedence over tag.
69
digest: ~
70
pullPolicy: IfNotPresent
71
# To avoid images with user code, you can turn this to 'true' and
72
# all the 'run-airflow-migrations' and 'wait-for-airflow-migrations' jobs/containers
73
# will use the images from 'defaultAirflowRepository:defaultAirflowTag' values
74
# to run and wait for DB migrations .
75
useDefaultImageForMigration: false
76
# timeout (in seconds) for airflow-migrations to complete
77
migrationsWaitTimeout: 60
78
pod_template:
79
# Note that `images.pod_template.repository` and `images.pod_template.tag` parameters can be overridden
80
# in `config.kubernetes_executor` section. So for these parameters to have effect
81
# `config.kubernetes_executor.worker_container_repository` and
82
# `config.kubernetes_executor.worker_container_tag` must be not set .
83
repository: ~
84
tag: ~
85
pullPolicy: IfNotPresent
86
flower:
87
repository: cgr.dev/chainguard-private/flower
88
tag: latest@sha256:5bf6d2778d9b47ea36c43ec7352d97d3a1dd486594a5e4c142bd611c9ae88130
89
pullPolicy: IfNotPresent
90
statsd:
91
repository: cgr.dev/chainguard-private/prometheus-statsd-exporter
92
tag: latest@sha256:d0cde1ca9a2a233b0be4f7547b2fec91e8c5a7d872aa8c3e45d61e57203e770f
93
pullPolicy: IfNotPresent
94
redis:
95
repository: cgr.dev/chainguard-private/redis
96
# Redis is limited to 7.2-bookworm due to licencing change
97
# https://redis.io/blog/redis-adopts-dual-source-available-licensing/
98
tag: latest@sha256:574a951b1bc489c60b6bf0615e474c3f0debc9f3181692aff7e78aaf57b5a8c2
99
pullPolicy: IfNotPresent
100
pgbouncer:
101
repository: cgr.dev/chainguard-private/pgbouncer
102
tag: latest@sha256:91d48b18610d777603383c5264fb675f2fafaeab37d41739c8dafbb3a1a4537d
103
pullPolicy: IfNotPresent
104
pgbouncerExporter:
105
repository: cgr.dev/chainguard-private/prometheus-pgbouncer-exporter
106
tag: latest@sha256:d83fc2945e42626bf0c9f8aa4e5d79f3f7a527c91519d6481a6ab87be932470e
107
pullPolicy: IfNotPresent
108
gitSync:
109
repository: cgr.dev/chainguard-private/git-sync
110
tag: latest@sha256:9d7eebc601ebb26c682e46e96d262dd7daec800c1a54645fb3dae98f7a89b054
111
pullPolicy: IfNotPresent
112
# Select certain nodes for Airflow pods.
113
nodeSelector: {}
114
affinity: {}
115
tolerations: []
116
topologySpreadConstraints: []
117
schedulerName: ~
118
# Add common labels to all objects and pods defined in this chart.
119
labels: {}
120
# List of existing Kubernetes secrets containing Base64 encoded credentials to connect to private
121
# registries. Items can be either strings or {name: secret} objects.
122
imagePullSecrets: []
123
# Ingress configuration
124
ingress:
125
# Enable all ingress resources
126
# (deprecated, use
127
# `ingress.web.enabled`,
128
# `ingress.apiServer.enabled` and/or
129
# `ingress.flower.enabled`
130
# instead)
131
enabled: ~
132
# Configs for the Ingress of the API Server (Airflow 3+)
133
apiServer:
134
# Enable API Server ingress resource
135
enabled: false
136
# Annotations for the API Server Ingress
137
annotations: {}
138
# The path for the API Server Ingress
139
path: "/"
140
# The pathType for the above path
141
pathType: "ImplementationSpecific"
142
# The hostname for the API Server Ingress (deprecated, use `ingress.apiServer.hosts` instead)
143
host: ""
144
# The hostnames or hosts configuration for the API Server Ingress (templated)
145
hosts: []
146
# - name: ""
147
# # configs for API Server Ingress TLS
148
# tls:
149
# # Enable TLS termination for the API Server Ingress
150
# enabled: false
151
# # The name of a pre-created Secret containing a TLS private key and certificate
152
# secretName: ""
153
154
# The Ingress Class for the API Server Ingress
155
ingressClassName: ""
156
# Configs for API Server Ingress TLS (deprecated, use `ingress.apiServer.hosts[*].tls` instead)
157
tls:
158
# Enable TLS termination for the API Server Ingress
159
enabled: false
160
# The name of a pre-created Secret containing a TLS private key and certificate
161
secretName: ""
162
# HTTP paths to add to the API Server Ingress before the default path
163
precedingPaths: []
164
# HTTP paths to add to the API Server Ingress after the default path
165
succeedingPaths: []
166
# Configs for the Ingress of the web Service (Airflow <3.0.0)
167
web:
168
# Enable web ingress resource
169
enabled: false
170
# Annotations for the web Ingress
171
annotations: {}
172
# The path for the web Ingress
173
path: "/"
174
# The pathType for the above path
175
pathType: "ImplementationSpecific"
176
# The hostname for the web Ingress (deprecated, use `ingress.web.hosts` instead)
177
host: ""
178
# The hostnames or hosts configuration for the web Ingress (templated)
179
hosts: []
180
# - name: ""
181
# # Configs for web Ingress TLS
182
# tls:
183
# # Enable TLS termination for the web Ingress
184
# enabled: false
185
# # The name of a pre-created Secret containing a TLS private key and certificate
186
# secretName: ""
187
188
# The Ingress Class for the web Ingress
189
ingressClassName: ""
190
# Configs for web Ingress TLS (deprecated, use `ingress.web.hosts[*].tls` instead)
191
tls:
192
# Enable TLS termination for the web Ingress
193
enabled: false
194
# The name of a pre-created Secret containing a TLS private key and certificate
195
secretName: ""
196
# HTTP paths to add to the web Ingress before the default path
197
precedingPaths: []
198
# HTTP paths to add to the web Ingress after the default path
199
succeedingPaths: []
200
# Configs for the Ingress of the flower Service
201
flower:
202
# Enable web ingress resource
203
enabled: false
204
# Annotations for the flower Ingress
205
annotations: {}
206
# The path for the flower Ingress
207
path: "/"
208
# The pathType for the above path
209
pathType: "ImplementationSpecific"
210
# The hostname for the flower Ingress (deprecated, use `ingress.flower.hosts` instead)
211
host: ""
212
# The hostnames or hosts configuration for the flower Ingress (templated)
213
hosts: []
214
# - name: ""
215
# tls:
216
# # Enable TLS termination for the flower Ingress
217
# enabled: false
218
# # The name of a pre-created Secret containing a TLS private key and certificate
219
# secretName: ""
220
221
# The Ingress Class for the flower Ingress
222
ingressClassName: ""
223
# Configs for flower Ingress TLS (deprecated, use `ingress.flower.hosts[*].tls` instead)
224
tls:
225
# Enable TLS termination for the flower Ingress
226
enabled: false
227
# The name of a pre-created Secret containing a TLS private key and certificate
228
secretName: ""
229
# Configs for the Ingress of the StatsD Service
230
statsd:
231
# Enable web ingress resource
232
enabled: false
233
# Annotations for the StatsD Ingress
234
annotations: {}
235
# The path for the StatsD Ingress
236
path: "/metrics"
237
# The pathType for the above path
238
pathType: "ImplementationSpecific"
239
# The hostname for the StatsD Ingress (deprecated, use `ingress.statsd.hosts` instead)
240
host: ""
241
# The hostnames or hosts configuration for the StatsD Ingress (templated)
242
hosts: []
243
# - name: ""
244
# tls:
245
# # Enable TLS termination for the StatsD Ingress
246
# enabled: false
247
# # The name of a pre-created Secret containing a TLS private key and certificate
248
# secretName: ""
249
250
# The Ingress Class for the StatsD Ingress
251
ingressClassName: ""
252
# Configs for the Ingress of the PgBouncer Service
253
pgbouncer:
254
# Enable web ingress resource
255
enabled: false
256
# Annotations for the PgBouncer Ingress
257
annotations: {}
258
# The path for the PgBouncer Ingress
259
path: "/metrics"
260
# The pathType for the above path
261
pathType: "ImplementationSpecific"
262
# The hostname for the PgBouncer Ingress (deprecated, use `ingress.pgbouncer.hosts` instead)
263
host: ""
264
# The hostnames or hosts configuration for the PgBouncer Ingress (templated)
265
hosts: []
266
# - name: ""
267
# tls:
268
# # Enable TLS termination for the PgBouncer Ingress
269
# enabled: false
270
# # The name of a pre-created Secret containing a TLS private key and certificate
271
# secretName: ""
272
273
# The Ingress Class for the PgBouncer Ingress
274
ingressClassName: ""
275
# Network policy configuration
276
networkPolicies:
277
# Enabled network policies
278
enabled: false
279
# Extra annotations to apply to all Airflow pods (templated)
280
airflowPodAnnotations: {}
281
# Extra annotations to apply to main Airflow ConfigMap
282
airflowConfigAnnotations: {}
283
# 'airflow_local_settings' file as a string (templated)
284
airflowLocalSettings: |-
285
{{- if semverCompare "<3.0.0" .Values.airflowVersion }}
286
{{- if not (or .Values.webserverSecretKey .Values.webserverSecretKeySecretName) }}
287
from airflow.www.utils import UIAlert
288
289
DASHBOARD_UIALERTS = [
290
UIAlert(
291
'Usage of a dynamic webserver secret key detected. We recommend a static webserver secret key instead.'
292
' See the <a href='
293
'"https://airflow.apache.org/docs/helm-chart/stable/production-guide.html#webserver-secret-key" '
294
'target="_blank" rel="noopener noreferrer">'
295
'Helm Chart Production Guide</a> for more details.',
296
category="warning",
297
roles=["Admin"],
298
html=True,
299
)
300
]
301
{{- end }}
302
{{- end }}
303
# Enable RBAC (default on most clusters these days)
304
rbac:
305
# Specifies whether RBAC resources should be created
306
create: true
307
createSCCRoleBinding: false
308
# Airflow executor
309
# One or multiple of: LocalExecutor, CeleryExecutor, KubernetesExecutor
310
# For Airflow <3.0, LocalKubernetesExecutor and CeleryKubernetesExecutor are supported.
311
# Specify executors in a prioritized list to leverage multiple execution environments as needed:
312
# https://airflow.apache.org/docs/apache-airflow/stable/core-concepts/executor/index.html#using-multiple-executors-concurrently
313
executor: "CeleryExecutor"
314
# If this is true and using LocalExecutor/KubernetesExecutor/CeleryKubernetesExecutor, the scheduler's
315
# Service Account will have access to communicate with the api-server and launch pods/jobs.
316
# If this is true and using CeleryExecutor/KubernetesExecutor/CeleryKubernetesExecutor, the workers
317
# will be able to launch pods/jobs.
318
allowPodLaunching: true
319
allowJobLaunching: false
320
# Environment variables for all Airflow containers
321
env: []
322
# - name: ""
323
# value: ""
324
325
# Volumes for all Airflow containers
326
volumes: []
327
# VolumeMounts for all Airflow containers
328
volumeMounts: []
329
# Secrets for all Airflow containers
330
secret: []
331
# - envName: ""
332
# secretName: ""
333
# secretKey: ""
334
335
# Enables selected built-in secrets that are set via environment variables by default.
336
# Those secrets are provided by the Helm Chart secrets by default but in some cases you
337
# might want to provide some of those variables with _CMD or _SECRET variable, and you should
338
# in this case disable setting of those variables by setting the relevant configuration to 'false'.
339
enableBuiltInSecretEnvVars:
340
AIRFLOW__CORE__FERNET_KEY: true
341
AIRFLOW__DATABASE__SQL_ALCHEMY_CONN: true
342
AIRFLOW_CONN_AIRFLOW_DB: true
343
AIRFLOW__API__SECRET_KEY: true
344
AIRFLOW__API_AUTH__JWT_SECRET: true
345
AIRFLOW__WEBSERVER__SECRET_KEY: true
346
AIRFLOW__CELERY__RESULT_BACKEND: true
347
AIRFLOW__CELERY__BROKER_URL: true
348
AIRFLOW__ELASTICSEARCH__HOST: true
349
AIRFLOW__OPENSEARCH__HOST: true
350
# Priority Classes that will be installed by charts.
351
# Ideally, there should be an entry for dagProcessor, flower,
352
# pgbouncer, scheduler, statsd, triggerer, webserver/api-server, worker.
353
# The format for priorityClasses is an array with each element having:
354
# * name is the name of the priorityClass. Ensure the same name is given to the respective section as well
355
# * preemptionPolicy for the priorityClass
356
# * value is the preemption value for the priorityClass
357
priorityClasses: []
358
# - name: class1 (if this is for dagProcessor, ensure overriding `dagProcessor.priorityClass` too)
359
# preemptionPolicy: PreemptLowerPriority
360
# value: 10000
361
# - name: class2
362
# preemptionPolicy: Never
363
# value: 100000
364
365
# Extra secrets that will be managed by the chart
366
# (You can use them with `extraEnv` or `extraEnvFrom` or some of the `extraVolumes` values).
367
# The format for secret data is "key/value" where
368
# * key (templated) is the name of the secret that will be created
369
# * value: an object with the standard 'data' or 'stringData' key (or both).
370
# The value associated with those keys must be a string (templated)
371
extraSecrets: {}
372
# extraSecrets:
373
# '{{ .Release.Name }}-airflow-connections':
374
# type: 'Opaque'
375
# labels:
376
# my.custom.label/v1: my_custom_label_value_1
377
# data: |
378
# AIRFLOW_CONN_GCP: 'base64_encoded_gcp_conn_string'
379
# AIRFLOW_CONN_AWS: 'base64_encoded_aws_conn_string'
380
# stringData: |
381
# AIRFLOW_CONN_OTHER: 'other_conn'
382
# '{{ .Release.Name }}-other-secret-name-suffix':
383
# data: |
384
# ...
385
# 'proxy-config':
386
# stringData: |
387
# HTTP_PROXY: http://proxy_user:proxy_password@192.168.0.10:2080
388
# HTTPS_PROXY: http://proxy_user:proxy_password@192.168.0.10:2080
389
# NO_PROXY: "localhost,127.0.0.1,.svc.cluster.local,kubernetes.default.svc"
390
391
# Extra ConfigMaps that will be managed by the chart
392
# (You can use them with `extraEnv` or `extraEnvFrom` or some of the `extraVolumes` values).
393
# The format for ConfigMap data is "key/value" where
394
# * key (templated) is the name of the ConfigMap that will be created
395
# * value: an object with the standard 'data' key.
396
# The value associated with this keys must be a string (templated)
397
extraConfigMaps: {}
398
# extraConfigMaps:
399
# '{{ .Release.Name }}-airflow-variables':
400
# labels:
401
# my.custom.label/v2: my_custom_label_value_2
402
# data: |
403
# AIRFLOW_VAR_HELLO_MESSAGE: "Hi!"
404
# AIRFLOW_VAR_KUBERNETES_NAMESPACE: "{{ .Release.Namespace }}"
405
406
# Extra env 'items' that will be added to the definition of Airflow containers
407
# a string is expected (templated).
408
# TODO: difference from `env`? This is a templated string. Probably should template `env` and remove this.
409
extraEnv: ~
410
# extraEnv: |
411
# - name: AIRFLOW__CORE__LOAD_EXAMPLES
412
# value: 'True'
413
414
# Extra envFrom 'items' that will be added to the definition of Airflow containers
415
# A string is expected (templated).
416
extraEnvFrom: ~
417
# extraEnvFrom: |
418
# - secretRef:
419
# name: '{{ .Release.Name }}-airflow-connections'
420
# - configMapRef:
421
# name: '{{ .Release.Name }}-airflow-variables'
422
423
# Airflow database & redis config
424
data:
425
# If secret name is provided, secret itself has to be created manually with 'connection' key like:
426
#
427
# kind: Secret
428
# apiVersion: v1
429
# metadata:
430
# name: custom-airflow-metadata-secret
431
# type: Opaque
432
# data:
433
# connection: base64_encoded_connection_string
434
#
435
# The 'connection' key is base64-encoded SQLAlchemy connection string, e.g.:
436
# postgresql+psycopg2://airflow:password@postgres/airflow
437
metadataSecretName: ~
438
# If not set, falls back to metadataSecretName. The secret must contain 'connection' key which is
439
# a base64-encoded connection string, e.g.:
440
# postgresql+psycopg2://user:password@host/db
441
resultBackendSecretName: ~
442
brokerUrlSecretName: ~
443
# If `metadataSecretName` is not specified, pass connection values below
444
metadataConnection:
445
user: postgres
446
pass: postgres
447
protocol: postgresql
448
host: ~
449
port: 5432
450
db: postgres
451
sslmode: disable
452
# Add custom annotations to the metadata connection secret
453
secretAnnotations: {}
454
# `resultBackendConnection` defaults to the same database as metadataConnection
455
resultBackendConnection: ~
456
# or, you can use a different database like:
457
# resultBackendConnection:
458
# user: postgres
459
# pass: postgres
460
# protocol: postgresql
461
# host: ~
462
# port: 5432
463
# db: postgres
464
# sslmode: disable
465
466
# Add custom annotations to the result backend connection secret
467
resultBackendConnectionSecretAnnotations: {}
468
# Note: `brokerUrl` can only be set during 'helm install', not 'helm upgrade' command
469
brokerUrl: ~
470
# Add custom annotations to the broker url secret
471
brokerUrlSecretAnnotations: {}
472
# Fernet key settings
473
# Note: `fernetKey` can only be set during 'helm install', not 'helm upgrade' command
474
fernetKey: ~
475
# If set, the secret must contain a 'fernet-key' key with a base64-encoded key value
476
fernetKeySecretName: ~
477
# Fernet key secret example:
478
# kind: Secret
479
# apiVersion: v1
480
# metadata:
481
# name: custom-fernet-key-secret
482
# type: Opaque
483
# data:
484
# fernet-key: <base64_encoded_fernet_key>
485
486
# Add custom annotations to the fernet key secret
487
fernetKeySecretAnnotations: {}
488
# Flask secret key for Airflow 3+ Api: '[api] secret_key' in airflow.cfg
489
apiSecretKey: ~
490
# Add custom annotations to the api secret
491
apiSecretAnnotations: {}
492
# If set, the secret must contain a key 'api-secret-key' with a base64-encoded key value
493
apiSecretKeySecretName: ~
494
# API secret key example:
495
# kind: Secret
496
# apiVersion: v1
497
# metadata:
498
# name: custom-api-secret
499
# type: Opaque
500
# data:
501
# api-secret-key: <base64_encoded_api_secret_key>
502
503
# Secret key used to encode and decode JWTs: '[api_auth] jwt_secret' in airflow.cfg
504
# Note: It is not advised to use in production as during helm upgrade it will be changed
505
# which can cause dag failures during component rollouts
506
jwtSecret: ~
507
# Add custom annotations to the JWT secret
508
jwtSecretAnnotations: {}
509
# If set, the secret must contain a key 'jwt-secret' with a base64-encoded key value
510
jwtSecretName: ~
511
# JWT secret example:
512
# kind: Secret
513
# apiVersion: v1
514
# metadata:
515
# name: custom-jwt-secret
516
# type: Opaque
517
# data:
518
# jwt-secret: <base64_encoded_jwt_secret>
519
520
# Flask secret key for Airflow <3 Webserver: '[webserver] secret_key' in airflow.cfg
521
# (deprecated, use `apiSecretKey` instead (Airflow 3+))
522
webserverSecretKey: ~
523
# Add custom annotations to the webserver secret
524
# (deprecated, use `apiSecretAnnotations` instead (Airflow 3+))
525
webserverSecretAnnotations: {}
526
# If set, the secret must contain a key 'webserver-secret-key' with a base64-encoded key value
527
# (deprecated, use `apiSecretKeySecretName` instead (Airflow 3+))
528
webserverSecretKeySecretName: ~
529
# Webserver secret key secret example:
530
# kind: Secret
531
# apiVersion: v1
532
# metadata:
533
# name: custom-webserver-secret
534
# type: Opaque
535
# data:
536
# webserver-secret-key: <base64_encoded_secret_key>
537
538
# In order to use kerberos you need to create secret containing the keytab file.
539
# The secret name should follow naming convention of the application where resources are
540
# name '{{ .Release.Name }}-<postfix>'. In case of the keytab file, the '<postfix>' is "kerberos-keytab".
541
# If your release is named "my-release" the name of the secret should be "my-release-kerberos-keytab".
542
#
543
# The Keytab content should be available in the "kerberos.keytab" key of the secret.
544
# apiVersion: v1
545
# kind: Secret
546
# data:
547
# kerberos.keytab: <base64_encoded keytab file content>
548
# type: Opaque
549
#
550
# If you have keytab file you can do it with similar:
551
# kubectl create secret generic {{ .Release.Name }}-kerberos-keytab --from-file=kerberos.keytab
552
#
553
# Alternatively, instead of manually creating the secret, it is possible to specify
554
# `kerberos.keytabBase64Content` parameter. This parameter should contain base64 encoded keytab.
555
kerberos:
556
enabled: false
557
ccacheMountPath: /var/kerberos-ccache
558
ccacheFileName: cache
559
configPath: /etc/krb5.conf
560
keytabBase64Content: ~
561
keytabPath: /etc/airflow.keytab
562
principal: airflow@FOO.COM
563
reinitFrequency: 3600
564
config: |
565
# This is an example config showing how you can use templating and how "example" config
566
# might look like. It works with the test kerberos server that we are using during integration
567
# testing at Apache Airflow (see 'scripts/ci/docker-compose/integration-kerberos.yml' but in
568
# order to make it production-ready you must replace it with your own configuration that
569
# Matches your kerberos deployment. Administrators of your Kerberos instance should
570
# provide the right configuration.
571
572
[logging]
573
default = "FILE:{{ template "airflow_logs_no_quote" . }}/kerberos_libs.log"
574
kdc = "FILE:{{ template "airflow_logs_no_quote" . }}/kerberos_kdc.log"
575
admin_server = "FILE:{{ template "airflow_logs_no_quote" . }}/kadmind.log"
576
577
[libdefaults]
578
default_realm = FOO.COM
579
ticket_lifetime = 10h
580
renew_lifetime = 7d
581
forwardable = true
582
583
[realms]
584
FOO.COM = {
585
kdc = kdc-server.foo.com
586
admin_server = admin_server.foo.com
587
}
588
# Airflow Worker Config
589
workers:
590
# Number of Airflow Celery workers (deprecated, use `workers.celery.replicas` instead)
591
replicas: 1
592
# Max number of old Airflow Celery workers ReplicaSets to retain
593
# (deprecated, use `workers.celery.revisionHistoryLimit` instead)
594
revisionHistoryLimit: ~
595
# Command to use when running Airflow Celery workers and using pod-template-file (templated)
596
# (deprecated, use `workers.celery.command` and/or `workers.kubernetes.command` instead)
597
command: ~
598
# Args to use when running Airflow Celery workers (templated)
599
# (deprecated, use `workers.celery.args` instead)
600
args:
601
- "bash"
602
- "-c"
603
# The format below is necessary to get `helm lint` happy
604
- |-
605
exec \
606
airflow celery worker
607
{{- if and .Values.workers.queue (ne .Values.workers.queue "default") }}
608
{{- " -q " }}{{ .Values.workers.queue }}
609
{{- end }}
610
# If the Airflow Celery worker stops responding for 5 minutes (5*60s)
611
# kill the worker and let Kubernetes restart it
612
# (deprecated, use `workers.celery.livenessProbe` section instead)
613
livenessProbe:
614
# (deprecated, use `workers.celery.livenessProbe.enabled` instead)
615
enabled: true
616
# (deprecated, use `workers.celery.livenessProbe.initialDelaySeconds` instead)
617
initialDelaySeconds: 10
618
# (deprecated, use `workers.celery.livenessProbe.timeoutSeconds` instead)
619
timeoutSeconds: 20
620
# (deprecated, use `workers.celery.livenessProbe.failureThreshold` instead)
621
failureThreshold: 5
622
# (deprecated, use `workers.celery.livenessProbe.periodSeconds` instead)
623
periodSeconds: 60
624
# (deprecated, use `workers.celery.livenessProbe.command` instead)
625
command: ~
626
# Update Strategy when Airflow Celery worker is deployed as a StatefulSet
627
# (deprecated, use `workers.celery.updateStrategy` instead)
628
updateStrategy: ~
629
# Update Strategy when Airflow Celery worker is deployed as a Deployment
630
# (deprecated, use `workers.celery.strategy` instead)
631
strategy:
632
rollingUpdate:
633
maxSurge: "100%"
634
maxUnavailable: "50%"
635
# Allow relaxing ordering guarantees for Airflow Celery worker while preserving its uniqueness and identity
636
# (deprecated, use `workers.celery.podManagementPolicy` instead)
637
# podManagementPolicy: Parallel
638
639
# When not set, the values defined in the global securityContext will
640
# be used in Airflow Celery workers and pod-template-file
641
# (deprecated, use `workers.celery.securityContexts` and/or `workers.kubernetes.securityContexts` instead)
642
securityContext: {}
643
# runAsUser: 50000
644
# fsGroup: 0
645
# runAsGroup: 0
646
647
# Detailed default security context for the
648
# Airflow Celery workers and pod-template-file on container and pod level
649
# (deprecated, use `workers.celery.securityContexts` and/or `workers.kubernetes.securityContexts` instead)
650
securityContexts:
651
# (deprecated, use
652
# `workers.celery.securityContexts.pod` and/or
653
# `workers.kubernetes.securityContexts.pod`
654
# instead)
655
pod: {}
656
# (deprecated, use
657
# `workers.celery.securityContexts.container` and/or
658
# `workers.kubernetes.securityContexts.container`
659
# instead)
660
container: {}
661
# Container level Lifecycle Hooks definition for
662
# Airflow Celery workers and pods created with pod-template-file
663
# (deprecated, use
664
# `workers.celery.containerLifecycleHooks` and/or
665
# `workers.kubernetes.containerLifecycleHooks`
666
# instead)
667
containerLifecycleHooks: {}
668
# Airflow Celery workers pod disruption budget
669
# (deprecated, use `workers.celery.podDisruptionBudget` instead)
670
podDisruptionBudget:
671
# (deprecated, use `workers.celery.podDisruptionBudget.enabled` instead)
672
enabled: false
673
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
674
# (deprecated, use `workers.celery.podDisruptionBudget.config` instead)
675
config:
676
# (deprecated, use `workers.celery.podDisruptionBudget.config.maxUnavailable` instead)
677
maxUnavailable: 1
678
# (deprecated, use `workers.celery.podDisruptionBudget.config.minAvailable` instead)
679
# minAvailable: 1
680
# Create Service Account for Airflow Celery workers and pods created with pod-template-file
681
# (deprecated, use `workers.celery.serviceAccount` and/or `workers.kubernetes.serviceAccount` instead)
682
serviceAccount:
683
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
684
# (deprecated, use
685
# `workers.celery.serviceAccount.automountServiceAccountToken` and/or
686
# `workers.kubernetes.serviceAccount.automountServiceAccountToken`
687
# instead)
688
automountServiceAccountToken: true
689
# Specifies whether a Service Account should be created
690
# (deprecated, use
691
# `workers.celery.serviceAccount.create` and/or
692
# `workers.kubernetes.serviceAccount.create`
693
# instead)
694
create: true
695
# The name of the Service Account to use.
696
# If not set and `create` is 'true', a name is generated using the release name
697
# (deprecated, use
698
# `workers.celery.serviceAccount.name` and/or
699
# `workers.kubernetes.serviceAccount.name`
700
# instead)
701
name: ~
702
# Annotations to add to worker Kubernetes Service Account.
703
# (deprecated, use
704
# `workers.celery.serviceAccount.annotations` and/or
705
# `workers.kubernetes.serviceAccount.annotations`
706
# instead)
707
annotations: {}
708
# Allow KEDA autoscaling for Airflow Celery workers
709
# (deprecated, use `workers.celery.keda` instead)
710
keda:
711
# (deprecated, use `workers.celery.keda.enabled` instead)
712
enabled: false
713
# (deprecated, use `workers.celery.keda.namespaceLabels` instead)
714
namespaceLabels: {}
715
# How often KEDA polls the Airflow DB to report new scale requests to the HPA
716
# (deprecated, use `workers.celery.keda.pollingInterval` instead)
717
pollingInterval: 5
718
# How many seconds KEDA will wait before scaling to zero.
719
# Note: HPA has a separate cooldown period for scale-downs
720
# (deprecated, use `workers.celery.keda.cooldownPeriod` instead)
721
cooldownPeriod: 30
722
# Minimum number of Airflow Celery workers created by keda
723
# (deprecated, use `workers.celery.keda.minReplicaCount` instead)
724
minReplicaCount: 0
725
# Maximum number of Airflow Celery workers created by keda
726
# (deprecated, use `workers.celery.keda.maxReplicaCount` instead)
727
maxReplicaCount: 10
728
# Specify HPA related options
729
# (deprecated, use `workers.celery.keda.advanced` instead)
730
advanced: {}
731
# horizontalPodAutoscalerConfig:
732
# behavior:
733
# scaleDown:
734
# stabilizationWindowSeconds: 300
735
# policies:
736
# - type: Percent
737
# value: 100
738
# periodSeconds: 15
739
740
# Query to use for KEDA autoscaling. Must return a single integer.
741
# (deprecated, use `workers.celery.keda.query` instead)
742
query: >-
743
SELECT ceil(COUNT(*)::decimal / {{ .Values.config.celery.worker_concurrency }}) FROM task_instance WHERE (state='running' OR state='queued') AND queue IN ( {{- range $i, $q := splitList "," .Values.workers.queue -}} {{- if $i }},{{ end }}'{{ $q | trim }}' {{- end -}} ) {{- if contains "CeleryKubernetesExecutor" .Values.executor }} AND queue != '{{ .Values.config.celery_kubernetes_executor.kubernetes_queue }}' {{- else if contains "KubernetesExecutor" .Values.executor }} AND executor IS DISTINCT FROM 'KubernetesExecutor' {{- else if contains "airflow.providers.edge3.executors.EdgeExecutor" .Values.executor }} AND executor IS DISTINCT FROM 'EdgeExecutor' {{- end }}
744
# Weather to use PGBouncer to connect to the database or not when it is enabled
745
# This configuration will be ignored if PGBouncer is not enabled
746
# (deprecated, use `workers.celery.keda.usePgbouncer` instead)
747
usePgbouncer: true
748
# Allow HPA for Airflow Celery workers (KEDA must be disabled)
749
# (deprecated, use `workers.celery.hpa` instead)
750
hpa:
751
# (deprecated, use `workers.celery.hpa.enabled` instead)
752
enabled: false
753
# Minimum number of Airflow Celery workers created by HPA
754
# (deprecated, use `workers.celery.hpa.minReplicaCount` instead)
755
minReplicaCount: 0
756
# Maximum number of Airflow Celery workers created by HPA
757
# (deprecated, use `workers.celery.hpa.maxReplicaCount` instead)
758
maxReplicaCount: 5
759
# Specifications for which to use to calculate the desired replica count
760
# (deprecated, use `workers.celery.hpa.metrics` instead)
761
metrics:
762
- type: Resource
763
resource:
764
name: cpu
765
target:
766
type: Utilization
767
averageUtilization: 80
768
# Scaling behavior of the target in both Up and Down directions
769
# (deprecated, use `workers.celery.hpa.behavior` instead)
770
behavior: {}
771
# Persistence volume configuration for Airflow Celery workers
772
# (deprecated, use `workers.celery.persistence` instead)
773
persistence:
774
# Enable persistent volumes (deprecated, use `workers.celery.persistence.enabled` instead)
775
enabled: true
776
# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed
777
# (deprecated, use `workers.celery.persistence.persistentVolumeClaimRetentionPolicy` instead)
778
persistentVolumeClaimRetentionPolicy: ~
779
# persistentVolumeClaimRetentionPolicy:
780
# whenDeleted: Delete
781
# whenScaled: Delete
782
783
# Volume size for Airflow Celery worker StatefulSet
784
# (deprecated, use `workers.celery.persistence.size` instead)
785
size: 100Gi
786
# If using a custom storageClass, pass name ref to all StatefulSets here
787
# (deprecated, use `workers.celery.persistence.storageClassName` instead)
788
storageClassName:
789
# Execute init container to chown log directory.
790
# This is currently only needed in kind, due to usage
791
# of local-path provisioner.
792
# (deprecated, use `workers.celery.persistence.fixPermissions` instead)
793
fixPermissions: false
794
# Annotations to add to Airflow Celery worker volumes
795
# (deprecated, use `workers.celery.persistence.annotations` instead)
796
annotations: {}
797
# Detailed default security context for persistence on container level
798
# (deprecated, use `workers.celery.persistence.securityContexts` instead)
799
securityContexts:
800
# (deprecated, use `workers.celery.persistence.securityContexts.container` instead)
801
container: {}
802
# Kerberos sidecar configuration for Airflow Celery workers and pods created with pod-template-file
803
# (deprecated, use `workers.celery.kerberosSidecar` and/or `workers.kubernetes.kerberosSidecar` instead)
804
kerberosSidecar:
805
# Enable kerberos sidecar
806
# (deprecated, use
807
# `workers.celery.kerberosSidecar.enabled` and/or
808
# `workers.kubernetes.kerberosSidecar.enabled`
809
# instead)
810
enabled: false
811
# (deprecated, use
812
# `workers.celery.kerberosSidecar.resources` and/or
813
# `workers.kubernetes.kerberosSidecar.resources`
814
# instead)
815
resources: {}
816
# limits:
817
# cpu: 100m
818
# memory: 128Mi
819
# requests:
820
# cpu: 100m
821
# memory: 128Mi
822
823
# Detailed default security context for kerberos sidecar on container level
824
# (deprecated, use
825
# `workers.celery.kerberosSidecar.securityContexts` and/or
826
# `workers.kubernetes.kerberosSidecar.securityContexts`
827
# instead)
828
securityContexts:
829
# (deprecated, use
830
# `workers.celery.kerberosSidecar.securityContexts.container` and/or
831
# `workers.kubernetes.kerberosSidecar.securityContexts.container`
832
# instead)
833
container: {}
834
# Container level lifecycle hooks
835
# (deprecated, use
836
# `workers.celery.kerberosSidecar.containerLifecycleHooks` and/or
837
# `workers.kubernetes.kerberosSidecar.containerLifecycleHooks`
838
# instead)
839
containerLifecycleHooks: {}
840
# Kerberos init container configuration for Airflow Celery workers and pods created with pod-template-file
841
# (deprecated, use
842
# `workers.celery.kerberosInitContainer` and/or
843
# `workers.kubernetes.kerberosInitContainer`
844
# instead)
845
kerberosInitContainer:
846
# Enable kerberos init container
847
# (deprecated, use
848
# `workers.celery.kerberosInitContainer.enabled` and/or
849
# `workers.kubernetes.kerberosInitContainer.enabled`
850
# instead)
851
enabled: false
852
# (deprecated, use
853
# `workers.celery.kerberosInitContainer.resources` and/or
854
# `workers.kubernetes.kerberosInitContainer.resources`
855
# instead)
856
resources: {}
857
# limits:
858
# cpu: 100m
859
# memory: 128Mi
860
# requests:
861
# cpu: 100m
862
# memory: 128Mi
863
864
# Detailed default security context for kerberos init container
865
# (deprecated, use
866
# `workers.celery.kerberosInitContainer.securityContexts` and/or
867
# `workers.kubernetes.kerberosInitContainer.securityContexts`
868
# instead)
869
securityContexts:
870
# (deprecated, use
871
# `workers.celery.kerberosInitContainer.securityContexts.container` and/or
872
# `workers.kubernetes.kerberosInitContainer.securityContexts.container`
873
# instead)
874
container: {}
875
# Container level lifecycle hooks
876
# (deprecated, use
877
# `workers.celery.kerberosInitContainer.containerLifecycleHooks` and/or
878
# `workers.kubernetes.kerberosInitContainer.containerLifecycleHooks`
879
# instead)
880
containerLifecycleHooks: {}
881
# Resource configuration for Airflow Celery workers and pods created with pod-template-file
882
# (deprecated, use `workers.celery.resources` and/or `workers.kubernetes.resources` instead)
883
resources: {}
884
# limits:
885
# cpu: 100m
886
# memory: 128Mi
887
# requests:
888
# cpu: 100m
889
# memory: 128Mi
890
891
# Grace period for tasks to finish after SIGTERM is sent from Kubernetes.
892
# It is used by Airflow Celery workers and pod-template-file.
893
# (deprecated, use
894
# `workers.celery.terminationGracePeriodSeconds` and/or
895
# `workers.kubernetes.terminationGracePeriodSeconds`
896
# instead)
897
terminationGracePeriodSeconds: 600
898
# This setting tells Kubernetes that its ok to evict when it wants to scale a node down.
899
# It is used by Airflow Celery workers and pod-template-file.
900
# (deprecated, use
901
# `workers.celery.safeToEvict` and/or
902
# `workers.kubernetes.safeToEvict`
903
# instead)
904
safeToEvict: false
905
# Launch additional containers into Airflow Celery worker
906
# and pods created with pod-template-file (templated).
907
# (deprecated, use
908
# `workers.celery.extraContainers` and/or
909
# `workers.kubernetes.extraContainers`
910
# instead)
911
# Note: If used with KubernetesExecutor, you are responsible for signaling sidecars to exit when the main
912
# container finishes so Airflow can continue the worker shutdown process!
913
extraContainers: []
914
# Add additional init containers into Airflow Celery workers
915
# and pods created with pod-template-file (templated).
916
# (deprecated, use
917
# `workers.celery.extraInitContainers` and/or
918
# `workers.kubernetes.extraInitContainers`
919
# instead)
920
extraInitContainers: []
921
# Additional volumes attached to the Airflow Celery workers
922
# and pods created with pod-template-file
923
# (deprecated, use `workers.celery.extraVolumes` and/or `workers.kubernetes.extraVolumes` instead)
924
extraVolumes: []
925
# Mount additional volumes into workers pods. It can be templated like in the following example:
926
# extraVolumes:
927
# - name: my-templated-extra-volume
928
# secret:
929
# secretName: '{{ include "my_secret_template" . }}'
930
# defaultMode: 0640
931
# optional: true
932
933
# Additional volume mounts attached to the Airflow Celery workers
934
# and pods created with pod-template-file
935
# (deprecated, use
936
# `workers.celery.extraVolumeMounts` and/or
937
# `workers.kubernetes.extraVolumeMounts`
938
# instead)
939
extraVolumeMounts: []
940
# Mount additional volumes into workers pods. It can be templated like in the following example:
941
# extraVolumeMounts:
942
# - name: my-templated-extra-volume
943
# mountPath: "{{ .Values.my_custom_path }}"
944
# readOnly: true
945
946
# Expose additional ports of Airflow Celery workers. These can be used for additional metric collection.
947
# (deprecated, use `workers.celery.extraPorts` instead)
948
extraPorts: []
949
# Select certain nodes for Airflow Celery worker pods and pods created with pod-template-file
950
# (deprecated, use `workers.celery.nodeSelector` and/or `workers.kubernetes.nodeSelector` instead)
951
nodeSelector: {}
952
# (deprecated, use `workers.celery.runtimeClassName` and/or `workers.kubernetes.runtimeClassName` instead)
953
runtimeClassName: ~
954
# (deprecated, use `workers.celery.priorityClassName` and/or `workers.kubernetes.priorityClassName` instead)
955
priorityClassName: ~
956
# (deprecated, use `workers.celery.affinity` and/or `workers.kubernetes.affinity` instead)
957
affinity: {}
958
# Default Airflow Celery worker affinity is:
959
# podAntiAffinity:
960
# preferredDuringSchedulingIgnoredDuringExecution:
961
# - podAffinityTerm:
962
# labelSelector:
963
# matchLabels:
964
# component: worker
965
# topologyKey: kubernetes.io/hostname
966
# weight: 100
967
968
# (deprecated, use `workers.celery.tolerations` and/or `workers.kubernetes.tolerations` instead)
969
tolerations: []
970
# (deprecated, use
971
# `workers.celery.topologySpreadConstraints` and/or
972
# `workers.kubernetes.topologySpreadConstraints`
973
# instead)
974
topologySpreadConstraints: []
975
# hostAliases to use in Airflow Celery worker pods and pods created with pod-template-file
976
# (deprecated, use `workers.celery.hostAliases` and/or `workers.kubernetes.hostAliases` instead)
977
# See:
978
# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
979
hostAliases: []
980
# - ip: "127.0.0.2"
981
# hostnames:
982
# - "test.hostname.one"
983
# - ip: "127.0.0.3"
984
# hostnames:
985
# - "test.hostname.two"
986
987
# Annotations for the Airflow Celery worker resource
988
# (deprecated, use `workers.celery.annotations` instead)
989
annotations: {}
990
# Pod annotations for the Airflow Celery workers and pods created with pod-template-file (templated)
991
# (deprecated, use `workers.celery.podAnnotations` and/or `workers.kubernetes.podAnnotations` instead)
992
podAnnotations: {}
993
# Labels specific to Airflow Celery workers objects and pods created with pod-template-file
994
# (deprecated, use `workers.celery.labels` and/or `workers.kubernetes.labels` instead)
995
labels: {}
996
# Log groomer configuration for Airflow Celery workers
997
# (deprecated, use `workers.celery.logGroomerSidecar` instead)
998
logGroomerSidecar:
999
# Whether to deploy the Airflow Celery worker log groomer sidecar
1000
# (deprecated, use `workers.celery.logGroomerSidecar.enabled` instead)
1001
enabled: true
1002
# Command to use when running the Airflow Celery worker log groomer sidecar (templated)
1003
# (deprecated, use `workers.celery.logGroomerSidecar.command` instead)
1004
command: ~
1005
# Args to use when running the Airflow Celery worker log groomer sidecar (templated)
1006
# (deprecated, use `workers.celery.logGroomerSidecar.args` instead)
1007
args: ["bash", "/clean-logs"]
1008
# Number of days to retain logs
1009
# (deprecated, use `workers.celery.logGroomerSidecar.retentionDays` instead)
1010
retentionDays: 15
1011
# Number of minutes to retain logs.
1012
# This can be used for finer granularity than days.
1013
# Total retention is `retentionDays` + `retentionMinutes`.
1014
# (deprecated, use `workers.celery.logGroomerSidecar.retentionMinutes` instead)
1015
retentionMinutes: 0
1016
# Frequency to attempt to groom logs (in minutes)
1017
# (deprecated, use `workers.celery.logGroomerSidecar.frequencyMinutes` instead)
1018
frequencyMinutes: 15
1019
# Max size of logs in bytes. 0 = disabled
1020
# (deprecated, use `workers.celery.logGroomerSidecar.maxSizeBytes` instead)
1021
maxSizeBytes: 0
1022
# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.
1023
# (deprecated, use `workers.celery.logGroomerSidecar.maxSizePercent` instead)
1024
maxSizePercent: 0
1025
# (deprecated, use `workers.celery.logGroomerSidecar.resources` instead)
1026
resources: {}
1027
# limits:
1028
# cpu: 100m
1029
# memory: 128Mi
1030
# requests:
1031
# cpu: 100m
1032
# memory: 128Mi
1033
1034
# Detailed default security context for `logGroomerSidecar` for container level
1035
# (deprecated, use `workers.celery.logGroomerSidecar.securityContexts` instead)
1036
securityContexts:
1037
# (deprecated, use `workers.celery.logGroomerSidecar.securityContexts.container` instead)
1038
container: {}
1039
# (deprecated, use `workers.celery.logGroomerSidecar.env` instead)
1040
env: []
1041
# Container level lifecycle hooks
1042
# (deprecated, use `workers.celery.logGroomerSidecar.containerLifecycleHooks` instead)
1043
containerLifecycleHooks: {}
1044
# Configuration of wait-for-airflow-migration init container for Airflow Celery workers
1045
# (deprecated, use `workers.celery.waitForMigrations` instead)
1046
waitForMigrations:
1047
# Whether to create init container to wait for db migrations
1048
# (deprecated, use `workers.celery.waitForMigrations.enabled` instead)
1049
enabled: true
1050
# (deprecated, use `workers.celery.waitForMigrations.env` instead)
1051
env: []
1052
# Detailed default security context for wait-for-airflow-migrations container
1053
# (deprecated, use `workers.celery.waitForMigrations.securityContexts` instead)
1054
securityContexts:
1055
# (deprecated, use `workers.celery.waitForMigrations.securityContexts.container` instead)
1056
container: {}
1057
# Additional env variable configuration for Airflow Celery workers and pods created with pod-template-file
1058
# (deprecated, use `workers.celery.env` and/or `workers.kubernetes.env` instead)
1059
env: []
1060
# Additional volume claim templates for Airflow Celery workers.
1061
# Requires mounting of specified volumes under extraVolumeMounts.
1062
# (deprecated, use `workers.celery.volumeClaimTemplates` instead)
1063
volumeClaimTemplates: []
1064
# Volume Claim Templates example:
1065
# volumeClaimTemplates:
1066
# - metadata:
1067
# name: data-volume-1
1068
# spec:
1069
# storageClassName: "storage-class-1"
1070
# accessModes:
1071
# - "ReadWriteOnce"
1072
# resources:
1073
# requests:
1074
# storage: "10Gi"
1075
# - metadata:
1076
# name: data-volume-2
1077
# spec:
1078
# storageClassName: "storage-class-2"
1079
# accessModes:
1080
# - "ReadWriteOnce"
1081
# resources:
1082
# requests:
1083
# storage: "20Gi"
1084
1085
# (deprecated, use `workers.celery.schedulerName` and/or `workers.kubernetes.schedulerName` instead)
1086
schedulerName: ~
1087
celery:
1088
# Number of Airflow Celery workers
1089
replicas: ~
1090
# Max number of old Airflow Celery workers ReplicaSets to retain
1091
revisionHistoryLimit: ~
1092
# Command to use when running Airflow Celery workers (templated)
1093
command: ~
1094
# Args to use when running Airflow Celery workers (templated)
1095
args: ~
1096
# If the Airflow Celery worker stops responding for 5 minutes (5*60s)
1097
# kill the worker and let Kubernetes restart it
1098
livenessProbe:
1099
enabled: ~
1100
initialDelaySeconds: ~
1101
timeoutSeconds: ~
1102
failureThreshold: ~
1103
periodSeconds: ~
1104
command: ~
1105
# Enable the default workers defined by the root `workers` and `workers.celery`
1106
# configurations to be created.
1107
# If false, only dedicated workers defined in 'sets' will be created.
1108
enableDefault: true
1109
# Queue name for the default workers
1110
queue: "default"
1111
# List of worker sets. Each item can overwrite values from the parent `workers` and `workers.celery`
1112
# section.
1113
sets: []
1114
# sets:
1115
# - name: highcpu
1116
# replicas: 2
1117
# queue: "highcpu"
1118
# resources:
1119
# requests:
1120
# memory: "2Gi"
1121
# cpu: "4000m"
1122
# limits:
1123
# memory: "4Gi"
1124
# cpu: "8000m"
1125
# - name: highmem
1126
# replicas: 2
1127
# queue: "highmem"
1128
# resources:
1129
# requests:
1130
# memory: "4Gi"
1131
# cpu: "2000m"
1132
# limits:
1133
# memory: "8Gi"
1134
# cpu: "4000m"
1135
1136
# Update Strategy when Airflow Celery worker is deployed as a StatefulSet
1137
updateStrategy: ~
1138
# Update Strategy when Airflow Celery worker is deployed as a Deployment
1139
strategy: ~
1140
# Allow relaxing ordering guarantees for Airflow Celery worker
1141
# while preserving its uniqueness and identity
1142
# podManagementPolicy: Parallel
1143
1144
# Detailed default security context for Airflow Celery workers for container and pod level
1145
# If not set, the values from `workers.securityContexts` section will be used.
1146
securityContexts:
1147
pod: {}
1148
container: {}
1149
# Container level Lifecycle Hooks definition for Airflow Celery workers
1150
containerLifecycleHooks: {}
1151
# Airflow Celery workers pod disruption budget
1152
podDisruptionBudget:
1153
enabled: ~
1154
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
1155
config:
1156
maxUnavailable: ~
1157
# minAvailable: ~
1158
# Create Service Account for Airflow Celery workers
1159
serviceAccount:
1160
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1161
automountServiceAccountToken: ~
1162
# Specifies whether a Service Account should be created
1163
create: ~
1164
# The name of the Service Account to use.
1165
# If not set and `create` is 'true', a name is generated using the release name
1166
name: ~
1167
# Annotations to add to worker Kubernetes Service Account.
1168
annotations: {}
1169
# Allow KEDA autoscaling for Airflow Celery workers
1170
keda:
1171
enabled: ~
1172
namespaceLabels: {}
1173
# How often KEDA polls the airflow DB to report new scale requests to the HPA
1174
pollingInterval: ~
1175
# How many seconds KEDA will wait before scaling to zero.
1176
# Note: HPA has a separate cooldown period for scale-downs
1177
cooldownPeriod: ~
1178
# Minimum number of Airflow Celery workers created by KEDA
1179
minReplicaCount: ~
1180
# Maximum number of Airflow Celery workers created by KEDA
1181
maxReplicaCount: ~
1182
# Specify HPA related options
1183
advanced: {}
1184
# horizontalPodAutoscalerConfig:
1185
# behavior:
1186
# scaleDown:
1187
# stabilizationWindowSeconds: 300
1188
# policies:
1189
# - type: Percent
1190
# value: 100
1191
# periodSeconds: 15
1192
1193
# Query to use for KEDA autoscaling. Must return a single integer
1194
query: ~
1195
# Weather to use PGBouncer to connect to the database or not when it is enabled
1196
# This configuration will be ignored if PGBouncer is not enabled
1197
usePgbouncer: ~
1198
# Allow HPA for Airflow Celery workers (KEDA must be disabled)
1199
hpa:
1200
enabled: ~
1201
# Minimum number of Airflow Celery workers created by HPA
1202
minReplicaCount: ~
1203
# Maximum number of Airflow Celery workers created by HPA
1204
maxReplicaCount: ~
1205
# Specifications for which to use to calculate the desired replica count
1206
metrics: ~
1207
# Scaling behavior of the target in both Up and Down directions
1208
behavior: {}
1209
# Persistence volume configuration for Airflow Celery workers
1210
persistence:
1211
# Enable persistent volumes
1212
enabled: ~
1213
# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed
1214
persistentVolumeClaimRetentionPolicy: ~
1215
# persistentVolumeClaimRetentionPolicy:
1216
# whenDeleted: Delete
1217
# whenScaled: Delete
1218
1219
# Volume size for Airflow Celery worker StatefulSet
1220
size: ~
1221
# If using a custom storageClass, pass name ref to all StatefulSets here
1222
storageClassName:
1223
# Execute init container to chown log directory.
1224
# This is currently only needed in kind, due to usage
1225
# of local-path provisioner.
1226
fixPermissions: ~
1227
# Annotations to add to Airflow Celery worker volumes
1228
annotations: {}
1229
# Detailed default security context for persistence on container level
1230
securityContexts:
1231
container: {}
1232
# Kerberos sidecar configuration for Airflow Celery workers
1233
kerberosSidecar:
1234
# Enable kerberos sidecar
1235
enabled: ~
1236
resources: {}
1237
# limits:
1238
# cpu: 100m
1239
# memory: 128Mi
1240
# requests:
1241
# cpu: 100m
1242
# memory: 128Mi
1243
1244
# Detailed default security context for kerberos sidecar on container level
1245
securityContexts:
1246
container: {}
1247
# Container level lifecycle hooks
1248
containerLifecycleHooks: {}
1249
# Kerberos init container configuration for Airflow Celery workers
1250
# If not set, the values from `workers.kerberosInitContainer` section will be used.
1251
kerberosInitContainer:
1252
# Enable kerberos init container
1253
# If `workers.kerberosInitContainer.enabled` is set to True, this flag has no effect
1254
enabled: ~
1255
resources: {}
1256
# limits:
1257
# cpu: 100m
1258
# memory: 128Mi
1259
# requests:
1260
# cpu: 100m
1261
# memory: 128Mi
1262
1263
# Detailed default security context for kerberos init container
1264
securityContexts:
1265
container: {}
1266
# Container level lifecycle hooks
1267
containerLifecycleHooks: {}
1268
# Resource configuration for Airflow Celery workers
1269
resources: {}
1270
# limits:
1271
# cpu: 100m
1272
# memory: 128Mi
1273
# requests:
1274
# cpu: 100m
1275
# memory: 128Mi
1276
1277
# Grace period for tasks to finish after SIGTERM is sent from Kubernetes
1278
terminationGracePeriodSeconds: ~
1279
# This setting tells Kubernetes that its ok to evict when it wants to scale a node down
1280
safeToEvict: ~
1281
# Launch additional containers into Airflow Celery worker (templated)
1282
extraContainers: []
1283
# Add additional init containers into Airflow Celery workers (templated)
1284
extraInitContainers: []
1285
# Additional volumes attached to the Airflow Celery workers
1286
extraVolumes: []
1287
# Mount additional volumes into workers pods. It can be templated like in the following example:
1288
# extraVolumes:
1289
# - name: my-templated-extra-volume
1290
# secret:
1291
# secretName: '{{ include "my_secret_template" . }}'
1292
# defaultMode: 0640
1293
# optional: true
1294
1295
# Additional volume mounts attached to the Airflow Celery workers
1296
extraVolumeMounts: []
1297
# Mount additional volumes into workers pods. It can be templated like in the following example:
1298
# extraVolumeMounts:
1299
# - name: my-templated-extra-volume
1300
# mountPath: "{{ .Values.my_custom_path }}"
1301
# readOnly: true
1302
1303
# Expose additional ports of Airflow Celery workers. These can be used for additional metric collection.
1304
extraPorts: []
1305
# Select certain nodes for Airflow Celery worker pods
1306
nodeSelector: {}
1307
runtimeClassName: ~
1308
priorityClassName: ~
1309
affinity: {}
1310
# Default Airflow Celery worker affinity is:
1311
# podAntiAffinity:
1312
# preferredDuringSchedulingIgnoredDuringExecution:
1313
# - podAffinityTerm:
1314
# labelSelector:
1315
# matchLabels:
1316
# component: worker
1317
# topologyKey: kubernetes.io/hostname
1318
# weight: 100
1319
1320
tolerations: []
1321
topologySpreadConstraints: []
1322
# hostAliases to use in Airflow Celery worker pods
1323
# See:
1324
# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1325
hostAliases: []
1326
# - ip: "127.0.0.2"
1327
# hostnames:
1328
# - "test.hostname.one"
1329
# - ip: "127.0.0.3"
1330
# hostnames:
1331
# - "test.hostname.two"
1332
1333
# Annotations for the Airflow Celery worker resource
1334
annotations: {}
1335
# Pod annotations for the Airflow Celery workers (templated)
1336
podAnnotations: {}
1337
# Labels specific to Airflow Celery workers objects
1338
labels: {}
1339
# Log groomer configuration for Airflow Celery workers
1340
logGroomerSidecar:
1341
# Whether to deploy the Airflow Celery worker log groomer sidecar
1342
enabled: ~
1343
# Command to use when running the Airflow Celery worker log groomer sidecar (templated)
1344
command: ~
1345
# Args to use when running the Airflow Celery worker log groomer sidecar (templated)
1346
args: []
1347
# Number of days to retain logs
1348
retentionDays: ~
1349
# Number of minutes to retain logs.
1350
# This can be used for finer granularity than days.
1351
# Total retention is `retentionDays` + `retentionMinutes`.
1352
retentionMinutes: ~
1353
# Frequency to attempt to groom logs (in minutes)
1354
frequencyMinutes: ~
1355
# Max size of logs in bytes. 0 = disabled
1356
maxSizeBytes: ~
1357
# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.
1358
maxSizePercent: ~
1359
resources: {}
1360
# limits:
1361
# cpu: 100m
1362
# memory: 128Mi
1363
# requests:
1364
# cpu: 100m
1365
# memory: 128Mi
1366
1367
# Detailed default security context for `logGroomerSidecar` for container level
1368
securityContexts:
1369
container: {}
1370
env: []
1371
# Container level lifecycle hooks
1372
containerLifecycleHooks: {}
1373
# Configuration of wait-for-airflow-migration init container for Airflow Celery workers
1374
waitForMigrations:
1375
# Whether to create init container to wait for db migrations
1376
enabled: ~
1377
env: []
1378
# Detailed default security context for wait-for-airflow-migrations container
1379
securityContexts:
1380
container: {}
1381
# Additional env variable configuration for Airflow Celery workers
1382
env: []
1383
# Additional volume claim templates for Airflow Celery workers.
1384
# Requires mounting of specified volumes under extraVolumeMounts.
1385
volumeClaimTemplates: []
1386
# Volume Claim Templates example:
1387
# volumeClaimTemplates:
1388
# - metadata:
1389
# name: data-volume-1
1390
# spec:
1391
# storageClassName: "storage-class-1"
1392
# accessModes:
1393
# - "ReadWriteOnce"
1394
# resources:
1395
# requests:
1396
# storage: "10Gi"
1397
# - metadata:
1398
# name: data-volume-2
1399
# spec:
1400
# storageClassName: "storage-class-2"
1401
# accessModes:
1402
# - "ReadWriteOnce"
1403
# resources:
1404
# requests:
1405
# storage: "20Gi"
1406
1407
schedulerName: ~
1408
kubernetes:
1409
# Command to use in pod-template-file (templated)
1410
command: ~
1411
# Detailed default security context for pod-template-file for container and pod level
1412
# If not set, the values from `workers.securityContexts` section will be used.
1413
securityContexts:
1414
pod: {}
1415
container: {}
1416
# Container level Lifecycle Hooks definition for pods created with pod-template-file
1417
containerLifecycleHooks: {}
1418
# Create Service Account for pods created with pod-template-file
1419
# When this section is specified, the Service Account is created from
1420
# 'templates/workers/worker-kubernetes-serviceaccount.yaml' file
1421
serviceAccount:
1422
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1423
# If not specified, the `workers.serviceAccount.automountServiceAccountToken` value will be taken
1424
automountServiceAccountToken: ~
1425
# Specifies whether a Service Account should be created.
1426
# If not specified, the Service Account will be generated and used from
1427
# 'templates/workers/worker-serviceaccount.yaml' file if `workers.serviceAccount.create`
1428
# will be 'true'
1429
create: ~
1430
# The name of the Service Account to use.
1431
# If not set and `create` is 'true', a name is generated using the release name
1432
# with Kubernetes dedicated name
1433
name: ~
1434
# Annotations to add to worker Kubernetes Service Account.
1435
# If not specified, the `workers.serviceAccount.annotations` value will be taken
1436
annotations: {}
1437
# Kerberos sidecar configuration for pods created with pod-template-file
1438
kerberosSidecar:
1439
# Enable kerberos sidecar
1440
enabled: ~
1441
resources: {}
1442
# limits:
1443
# cpu: 100m
1444
# memory: 128Mi
1445
# requests:
1446
# cpu: 100m
1447
# memory: 128Mi
1448
1449
# Detailed default security context for kerberos sidecar on container level
1450
securityContexts:
1451
container: {}
1452
# Container level lifecycle hooks
1453
containerLifecycleHooks: {}
1454
# Kerberos init container configuration for pods created with pod-template-file
1455
# If not set, the values from `workers.kerberosInitContainer` section will be used.
1456
kerberosInitContainer:
1457
# Enable kerberos init container
1458
# If `workers.kerberosInitContainer.enabled` is set to True, this flag has no effect
1459
enabled: ~
1460
resources: {}
1461
# limits:
1462
# cpu: 100m
1463
# memory: 128Mi
1464
# requests:
1465
# cpu: 100m
1466
# memory: 128Mi
1467
1468
# Detailed default security context for kerberos init container
1469
securityContexts:
1470
container: {}
1471
# Container level lifecycle hooks
1472
containerLifecycleHooks: {}
1473
# Resource configuration for pods created with pod-template-file
1474
resources: {}
1475
# limits:
1476
# cpu: 100m
1477
# memory: 128Mi
1478
# requests:
1479
# cpu: 100m
1480
# memory: 128Mi
1481
1482
# Grace period for tasks to finish after SIGTERM is sent from Kubernetes
1483
terminationGracePeriodSeconds: ~
1484
# This setting tells Kubernetes that its ok to evict when it wants to scale a node down
1485
safeToEvict: ~
1486
# Launch additional containers into pods created with pod-template-file (templated).
1487
# Note: You are responsible for signaling sidecars to exit when the main
1488
# container finishes so Airflow can continue the worker shutdown process!
1489
extraContainers: []
1490
# Add additional init containers into pods created with pod-template-file (templated)
1491
extraInitContainers: []
1492
# Additional volumes attached to the pods created with pod-template-file
1493
extraVolumes: []
1494
# Mount additional volumes into workers pods. It can be templated like in the following example:
1495
# extraVolumes:
1496
# - name: my-templated-extra-volume
1497
# secret:
1498
# secretName: '{{ include "my_secret_template" . }}'
1499
# defaultMode: 0640
1500
# optional: true
1501
1502
# Additional volume mounts attached to the pods created with pod-template-file
1503
extraVolumeMounts: []
1504
# Mount additional volumes into workers pods. It can be templated like in the following example:
1505
# extraVolumeMounts:
1506
# - name: my-templated-extra-volume
1507
# mountPath: "{{ .Values.my_custom_path }}"
1508
# readOnly: true
1509
1510
# Select certain nodes for pods created with pod-template-file
1511
nodeSelector: {}
1512
runtimeClassName: ~
1513
priorityClassName: ~
1514
affinity: {}
1515
tolerations: []
1516
topologySpreadConstraints: []
1517
# hostAliases to use in pods created with pod-template-file
1518
# See:
1519
# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1520
hostAliases: []
1521
# - ip: "127.0.0.2"
1522
# hostnames:
1523
# - "test.hostname.one"
1524
# - ip: "127.0.0.3"
1525
# hostnames:
1526
# - "test.hostname.two"
1527
1528
# Pod annotations for the pods created with pod-template-file (templated)
1529
podAnnotations: {}
1530
# Labels specific to pods created with pod-template-file
1531
labels: {}
1532
# Additional env variable configuration for pods created with pod-template-file
1533
env: []
1534
schedulerName: ~
1535
# Airflow scheduler settings
1536
scheduler:
1537
enabled: true
1538
# hostAliases for the scheduler pod
1539
hostAliases: []
1540
# - ip: "127.0.0.1"
1541
# hostnames:
1542
# - "foo.local"
1543
# - ip: "10.1.2.3"
1544
# hostnames:
1545
# - "foo.remote"
1546
1547
# If the scheduler stops heartbeating for 5 minutes (5*60s) kill the
1548
# scheduler and let Kubernetes restart it
1549
livenessProbe:
1550
initialDelaySeconds: 10
1551
timeoutSeconds: 20
1552
failureThreshold: 5
1553
periodSeconds: 60
1554
command: ~
1555
# Wait for at most 1 minute (6*10s) for the scheduler container to startup.
1556
# LivenessProbe kicks in after the first successful startupProbe
1557
startupProbe:
1558
initialDelaySeconds: 0
1559
failureThreshold: 6
1560
periodSeconds: 10
1561
timeoutSeconds: 20
1562
command: ~
1563
# Amount of scheduler replicas
1564
replicas: 1
1565
# Max number of old replicasets to retain
1566
revisionHistoryLimit: ~
1567
# Command to use when running the Airflow scheduler (templated).
1568
command: ~
1569
# Args to use when running the Airflow scheduler (templated).
1570
args: ["bash", "-c", "exec airflow scheduler"]
1571
# Update Strategy when scheduler is deployed as a StatefulSet
1572
# (when using LocalExecutor and `workers.persistence`)
1573
updateStrategy: ~
1574
# Update Strategy when scheduler is deployed as a Deployment
1575
# (when not using LocalExecutor and `workers.persistence`)
1576
strategy: ~
1577
# When not set, the values defined in the global `securityContext` will be used
1578
# (deprecated, use `scheduler.securityContexts` instead)
1579
securityContext: {}
1580
# runAsUser: 50000
1581
# fsGroup: 0
1582
# runAsGroup: 0
1583
1584
# Detailed default security context for scheduler Deployments for container and pod level
1585
securityContexts:
1586
pod: {}
1587
container: {}
1588
# Container level lifecycle hooks
1589
containerLifecycleHooks: {}
1590
# Grace period for tasks to finish after SIGTERM is sent from Kubernetes
1591
terminationGracePeriodSeconds: 10
1592
# Create Service Account
1593
serviceAccount:
1594
# Affects all executors that launch pods
1595
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1596
automountServiceAccountToken: true
1597
# Specifies whether a Service Account should be created
1598
create: true
1599
# The name of the Service Account to use.
1600
# If not set and `create` is 'true', a name is generated using the release name
1601
name: ~
1602
# Annotations to add to scheduler Kubernetes Service Account.
1603
annotations: {}
1604
# Service Account Token Volume configuration
1605
# This is only used when `automountServiceAccountToken` is 'false'
1606
# and allows manual configuration of the Service Account token volume
1607
serviceAccountTokenVolume:
1608
# Enable manual Service Account token volume configuration
1609
enabled: false
1610
# Path where the Service Account token should be mounted
1611
mountPath: /var/run/secrets/kubernetes.io/serviceaccount
1612
# Name of the volume
1613
volumeName: kube-api-access
1614
# Token expiration in seconds
1615
expirationSeconds: 3600
1616
# Audience for the token
1617
audience: ~
1618
# Scheduler pod disruption budget
1619
podDisruptionBudget:
1620
enabled: false
1621
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
1622
config:
1623
maxUnavailable: 1
1624
# minAvailable: 1
1625
resources: {}
1626
# limits:
1627
# cpu: 100m
1628
# memory: 128Mi
1629
# requests:
1630
# cpu: 100m
1631
# memory: 128Mi
1632
1633
# This setting tells Kubernetes that its ok to evict
1634
# when it wants to scale a node down.
1635
safeToEvict: true
1636
# Launch additional containers into scheduler (templated).
1637
extraContainers: []
1638
# Add additional init containers into scheduler (templated).
1639
extraInitContainers: []
1640
# Mount additional volumes into scheduler.
1641
extraVolumes: []
1642
extraVolumeMounts: []
1643
# It can be templated like in the following example:
1644
# extraVolumes:
1645
# - name: my-templated-extra-volume
1646
# secret:
1647
# secretName: '{{ include "my_secret_template" . }}'
1648
# defaultMode: 0640
1649
# optional: true
1650
#
1651
# extraVolumeMounts:
1652
# - name: my-templated-extra-volume
1653
# mountPath: "{{ .Values.my_custom_path }}"
1654
# readOnly: true
1655
1656
# Select certain nodes for Airflow scheduler pods.
1657
nodeSelector: {}
1658
affinity: {}
1659
# default scheduler affinity is:
1660
# podAntiAffinity:
1661
# preferredDuringSchedulingIgnoredDuringExecution:
1662
# - podAffinityTerm:
1663
# labelSelector:
1664
# matchLabels:
1665
# component: scheduler
1666
# topologyKey: kubernetes.io/hostname
1667
# weight: 100
1668
1669
tolerations: []
1670
topologySpreadConstraints: []
1671
priorityClassName: ~
1672
# Annotations for scheduler Deployment
1673
annotations: {}
1674
# Pod annotations for scheduler pods (templated)
1675
podAnnotations: {}
1676
# Labels specific to scheduler objects and pods
1677
labels: {}
1678
logGroomerSidecar:
1679
# Whether to deploy the Airflow scheduler log groomer sidecar.
1680
enabled: true
1681
# Command to use when running the Airflow scheduler log groomer sidecar (templated).
1682
command: ~
1683
# Args to use when running the Airflow scheduler log groomer sidecar (templated).
1684
args: ["bash", "/clean-logs"]
1685
# Number of days to retain logs
1686
retentionDays: 15
1687
# Number of minutes to retain logs.
1688
# This can be used for finer granularity than days.
1689
# Total retention is `retentionDays` + `retentionMinutes`.
1690
retentionMinutes: 0
1691
# Frequency to attempt to groom logs, in minutes
1692
frequencyMinutes: 15
1693
# Max size of logs in bytes. 0 = disabled
1694
maxSizeBytes: 0
1695
# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.
1696
maxSizePercent: 0
1697
resources: {}
1698
# limits:
1699
# cpu: 100m
1700
# memory: 128Mi
1701
# requests:
1702
# cpu: 100m
1703
# memory: 128Mi
1704
1705
# Detailed default security context for `logGroomerSidecar` for container level
1706
securityContexts:
1707
container: {}
1708
# Container level lifecycle hooks
1709
containerLifecycleHooks: {}
1710
env: []
1711
waitForMigrations:
1712
# Whether to create init container to wait for db migrations
1713
enabled: true
1714
env: []
1715
# Detailed default security context for waitForMigrations for container level
1716
securityContexts:
1717
container: {}
1718
env: []
1719
# Airflow create user job settings
1720
createUserJob:
1721
# Whether the create user job should be created
1722
enabled: true
1723
# Create initial user.
1724
defaultUser:
1725
role: Admin
1726
username: admin
1727
email: admin@example.com
1728
firstName: admin
1729
lastName: user
1730
password: admin
1731
# Limit the lifetime of the job object after it finished execution.
1732
ttlSecondsAfterFinished: 300
1733
# Command to use when running the create user job (templated).
1734
command: ~
1735
# Args to use when running the create user job (templated).
1736
args:
1737
- "bash"
1738
- "-c"
1739
# The format below is necessary to get `helm lint` happy
1740
- |-
1741
exec \
1742
airflow users create "$@"
1743
- --
1744
# yamllint disable rule:line-length
1745
- "-r"
1746
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.role }}{{ else }}{{ .Values.createUserJob.defaultUser.role }}{{ end }}"
1747
- "-u"
1748
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.username }}{{ else }}{{ .Values.createUserJob.defaultUser.username }}{{ end }}"
1749
- "-e"
1750
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.email }}{{ else }}{{ .Values.createUserJob.defaultUser.email }}{{ end }}"
1751
- "-f"
1752
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.firstName }}{{ else }}{{ .Values.createUserJob.defaultUser.firstName }}{{ end }}"
1753
- "-l"
1754
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.lastName }}{{ else }}{{ .Values.createUserJob.defaultUser.lastName }}{{ end }}"
1755
- "-p"
1756
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.password }}{{ else }}{{ .Values.createUserJob.defaultUser.password }}{{ end }}"
1757
# Annotations on the create user job pod (templated)
1758
annotations: {}
1759
# `jobAnnotations` are annotations on the create user job
1760
jobAnnotations: {}
1761
restartPolicy: OnFailure
1762
# Labels specific to `createUserJob` objects and pods
1763
labels: {}
1764
# When not set, the values defined in the global `securityContext` will be used
1765
# (deprecated, use `createUserJob.securityContexts` instead)
1766
securityContext: {}
1767
# runAsUser: 50000
1768
# fsGroup: 0
1769
# runAsGroup: 0
1770
1771
# Detailed default security context for `createUserJob` for container and pod level
1772
securityContexts:
1773
pod: {}
1774
container: {}
1775
# Container level lifecycle hooks
1776
containerLifecycleHooks: {}
1777
# Create Service Account
1778
serviceAccount:
1779
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1780
automountServiceAccountToken: true
1781
# Specifies whether a Service Account should be created
1782
create: true
1783
# The name of the Service Account to use.
1784
# If not set and `create` is 'true', a name is generated using the release name
1785
name: ~
1786
# Annotations to add to create user Kubernetes Service Account.
1787
annotations: {}
1788
# Launch additional containers into user creation job
1789
extraContainers: []
1790
# Add additional init containers into user creation job (templated).
1791
extraInitContainers: []
1792
# Mount additional volumes into user creation job.
1793
extraVolumes: []
1794
extraVolumeMounts: []
1795
# It can be templated like in the following example:
1796
# extraVolumes:
1797
# - name: my-templated-extra-volume
1798
# secret:
1799
# secretName: '{{ include "my_secret_template" . }}'
1800
# defaultMode: 0640
1801
# optional: true
1802
#
1803
# extraVolumeMounts:
1804
# - name: my-templated-extra-volume
1805
# mountPath: "{{ .Values.my_custom_path }}"
1806
# readOnly: true
1807
1808
nodeSelector: {}
1809
affinity: {}
1810
tolerations: []
1811
topologySpreadConstraints: []
1812
priorityClassName: ~
1813
# In case you need to disable the helm hooks that create the jobs after install.
1814
# Disable this if you are e.g. using ArgoCD
1815
useHelmHooks: true
1816
applyCustomEnv: true
1817
env: []
1818
resources: {}
1819
# limits:
1820
# cpu: 100m
1821
# memory: 128Mi
1822
# requests:
1823
# cpu: 100m
1824
# memory: 128Mi
1825
# Airflow database migration job settings
1826
migrateDatabaseJob:
1827
enabled: true
1828
# Limit the lifetime of the job object after it finished execution.
1829
ttlSecondsAfterFinished: 300
1830
# Command to use when running the migrate database job (templated).
1831
command: ~
1832
# Args to use when running the migrate database job (templated).
1833
args:
1834
- "bash"
1835
- "-c"
1836
- >-
1837
exec \
1838
1839
airflow db migrate
1840
# Annotations on the database migration pod (templated)
1841
annotations: {}
1842
# `jobAnnotations` are annotations on the database migration job
1843
jobAnnotations: {}
1844
restartPolicy: OnFailure
1845
# Labels specific to migrate database job objects and pods
1846
labels: {}
1847
# When not set, the values defined in the global `securityContext` will be used
1848
# (deprecated, use `migrateDatabaseJob.securityContexts` instead)
1849
securityContext: {}
1850
# runAsUser: 50000
1851
# fsGroup: 0
1852
# runAsGroup: 0
1853
1854
# Detailed default security context for `migrateDatabaseJob` for container and pod level
1855
securityContexts:
1856
pod: {}
1857
container: {}
1858
# Container level lifecycle hooks
1859
containerLifecycleHooks: {}
1860
# Create Service Account
1861
serviceAccount:
1862
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1863
automountServiceAccountToken: true
1864
# Specifies whether a Service Account should be created
1865
create: true
1866
# The name of the Service Account to use.
1867
# If not set and `create` is 'true', a name is generated using the release name
1868
name: ~
1869
# Annotations to add to migrate database job Kubernetes Service Account.
1870
annotations: {}
1871
resources: {}
1872
# limits:
1873
# cpu: 100m
1874
# memory: 128Mi
1875
# requests:
1876
# cpu: 100m
1877
# memory: 128Mi
1878
1879
# Launch additional containers into database migration job
1880
extraContainers: []
1881
# Add additional init containers into migrate database job (templated).
1882
extraInitContainers: []
1883
# Mount additional volumes into database migration job.
1884
extraVolumes: []
1885
extraVolumeMounts: []
1886
# It can be templated like in the following example:
1887
# extraVolumes:
1888
# - name: my-templated-extra-volume
1889
# secret:
1890
# secretName: '{{ include "my_secret_template" . }}'
1891
# defaultMode: 0640
1892
# optional: true
1893
#
1894
# extraVolumeMounts:
1895
# - name: my-templated-extra-volume
1896
# mountPath: "{{ .Values.my_custom_path }}"
1897
# readOnly: true
1898
1899
nodeSelector: {}
1900
affinity: {}
1901
tolerations: []
1902
topologySpreadConstraints: []
1903
priorityClassName: ~
1904
# In case you need to disable the helm hooks that create the jobs after install.
1905
# Disable this if you are using ArgoCD for example
1906
useHelmHooks: true
1907
applyCustomEnv: true
1908
env: []
1909
apiServer:
1910
enabled: true
1911
# Number of Airflow API servers in the Deployment.
1912
# Omitted from the Deployment, when HPA is enabled.
1913
replicas: 1
1914
# Max number of old ReplicaSets to retain
1915
revisionHistoryLimit: ~
1916
# Labels specific to Airflow API server objects and pods
1917
labels: {}
1918
# Command to use when running the Airflow API server (templated).
1919
command: ~
1920
# Args to use when running the Airflow API server (templated).
1921
args: ["bash", "-c", "exec airflow api-server"]
1922
# Example: To enable proxy headers support when running behind a reverse proxy:
1923
# args: ["bash", "-c", "exec airflow api-server --proxy-headers"]
1924
1925
allowPodLogReading: true
1926
# Environment variables for the Airflow API server.
1927
env: []
1928
# Example: To configure FORWARDED_ALLOW_IPS when running behind a reverse proxy:
1929
# env:
1930
# - name: FORWARDED_ALLOW_IPS
1931
# value: "*" # Use "*" for trusted environments, or specify proxy IP ranges for production
1932
1933
# Allow Horizontal Pod Autoscaler (HPA) configuration for api-server. (optional)
1934
# HPA automatically scales the number of api-server pods based on observed metrics.
1935
# HPA automatically adjusts api-server replicas between `minReplicaCount` and `maxReplicaCount` based on metrics.
1936
hpa:
1937
enabled: false
1938
# Minimum number of api-servers created by HPA
1939
minReplicaCount: 1
1940
# Maximum number of api-servers created by HPA
1941
maxReplicaCount: 5
1942
# Specifications for which to use to calculate the desired replica count
1943
metrics:
1944
- type: Resource
1945
resource:
1946
name: cpu
1947
target:
1948
type: Utilization
1949
averageUtilization: 50
1950
# Scaling behavior of the target in both Up and Down directions
1951
behavior: {}
1952
serviceAccount:
1953
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1954
automountServiceAccountToken: true
1955
# Specifies whether a Service Account should be created
1956
create: true
1957
# The name of the Service Account to use.
1958
# If not set and `create` is 'true', a name is generated using the release name
1959
name: ~
1960
# Annotations to add to Airflow API server Kubernetes Service Account.
1961
annotations: {}
1962
service:
1963
type: ClusterIP
1964
# Service annotations
1965
annotations: {}
1966
ports:
1967
- name: api-server
1968
port: "{{ .Values.ports.apiServer }}"
1969
loadBalancerIP: ~
1970
# Limit load balancer source ips to list of CIDRs
1971
loadBalancerSourceRanges: []
1972
# loadBalancerSourceRanges:
1973
# - "10.123.0.0/16"
1974
podDisruptionBudget:
1975
enabled: false
1976
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
1977
config:
1978
maxUnavailable: 1
1979
# minAvailable: 1
1980
# Allow overriding Update Strategy for API server
1981
strategy: ~
1982
# Detailed default security contexts for Airflow API server Deployments for container and pod level
1983
securityContexts:
1984
pod: {}
1985
container: {}
1986
# Container level lifecycle hooks
1987
containerLifecycleHooks: {}
1988
waitForMigrations:
1989
# Whether to create init container to wait for db migrations
1990
enabled: true
1991
env: []
1992
# Detailed default security context for waitForMigrations for container level
1993
securityContexts:
1994
container: {}
1995
# Launch additional containers into the Airflow API server pods.
1996
extraContainers: []
1997
# Add additional init containers into API server (templated).
1998
extraInitContainers: []
1999
# Mount additional volumes into API server.
2000
extraVolumes: []
2001
extraVolumeMounts: []
2002
# It can be templated like in the following example:
2003
# extraVolumes:
2004
# - name: my-templated-extra-volume
2005
# secret:
2006
# secretName: '{{ include "my_secret_template" . }}'
2007
# defaultMode: 0640
2008
# optional: true
2009
#
2010
# extraVolumeMounts:
2011
# - name: my-templated-extra-volume
2012
# mountPath: "{{ .Values.my_custom_path }}"
2013
# readOnly: true
2014
2015
# Select certain nodes for Airflow API server pods.
2016
nodeSelector: {}
2017
affinity: {}
2018
tolerations: []
2019
topologySpreadConstraints: []
2020
priorityClassName: ~
2021
# hostAliases for API server pod
2022
hostAliases: []
2023
# Annotations for Airflow API server Deployment
2024
annotations: {}
2025
# Pod annotations for API server pods (templated)
2026
podAnnotations: {}
2027
networkPolicy:
2028
ingress:
2029
# Peers for Airflow API server NetworkPolicy ingress
2030
from: []
2031
# Ports for Airflow API server NetworkPolicy ingress (if `from` is set)
2032
ports:
2033
- port: "{{ .Values.ports.apiServer }}"
2034
resources: {}
2035
# limits:
2036
# cpu: 100m
2037
# memory: 128Mi
2038
# requests:
2039
# cpu: 100m
2040
# memory: 128Mi
2041
2042
# Add custom annotations to the `apiServer` ConfigMap
2043
configMapAnnotations: {}
2044
# This string (templated) will be mounted into the Airflow API Server
2045
# as a custom webserver_config.py. You can bake a webserver_config.py into
2046
# your image instead or specify a ConfigMap containing the
2047
# webserver_config.py.
2048
apiServerConfig: ~
2049
# apiServerConfig: |
2050
# from airflow import configuration as conf
2051
2052
# # The SQLAlchemy connection string.
2053
# SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')
2054
2055
# # Flask-WTF flag for CSRF
2056
# CSRF_ENABLED = True
2057
apiServerConfigConfigMapName: ~
2058
livenessProbe:
2059
initialDelaySeconds: 15
2060
timeoutSeconds: 5
2061
failureThreshold: 5
2062
periodSeconds: 10
2063
scheme: HTTP
2064
readinessProbe:
2065
initialDelaySeconds: 15
2066
timeoutSeconds: 5
2067
failureThreshold: 5
2068
periodSeconds: 10
2069
scheme: HTTP
2070
startupProbe:
2071
initialDelaySeconds: 0
2072
timeoutSeconds: 20
2073
failureThreshold: 6
2074
periodSeconds: 10
2075
scheme: HTTP
2076
# Airflow webserver settings (only Airflow<3.0)
2077
webserver:
2078
enabled: true
2079
# Add custom annotations to the webserver ConfigMap
2080
configMapAnnotations: {}
2081
# hostAliases for the webserver pod
2082
hostAliases: []
2083
# - ip: "127.0.0.1"
2084
# hostnames:
2085
# - "foo.local"
2086
# - ip: "10.1.2.3"
2087
# hostnames:
2088
# - "foo.remote"
2089
2090
allowPodLogReading: true
2091
livenessProbe:
2092
initialDelaySeconds: 15
2093
timeoutSeconds: 5
2094
failureThreshold: 5
2095
periodSeconds: 10
2096
scheme: HTTP
2097
readinessProbe:
2098
initialDelaySeconds: 15
2099
timeoutSeconds: 5
2100
failureThreshold: 5
2101
periodSeconds: 10
2102
scheme: HTTP
2103
# Wait for at most 1 minute (6*10s) for the webserver container to startup.
2104
# LivenessProbe kicks in after the first successful startupProbe
2105
startupProbe:
2106
initialDelaySeconds: 0
2107
timeoutSeconds: 20
2108
failureThreshold: 6
2109
periodSeconds: 10
2110
scheme: HTTP
2111
# Number of webservers
2112
replicas: 1
2113
# Max number of old replicasets to retain
2114
revisionHistoryLimit: ~
2115
# Command to use when running the Airflow webserver (templated).
2116
command: ~
2117
# Args to use when running the Airflow webserver (templated).
2118
args: ["bash", "-c", "exec airflow webserver"]
2119
# Grace period for webserver to finish after SIGTERM is sent from Kubernetes
2120
terminationGracePeriodSeconds: 30
2121
# Allow HPA
2122
hpa:
2123
enabled: false
2124
# Minimum number of webservers created by HPA
2125
minReplicaCount: 1
2126
# Maximum number of webservers created by HPA
2127
maxReplicaCount: 5
2128
# Specifications for which to use to calculate the desired replica count
2129
metrics:
2130
- type: Resource
2131
resource:
2132
name: cpu
2133
target:
2134
type: Utilization
2135
averageUtilization: 80
2136
# Scaling behavior of the target in both Up and Down directions
2137
behavior: {}
2138
# Create Service Account
2139
serviceAccount:
2140
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2141
automountServiceAccountToken: true
2142
# Specifies whether a Service Account should be created
2143
create: true
2144
# The name of the Service Account to use.
2145
# If not set and `create` is 'true', a name is generated using the release name
2146
name: ~
2147
# Annotations to add to webserver Kubernetes Service Account.
2148
annotations: {}
2149
# Webserver pod disruption budget
2150
podDisruptionBudget:
2151
enabled: false
2152
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
2153
config:
2154
maxUnavailable: 1
2155
# minAvailable: 1
2156
# Allow overriding Update Strategy for Webserver
2157
strategy: ~
2158
# When not set, the values defined in the global `securityContext` will be used
2159
# (deprecated, use `webserver.securityContexts` instead)
2160
securityContext: {}
2161
# runAsUser: 50000
2162
# fsGroup: 0
2163
# runAsGroup: 0
2164
2165
# Detailed default security contexts for webserver Deployments for container and pod level
2166
securityContexts:
2167
pod: {}
2168
container: {}
2169
# Container level lifecycle hooks
2170
containerLifecycleHooks: {}
2171
# Additional network policies as needed (deprecated, use `webserver.networkPolicy.ingress.from` instead)
2172
extraNetworkPolicies: []
2173
networkPolicy:
2174
ingress:
2175
# Peers for webserver NetworkPolicy ingress
2176
from: []
2177
# Ports for webserver NetworkPolicy ingress (if `from` is set)
2178
ports:
2179
- port: "{{ .Values.ports.airflowUI }}"
2180
resources: {}
2181
# limits:
2182
# cpu: 100m
2183
# memory: 128Mi
2184
# requests:
2185
# cpu: 100m
2186
# memory: 128Mi
2187
2188
# Create initial user. (deprecated, use `createUserJob` section instead)
2189
# defaultUser:
2190
# enabled: true
2191
# role: Admin
2192
# username: admin
2193
# email: admin@example.com
2194
# firstName: admin
2195
# lastName: user
2196
# password: admin
2197
2198
# Launch additional containers into webserver (templated).
2199
extraContainers: []
2200
# Add additional init containers into webserver (templated).
2201
extraInitContainers: []
2202
# Mount additional volumes into webserver.
2203
extraVolumes: []
2204
extraVolumeMounts: []
2205
# It can be templated like in the following example:
2206
# extraVolumes:
2207
# - name: my-templated-extra-volume
2208
# secret:
2209
# secretName: '{{ include "my_secret_template" . }}'
2210
# defaultMode: 0640
2211
# optional: true
2212
#
2213
# extraVolumeMounts:
2214
# - name: my-templated-extra-volume
2215
# mountPath: "{{ .Values.my_custom_path }}"
2216
# readOnly: true
2217
2218
# This string (templated) will be mounted into the Airflow Webserver
2219
# as a custom webserver_config.py. You can bake a webserver_config.py into
2220
# your image instead or specify a ConfigMap containing the
2221
# webserver_config.py.
2222
webserverConfig: ~
2223
# webserverConfig: |
2224
# from airflow import configuration as conf
2225
2226
# # The SQLAlchemy connection string.
2227
# SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')
2228
2229
# # Flask-WTF flag for CSRF
2230
# CSRF_ENABLED = True
2231
webserverConfigConfigMapName: ~
2232
service:
2233
type: ClusterIP
2234
# Service annotations
2235
annotations: {}
2236
ports:
2237
- name: airflow-ui
2238
port: "{{ .Values.ports.airflowUI }}"
2239
# To change the port used to access the webserver:
2240
# ports:
2241
# - name: airflow-ui
2242
# port: 80
2243
# targetPort: airflow-ui
2244
# To only expose a sidecar, not the webserver directly:
2245
# ports:
2246
# - name: only_sidecar
2247
# port: 80
2248
# targetPort: 8888
2249
# If you have a public IP, set NodePort to set an external port.
2250
# Service type must be 'NodePort':
2251
# ports:
2252
# - name: airflow-ui
2253
# port: 8080
2254
# targetPort: 8080
2255
# nodePort: 31151
2256
2257
loadBalancerIP: ~
2258
# Limit load balancer source ips to list of CIDRs
2259
loadBalancerSourceRanges: []
2260
# loadBalancerSourceRanges:
2261
# - "10.123.0.0/16"
2262
# Select certain nodes for Airflow webserver pods.
2263
nodeSelector: {}
2264
priorityClassName: ~
2265
affinity: {}
2266
# default webserver affinity is:
2267
# podAntiAffinity:
2268
# preferredDuringSchedulingIgnoredDuringExecution:
2269
# - podAffinityTerm:
2270
# labelSelector:
2271
# matchLabels:
2272
# component: webserver
2273
# topologyKey: kubernetes.io/hostname
2274
# weight: 100
2275
2276
tolerations: []
2277
topologySpreadConstraints: []
2278
# Annotations for webserver Deployment
2279
annotations: {}
2280
# Pod annotations for webserver pods (templated)
2281
podAnnotations: {}
2282
# Labels specific webserver app
2283
labels: {}
2284
waitForMigrations:
2285
# Whether to create init container to wait for db migrations
2286
enabled: true
2287
env: []
2288
# Detailed default security context for waitForMigrations for container level
2289
securityContexts:
2290
container: {}
2291
env: []
2292
# Airflow Triggerer Config
2293
triggerer:
2294
enabled: true
2295
# Number of Airflow triggerers in the Deployment
2296
replicas: 1
2297
# Max number of old replicasets to retain
2298
revisionHistoryLimit: ~
2299
# Command to use when running Airflow triggerers (templated).
2300
command: ~
2301
# Args to use when running Airflow triggerer (templated).
2302
args: ["bash", "-c", "exec airflow triggerer"]
2303
# Update Strategy when triggerer is deployed as a StatefulSet
2304
updateStrategy: ~
2305
# Update Strategy when triggerer is deployed as a Deployment
2306
strategy:
2307
rollingUpdate:
2308
maxSurge: "100%"
2309
maxUnavailable: "50%"
2310
# If the triggerer stops heartbeating for 5 minutes (5*60s) kill the
2311
# triggerer and let Kubernetes restart it
2312
livenessProbe:
2313
initialDelaySeconds: 10
2314
timeoutSeconds: 20
2315
failureThreshold: 5
2316
periodSeconds: 60
2317
command: ~
2318
# Create Service Account
2319
serviceAccount:
2320
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2321
automountServiceAccountToken: true
2322
# Specifies whether a Service Account should be created
2323
create: true
2324
# The name of the Service Account to use.
2325
# If not set and `create` is 'true', a name is generated using the release name
2326
name: ~
2327
# Annotations to add to triggerer Kubernetes Service Account.
2328
annotations: {}
2329
# When not set, the values defined in the global `securityContext` will be used
2330
# (deprecated, use `triggerer.securityContexts` instead)
2331
securityContext: {}
2332
# runAsUser: 50000
2333
# fsGroup: 0
2334
# runAsGroup: 0
2335
2336
# Detailed default security context for triggerer for container and pod level
2337
securityContexts:
2338
pod: {}
2339
container: {}
2340
# Container level lifecycle hooks
2341
containerLifecycleHooks: {}
2342
persistence:
2343
# Enable persistent volumes
2344
enabled: true
2345
# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed.
2346
persistentVolumeClaimRetentionPolicy: ~
2347
# Volume size for triggerer StatefulSet
2348
size: 100Gi
2349
# If using a custom storageClass, pass name ref to all statefulSets here
2350
storageClassName:
2351
# Execute init container to chown log directory.
2352
# This is currently only needed in kind, due to usage
2353
# of local-path provisioner.
2354
fixPermissions: false
2355
# Annotations to add to triggerer volumes
2356
annotations: {}
2357
# Triggerer pod disruption budget
2358
podDisruptionBudget:
2359
enabled: false
2360
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
2361
config:
2362
maxUnavailable: 1
2363
# minAvailable: 1
2364
resources: {}
2365
# limits:
2366
# cpu: 100m
2367
# memory: 128Mi
2368
# requests:
2369
# cpu: 100m
2370
# memory: 128Mi
2371
2372
# Grace period for triggerer to finish after SIGTERM is sent from Kubernetes
2373
terminationGracePeriodSeconds: 60
2374
# This setting tells Kubernetes that its ok to evict
2375
# when it wants to scale a node down.
2376
safeToEvict: true
2377
# Launch additional containers into triggerer (templated).
2378
extraContainers: []
2379
# Add additional init containers into triggerers (templated).
2380
extraInitContainers: []
2381
# Mount additional volumes into triggerer.
2382
extraVolumes: []
2383
extraVolumeMounts: []
2384
# It can be templated like in the following example:
2385
# extraVolumes:
2386
# - name: my-templated-extra-volume
2387
# secret:
2388
# secretName: '{{ include "my_secret_template" . }}'
2389
# defaultMode: 0640
2390
# optional: true
2391
#
2392
# extraVolumeMounts:
2393
# - name: my-templated-extra-volume
2394
# mountPath: "{{ .Values.my_custom_path }}"
2395
# readOnly: true
2396
2397
# Select certain nodes for Airflow triggerer pods.
2398
nodeSelector: {}
2399
affinity: {}
2400
# default triggerer affinity is:
2401
# podAntiAffinity:
2402
# preferredDuringSchedulingIgnoredDuringExecution:
2403
# - podAffinityTerm:
2404
# labelSelector:
2405
# matchLabels:
2406
# component: triggerer
2407
# topologyKey: kubernetes.io/hostname
2408
# weight: 100
2409
2410
tolerations: []
2411
topologySpreadConstraints: []
2412
# hostAliases for the triggerer pod
2413
hostAliases: []
2414
# - ip: "127.0.0.1"
2415
# hostnames:
2416
# - "foo.local"
2417
# - ip: "10.1.2.3"
2418
# hostnames:
2419
# - "foo.remote"
2420
2421
priorityClassName: ~
2422
# Annotations for the triggerer Deployment
2423
annotations: {}
2424
# Pod annotations for triggerer pods (templated)
2425
podAnnotations: {}
2426
# Labels specific to triggerer objects and pods
2427
labels: {}
2428
logGroomerSidecar:
2429
# Whether to deploy the Airflow triggerer log groomer sidecar.
2430
enabled: true
2431
# Command to use when running the Airflow triggerer log groomer sidecar (templated).
2432
command: ~
2433
# Args to use when running the Airflow triggerer log groomer sidecar (templated).
2434
args: ["bash", "/clean-logs"]
2435
# Number of days to retain logs
2436
retentionDays: 15
2437
# Number of minutes to retain logs.
2438
# This can be used for finer granularity than days.
2439
# Total retention is `retentionDays` + `retentionMinutes`.
2440
retentionMinutes: 0
2441
# frequency to attempt to groom logs, in minutes
2442
frequencyMinutes: 15
2443
# Max size of logs in bytes. 0 = disabled
2444
maxSizeBytes: 0
2445
# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.
2446
maxSizePercent: 0
2447
resources: {}
2448
# limits:
2449
# cpu: 100m
2450
# memory: 128Mi
2451
# requests:
2452
# cpu: 100m
2453
# memory: 128Mi
2454
2455
# Detailed default security context for `logGroomerSidecar` for container level
2456
securityContexts:
2457
container: {}
2458
# Container level lifecycle hooks
2459
containerLifecycleHooks: {}
2460
env: []
2461
waitForMigrations:
2462
# Whether to create init container to wait for db migrations
2463
enabled: true
2464
env: []
2465
# Detailed default security context for waitForMigrations for container level
2466
securityContexts:
2467
container: {}
2468
env: []
2469
# Allow KEDA autoscaling.
2470
keda:
2471
enabled: false
2472
namespaceLabels: {}
2473
# How often KEDA polls the Airflow DB to report new scale requests to the HPA
2474
pollingInterval: 5
2475
# How many seconds KEDA will wait before scaling to zero.
2476
# Note that HPA has a separate cooldown period for scale-downs
2477
cooldownPeriod: 30
2478
# Minimum number of triggerers created by keda
2479
minReplicaCount: 0
2480
# Maximum number of triggerers created by keda
2481
maxReplicaCount: 10
2482
# Specify HPA related options
2483
advanced: {}
2484
# horizontalPodAutoscalerConfig:
2485
# behavior:
2486
# scaleDown:
2487
# stabilizationWindowSeconds: 300
2488
# policies:
2489
# - type: Percent
2490
# value: 100
2491
# periodSeconds: 15
2492
2493
# Query to use for KEDA autoscaling. Must return a single integer.
2494
query: >-
2495
SELECT ceil(COUNT(*)::decimal / {{ include "triggerer.capacity" . }}) FROM trigger
2496
# Whether to use PGBouncer to connect to the database or not when it is enabled
2497
# This configuration will be ignored if PGBouncer is not enabled
2498
usePgbouncer: false
2499
# Airflow Dag Processor Config
2500
dagProcessor:
2501
enabled: ~
2502
# Dag Bundle Configuration
2503
# Define Dag bundles in a structured YAML format. This will be automatically
2504
# converted to JSON string format for `config.dag_processor.dag_bundle_config_list`.
2505
dagBundleConfigList:
2506
- name: dags-folder
2507
classpath: "airflow.dag_processing.bundles.local.LocalDagBundle"
2508
kwargs: {}
2509
# Example:
2510
# dagBundleConfigList:
2511
# - name: bundle1
2512
# classpath: "airflow.providers.git.bundles.git.GitDagBundle"
2513
# kwargs:
2514
# git_conn_id: "GITHUB__repo1"
2515
# subdir: "dags"
2516
# tracking_ref: "main"
2517
# refresh_interval: 60
2518
# - name: bundle2
2519
# classpath: "airflow.providers.git.bundles.git.GitDagBundle"
2520
# kwargs:
2521
# git_conn_id: "GITHUB__repo2"
2522
# subdir: "dags"
2523
# tracking_ref: "develop"
2524
# refresh_interval: 120
2525
# - name: dags-folder
2526
# classpath: "airflow.dag_processing.bundles.local.LocalDagBundle"
2527
# kwargs: {}
2528
2529
# Number of Airflow dag processors in the Deployment
2530
replicas: 1
2531
# Max number of old ReplicaSets to retain
2532
revisionHistoryLimit: ~
2533
# Command to use when running Airflow dag processors (templated).
2534
command: ~
2535
# Args to use when running Airflow dag processor (templated).
2536
args: ["bash", "-c", "exec airflow dag-processor"]
2537
# Update Strategy for dag processors
2538
strategy:
2539
rollingUpdate:
2540
maxSurge: "100%"
2541
maxUnavailable: "50%"
2542
# If the dag processor stops heartbeating for 5 minutes (5*60s) kill the
2543
# dag processor and let Kubernetes restart it
2544
livenessProbe:
2545
initialDelaySeconds: 10
2546
timeoutSeconds: 20
2547
failureThreshold: 5
2548
periodSeconds: 60
2549
command: ~
2550
# Create Service Account
2551
serviceAccount:
2552
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2553
automountServiceAccountToken: true
2554
# Specifies whether a Service Account should be created
2555
create: true
2556
# The name of the Service Account to use.
2557
# If not set and `create` is 'true', a name is generated using the release name
2558
name: ~
2559
# Annotations to add to dag processor Kubernetes Service Account.
2560
annotations: {}
2561
# Dag processor pod disruption budget
2562
podDisruptionBudget:
2563
enabled: false
2564
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
2565
config:
2566
maxUnavailable: 1
2567
# minAvailable: 1
2568
# When not set, the values defined in the global `securityContext` will be used
2569
# (deprecated, use `dagProcessor.securityContexts` instead)
2570
securityContext: {}
2571
# runAsUser: 50000
2572
# fsGroup: 0
2573
# runAsGroup: 0
2574
2575
# Detailed default security context for dagProcessor for container and pod level
2576
securityContexts:
2577
pod: {}
2578
container: {}
2579
# Container level lifecycle hooks
2580
containerLifecycleHooks: {}
2581
resources: {}
2582
# limits:
2583
# cpu: 100m
2584
# memory: 128Mi
2585
# requests:
2586
# cpu: 100m
2587
# memory: 128Mi
2588
2589
# Grace period for dag processor to finish after SIGTERM is sent from Kubernetes
2590
terminationGracePeriodSeconds: 60
2591
# This setting tells Kubernetes that its ok to evict
2592
# when it wants to scale a node down.
2593
safeToEvict: true
2594
# Launch additional containers into dag processor (templated).
2595
extraContainers: []
2596
# Add additional init containers into dag processors (templated).
2597
extraInitContainers: []
2598
# Mount additional volumes into dag processor.
2599
extraVolumes: []
2600
extraVolumeMounts: []
2601
# It can be templated like in the following example:
2602
# extraVolumes:
2603
# - name: my-templated-extra-volume
2604
# secret:
2605
# secretName: '{{ include "my_secret_template" . }}'
2606
# defaultMode: 0640
2607
# optional: true
2608
#
2609
# extraVolumeMounts:
2610
# - name: my-templated-extra-volume
2611
# mountPath: "{{ .Values.my_custom_path }}"
2612
# readOnly: true
2613
2614
# Select certain nodes for Airflow dag processor pods.
2615
nodeSelector: {}
2616
affinity: {}
2617
# Default dag processor affinity is:
2618
# podAntiAffinity:
2619
# preferredDuringSchedulingIgnoredDuringExecution:
2620
# - podAffinityTerm:
2621
# labelSelector:
2622
# matchLabels:
2623
# component: dag-processor
2624
# topologyKey: kubernetes.io/hostname
2625
# weight: 100
2626
2627
tolerations: []
2628
topologySpreadConstraints: []
2629
priorityClassName: ~
2630
# Annotations for the dag processor Deployment
2631
annotations: {}
2632
# Pod annotations for dag processor pods (templated)
2633
podAnnotations: {}
2634
logGroomerSidecar:
2635
# Whether to deploy the Airflow dag processor log groomer sidecar.
2636
enabled: true
2637
# Command to use when running the Airflow dag processor log groomer sidecar (templated).
2638
command: ~
2639
# Args to use when running the Airflow dag processor log groomer sidecar (templated).
2640
args: ["bash", "/clean-logs"]
2641
# Number of days to retain logs
2642
retentionDays: 15
2643
# Number of minutes to retain logs.
2644
# This can be used for finer granularity than days.
2645
# Total retention is `retentionDays` + `retentionMinutes`.
2646
retentionMinutes: 0
2647
# frequency to attempt to groom logs, in minutes
2648
frequencyMinutes: 15
2649
# Max size of logs in bytes. 0 = disabled
2650
maxSizeBytes: 0
2651
# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.
2652
maxSizePercent: 0
2653
resources: {}
2654
# limits:
2655
# cpu: 100m
2656
# memory: 128Mi
2657
# requests:
2658
# cpu: 100m
2659
# memory: 128Mi
2660
2661
securityContexts:
2662
container: {}
2663
env: []
2664
waitForMigrations:
2665
# Whether to create init container to wait for db migrations
2666
enabled: true
2667
env: []
2668
# Detailed default security context for waitForMigrations for container level
2669
securityContexts:
2670
container: {}
2671
# Labels specific to dag processor objects
2672
labels: {}
2673
# Environment variables to add to dag processor container
2674
env: []
2675
# Flower settings
2676
flower:
2677
# Enable flower.
2678
# If True, and using CeleryExecutor/CeleryKubernetesExecutor, will deploy flower app.
2679
enabled: false
2680
livenessProbe:
2681
initialDelaySeconds: 10
2682
timeoutSeconds: 5
2683
failureThreshold: 10
2684
periodSeconds: 5
2685
readinessProbe:
2686
initialDelaySeconds: 10
2687
timeoutSeconds: 5
2688
failureThreshold: 10
2689
periodSeconds: 5
2690
# Wait for at most 1 minute (6*10s) for the flower container to startup.
2691
# LivenessProbe kicks in after the first successful StartupProbe
2692
startupProbe:
2693
initialDelaySeconds: 0
2694
timeoutSeconds: 20
2695
failureThreshold: 6
2696
periodSeconds: 10
2697
# Max number of old ReplicaSets to retain
2698
revisionHistoryLimit: ~
2699
# Command to use when running flower (templated).
2700
command: ~
2701
# Args to use when running flower (templated).
2702
args:
2703
- "bash"
2704
- "-c"
2705
# The format below is necessary to get `helm lint` happy
2706
- |-
2707
exec \
2708
airflow celery flower
2709
# Additional network policies as needed (deprecated, use `flower.networkPolicy.ingress.from` instead)
2710
extraNetworkPolicies: []
2711
networkPolicy:
2712
ingress:
2713
# Peers for flower NetworkPolicy ingress
2714
from: []
2715
# Ports for flower NetworkPolicy ingress (if `from` is set)
2716
ports:
2717
- port: "{{ .Values.ports.flowerUI }}"
2718
resources: {}
2719
# limits:
2720
# cpu: 100m
2721
# memory: 128Mi
2722
# requests:
2723
# cpu: 100m
2724
# memory: 128Mi
2725
2726
# When not set, the values defined in the global `securityContext` will be used
2727
# (deprecated, use `flower.securityContexts` instead)
2728
securityContext: {}
2729
# runAsUser: 50000
2730
# fsGroup: 0
2731
# runAsGroup: 0
2732
2733
# Detailed default security context for flower for container and pod level
2734
securityContexts:
2735
pod: {}
2736
container: {}
2737
# Container level lifecycle hooks
2738
containerLifecycleHooks: {}
2739
# Create Service Account
2740
serviceAccount:
2741
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2742
automountServiceAccountToken: true
2743
# Specifies whether a Service Account should be created
2744
create: true
2745
# The name of the Service Account to use.
2746
# If not set and `create` is 'true', a name is generated using the release name
2747
name: ~
2748
# Annotations to add to worker Kubernetes Service Account.
2749
annotations: {}
2750
# If set, the secret must contain a base64-encoded 'connection' key with
2751
# a Flower basic auth connection string user:password.
2752
secretName: ~
2753
# Example secret:
2754
# kind: Secret
2755
# apiVersion: v1
2756
# metadata:
2757
# name: custom-flower-secret
2758
# type: Opaque
2759
# data:
2760
# connection: <base64_encoded_user_password>
2761
2762
# Add custom annotations to the flower secret
2763
secretAnnotations: {}
2764
# If `secretName` is not specified, set username and password (secret will be created automatically)
2765
username: ~
2766
password: ~
2767
service:
2768
type: ClusterIP
2769
# Service annotations
2770
annotations: {}
2771
ports:
2772
- name: flower-ui
2773
port: "{{ .Values.ports.flowerUI }}"
2774
# To change the port used to access flower:
2775
# ports:
2776
# - name: flower-ui
2777
# port: 8080
2778
# targetPort: flower-ui
2779
2780
loadBalancerIP: ~
2781
# Limit load balancer source ips to list of CIDRs
2782
loadBalancerSourceRanges: []
2783
# loadBalancerSourceRanges:
2784
# - "10.123.0.0/16"
2785
# Launch additional containers into the flower pods.
2786
extraContainers: []
2787
# Mount additional volumes into the flower pods.
2788
extraVolumes: []
2789
extraVolumeMounts: []
2790
# It can be templated like in the following example:
2791
# extraVolumes:
2792
# - name: my-templated-extra-volume
2793
# secret:
2794
# secretName: '{{ include "my_secret_template" . }}'
2795
# defaultMode: 0640
2796
# optional: true
2797
#
2798
# extraVolumeMounts:
2799
# - name: my-templated-extra-volume
2800
# mountPath: "{{ .Values.my_custom_path }}"
2801
# readOnly: true
2802
2803
# Select certain nodes for Airflow flower pods.
2804
nodeSelector: {}
2805
affinity: {}
2806
tolerations: []
2807
topologySpreadConstraints: []
2808
priorityClassName: ~
2809
# Annotations for the flower Deployment
2810
annotations: {}
2811
# Pod annotations for flower pods (templated)
2812
podAnnotations: {}
2813
# Labels specific to flower objects and pods
2814
labels: {}
2815
env: []
2816
# StatsD settings
2817
statsd:
2818
# Add custom annotations to the StatsD ConfigMap
2819
configMapAnnotations: {}
2820
enabled: true
2821
# Max number of old ReplicaSets to retain
2822
revisionHistoryLimit: ~
2823
# Arguments for StatsD exporter command.
2824
# By default contains path in the container to the mapping config file.
2825
args: ["--statsd.mapping-config=/etc/statsd-exporter/mappings.yml"]
2826
# If you ever need to fully override the entire `args` list, you can
2827
# supply your own array here; if set, all below flag-specific values
2828
# under `statsd.cache` section are ignored.
2829
# args:
2830
# - "--statsd.cache-size=1000"
2831
# - "--statsd.cache-type=random"
2832
# - "--ttl=10m"
2833
2834
cache:
2835
# Maximum number of metric‐mapping entries to keep in cache.
2836
# When you send more distinct metric names than this, older entries
2837
# will be evicted according to cacheType.
2838
size: 1000
2839
# Metrics Eviction policy for the mapping cache.
2840
# - lru → Least‐Recently‐Used eviction
2841
# - random → Random eviction
2842
type: lru
2843
# Per‐metric time‐to‐live. When set to a non‐zero duration, any metric
2844
# series that hasn't received an update in this interval will be dropped
2845
# from the exported '/metrics' output.
2846
# Format: Go duration string (e.g. "30s", "5m", "1h")
2847
# Default: "0s" (disabled, never expires)
2848
ttl: "0s"
2849
# Annotations to add to the StatsD Deployment.
2850
annotations: {}
2851
# Grace period for StatsD to finish after SIGTERM is sent from Kubernetes
2852
terminationGracePeriodSeconds: 30
2853
# Create Service Account
2854
serviceAccount:
2855
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2856
automountServiceAccountToken: true
2857
# Specifies whether a Service Account should be created
2858
create: true
2859
# The name of the Service Account to use.
2860
# If not set and `create` is 'true', a name is generated using the release name
2861
name: ~
2862
# Annotations to add to worker Kubernetes Service Account.
2863
annotations: {}
2864
uid: 65534
2865
# (deprecated, use `statsd.securityContexts` instead)
2866
securityContext: {}
2867
# runAsUser: 65534
2868
# fsGroup: 0
2869
# runAsGroup: 0
2870
2871
# Detailed default security context for StatsD Deployments for container and pod level
2872
securityContexts:
2873
pod: {}
2874
container: {}
2875
# Container level lifecycle hooks
2876
containerLifecycleHooks: {}
2877
# Additional network policies as needed
2878
extraNetworkPolicies: []
2879
resources: {}
2880
# limits:
2881
# cpu: 100m
2882
# memory: 128Mi
2883
# requests:
2884
# cpu: 100m
2885
# memory: 128Mi
2886
2887
service:
2888
extraAnnotations: {}
2889
# Select certain nodes for StatsD pods.
2890
nodeSelector: {}
2891
affinity: {}
2892
tolerations: []
2893
topologySpreadConstraints: []
2894
priorityClassName: ~
2895
# Additional mappings for StatsD exporter.
2896
# If set, will merge default mapping and extra mappings, where default mapping has higher priority.
2897
# If you want to change some default mapping, please use `overrideMappings` setting.
2898
extraMappings: []
2899
# Override mappings for StatsD exporter.
2900
# If set, will ignore setting item in default and `extraMappings`.
2901
# If you use it, ensure that it contains all mapping items.
2902
overrideMappings: []
2903
# Pod annotations for StatsD pods (templated)
2904
podAnnotations: {}
2905
# Labels specific to StatsD objects and pods
2906
labels: {}
2907
# Environment variables to add to StatsD container
2908
env: []
2909
# PgBouncer settings
2910
pgbouncer:
2911
# Enable PgBouncer
2912
enabled: false
2913
# Number of PgBouncer replicas to run in Deployment
2914
replicas: 1
2915
# Max number of old replicasets to retain
2916
revisionHistoryLimit: ~
2917
# Command to use for PgBouncer (templated).
2918
command: ["pgbouncer", "-u", "nobody", "/etc/pgbouncer/pgbouncer.ini"]
2919
# Args to use for PgBouncer (templated).
2920
args: ~
2921
auth_type: scram-sha-256
2922
auth_file: /etc/pgbouncer/users.txt
2923
# Whether to mount the config secret files at a default location (/etc/pgbouncer/*).
2924
# Can be skipped to allow for other means to get the values, e.g. secrets provider class.
2925
mountConfigSecret: true
2926
# Annotations to be added to the PgBouncer Deployment
2927
annotations: {}
2928
# Pod annotations for PgBouncer pods (templated)
2929
podAnnotations: {}
2930
# Add custom annotations to the PgBouncer certificates secret
2931
certificatesSecretAnnotations: {}
2932
# Create Service Account
2933
serviceAccount:
2934
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
2935
automountServiceAccountToken: true
2936
# Specifies whether a Service Account should be created
2937
create: true
2938
# The name of the Service Account to use.
2939
# If not set and `create` is 'true', a name is generated using the release name
2940
name: ~
2941
# Annotations to add to worker Kubernetes Service Account.
2942
annotations: {}
2943
# Additional network policies as needed
2944
extraNetworkPolicies: []
2945
# Pool sizes
2946
metadataPoolSize: 10
2947
resultBackendPoolSize: 5
2948
# Maximum clients that can connect to PgBouncer (higher = more file descriptors)
2949
maxClientConn: 100
2950
# Supply the name of existing secret with 'pgbouncer.ini' and 'users.txt' defined
2951
configSecretName: ~
2952
# Secret example:
2953
# apiVersion: v1
2954
# kind: Secret
2955
# metadata:
2956
# name: pgbouncer-config-secret
2957
# data:
2958
# pgbouncer.ini: <base64_encoded pgbouncer.ini file content>
2959
# users.txt: <base64_encoded users.txt file content>
2960
# type: Opaque
2961
2962
# Add custom annotations to the PgBouncer config secret
2963
configSecretAnnotations: {}
2964
# PgBouncer pod disruption budget
2965
podDisruptionBudget:
2966
enabled: false
2967
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
2968
config:
2969
maxUnavailable: 1
2970
# minAvailable: 1
2971
resources: {}
2972
# resource:
2973
# limits:
2974
# cpu: 100m
2975
# memory: 128Mi
2976
# requests:
2977
# cpu: 100m
2978
# memory: 128Mi
2979
2980
service:
2981
extraAnnotations: {}
2982
clusterIp: ~
2983
# https://www.pgbouncer.org/config.html
2984
verbose: 0
2985
logDisconnections: 0
2986
logConnections: 0
2987
sslmode: "prefer"
2988
ciphers: "normal"
2989
ssl:
2990
ca: ~
2991
cert: ~
2992
key: ~
2993
# Add extra PgBouncer ini configuration in the databases section:
2994
# https://www.pgbouncer.org/config.html#section-databases
2995
extraIniMetadata: ~
2996
extraIniResultBackend: ~
2997
# Add extra general PgBouncer ini configuration: https://www.pgbouncer.org/config.html
2998
extraIni: ~
2999
# Mount additional volumes into PgBouncer.
3000
# Volumes apply to all PgBouncer containers, while volume mounts apply to the PgBouncer
3001
# container itself. Metrics exporter container has its own mounts.
3002
extraVolumes: []
3003
extraVolumeMounts: []
3004
# It can be templated like in the following example:
3005
# extraVolumes:
3006
# - name: my-templated-extra-volume
3007
# secret:
3008
# secretName: '{{ include "my_secret_template" . }}'
3009
# defaultMode: 0640
3010
# optional: true
3011
#
3012
# extraVolumeMounts:
3013
# - name: my-templated-extra-volume
3014
# mountPath: "{{ .Values.my_custom_path }}"
3015
# readOnly: true
3016
3017
# Launch additional containers into PgBouncer pod.
3018
extraContainers: []
3019
# Select certain nodes for PgBouncer pods.
3020
nodeSelector: {}
3021
affinity: {}
3022
tolerations: []
3023
topologySpreadConstraints: []
3024
priorityClassName: ~
3025
uid: 65534
3026
# Detailed default security context for PgBouncer for container level
3027
securityContexts:
3028
pod: {}
3029
container: {}
3030
# Container level lifecycle hooks
3031
containerLifecycleHooks:
3032
preStop:
3033
exec:
3034
# Allow existing queries clients to complete within 120 seconds
3035
command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"]
3036
metricsExporterSidecar:
3037
resources: {}
3038
# limits:
3039
# cpu: 100m
3040
# memory: 128Mi
3041
# requests:
3042
# cpu: 100m
3043
# memory: 128Mi
3044
3045
sslmode: "disable"
3046
# Supply the name of existing secret with PGBouncer connection URI containing
3047
# stats user and password, where 'connection' key is base64-encoded value.
3048
statsSecretName: ~
3049
# Secret example:
3050
# apiVersion: v1
3051
# kind: Secret
3052
# metadata:
3053
# name: pgbouncer-stats-secret
3054
# data:
3055
# connection: postgresql://<stats user>:<password>@127.0.0.1:6543/pgbouncer?<connection params>
3056
# type: Opaque
3057
3058
# Key containing the PGBouncer connection URI, defaults to 'connection' if not defined
3059
statsSecretKey: ~
3060
# Add custom annotations to the PgBouncer stats secret
3061
statsSecretAnnotations: {}
3062
# Detailed default security context for metricsExporterSidecar for container level
3063
securityContexts:
3064
container: {}
3065
# Container level lifecycle hooks
3066
containerLifecycleHooks: {}
3067
livenessProbe:
3068
initialDelaySeconds: 10
3069
periodSeconds: 10
3070
timeoutSeconds: 1
3071
readinessProbe:
3072
initialDelaySeconds: 10
3073
periodSeconds: 10
3074
timeoutSeconds: 1
3075
# Mount additional volumes into the metrics exporter.
3076
extraVolumeMounts: []
3077
# It can be templated like in the following example:
3078
# extraVolumeMounts:
3079
# - name: my-templated-extra-volume
3080
# mountPath: "{{ .Values.my_custom_path }}"
3081
# readOnly: true
3082
# Labels specific to PgBouncer objects and pods
3083
labels: {}
3084
# Environment variables to add to PgBouncer container
3085
env: []
3086
# Configuration for the redis provisioned by the chart
3087
redis:
3088
enabled: true
3089
terminationGracePeriodSeconds: 600
3090
# Annotations for Redis Statefulset
3091
annotations: {}
3092
# Create Service Account
3093
serviceAccount:
3094
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
3095
automountServiceAccountToken: true
3096
# Specifies whether a Service Account should be created
3097
create: true
3098
# The name of the Service Account to use.
3099
# If not set and `create` is 'true', a name is generated using the release name
3100
name: ~
3101
# Annotations to add to worker Kubernetes Service Account.
3102
annotations: {}
3103
service:
3104
# Service type
3105
type: "ClusterIP"
3106
# If using ClusterIP service type, custom IP address can be specified
3107
clusterIP:
3108
# If using NodePort service type, custom node port can be specified
3109
nodePort:
3110
persistence:
3111
# Enable persistent volumes
3112
enabled: true
3113
# Volume size for worker StatefulSet
3114
size: 1Gi
3115
# If using a custom storageClass, pass name ref to all statefulSets here
3116
storageClassName:
3117
# Annotations to add to redis volumes
3118
annotations: {}
3119
# The name of an existing PVC to use
3120
existingClaim:
3121
persistentVolumeClaimRetentionPolicy: ~
3122
# persistentVolumeClaimRetentionPolicy:
3123
# whenDeleted: Delete
3124
# whenScaled: Delete
3125
# Configuration for empty dir volume (if `redis.persistence.enabled` == 'false')
3126
# emptyDirConfig:
3127
# sizeLimit: 1Gi
3128
# medium: Memory
3129
resources: {}
3130
# limits:
3131
# cpu: 100m
3132
# memory: 128Mi
3133
# requests:
3134
# cpu: 100m
3135
# memory: 128Mi
3136
3137
# If set use as redis secret. Make sure to also set `data.brokerUrlSecretName` value.
3138
passwordSecretName: ~
3139
# If `passwordSecretName` is not specified, set `password` field.
3140
# Otherwise a new password will be generated on install
3141
# Note: password can only be set during 'helm install', not 'helm upgrade'.
3142
password: ~
3143
# Add custom annotations to the redis password secret
3144
passwordSecretAnnotations: {}
3145
# This setting tells Kubernetes that its ok to evict
3146
# when it wants to scale a node down.
3147
safeToEvict: true
3148
# Select certain nodes for redis pods.
3149
nodeSelector: {}
3150
affinity: {}
3151
tolerations: []
3152
topologySpreadConstraints: []
3153
priorityClassName: ~
3154
# Set to 0 for backwards-compatibility
3155
uid: 0
3156
# (deprecated, use `redis.securityContexts` instead)
3157
securityContext: {}
3158
# runAsUser: 999
3159
# runAsGroup: 0
3160
3161
# Detailed default security context for redis for container and pod level
3162
securityContexts:
3163
pod: {}
3164
container: {}
3165
# Container level lifecycle hooks
3166
containerLifecycleHooks: {}
3167
# Labels specific to redis objects and pods
3168
labels: {}
3169
# Pod annotations for Redis pods (templated)
3170
podAnnotations: {}
3171
# Auth secret for a private registry (deprecated, use `imagePullSecrets` instead)
3172
# This is used if pulling Airflow images from a private registry
3173
registry:
3174
# Name of the Kubernetes secret containing Base64 encoded credentials to connect to a private registry
3175
# (deprecated, use `imagePullSecrets` instead).
3176
secretName: ~
3177
# Credentials to connect to a private registry, these will get Base64 encoded and stored in a secret
3178
# (deprecated, use `imagePullSecrets` instead - requires manual secret creation).
3179
connection: {}
3180
# Example:
3181
# connection:
3182
# user: ~
3183
# pass: ~
3184
# host: ~
3185
# email: ~
3186
# Elasticsearch logging configuration
3187
elasticsearch:
3188
# Enable elasticsearch task logging
3189
enabled: false
3190
# A secret containing the connection
3191
secretName: ~
3192
# Object representing the connection, if `secretName` not specified
3193
connection: {}
3194
# Example:
3195
# connection:
3196
# scheme: ~
3197
# user: ~
3198
# pass: ~
3199
# host: ~
3200
# port: ~
3201
3202
# Add custom annotations to the elasticsearch secret
3203
secretAnnotations: {}
3204
# OpenSearch logging configuration
3205
opensearch:
3206
# Enable opensearch task logging
3207
enabled: false
3208
# A secret containing the connection
3209
secretName: ~
3210
# Object representing the connection, if `secretName` not specified
3211
connection: {}
3212
# Example:
3213
# connection:
3214
# scheme: ~
3215
# user: ~
3216
# pass: ~
3217
# host: ~
3218
# port: ~
3219
# All ports used by chart
3220
ports:
3221
flowerUI: 5555
3222
airflowUI: 8080
3223
workerLogs: 8793
3224
triggererLogs: 8794
3225
redisDB: 6379
3226
statsdIngest: 9125
3227
statsdScrape: 9102
3228
pgbouncer: 6543
3229
pgbouncerScrape: 9127
3230
apiServer: 8080
3231
# Define any ResourceQuotas for namespace
3232
quotas: {}
3233
# Define default/max/min values for pods and containers in namespace
3234
limits: []
3235
# This runs as a CronJob to cleanup old pods spawned by the KubernetesExecutor.
3236
# It is required to have KubernetesExecutor enabled.
3237
cleanup:
3238
enabled: false
3239
# Run every 15 minutes (templated).
3240
schedule: "*/15 * * * *"
3241
# To select a random-ish, deterministic starting minute between 3 and 12 inclusive for each release:
3242
# schedule: '{{- add 3 (regexFind ".$" (adler32sum .Release.Name)) -}}-59/15 * * * *'
3243
# To select the last digit of unix epoch time as the starting minute on each deploy:
3244
# schedule: '{{- now | unixEpoch | trunc -1 -}}-59/* * * * *'
3245
3246
# Command to use when running the cleanup CronJob (templated).
3247
command: ~
3248
# Args to use when running the cleanup CronJob (templated).
3249
args: ["bash", "-c", "exec airflow kubernetes cleanup-pods --namespace={{ .Release.Namespace }}"]
3250
# `jobAnnotations` are annotations on the cleanup CronJob
3251
jobAnnotations: {}
3252
# Select certain nodes for Airflow cleanup pods.
3253
nodeSelector: {}
3254
affinity: {}
3255
tolerations: []
3256
topologySpreadConstraints: []
3257
priorityClassName: ~
3258
# Pod annotations for cleanup pods (templated)
3259
podAnnotations: {}
3260
# Labels specific to cleanup objects and pods
3261
labels: {}
3262
resources: {}
3263
# limits:
3264
# cpu: 100m
3265
# memory: 128Mi
3266
# requests:
3267
# cpu: 100m
3268
# memory: 128Mi
3269
3270
# Create Service Account
3271
serviceAccount:
3272
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
3273
automountServiceAccountToken: true
3274
# Specifies whether a Service Account should be created
3275
create: true
3276
# The name of the Service Account to use.
3277
# If not set and `create` is 'true', a name is generated using the release name
3278
name: ~
3279
# Annotations to add to cleanup CronJob Kubernetes Service Account.
3280
annotations: {}
3281
# When not set, the values defined in the global `securityContext` will be used
3282
# (deprecated, use `cleanup.securityContexts` instead)
3283
securityContext: {}
3284
# runAsUser: 50000
3285
# runAsGroup: 0
3286
3287
env: []
3288
# Detailed default security context for cleanup for container level
3289
securityContexts:
3290
pod: {}
3291
container: {}
3292
# container level lifecycle hooks
3293
containerLifecycleHooks: {}
3294
# Specify history limit
3295
# When set, overwrite the default k8s number of successful and failed CronJob executions that are saved.
3296
failedJobsHistoryLimit: ~
3297
successfulJobsHistoryLimit: ~
3298
# This runs as a CronJob to cleanup database for old entries.
3299
databaseCleanup:
3300
enabled: false
3301
applyCustomEnv: true
3302
# Run every week on Sunday at midnight (templated).
3303
schedule: "0 0 * * 0"
3304
# Command to use when running the database cleanup CronJob (templated).
3305
command: ~
3306
# Args to use when running the database cleanup CronJob (templated).
3307
args:
3308
- "bash"
3309
- "-c"
3310
- >-
3311
CLEAN_TS=$(date -d "-{{ .Values.databaseCleanup.retentionDays }} days" +"%Y-%m-%dT%H:%M:%S"); echo "Cleaning up metadata DB entries older than ${CLEAN_TS}"; exec airflow db clean --clean-before-timestamp "${CLEAN_TS}" --yes {{- if .Values.databaseCleanup.skipArchive }} --skip-archive{{ end }} {{- if .Values.databaseCleanup.verbose }} --verbose{{ end }} {{- with .Values.databaseCleanup.batchSize }} --batch-size {{ . }}{{ end }} {{- with .Values.databaseCleanup.tables }} --tables {{ . | join "," }}{{ end }}
3312
# Number of days to retain entries in the metadata database.
3313
retentionDays: 90
3314
# Don't preserve purged records in an archive table
3315
skipArchive: false
3316
# Table names to perform maintenance on. Supported values in:
3317
# https://airflow.apache.org/docs/apache-airflow/stable/cli-and-env-variables-ref.html#clean
3318
tables: []
3319
# Maximum number of rows to delete or archive in a single transaction
3320
batchSize: ~
3321
# Make logging output more verbose
3322
verbose: true
3323
# `jobAnnotations` are annotations on the database cleanup CronJob
3324
jobAnnotations: {}
3325
# Select certain nodes for Airflow database cleanup pods.
3326
nodeSelector: {}
3327
affinity: {}
3328
tolerations: []
3329
topologySpreadConstraints: []
3330
priorityClassName: ~
3331
# Pod annotations for database cleanup pods (templated)
3332
podAnnotations: {}
3333
# Labels specific to database cleanup objects and pods
3334
labels: {}
3335
resources: {}
3336
# limits:
3337
# cpu: 100m
3338
# memory: 128Mi
3339
# requests:
3340
# cpu: 100m
3341
# memory: 128Mi
3342
3343
# Create Service Account
3344
serviceAccount:
3345
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
3346
automountServiceAccountToken: true
3347
# Specifies whether a Service Account should be created
3348
create: true
3349
# The name of the Service Account to use.
3350
# If not set and `create` is 'true', a name is generated using the release name
3351
name: ~
3352
# Annotations to add to database cleanup CronJob Kubernetes Service Account.
3353
annotations: {}
3354
env: []
3355
# Detailed default security context for database cleanup for container level
3356
securityContexts:
3357
pod: {}
3358
container: {}
3359
# Container level lifecycle hooks
3360
containerLifecycleHooks: {}
3361
# Specify history limit
3362
# When set, overwrite the default k8s number of successful and failed CronJob executions that are saved.
3363
failedJobsHistoryLimit: 1
3364
successfulJobsHistoryLimit: 1
3365
# Time to live (in seconds) for Jobs created by this CronJob after they finish.
3366
ttlSecondsAfterFinished: ~
3367
# Configuration for postgresql subchart
3368
# Uses bitnamilegacy images to avoid Bitnami licensing restrictions
3369
# Not recommended for production - use external database instead
3370
postgresql:
3371
enabled: true
3372
image:
3373
repository: bitnamilegacy/postgresql
3374
tag: "16.1.0-debian-11-r15"
3375
auth:
3376
enablePostgresUser: true
3377
postgresPassword: postgres
3378
username: ""
3379
password: ""
3380
# Config settings to go into the mounted airflow.cfg
3381
#
3382
# Please note that these values are passed through the `tpl` function, so are
3383
# all subject to being rendered as go templates. If you need to include a
3384
# literal `{{` in a value, it must be expressed like this:
3385
# a: '{{ "{{ not a template }}" }}'
3386
#
3387
# Do not set config containing secrets via plain text values, use Env Var or k8s secret object
3388
# yamllint disable rule:line-length
3389
config:
3390
core:
3391
dags_folder: '{{ include "airflow_dags" . }}'
3392
# This is ignored when used with the official Docker image
3393
load_examples: 'False'
3394
executor: '{{ .Values.executor }}'
3395
auth_manager: "airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager"
3396
logging:
3397
remote_logging: '{{- ternary "True" "False" (or .Values.elasticsearch.enabled .Values.opensearch.enabled) }}'
3398
colored_console_log: 'False'
3399
metrics:
3400
statsd_on: '{{ ternary "True" "False" .Values.statsd.enabled }}'
3401
statsd_port: 9125
3402
statsd_prefix: airflow
3403
statsd_host: '{{ printf "%s-statsd" (include "airflow.fullname" .) }}'
3404
fab:
3405
enable_proxy_fix: 'True'
3406
webserver:
3407
# For Airflow 2.X
3408
enable_proxy_fix: 'True'
3409
celery:
3410
flower_url_prefix: '{{ ternary "" .Values.ingress.flower.path (eq .Values.ingress.flower.path "/") }}'
3411
worker_concurrency: 16
3412
sync_parallelism: '{{ include "cpu_count" (((.Values.scheduler).resources).limits).cpu }}'
3413
scheduler:
3414
standalone_dag_processor: '{{ ternary "True" "False" (or (semverCompare ">=3.0.0" .Values.airflowVersion) (.Values.dagProcessor.enabled | default false)) }}'
3415
dag_processor:
3416
# This value is generated by default from `.Values.dagProcessor.dagBundleConfigList` using the `dag_bundle_config_list` helper function.
3417
# It is recommended to configure this via `dagProcessor.dagBundleConfigList` rather than overriding `config.dag_processor.dag_bundle_config_list` directly.
3418
dag_bundle_config_list: '{{ include "dag_bundle_config_list" . }}'
3419
elasticsearch:
3420
json_format: 'True'
3421
log_id_template: "{dag_id}-{task_id}-{run_id}-{map_index}-{try_number}"
3422
elasticsearch_configs:
3423
max_retries: 3
3424
timeout: 30
3425
retry_timeout: 'True'
3426
kerberos:
3427
keytab: '{{ .Values.kerberos.keytabPath }}'
3428
reinit_frequency: '{{ .Values.kerberos.reinitFrequency }}'
3429
principal: '{{ .Values.kerberos.principal }}'
3430
ccache: '{{ .Values.kerberos.ccacheMountPath }}/{{ .Values.kerberos.ccacheFileName }}'
3431
celery_kubernetes_executor:
3432
kubernetes_queue: 'kubernetes'
3433
kubernetes_executor:
3434
namespace: '{{ .Release.Namespace }}'
3435
pod_template_file: '{{ include "airflow_pod_template_file" . }}/pod_template_file.yaml'
3436
worker_container_repository: '{{ .Values.images.airflow.repository | default .Values.defaultAirflowRepository }}'
3437
worker_container_tag: '{{ .Values.images.airflow.tag | default .Values.defaultAirflowTag }}'
3438
multi_namespace_mode: '{{ ternary "True" "False" .Values.multiNamespaceMode }}'
3439
# yamllint enable rule:line-length
3440
3441
# Whether Airflow can launch workers and/or pods in multiple namespaces
3442
# If true, it creates ClusterRole/ClusterRolebinding (with access to entire cluster)
3443
multiNamespaceMode: false
3444
# `podTemplate` is a templated string which overwrites the content of `pod_template_file.yaml` used by
3445
# KubernetesExecutor. The default `podTemplate` will use `workers` configuration parameters
3446
# (e.g. `workers.resources`). As such, you normally won't need to override this directly, however,
3447
# you can still provide a completely custom `pod_template_file.yaml` if desired.
3448
# If not set, a default one is created using `files/pod-template-file.kubernetes-helm-yaml`.
3449
podTemplate: ~
3450
# The following example is NOT functional, but meant to be illustrative of how you can provide a custom
3451
# `pod_template_file`. You're better off starting with the default in
3452
# `files/pod-template-file.kubernetes-helm-yaml` and modifying from there.
3453
# We will set `priorityClassName` in this example:
3454
# podTemplate: |
3455
# apiVersion: v1
3456
# kind: Pod
3457
# metadata:
3458
# name: placeholder-name
3459
# labels:
3460
# tier: airflow
3461
# component: worker
3462
# release: {{ .Release.Name }}
3463
# spec:
3464
# priorityClassName: high-priority
3465
# containers:
3466
# - name: base
3467
# ...
3468
3469
dags:
3470
# Where dags volume will be mounted. Works for both persistence and gitSync.
3471
# If not specified, dags mount path will be set to $AIRFLOW_HOME/dags
3472
mountPath: ~
3473
persistence:
3474
# Annotations for dags PVC
3475
annotations: {}
3476
# Enable persistent volume for storing dags
3477
enabled: false
3478
# Volume size for dags
3479
size: 1Gi
3480
# If using a custom storageClass, pass name here
3481
storageClassName:
3482
# Access mode of the persistent volume
3483
accessMode: ReadWriteOnce
3484
# The name of an existing PVC to use
3485
existingClaim:
3486
# Optional subpath for dag volume mount
3487
subPath: ~
3488
gitSync:
3489
enabled: false
3490
# Git repo clone url
3491
repo: https://github.com/apache/airflow.git
3492
# SSH example: git@github.com:apache/airflow.git
3493
# HTTPS example: https://github.com/apache/airflow.git
3494
3495
branch: v2-2-stable
3496
rev: HEAD
3497
# The git revision (branch, tag, or hash) to check out, v4 only
3498
ref: v2-2-stable
3499
depth: 1
3500
# The number of consecutive failures allowed before aborting
3501
maxFailures: 0
3502
# Subpath within the repo where dags are located.
3503
# Should be "" if dags are at repo root
3504
subPath: "tests/dags"
3505
# If your repo needs a username/password, you can load them to a k8s secret
3506
#
3507
# credentialsSecret: git-credentials
3508
#
3509
# Secret example:
3510
# apiVersion: v1
3511
# kind: Secret
3512
# metadata:
3513
# name: git-credentials
3514
# data:
3515
# # For git-sync v3
3516
# GIT_SYNC_USERNAME: <base64_encoded_git_username>
3517
# GIT_SYNC_PASSWORD: <base64_encoded_git_password>
3518
# # For git-sync v4
3519
# GITSYNC_USERNAME: <base64_encoded_git_username>
3520
# GITSYNC_PASSWORD: <base64_encoded_git_password>
3521
3522
# If you are using an ssh clone url, you can load the ssh private key to a k8s secret
3523
#
3524
# sshKeySecret: airflow-ssh-secret
3525
#
3526
# Secret example:
3527
# apiVersion: v1
3528
# kind: Secret
3529
# metadata:
3530
# name: airflow-ssh-secret
3531
# data:
3532
# gitSshKey: <base64_encoded_data>
3533
3534
# If `sshKeySecret` is not specified, you can set `sshKey`
3535
# sshKey: |
3536
# -----BEGIN {OPENSSH PRIVATE KEY}-----
3537
# ...
3538
# -----END {OPENSSH PRIVATE KEY}-----
3539
3540
# If you are using an ssh private key, you can additionally
3541
# specify the content of your known_hosts file
3542
# knownHosts: |
3543
# <host1>,<ip1> <key1>
3544
# <host2>,<ip2> <key2>
3545
3546
# Interval between git sync attempts in seconds.
3547
# High values are more likely to cause DAGs to become out of sync between different components.
3548
# Low values cause more traffic to the remote git repository.
3549
# Go-style duration string (e.g. "100ms" or "0.1s" = 100ms).
3550
# For backwards compatibility, wait will be used if it is specified.
3551
period: 5s
3552
wait: ~
3553
# Add variables from secret into gitSync containers, such proxy-config
3554
envFrom: ~
3555
# envFrom: |
3556
# - secretRef:
3557
# name: 'proxy-config'
3558
3559
containerName: git-sync
3560
uid: 65533
3561
# When not set, the values defined in the global `securityContext` will be used
3562
# (deprecated, use `dags.gitSync.securityContexts` instead)
3563
securityContext: {}
3564
# runAsUser: 65533
3565
# runAsGroup: 0
3566
3567
securityContexts:
3568
container: {}
3569
# Container level lifecycle hooks
3570
containerLifecycleHooks: {}
3571
# Git-Sync liveness service HTTP bind port
3572
httpPort: 1234
3573
# Setting this to true, will remove readinessProbe usage and configure livenessProbe to
3574
# use a dedicated Git-Sync liveness service. In future, behaviour with value true will be
3575
# default one and old one will be removed
3576
recommendedProbeSetting: false
3577
startupProbe:
3578
enabled: true
3579
timeoutSeconds: 1
3580
initialDelaySeconds: 0
3581
periodSeconds: 5
3582
failureThreshold: 10
3583
# As Git-Sync is not service-type object, the usage of this section will be removed.
3584
# By setting `dags.gitSync.recommendedProbeSetting` to 'true', you will enable future behaviour.
3585
readinessProbe: {}
3586
# The behaviour of the LivenessProbe will change with the next release of Helm Chart.
3587
# To enable future behaviour set `dags.gitSync.recommendedProbeSetting` to 'true'.
3588
# New behaviour uses the recommended liveness configuration by using Git-Sync built-in
3589
# liveness service
3590
livenessProbe: {}
3591
# enabled: true
3592
# timeoutSeconds: 1
3593
# initialDelaySeconds: 0
3594
# periodSeconds: 5
3595
# failureThreshold: 10
3596
3597
# Mount additional volumes into git-sync.
3598
extraVolumeMounts: []
3599
# It can be templated like in the following example:
3600
# extraVolumeMounts:
3601
# - name: my-templated-extra-volume
3602
# mountPath: "{{ .Values.my_custom_path }}"
3603
# readOnly: true
3604
3605
# Supported env vars for gitsync can be found at https://github.com/kubernetes/git-sync
3606
env: []
3607
# - name: ""
3608
# value: ""
3609
3610
# Configuration for empty dir volume
3611
# emptyDirConfig:
3612
# sizeLimit: 1Gi
3613
# medium: Memory
3614
resources: {}
3615
# limits:
3616
# cpu: 100m
3617
# memory: 128Mi
3618
# requests:
3619
# cpu: 100m
3620
# memory: 128Mi
3621
logs:
3622
# Configuration for empty dir volume (if `logs.persistence.enabled` == 'false')
3623
# emptyDirConfig:
3624
# sizeLimit: 1Gi
3625
# medium: Memory
3626
persistence:
3627
# Enable persistent volume for storing logs
3628
enabled: false
3629
# Volume size for logs
3630
size: 100Gi
3631
# Annotations for the logs PVC
3632
annotations: {}
3633
# If using a custom storageClass, pass name here
3634
storageClassName:
3635
# The name of an existing PVC to use
3636
existingClaim:
3637
# The subpath of the existing PVC to use
3638
subPath:
3639
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.