# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
---
# Default values for Airflow.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Provide a name to substitute for the full names of resources
fullnameOverride: ""
# Provide a name to substitute for the name of the chart
nameOverride: ""
# Use standard naming for all resources using airflow.fullname template
# Consider removing this later and default it to true
# to make this chart follow standard naming conventions using the fullname template.
# For now this is an opt-in switch for backwards compatibility to leverage the standard naming convention
# and being able to use fully fullnameOverride and nameOverride in all resources
# For new installations - it is recommended to set it to True to follow standard naming conventions
# For existing installations, this will rename and redeploy your resources with the new names. Be aware that
# this will recreate your Deployment/StatefulSets along with their persistent volume claims and data storage
# migration may be needed to keep your old data
useStandardNaming: false
# Max number of old replicasets to retain. Can be overridden by each Deployment's revisionHistoryLimit
revisionHistoryLimit: ~
# User and group of Airflow user
uid: 50000
gid: 0
# Default security context for Airflow (deprecated, use `securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for Airflow Deployments
securityContexts:
pod: {}
containers: {}
# Global container lifecycle hooks for Airflow containers
containerLifecycleHooks: {}
# Airflow home directory
# Used for mount paths
airflowHome: /opt/airflow
# Default Airflow repository -- overridden by all the specific images below
defaultAirflowRepository: apache/airflow
# Default Airflow tag to deploy
defaultAirflowTag: "3.2.0"
# Default Airflow digest. If specified, it takes precedence over tag
defaultAirflowDigest: ~
# Airflow version (Used to make some decisions based on Airflow Version being deployed)
# Version 2.11.0 and above is supported.
airflowVersion: "3.2.0"
images:
airflow:
repository: ~
tag: ~
# Specifying digest takes precedence over tag.
digest: ~
pullPolicy: IfNotPresent
# To avoid images with user code, you can turn this to 'true' and
# all the 'run-airflow-migrations' and 'wait-for-airflow-migrations' jobs/containers
# will use the images from 'defaultAirflowRepository:defaultAirflowTag' values
# to run and wait for DB migrations .
useDefaultImageForMigration: false
# timeout (in seconds) for airflow-migrations to complete
migrationsWaitTimeout: 60
pod_template:
# Note that `images.pod_template.repository` and `images.pod_template.tag` parameters can be overridden
# in `config.kubernetes_executor` section. So for these parameters to have effect
# `config.kubernetes_executor.worker_container_repository` and
# `config.kubernetes_executor.worker_container_tag` must be not set .
repository: ~
tag: ~
pullPolicy: IfNotPresent
flower:
repository: ~
tag: ~
pullPolicy: IfNotPresent
statsd:
repository: quay.io/prometheus/statsd-exporter
tag: v0.29.0
pullPolicy: IfNotPresent
redis:
repository: redis
# Redis is limited to 7.2-bookworm due to licencing change
# https://redis.io/blog/redis-adopts-dual-source-available-licensing/
tag: 7.2-bookworm
pullPolicy: IfNotPresent
pgbouncer:
repository: apache/airflow
tag: airflow-pgbouncer-2025.03.05-1.23.1
pullPolicy: IfNotPresent
pgbouncerExporter:
repository: apache/airflow
tag: airflow-pgbouncer-exporter-2025.03.05-0.18.0
pullPolicy: IfNotPresent
gitSync:
repository: registry.k8s.io/git-sync/git-sync
tag: v4.4.2
pullPolicy: IfNotPresent
# Select certain nodes for Airflow pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
schedulerName: ~
# Add common labels to all objects and pods defined in this chart.
labels: {}
# List of existing Kubernetes secrets containing Base64 encoded credentials to connect to private
# registries. Items can be either strings or {name: secret} objects.
imagePullSecrets: []
# Ingress configuration
ingress:
# Enable all ingress resources
# (deprecated, use
# `ingress.web.enabled`,
# `ingress.apiServer.enabled` and/or
# `ingress.flower.enabled`
# instead)
enabled: ~
# Configs for the Ingress of the API Server (Airflow 3+)
apiServer:
# Enable API Server ingress resource
enabled: false
# Annotations for the API Server Ingress
annotations: {}
# The path for the API Server Ingress
path: "/"
# The pathType for the above path
pathType: "ImplementationSpecific"
# The hostname for the API Server Ingress (deprecated, use `ingress.apiServer.hosts` instead)
host: ""
# The hostnames or hosts configuration for the API Server Ingress (templated)
hosts: []
# - name: ""
# # configs for API Server Ingress TLS
# tls:
# # Enable TLS termination for the API Server Ingress
# enabled: false
# # The name of a pre-created Secret containing a TLS private key and certificate
# secretName: ""
# The Ingress Class for the API Server Ingress
ingressClassName: ""
# Configs for API Server Ingress TLS (deprecated, use `ingress.apiServer.hosts[*].tls` instead)
tls:
# Enable TLS termination for the API Server Ingress
enabled: false
# The name of a pre-created Secret containing a TLS private key and certificate
secretName: ""
# HTTP paths to add to the API Server Ingress before the default path
precedingPaths: []
# HTTP paths to add to the API Server Ingress after the default path
succeedingPaths: []
# Configs for the Ingress of the web Service (Airflow <3.0.0)
web:
# Enable web ingress resource
enabled: false
# Annotations for the web Ingress
annotations: {}
# The path for the web Ingress
path: "/"
# The pathType for the above path
pathType: "ImplementationSpecific"
# The hostname for the web Ingress (deprecated, use `ingress.web.hosts` instead)
host: ""
# The hostnames or hosts configuration for the web Ingress (templated)
hosts: []
# - name: ""
# # Configs for web Ingress TLS
# tls:
# # Enable TLS termination for the web Ingress
# enabled: false
# # The name of a pre-created Secret containing a TLS private key and certificate
# secretName: ""
# The Ingress Class for the web Ingress
ingressClassName: ""
# Configs for web Ingress TLS (deprecated, use `ingress.web.hosts[*].tls` instead)
tls:
# Enable TLS termination for the web Ingress
enabled: false
# The name of a pre-created Secret containing a TLS private key and certificate
secretName: ""
# HTTP paths to add to the web Ingress before the default path
precedingPaths: []
# HTTP paths to add to the web Ingress after the default path
succeedingPaths: []
# Configs for the Ingress of the flower Service
flower:
# Enable web ingress resource
enabled: false
# Annotations for the flower Ingress
annotations: {}
# The path for the flower Ingress
path: "/"
# The pathType for the above path
pathType: "ImplementationSpecific"
# The hostname for the flower Ingress (deprecated, use `ingress.flower.hosts` instead)
host: ""
# The hostnames or hosts configuration for the flower Ingress (templated)
hosts: []
# - name: ""
# tls:
# # Enable TLS termination for the flower Ingress
# enabled: false
# # The name of a pre-created Secret containing a TLS private key and certificate
# secretName: ""
# The Ingress Class for the flower Ingress
ingressClassName: ""
# Configs for flower Ingress TLS (deprecated, use `ingress.flower.hosts[*].tls` instead)
tls:
# Enable TLS termination for the flower Ingress
enabled: false
# The name of a pre-created Secret containing a TLS private key and certificate
secretName: ""
# Configs for the Ingress of the StatsD Service
statsd:
# Enable web ingress resource
enabled: false
# Annotations for the StatsD Ingress
annotations: {}
# The path for the StatsD Ingress
path: "/metrics"
# The pathType for the above path
pathType: "ImplementationSpecific"
# The hostname for the StatsD Ingress (deprecated, use `ingress.statsd.hosts` instead)
host: ""
# The hostnames or hosts configuration for the StatsD Ingress (templated)
hosts: []
# - name: ""
# tls:
# # Enable TLS termination for the StatsD Ingress
# enabled: false
# # The name of a pre-created Secret containing a TLS private key and certificate
# secretName: ""
# The Ingress Class for the StatsD Ingress
ingressClassName: ""
# Configs for the Ingress of the PgBouncer Service
pgbouncer:
# Enable web ingress resource
enabled: false
# Annotations for the PgBouncer Ingress
annotations: {}
# The path for the PgBouncer Ingress
path: "/metrics"
# The pathType for the above path
pathType: "ImplementationSpecific"
# The hostname for the PgBouncer Ingress (deprecated, use `ingress.pgbouncer.hosts` instead)
host: ""
# The hostnames or hosts configuration for the PgBouncer Ingress (templated)
hosts: []
# - name: ""
# tls:
# # Enable TLS termination for the PgBouncer Ingress
# enabled: false
# # The name of a pre-created Secret containing a TLS private key and certificate
# secretName: ""
# The Ingress Class for the PgBouncer Ingress
ingressClassName: ""
# Network policy configuration
networkPolicies:
# Enabled network policies
enabled: false
# Extra annotations to apply to all Airflow pods (templated)
airflowPodAnnotations: {}
# Extra annotations to apply to main Airflow ConfigMap
airflowConfigAnnotations: {}
# 'airflow_local_settings' file as a string (templated)
airflowLocalSettings: |-
{{- if semverCompare "<3.0.0" .Values.airflowVersion }}
{{- if not (or .Values.webserverSecretKey .Values.webserverSecretKeySecretName) }}
from airflow.www.utils import UIAlert
DASHBOARD_UIALERTS = [
UIAlert(
'Usage of a dynamic webserver secret key detected. We recommend a static webserver secret key instead.'
' See the '
'Helm Chart Production Guide for more details.',
category="warning",
roles=["Admin"],
html=True,
)
]
{{- end }}
{{- end }}
# Enable RBAC (default on most clusters these days)
rbac:
# Specifies whether RBAC resources should be created
create: true
createSCCRoleBinding: false
# Airflow executor
# One or multiple of: LocalExecutor, CeleryExecutor, KubernetesExecutor
# For Airflow <3.0, LocalKubernetesExecutor and CeleryKubernetesExecutor are supported.
# Specify executors in a prioritized list to leverage multiple execution environments as needed:
# https://airflow.apache.org/docs/apache-airflow/stable/core-concepts/executor/index.html#using-multiple-executors-concurrently
executor: "CeleryExecutor"
# If this is true and using LocalExecutor/KubernetesExecutor/CeleryKubernetesExecutor, the scheduler's
# Service Account will have access to communicate with the api-server and launch pods/jobs.
# If this is true and using CeleryExecutor/KubernetesExecutor/CeleryKubernetesExecutor, the workers
# will be able to launch pods/jobs.
allowPodLaunching: true
allowJobLaunching: false
# Environment variables for all Airflow containers
env: []
# - name: ""
# value: ""
# Volumes for all Airflow containers
volumes: []
# VolumeMounts for all Airflow containers
volumeMounts: []
# Secrets for all Airflow containers
secret: []
# - envName: ""
# secretName: ""
# secretKey: ""
# Enables selected built-in secrets that are set via environment variables by default.
# Those secrets are provided by the Helm Chart secrets by default but in some cases you
# might want to provide some of those variables with _CMD or _SECRET variable, and you should
# in this case disable setting of those variables by setting the relevant configuration to 'false'.
enableBuiltInSecretEnvVars:
AIRFLOW__CORE__FERNET_KEY: true
AIRFLOW__DATABASE__SQL_ALCHEMY_CONN: true
AIRFLOW_CONN_AIRFLOW_DB: true
AIRFLOW__API__SECRET_KEY: true
AIRFLOW__API_AUTH__JWT_SECRET: true
AIRFLOW__WEBSERVER__SECRET_KEY: true
AIRFLOW__CELERY__RESULT_BACKEND: true
AIRFLOW__CELERY__BROKER_URL: true
AIRFLOW__ELASTICSEARCH__HOST: true
AIRFLOW__OPENSEARCH__HOST: true
# Priority Classes that will be installed by charts.
# Ideally, there should be an entry for dagProcessor, flower,
# pgbouncer, scheduler, statsd, triggerer, webserver/api-server, worker.
# The format for priorityClasses is an array with each element having:
# * name is the name of the priorityClass. Ensure the same name is given to the respective section as well
# * preemptionPolicy for the priorityClass
# * value is the preemption value for the priorityClass
priorityClasses: []
# - name: class1 (if this is for dagProcessor, ensure overriding `dagProcessor.priorityClass` too)
# preemptionPolicy: PreemptLowerPriority
# value: 10000
# - name: class2
# preemptionPolicy: Never
# value: 100000
# Extra secrets that will be managed by the chart
# (You can use them with `extraEnv` or `extraEnvFrom` or some of the `extraVolumes` values).
# The format for secret data is "key/value" where
# * key (templated) is the name of the secret that will be created
# * value: an object with the standard 'data' or 'stringData' key (or both).
# The value associated with those keys must be a string (templated)
extraSecrets: {}
# extraSecrets:
# '{{ .Release.Name }}-airflow-connections':
# type: 'Opaque'
# labels:
# my.custom.label/v1: my_custom_label_value_1
# data: |
# AIRFLOW_CONN_GCP: 'base64_encoded_gcp_conn_string'
# AIRFLOW_CONN_AWS: 'base64_encoded_aws_conn_string'
# stringData: |
# AIRFLOW_CONN_OTHER: 'other_conn'
# '{{ .Release.Name }}-other-secret-name-suffix':
# data: |
# ...
# 'proxy-config':
# stringData: |
# HTTP_PROXY: http://proxy_user:proxy_password@192.168.0.10:2080
# HTTPS_PROXY: http://proxy_user:proxy_password@192.168.0.10:2080
# NO_PROXY: "localhost,127.0.0.1,.svc.cluster.local,kubernetes.default.svc"
# Extra ConfigMaps that will be managed by the chart
# (You can use them with `extraEnv` or `extraEnvFrom` or some of the `extraVolumes` values).
# The format for ConfigMap data is "key/value" where
# * key (templated) is the name of the ConfigMap that will be created
# * value: an object with the standard 'data' key.
# The value associated with this keys must be a string (templated)
extraConfigMaps: {}
# extraConfigMaps:
# '{{ .Release.Name }}-airflow-variables':
# labels:
# my.custom.label/v2: my_custom_label_value_2
# data: |
# AIRFLOW_VAR_HELLO_MESSAGE: "Hi!"
# AIRFLOW_VAR_KUBERNETES_NAMESPACE: "{{ .Release.Namespace }}"
# Extra env 'items' that will be added to the definition of Airflow containers
# a string is expected (templated).
# TODO: difference from `env`? This is a templated string. Probably should template `env` and remove this.
extraEnv: ~
# extraEnv: |
# - name: AIRFLOW__CORE__LOAD_EXAMPLES
# value: 'True'
# Extra envFrom 'items' that will be added to the definition of Airflow containers
# A string is expected (templated).
extraEnvFrom: ~
# extraEnvFrom: |
# - secretRef:
# name: '{{ .Release.Name }}-airflow-connections'
# - configMapRef:
# name: '{{ .Release.Name }}-airflow-variables'
# Airflow database & redis config
data:
# If secret name is provided, secret itself has to be created manually with 'connection' key like:
#
# kind: Secret
# apiVersion: v1
# metadata:
# name: custom-airflow-metadata-secret
# type: Opaque
# data:
# connection: base64_encoded_connection_string
#
# The 'connection' key is base64-encoded SQLAlchemy connection string, e.g.:
# postgresql+psycopg2://airflow:password@postgres/airflow
metadataSecretName: ~
# If not set, falls back to metadataSecretName. The secret must contain 'connection' key which is
# a base64-encoded connection string, e.g.:
# postgresql+psycopg2://user:password@host/db
resultBackendSecretName: ~
brokerUrlSecretName: ~
# If `metadataSecretName` is not specified, pass connection values below
metadataConnection:
user: postgres
pass: postgres
protocol: postgresql
host: ~
port: 5432
db: postgres
sslmode: disable
# Add custom annotations to the metadata connection secret
secretAnnotations: {}
# `resultBackendConnection` defaults to the same database as metadataConnection
resultBackendConnection: ~
# or, you can use a different database like:
# resultBackendConnection:
# user: postgres
# pass: postgres
# protocol: postgresql
# host: ~
# port: 5432
# db: postgres
# sslmode: disable
# Add custom annotations to the result backend connection secret
resultBackendConnectionSecretAnnotations: {}
# Note: `brokerUrl` can only be set during 'helm install', not 'helm upgrade' command
brokerUrl: ~
# Add custom annotations to the broker url secret
brokerUrlSecretAnnotations: {}
# Fernet key settings
# Note: `fernetKey` can only be set during 'helm install', not 'helm upgrade' command
fernetKey: ~
# If set, the secret must contain a 'fernet-key' key with a base64-encoded key value
fernetKeySecretName: ~
# Fernet key secret example:
# kind: Secret
# apiVersion: v1
# metadata:
# name: custom-fernet-key-secret
# type: Opaque
# data:
# fernet-key:
# Add custom annotations to the fernet key secret
fernetKeySecretAnnotations: {}
# Flask secret key for Airflow 3+ Api: '[api] secret_key' in airflow.cfg
apiSecretKey: ~
# Add custom annotations to the api secret
apiSecretAnnotations: {}
# If set, the secret must contain a key 'api-secret-key' with a base64-encoded key value
apiSecretKeySecretName: ~
# API secret key example:
# kind: Secret
# apiVersion: v1
# metadata:
# name: custom-api-secret
# type: Opaque
# data:
# api-secret-key:
# Secret key used to encode and decode JWTs: '[api_auth] jwt_secret' in airflow.cfg
# Note: It is not advised to use in production as during helm upgrade it will be changed
# which can cause dag failures during component rollouts
jwtSecret: ~
# Add custom annotations to the JWT secret
jwtSecretAnnotations: {}
# If set, the secret must contain a key 'jwt-secret' with a base64-encoded key value
jwtSecretName: ~
# JWT secret example:
# kind: Secret
# apiVersion: v1
# metadata:
# name: custom-jwt-secret
# type: Opaque
# data:
# jwt-secret:
# Flask secret key for Airflow <3 Webserver: '[webserver] secret_key' in airflow.cfg
# (deprecated, use `apiSecretKey` instead (Airflow 3+))
webserverSecretKey: ~
# Add custom annotations to the webserver secret
# (deprecated, use `apiSecretAnnotations` instead (Airflow 3+))
webserverSecretAnnotations: {}
# If set, the secret must contain a key 'webserver-secret-key' with a base64-encoded key value
# (deprecated, use `apiSecretKeySecretName` instead (Airflow 3+))
webserverSecretKeySecretName: ~
# Webserver secret key secret example:
# kind: Secret
# apiVersion: v1
# metadata:
# name: custom-webserver-secret
# type: Opaque
# data:
# webserver-secret-key:
# In order to use kerberos you need to create secret containing the keytab file.
# The secret name should follow naming convention of the application where resources are
# name '{{ .Release.Name }}-'. In case of the keytab file, the '' is "kerberos-keytab".
# If your release is named "my-release" the name of the secret should be "my-release-kerberos-keytab".
#
# The Keytab content should be available in the "kerberos.keytab" key of the secret.
# apiVersion: v1
# kind: Secret
# data:
# kerberos.keytab:
# type: Opaque
#
# If you have keytab file you can do it with similar:
# kubectl create secret generic {{ .Release.Name }}-kerberos-keytab --from-file=kerberos.keytab
#
# Alternatively, instead of manually creating the secret, it is possible to specify
# `kerberos.keytabBase64Content` parameter. This parameter should contain base64 encoded keytab.
kerberos:
enabled: false
ccacheMountPath: /var/kerberos-ccache
ccacheFileName: cache
configPath: /etc/krb5.conf
keytabBase64Content: ~
keytabPath: /etc/airflow.keytab
principal: airflow@FOO.COM
reinitFrequency: 3600
config: |
# This is an example config showing how you can use templating and how "example" config
# might look like. It works with the test kerberos server that we are using during integration
# testing at Apache Airflow (see 'scripts/ci/docker-compose/integration-kerberos.yml' but in
# order to make it production-ready you must replace it with your own configuration that
# Matches your kerberos deployment. Administrators of your Kerberos instance should
# provide the right configuration.
[logging]
default = "FILE:{{ template "airflow_logs_no_quote" . }}/kerberos_libs.log"
kdc = "FILE:{{ template "airflow_logs_no_quote" . }}/kerberos_kdc.log"
admin_server = "FILE:{{ template "airflow_logs_no_quote" . }}/kadmind.log"
[libdefaults]
default_realm = FOO.COM
ticket_lifetime = 10h
renew_lifetime = 7d
forwardable = true
[realms]
FOO.COM = {
kdc = kdc-server.foo.com
admin_server = admin_server.foo.com
}
# Airflow Worker Config
workers:
# Number of Airflow Celery workers (deprecated, use `workers.celery.replicas` instead)
replicas: 1
# Max number of old Airflow Celery workers ReplicaSets to retain
# (deprecated, use `workers.celery.revisionHistoryLimit` instead)
revisionHistoryLimit: ~
# Command to use when running Airflow Celery workers and using pod-template-file (templated)
# (deprecated, use `workers.celery.command` and/or `workers.kubernetes.command` instead)
command: ~
# Args to use when running Airflow Celery workers (templated)
# (deprecated, use `workers.celery.args` instead)
args:
- "bash"
- "-c"
# The format below is necessary to get `helm lint` happy
- |-
exec \
airflow celery worker
{{- if and .Values.workers.queue (ne .Values.workers.queue "default") }}
{{- " -q " }}{{ .Values.workers.queue }}
{{- end }}
# If the Airflow Celery worker stops responding for 5 minutes (5*60s)
# kill the worker and let Kubernetes restart it
# (deprecated, use `workers.celery.livenessProbe` section instead)
livenessProbe:
# (deprecated, use `workers.celery.livenessProbe.enabled` instead)
enabled: true
# (deprecated, use `workers.celery.livenessProbe.initialDelaySeconds` instead)
initialDelaySeconds: 10
# (deprecated, use `workers.celery.livenessProbe.timeoutSeconds` instead)
timeoutSeconds: 20
# (deprecated, use `workers.celery.livenessProbe.failureThreshold` instead)
failureThreshold: 5
# (deprecated, use `workers.celery.livenessProbe.periodSeconds` instead)
periodSeconds: 60
# (deprecated, use `workers.celery.livenessProbe.command` instead)
command: ~
# Update Strategy when Airflow Celery worker is deployed as a StatefulSet
# (deprecated, use `workers.celery.updateStrategy` instead)
updateStrategy: ~
# Update Strategy when Airflow Celery worker is deployed as a Deployment
# (deprecated, use `workers.celery.strategy` instead)
strategy:
rollingUpdate:
maxSurge: "100%"
maxUnavailable: "50%"
# Allow relaxing ordering guarantees for Airflow Celery worker while preserving its uniqueness and identity
# (deprecated, use `workers.celery.podManagementPolicy` instead)
# podManagementPolicy: Parallel
# When not set, the values defined in the global securityContext will
# be used in Airflow Celery workers and pod-template-file
# (deprecated, use `workers.celery.securityContexts` and/or `workers.kubernetes.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for the
# Airflow Celery workers and pod-template-file on container and pod level
# (deprecated, use `workers.celery.securityContexts` and/or `workers.kubernetes.securityContexts` instead)
securityContexts:
# (deprecated, use
# `workers.celery.securityContexts.pod` and/or
# `workers.kubernetes.securityContexts.pod`
# instead)
pod: {}
# (deprecated, use
# `workers.celery.securityContexts.container` and/or
# `workers.kubernetes.securityContexts.container`
# instead)
container: {}
# Container level Lifecycle Hooks definition for
# Airflow Celery workers and pods created with pod-template-file
# (deprecated, use
# `workers.celery.containerLifecycleHooks` and/or
# `workers.kubernetes.containerLifecycleHooks`
# instead)
containerLifecycleHooks: {}
# Airflow Celery workers pod disruption budget
# (deprecated, use `workers.celery.podDisruptionBudget` instead)
podDisruptionBudget:
# (deprecated, use `workers.celery.podDisruptionBudget.enabled` instead)
enabled: false
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
# (deprecated, use `workers.celery.podDisruptionBudget.config` instead)
config:
# (deprecated, use `workers.celery.podDisruptionBudget.config.maxUnavailable` instead)
maxUnavailable: 1
# (deprecated, use `workers.celery.podDisruptionBudget.config.minAvailable` instead)
# minAvailable: 1
# Create Service Account for Airflow Celery workers and pods created with pod-template-file
# (deprecated, use `workers.celery.serviceAccount` and/or `workers.kubernetes.serviceAccount` instead)
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
# (deprecated, use
# `workers.celery.serviceAccount.automountServiceAccountToken` and/or
# `workers.kubernetes.serviceAccount.automountServiceAccountToken`
# instead)
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
# (deprecated, use
# `workers.celery.serviceAccount.create` and/or
# `workers.kubernetes.serviceAccount.create`
# instead)
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
# (deprecated, use
# `workers.celery.serviceAccount.name` and/or
# `workers.kubernetes.serviceAccount.name`
# instead)
name: ~
# Annotations to add to worker Kubernetes Service Account.
# (deprecated, use
# `workers.celery.serviceAccount.annotations` and/or
# `workers.kubernetes.serviceAccount.annotations`
# instead)
annotations: {}
# Allow KEDA autoscaling for Airflow Celery workers
# (deprecated, use `workers.celery.keda` instead)
keda:
# (deprecated, use `workers.celery.keda.enabled` instead)
enabled: false
# (deprecated, use `workers.celery.keda.namespaceLabels` instead)
namespaceLabels: {}
# How often KEDA polls the Airflow DB to report new scale requests to the HPA
# (deprecated, use `workers.celery.keda.pollingInterval` instead)
pollingInterval: 5
# How many seconds KEDA will wait before scaling to zero.
# Note: HPA has a separate cooldown period for scale-downs
# (deprecated, use `workers.celery.keda.cooldownPeriod` instead)
cooldownPeriod: 30
# Minimum number of Airflow Celery workers created by keda
# (deprecated, use `workers.celery.keda.minReplicaCount` instead)
minReplicaCount: 0
# Maximum number of Airflow Celery workers created by keda
# (deprecated, use `workers.celery.keda.maxReplicaCount` instead)
maxReplicaCount: 10
# Specify HPA related options
# (deprecated, use `workers.celery.keda.advanced` instead)
advanced: {}
# horizontalPodAutoscalerConfig:
# behavior:
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Percent
# value: 100
# periodSeconds: 15
# Query to use for KEDA autoscaling. Must return a single integer.
# (deprecated, use `workers.celery.keda.query` instead)
query: >-
SELECT ceil(COUNT(*)::decimal / {{ .Values.config.celery.worker_concurrency }})
FROM task_instance
WHERE (state='running' OR state='queued')
AND queue IN (
{{- range $i, $q := splitList "," .Values.workers.queue -}}
{{- if $i }},{{ end }}'{{ $q | trim }}'
{{- end -}}
)
{{- if contains "CeleryKubernetesExecutor" .Values.executor }}
AND queue != '{{ .Values.config.celery_kubernetes_executor.kubernetes_queue }}'
{{- else if contains "KubernetesExecutor" .Values.executor }}
AND executor IS DISTINCT FROM 'KubernetesExecutor'
{{- else if contains "airflow.providers.edge3.executors.EdgeExecutor" .Values.executor }}
AND executor IS DISTINCT FROM 'EdgeExecutor'
{{- end }}
# Weather to use PGBouncer to connect to the database or not when it is enabled
# This configuration will be ignored if PGBouncer is not enabled
# (deprecated, use `workers.celery.keda.usePgbouncer` instead)
usePgbouncer: true
# Allow HPA for Airflow Celery workers (KEDA must be disabled)
# (deprecated, use `workers.celery.hpa` instead)
hpa:
# (deprecated, use `workers.celery.hpa.enabled` instead)
enabled: false
# Minimum number of Airflow Celery workers created by HPA
# (deprecated, use `workers.celery.hpa.minReplicaCount` instead)
minReplicaCount: 0
# Maximum number of Airflow Celery workers created by HPA
# (deprecated, use `workers.celery.hpa.maxReplicaCount` instead)
maxReplicaCount: 5
# Specifications for which to use to calculate the desired replica count
# (deprecated, use `workers.celery.hpa.metrics` instead)
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
# Scaling behavior of the target in both Up and Down directions
# (deprecated, use `workers.celery.hpa.behavior` instead)
behavior: {}
# Persistence volume configuration for Airflow Celery workers
# (deprecated, use `workers.celery.persistence` instead)
persistence:
# Enable persistent volumes (deprecated, use `workers.celery.persistence.enabled` instead)
enabled: true
# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed
# (deprecated, use `workers.celery.persistence.persistentVolumeClaimRetentionPolicy` instead)
persistentVolumeClaimRetentionPolicy: ~
# persistentVolumeClaimRetentionPolicy:
# whenDeleted: Delete
# whenScaled: Delete
# Volume size for Airflow Celery worker StatefulSet
# (deprecated, use `workers.celery.persistence.size` instead)
size: 100Gi
# If using a custom storageClass, pass name ref to all StatefulSets here
# (deprecated, use `workers.celery.persistence.storageClassName` instead)
storageClassName:
# Execute init container to chown log directory.
# This is currently only needed in kind, due to usage
# of local-path provisioner.
# (deprecated, use `workers.celery.persistence.fixPermissions` instead)
fixPermissions: false
# Annotations to add to Airflow Celery worker volumes
# (deprecated, use `workers.celery.persistence.annotations` instead)
annotations: {}
# Detailed default security context for persistence on container level
# (deprecated, use `workers.celery.persistence.securityContexts` instead)
securityContexts:
# (deprecated, use `workers.celery.persistence.securityContexts.container` instead)
container: {}
# Kerberos sidecar configuration for Airflow Celery workers and pods created with pod-template-file
# (deprecated, use `workers.celery.kerberosSidecar` and/or `workers.kubernetes.kerberosSidecar` instead)
kerberosSidecar:
# Enable kerberos sidecar
# (deprecated, use
# `workers.celery.kerberosSidecar.enabled` and/or
# `workers.kubernetes.kerberosSidecar.enabled`
# instead)
enabled: false
# (deprecated, use
# `workers.celery.kerberosSidecar.resources` and/or
# `workers.kubernetes.kerberosSidecar.resources`
# instead)
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for kerberos sidecar on container level
# (deprecated, use
# `workers.celery.kerberosSidecar.securityContexts` and/or
# `workers.kubernetes.kerberosSidecar.securityContexts`
# instead)
securityContexts:
# (deprecated, use
# `workers.celery.kerberosSidecar.securityContexts.container` and/or
# `workers.kubernetes.kerberosSidecar.securityContexts.container`
# instead)
container: {}
# Container level lifecycle hooks
# (deprecated, use
# `workers.celery.kerberosSidecar.containerLifecycleHooks` and/or
# `workers.kubernetes.kerberosSidecar.containerLifecycleHooks`
# instead)
containerLifecycleHooks: {}
# Kerberos init container configuration for Airflow Celery workers and pods created with pod-template-file
# (deprecated, use
# `workers.celery.kerberosInitContainer` and/or
# `workers.kubernetes.kerberosInitContainer`
# instead)
kerberosInitContainer:
# Enable kerberos init container
# (deprecated, use
# `workers.celery.kerberosInitContainer.enabled` and/or
# `workers.kubernetes.kerberosInitContainer.enabled`
# instead)
enabled: false
# (deprecated, use
# `workers.celery.kerberosInitContainer.resources` and/or
# `workers.kubernetes.kerberosInitContainer.resources`
# instead)
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for kerberos init container
# (deprecated, use
# `workers.celery.kerberosInitContainer.securityContexts` and/or
# `workers.kubernetes.kerberosInitContainer.securityContexts`
# instead)
securityContexts:
# (deprecated, use
# `workers.celery.kerberosInitContainer.securityContexts.container` and/or
# `workers.kubernetes.kerberosInitContainer.securityContexts.container`
# instead)
container: {}
# Container level lifecycle hooks
# (deprecated, use
# `workers.celery.kerberosInitContainer.containerLifecycleHooks` and/or
# `workers.kubernetes.kerberosInitContainer.containerLifecycleHooks`
# instead)
containerLifecycleHooks: {}
# Resource configuration for Airflow Celery workers and pods created with pod-template-file
# (deprecated, use `workers.celery.resources` and/or `workers.kubernetes.resources` instead)
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Grace period for tasks to finish after SIGTERM is sent from Kubernetes.
# It is used by Airflow Celery workers and pod-template-file.
# (deprecated, use
# `workers.celery.terminationGracePeriodSeconds` and/or
# `workers.kubernetes.terminationGracePeriodSeconds`
# instead)
terminationGracePeriodSeconds: 600
# This setting tells Kubernetes that its ok to evict when it wants to scale a node down.
# It is used by Airflow Celery workers and pod-template-file.
# (deprecated, use
# `workers.celery.safeToEvict` and/or
# `workers.kubernetes.safeToEvict`
# instead)
safeToEvict: false
# Launch additional containers into Airflow Celery worker
# and pods created with pod-template-file (templated).
# (deprecated, use
# `workers.celery.extraContainers` and/or
# `workers.kubernetes.extraContainers`
# instead)
# Note: If used with KubernetesExecutor, you are responsible for signaling sidecars to exit when the main
# container finishes so Airflow can continue the worker shutdown process!
extraContainers: []
# Add additional init containers into Airflow Celery workers
# and pods created with pod-template-file (templated).
# (deprecated, use
# `workers.celery.extraInitContainers` and/or
# `workers.kubernetes.extraInitContainers`
# instead)
extraInitContainers: []
# Additional volumes attached to the Airflow Celery workers
# and pods created with pod-template-file
# (deprecated, use `workers.celery.extraVolumes` and/or `workers.kubernetes.extraVolumes` instead)
extraVolumes: []
# Mount additional volumes into workers pods. It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
# Additional volume mounts attached to the Airflow Celery workers
# and pods created with pod-template-file
# (deprecated, use
# `workers.celery.extraVolumeMounts` and/or
# `workers.kubernetes.extraVolumeMounts`
# instead)
extraVolumeMounts: []
# Mount additional volumes into workers pods. It can be templated like in the following example:
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Expose additional ports of Airflow Celery workers. These can be used for additional metric collection.
# (deprecated, use `workers.celery.extraPorts` instead)
extraPorts: []
# Select certain nodes for Airflow Celery worker pods and pods created with pod-template-file
# (deprecated, use `workers.celery.nodeSelector` and/or `workers.kubernetes.nodeSelector` instead)
nodeSelector: {}
# (deprecated, use `workers.celery.runtimeClassName` and/or `workers.kubernetes.runtimeClassName` instead)
runtimeClassName: ~
# (deprecated, use `workers.celery.priorityClassName` and/or `workers.kubernetes.priorityClassName` instead)
priorityClassName: ~
# (deprecated, use `workers.celery.affinity` and/or `workers.kubernetes.affinity` instead)
affinity: {}
# Default Airflow Celery worker affinity is:
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# component: worker
# topologyKey: kubernetes.io/hostname
# weight: 100
# (deprecated, use `workers.celery.tolerations` and/or `workers.kubernetes.tolerations` instead)
tolerations: []
# (deprecated, use
# `workers.celery.topologySpreadConstraints` and/or
# `workers.kubernetes.topologySpreadConstraints`
# instead)
topologySpreadConstraints: []
# hostAliases to use in Airflow Celery worker pods and pods created with pod-template-file
# (deprecated, use `workers.celery.hostAliases` and/or `workers.kubernetes.hostAliases` instead)
# See:
# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
hostAliases: []
# - ip: "127.0.0.2"
# hostnames:
# - "test.hostname.one"
# - ip: "127.0.0.3"
# hostnames:
# - "test.hostname.two"
# Annotations for the Airflow Celery worker resource
# (deprecated, use `workers.celery.annotations` instead)
annotations: {}
# Pod annotations for the Airflow Celery workers and pods created with pod-template-file (templated)
# (deprecated, use `workers.celery.podAnnotations` and/or `workers.kubernetes.podAnnotations` instead)
podAnnotations: {}
# Labels specific to Airflow Celery workers objects and pods created with pod-template-file
# (deprecated, use `workers.celery.labels` and/or `workers.kubernetes.labels` instead)
labels: {}
# Log groomer configuration for Airflow Celery workers
# (deprecated, use `workers.celery.logGroomerSidecar` instead)
logGroomerSidecar:
# Whether to deploy the Airflow Celery worker log groomer sidecar
# (deprecated, use `workers.celery.logGroomerSidecar.enabled` instead)
enabled: true
# Command to use when running the Airflow Celery worker log groomer sidecar (templated)
# (deprecated, use `workers.celery.logGroomerSidecar.command` instead)
command: ~
# Args to use when running the Airflow Celery worker log groomer sidecar (templated)
# (deprecated, use `workers.celery.logGroomerSidecar.args` instead)
args: ["bash", "/clean-logs"]
# Number of days to retain logs
# (deprecated, use `workers.celery.logGroomerSidecar.retentionDays` instead)
retentionDays: 15
# Number of minutes to retain logs.
# This can be used for finer granularity than days.
# Total retention is `retentionDays` + `retentionMinutes`.
# (deprecated, use `workers.celery.logGroomerSidecar.retentionMinutes` instead)
retentionMinutes: 0
# Frequency to attempt to groom logs (in minutes)
# (deprecated, use `workers.celery.logGroomerSidecar.frequencyMinutes` instead)
frequencyMinutes: 15
# Max size of logs in bytes. 0 = disabled
# (deprecated, use `workers.celery.logGroomerSidecar.maxSizeBytes` instead)
maxSizeBytes: 0
# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.
# (deprecated, use `workers.celery.logGroomerSidecar.maxSizePercent` instead)
maxSizePercent: 0
# (deprecated, use `workers.celery.logGroomerSidecar.resources` instead)
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for `logGroomerSidecar` for container level
# (deprecated, use `workers.celery.logGroomerSidecar.securityContexts` instead)
securityContexts:
# (deprecated, use `workers.celery.logGroomerSidecar.securityContexts.container` instead)
container: {}
# (deprecated, use `workers.celery.logGroomerSidecar.env` instead)
env: []
# Container level lifecycle hooks
# (deprecated, use `workers.celery.logGroomerSidecar.containerLifecycleHooks` instead)
containerLifecycleHooks: {}
# Configuration of wait-for-airflow-migration init container for Airflow Celery workers
# (deprecated, use `workers.celery.waitForMigrations` instead)
waitForMigrations:
# Whether to create init container to wait for db migrations
# (deprecated, use `workers.celery.waitForMigrations.enabled` instead)
enabled: true
# (deprecated, use `workers.celery.waitForMigrations.env` instead)
env: []
# Detailed default security context for wait-for-airflow-migrations container
# (deprecated, use `workers.celery.waitForMigrations.securityContexts` instead)
securityContexts:
# (deprecated, use `workers.celery.waitForMigrations.securityContexts.container` instead)
container: {}
# Additional env variable configuration for Airflow Celery workers and pods created with pod-template-file
# (deprecated, use `workers.celery.env` and/or `workers.kubernetes.env` instead)
env: []
# Additional volume claim templates for Airflow Celery workers.
# Requires mounting of specified volumes under extraVolumeMounts.
# (deprecated, use `workers.celery.volumeClaimTemplates` instead)
volumeClaimTemplates: []
# Volume Claim Templates example:
# volumeClaimTemplates:
# - metadata:
# name: data-volume-1
# spec:
# storageClassName: "storage-class-1"
# accessModes:
# - "ReadWriteOnce"
# resources:
# requests:
# storage: "10Gi"
# - metadata:
# name: data-volume-2
# spec:
# storageClassName: "storage-class-2"
# accessModes:
# - "ReadWriteOnce"
# resources:
# requests:
# storage: "20Gi"
# (deprecated, use `workers.celery.schedulerName` and/or `workers.kubernetes.schedulerName` instead)
schedulerName: ~
celery:
# Number of Airflow Celery workers
replicas: ~
# Max number of old Airflow Celery workers ReplicaSets to retain
revisionHistoryLimit: ~
# Command to use when running Airflow Celery workers (templated)
command: ~
# Args to use when running Airflow Celery workers (templated)
args: ~
# If the Airflow Celery worker stops responding for 5 minutes (5*60s)
# kill the worker and let Kubernetes restart it
livenessProbe:
enabled: ~
initialDelaySeconds: ~
timeoutSeconds: ~
failureThreshold: ~
periodSeconds: ~
command: ~
# Enable the default workers defined by the root `workers` and `workers.celery`
# configurations to be created.
# If false, only dedicated workers defined in 'sets' will be created.
enableDefault: true
# Queue name for the default workers
queue: "default"
# List of worker sets. Each item can overwrite values from the parent `workers` and `workers.celery`
# section.
sets: []
# sets:
# - name: highcpu
# replicas: 2
# queue: "highcpu"
# resources:
# requests:
# memory: "2Gi"
# cpu: "4000m"
# limits:
# memory: "4Gi"
# cpu: "8000m"
# - name: highmem
# replicas: 2
# queue: "highmem"
# resources:
# requests:
# memory: "4Gi"
# cpu: "2000m"
# limits:
# memory: "8Gi"
# cpu: "4000m"
# Update Strategy when Airflow Celery worker is deployed as a StatefulSet
updateStrategy: ~
# Update Strategy when Airflow Celery worker is deployed as a Deployment
strategy: ~
# Allow relaxing ordering guarantees for Airflow Celery worker
# while preserving its uniqueness and identity
# podManagementPolicy: Parallel
# Detailed default security context for Airflow Celery workers for container and pod level
# If not set, the values from `workers.securityContexts` section will be used.
securityContexts:
pod: {}
container: {}
# Container level Lifecycle Hooks definition for Airflow Celery workers
containerLifecycleHooks: {}
# Airflow Celery workers pod disruption budget
podDisruptionBudget:
enabled: ~
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
config:
maxUnavailable: ~
# minAvailable: ~
# Create Service Account for Airflow Celery workers
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: ~
# Specifies whether a Service Account should be created
create: ~
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to worker Kubernetes Service Account.
annotations: {}
# Allow KEDA autoscaling for Airflow Celery workers
keda:
enabled: ~
namespaceLabels: {}
# How often KEDA polls the airflow DB to report new scale requests to the HPA
pollingInterval: ~
# How many seconds KEDA will wait before scaling to zero.
# Note: HPA has a separate cooldown period for scale-downs
cooldownPeriod: ~
# Minimum number of Airflow Celery workers created by KEDA
minReplicaCount: ~
# Maximum number of Airflow Celery workers created by KEDA
maxReplicaCount: ~
# Specify HPA related options
advanced: {}
# horizontalPodAutoscalerConfig:
# behavior:
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Percent
# value: 100
# periodSeconds: 15
# Query to use for KEDA autoscaling. Must return a single integer
query: ~
# Weather to use PGBouncer to connect to the database or not when it is enabled
# This configuration will be ignored if PGBouncer is not enabled
usePgbouncer: ~
# Allow HPA for Airflow Celery workers (KEDA must be disabled)
hpa:
enabled: ~
# Minimum number of Airflow Celery workers created by HPA
minReplicaCount: ~
# Maximum number of Airflow Celery workers created by HPA
maxReplicaCount: ~
# Specifications for which to use to calculate the desired replica count
metrics: ~
# Scaling behavior of the target in both Up and Down directions
behavior: {}
# Persistence volume configuration for Airflow Celery workers
persistence:
# Enable persistent volumes
enabled: ~
# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed
persistentVolumeClaimRetentionPolicy: ~
# persistentVolumeClaimRetentionPolicy:
# whenDeleted: Delete
# whenScaled: Delete
# Volume size for Airflow Celery worker StatefulSet
size: ~
# If using a custom storageClass, pass name ref to all StatefulSets here
storageClassName:
# Execute init container to chown log directory.
# This is currently only needed in kind, due to usage
# of local-path provisioner.
fixPermissions: ~
# Annotations to add to Airflow Celery worker volumes
annotations: {}
# Detailed default security context for persistence on container level
securityContexts:
container: {}
# Kerberos sidecar configuration for Airflow Celery workers
kerberosSidecar:
# Enable kerberos sidecar
enabled: ~
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for kerberos sidecar on container level
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Kerberos init container configuration for Airflow Celery workers
# If not set, the values from `workers.kerberosInitContainer` section will be used.
kerberosInitContainer:
# Enable kerberos init container
# If `workers.kerberosInitContainer.enabled` is set to True, this flag has no effect
enabled: ~
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for kerberos init container
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Resource configuration for Airflow Celery workers
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Grace period for tasks to finish after SIGTERM is sent from Kubernetes
terminationGracePeriodSeconds: ~
# This setting tells Kubernetes that its ok to evict when it wants to scale a node down
safeToEvict: ~
# Launch additional containers into Airflow Celery worker (templated)
extraContainers: []
# Add additional init containers into Airflow Celery workers (templated)
extraInitContainers: []
# Additional volumes attached to the Airflow Celery workers
extraVolumes: []
# Mount additional volumes into workers pods. It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
# Additional volume mounts attached to the Airflow Celery workers
extraVolumeMounts: []
# Mount additional volumes into workers pods. It can be templated like in the following example:
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Expose additional ports of Airflow Celery workers. These can be used for additional metric collection.
extraPorts: []
# Select certain nodes for Airflow Celery worker pods
nodeSelector: {}
runtimeClassName: ~
priorityClassName: ~
affinity: {}
# Default Airflow Celery worker affinity is:
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# component: worker
# topologyKey: kubernetes.io/hostname
# weight: 100
tolerations: []
topologySpreadConstraints: []
# hostAliases to use in Airflow Celery worker pods
# See:
# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
hostAliases: []
# - ip: "127.0.0.2"
# hostnames:
# - "test.hostname.one"
# - ip: "127.0.0.3"
# hostnames:
# - "test.hostname.two"
# Annotations for the Airflow Celery worker resource
annotations: {}
# Pod annotations for the Airflow Celery workers (templated)
podAnnotations: {}
# Labels specific to Airflow Celery workers objects
labels: {}
# Log groomer configuration for Airflow Celery workers
logGroomerSidecar:
# Whether to deploy the Airflow Celery worker log groomer sidecar
enabled: ~
# Command to use when running the Airflow Celery worker log groomer sidecar (templated)
command: ~
# Args to use when running the Airflow Celery worker log groomer sidecar (templated)
args: []
# Number of days to retain logs
retentionDays: ~
# Number of minutes to retain logs.
# This can be used for finer granularity than days.
# Total retention is `retentionDays` + `retentionMinutes`.
retentionMinutes: ~
# Frequency to attempt to groom logs (in minutes)
frequencyMinutes: ~
# Max size of logs in bytes. 0 = disabled
maxSizeBytes: ~
# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.
maxSizePercent: ~
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for `logGroomerSidecar` for container level
securityContexts:
container: {}
env: []
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Configuration of wait-for-airflow-migration init container for Airflow Celery workers
waitForMigrations:
# Whether to create init container to wait for db migrations
enabled: ~
env: []
# Detailed default security context for wait-for-airflow-migrations container
securityContexts:
container: {}
# Additional env variable configuration for Airflow Celery workers
env: []
# Additional volume claim templates for Airflow Celery workers.
# Requires mounting of specified volumes under extraVolumeMounts.
volumeClaimTemplates: []
# Volume Claim Templates example:
# volumeClaimTemplates:
# - metadata:
# name: data-volume-1
# spec:
# storageClassName: "storage-class-1"
# accessModes:
# - "ReadWriteOnce"
# resources:
# requests:
# storage: "10Gi"
# - metadata:
# name: data-volume-2
# spec:
# storageClassName: "storage-class-2"
# accessModes:
# - "ReadWriteOnce"
# resources:
# requests:
# storage: "20Gi"
schedulerName: ~
kubernetes:
# Command to use in pod-template-file (templated)
command: ~
# Detailed default security context for pod-template-file for container and pod level
# If not set, the values from `workers.securityContexts` section will be used.
securityContexts:
pod: {}
container: {}
# Container level Lifecycle Hooks definition for pods created with pod-template-file
containerLifecycleHooks: {}
# Create Service Account for pods created with pod-template-file
# When this section is specified, the Service Account is created from
# 'templates/workers/worker-kubernetes-serviceaccount.yaml' file
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
# If not specified, the `workers.serviceAccount.automountServiceAccountToken` value will be taken
automountServiceAccountToken: ~
# Specifies whether a Service Account should be created.
# If not specified, the Service Account will be generated and used from
# 'templates/workers/worker-serviceaccount.yaml' file if `workers.serviceAccount.create`
# will be 'true'
create: ~
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
# with Kubernetes dedicated name
name: ~
# Annotations to add to worker Kubernetes Service Account.
# If not specified, the `workers.serviceAccount.annotations` value will be taken
annotations: {}
# Kerberos sidecar configuration for pods created with pod-template-file
kerberosSidecar:
# Enable kerberos sidecar
enabled: ~
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for kerberos sidecar on container level
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Kerberos init container configuration for pods created with pod-template-file
# If not set, the values from `workers.kerberosInitContainer` section will be used.
kerberosInitContainer:
# Enable kerberos init container
# If `workers.kerberosInitContainer.enabled` is set to True, this flag has no effect
enabled: ~
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for kerberos init container
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Resource configuration for pods created with pod-template-file
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Grace period for tasks to finish after SIGTERM is sent from Kubernetes
terminationGracePeriodSeconds: ~
# This setting tells Kubernetes that its ok to evict when it wants to scale a node down
safeToEvict: ~
# Launch additional containers into pods created with pod-template-file (templated).
# Note: You are responsible for signaling sidecars to exit when the main
# container finishes so Airflow can continue the worker shutdown process!
extraContainers: []
# Add additional init containers into pods created with pod-template-file (templated)
extraInitContainers: []
# Additional volumes attached to the pods created with pod-template-file
extraVolumes: []
# Mount additional volumes into workers pods. It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
# Additional volume mounts attached to the pods created with pod-template-file
extraVolumeMounts: []
# Mount additional volumes into workers pods. It can be templated like in the following example:
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Select certain nodes for pods created with pod-template-file
nodeSelector: {}
runtimeClassName: ~
priorityClassName: ~
affinity: {}
tolerations: []
topologySpreadConstraints: []
# hostAliases to use in pods created with pod-template-file
# See:
# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
hostAliases: []
# - ip: "127.0.0.2"
# hostnames:
# - "test.hostname.one"
# - ip: "127.0.0.3"
# hostnames:
# - "test.hostname.two"
# Pod annotations for the pods created with pod-template-file (templated)
podAnnotations: {}
# Labels specific to pods created with pod-template-file
labels: {}
# Additional env variable configuration for pods created with pod-template-file
env: []
schedulerName: ~
# Airflow scheduler settings
scheduler:
enabled: true
# hostAliases for the scheduler pod
hostAliases: []
# - ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - ip: "10.1.2.3"
# hostnames:
# - "foo.remote"
# If the scheduler stops heartbeating for 5 minutes (5*60s) kill the
# scheduler and let Kubernetes restart it
livenessProbe:
initialDelaySeconds: 10
timeoutSeconds: 20
failureThreshold: 5
periodSeconds: 60
command: ~
# Wait for at most 1 minute (6*10s) for the scheduler container to startup.
# LivenessProbe kicks in after the first successful startupProbe
startupProbe:
initialDelaySeconds: 0
failureThreshold: 6
periodSeconds: 10
timeoutSeconds: 20
command: ~
# Amount of scheduler replicas
replicas: 1
# Max number of old replicasets to retain
revisionHistoryLimit: ~
# Command to use when running the Airflow scheduler (templated).
command: ~
# Args to use when running the Airflow scheduler (templated).
args: ["bash", "-c", "exec airflow scheduler"]
# Update Strategy when scheduler is deployed as a StatefulSet
# (when using LocalExecutor and `workers.persistence`)
updateStrategy: ~
# Update Strategy when scheduler is deployed as a Deployment
# (when not using LocalExecutor and `workers.persistence`)
strategy: ~
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `scheduler.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for scheduler Deployments for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Grace period for tasks to finish after SIGTERM is sent from Kubernetes
terminationGracePeriodSeconds: 10
# Create Service Account
serviceAccount:
# Affects all executors that launch pods
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to scheduler Kubernetes Service Account.
annotations: {}
# Service Account Token Volume configuration
# This is only used when `automountServiceAccountToken` is 'false'
# and allows manual configuration of the Service Account token volume
serviceAccountTokenVolume:
# Enable manual Service Account token volume configuration
enabled: false
# Path where the Service Account token should be mounted
mountPath: /var/run/secrets/kubernetes.io/serviceaccount
# Name of the volume
volumeName: kube-api-access
# Token expiration in seconds
expirationSeconds: 3600
# Audience for the token
audience: ~
# Scheduler pod disruption budget
podDisruptionBudget:
enabled: false
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
config:
maxUnavailable: 1
# minAvailable: 1
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# This setting tells Kubernetes that its ok to evict
# when it wants to scale a node down.
safeToEvict: true
# Launch additional containers into scheduler (templated).
extraContainers: []
# Add additional init containers into scheduler (templated).
extraInitContainers: []
# Mount additional volumes into scheduler.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Select certain nodes for Airflow scheduler pods.
nodeSelector: {}
affinity: {}
# default scheduler affinity is:
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# component: scheduler
# topologyKey: kubernetes.io/hostname
# weight: 100
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# Annotations for scheduler Deployment
annotations: {}
# Pod annotations for scheduler pods (templated)
podAnnotations: {}
# Labels specific to scheduler objects and pods
labels: {}
logGroomerSidecar:
# Whether to deploy the Airflow scheduler log groomer sidecar.
enabled: true
# Command to use when running the Airflow scheduler log groomer sidecar (templated).
command: ~
# Args to use when running the Airflow scheduler log groomer sidecar (templated).
args: ["bash", "/clean-logs"]
# Number of days to retain logs
retentionDays: 15
# Number of minutes to retain logs.
# This can be used for finer granularity than days.
# Total retention is `retentionDays` + `retentionMinutes`.
retentionMinutes: 0
# Frequency to attempt to groom logs, in minutes
frequencyMinutes: 15
# Max size of logs in bytes. 0 = disabled
maxSizeBytes: 0
# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.
maxSizePercent: 0
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for `logGroomerSidecar` for container level
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
env: []
waitForMigrations:
# Whether to create init container to wait for db migrations
enabled: true
env: []
# Detailed default security context for waitForMigrations for container level
securityContexts:
container: {}
env: []
# Airflow create user job settings
createUserJob:
# Whether the create user job should be created
enabled: true
# Create initial user.
defaultUser:
role: Admin
username: admin
email: admin@example.com
firstName: admin
lastName: user
password: admin
# Limit the lifetime of the job object after it finished execution.
ttlSecondsAfterFinished: 300
# Command to use when running the create user job (templated).
command: ~
# Args to use when running the create user job (templated).
args:
- "bash"
- "-c"
# The format below is necessary to get `helm lint` happy
- |-
exec \
airflow users create "$@"
- --
# yamllint disable rule:line-length
- "-r"
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.role }}{{ else }}{{ .Values.createUserJob.defaultUser.role }}{{ end }}"
- "-u"
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.username }}{{ else }}{{ .Values.createUserJob.defaultUser.username }}{{ end }}"
- "-e"
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.email }}{{ else }}{{ .Values.createUserJob.defaultUser.email }}{{ end }}"
- "-f"
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.firstName }}{{ else }}{{ .Values.createUserJob.defaultUser.firstName }}{{ end }}"
- "-l"
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.lastName }}{{ else }}{{ .Values.createUserJob.defaultUser.lastName }}{{ end }}"
- "-p"
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.password }}{{ else }}{{ .Values.createUserJob.defaultUser.password }}{{ end }}"
# Annotations on the create user job pod (templated)
annotations: {}
# `jobAnnotations` are annotations on the create user job
jobAnnotations: {}
restartPolicy: OnFailure
# Labels specific to `createUserJob` objects and pods
labels: {}
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `createUserJob.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for `createUserJob` for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to create user Kubernetes Service Account.
annotations: {}
# Launch additional containers into user creation job
extraContainers: []
# Add additional init containers into user creation job (templated).
extraInitContainers: []
# Mount additional volumes into user creation job.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# In case you need to disable the helm hooks that create the jobs after install.
# Disable this if you are e.g. using ArgoCD
useHelmHooks: true
applyCustomEnv: true
env: []
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Airflow database migration job settings
migrateDatabaseJob:
enabled: true
# Limit the lifetime of the job object after it finished execution.
ttlSecondsAfterFinished: 300
# Command to use when running the migrate database job (templated).
command: ~
# Args to use when running the migrate database job (templated).
args:
- "bash"
- "-c"
- >-
exec \
airflow db migrate
# Annotations on the database migration pod (templated)
annotations: {}
# `jobAnnotations` are annotations on the database migration job
jobAnnotations: {}
restartPolicy: OnFailure
# Labels specific to migrate database job objects and pods
labels: {}
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `migrateDatabaseJob.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for `migrateDatabaseJob` for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to migrate database job Kubernetes Service Account.
annotations: {}
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Launch additional containers into database migration job
extraContainers: []
# Add additional init containers into migrate database job (templated).
extraInitContainers: []
# Mount additional volumes into database migration job.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# In case you need to disable the helm hooks that create the jobs after install.
# Disable this if you are using ArgoCD for example
useHelmHooks: true
applyCustomEnv: true
env: []
apiServer:
enabled: true
# Number of Airflow API servers in the Deployment.
# Omitted from the Deployment, when HPA is enabled.
replicas: 1
# Max number of old ReplicaSets to retain
revisionHistoryLimit: ~
# Labels specific to Airflow API server objects and pods
labels: {}
# Command to use when running the Airflow API server (templated).
command: ~
# Args to use when running the Airflow API server (templated).
args: ["bash", "-c", "exec airflow api-server"]
# Example: To enable proxy headers support when running behind a reverse proxy:
# args: ["bash", "-c", "exec airflow api-server --proxy-headers"]
allowPodLogReading: true
# Environment variables for the Airflow API server.
env: []
# Example: To configure FORWARDED_ALLOW_IPS when running behind a reverse proxy:
# env:
# - name: FORWARDED_ALLOW_IPS
# value: "*" # Use "*" for trusted environments, or specify proxy IP ranges for production
# Allow Horizontal Pod Autoscaler (HPA) configuration for api-server. (optional)
# HPA automatically scales the number of api-server pods based on observed metrics.
# HPA automatically adjusts api-server replicas between `minReplicaCount` and `maxReplicaCount` based on metrics.
hpa:
enabled: false
# Minimum number of api-servers created by HPA
minReplicaCount: 1
# Maximum number of api-servers created by HPA
maxReplicaCount: 5
# Specifications for which to use to calculate the desired replica count
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50
# Scaling behavior of the target in both Up and Down directions
behavior: {}
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to Airflow API server Kubernetes Service Account.
annotations: {}
service:
type: ClusterIP
# Service annotations
annotations: {}
ports:
- name: api-server
port: "{{ .Values.ports.apiServer }}"
loadBalancerIP: ~
# Limit load balancer source ips to list of CIDRs
loadBalancerSourceRanges: []
# loadBalancerSourceRanges:
# - "10.123.0.0/16"
podDisruptionBudget:
enabled: false
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
config:
maxUnavailable: 1
# minAvailable: 1
# Allow overriding Update Strategy for API server
strategy: ~
# Detailed default security contexts for Airflow API server Deployments for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
waitForMigrations:
# Whether to create init container to wait for db migrations
enabled: true
env: []
# Detailed default security context for waitForMigrations for container level
securityContexts:
container: {}
# Launch additional containers into the Airflow API server pods.
extraContainers: []
# Add additional init containers into API server (templated).
extraInitContainers: []
# Mount additional volumes into API server.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Select certain nodes for Airflow API server pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# hostAliases for API server pod
hostAliases: []
# Annotations for Airflow API server Deployment
annotations: {}
# Pod annotations for API server pods (templated)
podAnnotations: {}
networkPolicy:
ingress:
# Peers for Airflow API server NetworkPolicy ingress
from: []
# Ports for Airflow API server NetworkPolicy ingress (if `from` is set)
ports:
- port: "{{ .Values.ports.apiServer }}"
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Add custom annotations to the `apiServer` ConfigMap
configMapAnnotations: {}
# This string (templated) will be mounted into the Airflow API Server
# as a custom webserver_config.py. You can bake a webserver_config.py into
# your image instead or specify a ConfigMap containing the
# webserver_config.py.
apiServerConfig: ~
# apiServerConfig: |
# from airflow import configuration as conf
# # The SQLAlchemy connection string.
# SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')
# # Flask-WTF flag for CSRF
# CSRF_ENABLED = True
apiServerConfigConfigMapName: ~
livenessProbe:
initialDelaySeconds: 15
timeoutSeconds: 5
failureThreshold: 5
periodSeconds: 10
scheme: HTTP
readinessProbe:
initialDelaySeconds: 15
timeoutSeconds: 5
failureThreshold: 5
periodSeconds: 10
scheme: HTTP
startupProbe:
initialDelaySeconds: 0
timeoutSeconds: 20
failureThreshold: 6
periodSeconds: 10
scheme: HTTP
# Airflow webserver settings (only Airflow<3.0)
webserver:
enabled: true
# Add custom annotations to the webserver ConfigMap
configMapAnnotations: {}
# hostAliases for the webserver pod
hostAliases: []
# - ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - ip: "10.1.2.3"
# hostnames:
# - "foo.remote"
allowPodLogReading: true
livenessProbe:
initialDelaySeconds: 15
timeoutSeconds: 5
failureThreshold: 5
periodSeconds: 10
scheme: HTTP
readinessProbe:
initialDelaySeconds: 15
timeoutSeconds: 5
failureThreshold: 5
periodSeconds: 10
scheme: HTTP
# Wait for at most 1 minute (6*10s) for the webserver container to startup.
# LivenessProbe kicks in after the first successful startupProbe
startupProbe:
initialDelaySeconds: 0
timeoutSeconds: 20
failureThreshold: 6
periodSeconds: 10
scheme: HTTP
# Number of webservers
replicas: 1
# Max number of old replicasets to retain
revisionHistoryLimit: ~
# Command to use when running the Airflow webserver (templated).
command: ~
# Args to use when running the Airflow webserver (templated).
args: ["bash", "-c", "exec airflow webserver"]
# Grace period for webserver to finish after SIGTERM is sent from Kubernetes
terminationGracePeriodSeconds: 30
# Allow HPA
hpa:
enabled: false
# Minimum number of webservers created by HPA
minReplicaCount: 1
# Maximum number of webservers created by HPA
maxReplicaCount: 5
# Specifications for which to use to calculate the desired replica count
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
# Scaling behavior of the target in both Up and Down directions
behavior: {}
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to webserver Kubernetes Service Account.
annotations: {}
# Webserver pod disruption budget
podDisruptionBudget:
enabled: false
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
config:
maxUnavailable: 1
# minAvailable: 1
# Allow overriding Update Strategy for Webserver
strategy: ~
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `webserver.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security contexts for webserver Deployments for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Additional network policies as needed (deprecated, use `webserver.networkPolicy.ingress.from` instead)
extraNetworkPolicies: []
networkPolicy:
ingress:
# Peers for webserver NetworkPolicy ingress
from: []
# Ports for webserver NetworkPolicy ingress (if `from` is set)
ports:
- port: "{{ .Values.ports.airflowUI }}"
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Create initial user. (deprecated, use `createUserJob` section instead)
# defaultUser:
# enabled: true
# role: Admin
# username: admin
# email: admin@example.com
# firstName: admin
# lastName: user
# password: admin
# Launch additional containers into webserver (templated).
extraContainers: []
# Add additional init containers into webserver (templated).
extraInitContainers: []
# Mount additional volumes into webserver.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# This string (templated) will be mounted into the Airflow Webserver
# as a custom webserver_config.py. You can bake a webserver_config.py into
# your image instead or specify a ConfigMap containing the
# webserver_config.py.
webserverConfig: ~
# webserverConfig: |
# from airflow import configuration as conf
# # The SQLAlchemy connection string.
# SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')
# # Flask-WTF flag for CSRF
# CSRF_ENABLED = True
webserverConfigConfigMapName: ~
service:
type: ClusterIP
# Service annotations
annotations: {}
ports:
- name: airflow-ui
port: "{{ .Values.ports.airflowUI }}"
# To change the port used to access the webserver:
# ports:
# - name: airflow-ui
# port: 80
# targetPort: airflow-ui
# To only expose a sidecar, not the webserver directly:
# ports:
# - name: only_sidecar
# port: 80
# targetPort: 8888
# If you have a public IP, set NodePort to set an external port.
# Service type must be 'NodePort':
# ports:
# - name: airflow-ui
# port: 8080
# targetPort: 8080
# nodePort: 31151
loadBalancerIP: ~
# Limit load balancer source ips to list of CIDRs
loadBalancerSourceRanges: []
# loadBalancerSourceRanges:
# - "10.123.0.0/16"
# Select certain nodes for Airflow webserver pods.
nodeSelector: {}
priorityClassName: ~
affinity: {}
# default webserver affinity is:
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# component: webserver
# topologyKey: kubernetes.io/hostname
# weight: 100
tolerations: []
topologySpreadConstraints: []
# Annotations for webserver Deployment
annotations: {}
# Pod annotations for webserver pods (templated)
podAnnotations: {}
# Labels specific webserver app
labels: {}
waitForMigrations:
# Whether to create init container to wait for db migrations
enabled: true
env: []
# Detailed default security context for waitForMigrations for container level
securityContexts:
container: {}
env: []
# Airflow Triggerer Config
triggerer:
enabled: true
# Number of Airflow triggerers in the Deployment
replicas: 1
# Max number of old replicasets to retain
revisionHistoryLimit: ~
# Command to use when running Airflow triggerers (templated).
command: ~
# Args to use when running Airflow triggerer (templated).
args: ["bash", "-c", "exec airflow triggerer"]
# Update Strategy when triggerer is deployed as a StatefulSet
updateStrategy: ~
# Update Strategy when triggerer is deployed as a Deployment
strategy:
rollingUpdate:
maxSurge: "100%"
maxUnavailable: "50%"
# If the triggerer stops heartbeating for 5 minutes (5*60s) kill the
# triggerer and let Kubernetes restart it
livenessProbe:
initialDelaySeconds: 10
timeoutSeconds: 20
failureThreshold: 5
periodSeconds: 60
command: ~
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to triggerer Kubernetes Service Account.
annotations: {}
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `triggerer.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for triggerer for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
persistence:
# Enable persistent volumes
enabled: true
# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed.
persistentVolumeClaimRetentionPolicy: ~
# Volume size for triggerer StatefulSet
size: 100Gi
# If using a custom storageClass, pass name ref to all statefulSets here
storageClassName:
# Execute init container to chown log directory.
# This is currently only needed in kind, due to usage
# of local-path provisioner.
fixPermissions: false
# Annotations to add to triggerer volumes
annotations: {}
# Triggerer pod disruption budget
podDisruptionBudget:
enabled: false
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
config:
maxUnavailable: 1
# minAvailable: 1
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Grace period for triggerer to finish after SIGTERM is sent from Kubernetes
terminationGracePeriodSeconds: 60
# This setting tells Kubernetes that its ok to evict
# when it wants to scale a node down.
safeToEvict: true
# Launch additional containers into triggerer (templated).
extraContainers: []
# Add additional init containers into triggerers (templated).
extraInitContainers: []
# Mount additional volumes into triggerer.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Select certain nodes for Airflow triggerer pods.
nodeSelector: {}
affinity: {}
# default triggerer affinity is:
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# component: triggerer
# topologyKey: kubernetes.io/hostname
# weight: 100
tolerations: []
topologySpreadConstraints: []
# hostAliases for the triggerer pod
hostAliases: []
# - ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - ip: "10.1.2.3"
# hostnames:
# - "foo.remote"
priorityClassName: ~
# Annotations for the triggerer Deployment
annotations: {}
# Pod annotations for triggerer pods (templated)
podAnnotations: {}
# Labels specific to triggerer objects and pods
labels: {}
logGroomerSidecar:
# Whether to deploy the Airflow triggerer log groomer sidecar.
enabled: true
# Command to use when running the Airflow triggerer log groomer sidecar (templated).
command: ~
# Args to use when running the Airflow triggerer log groomer sidecar (templated).
args: ["bash", "/clean-logs"]
# Number of days to retain logs
retentionDays: 15
# Number of minutes to retain logs.
# This can be used for finer granularity than days.
# Total retention is `retentionDays` + `retentionMinutes`.
retentionMinutes: 0
# frequency to attempt to groom logs, in minutes
frequencyMinutes: 15
# Max size of logs in bytes. 0 = disabled
maxSizeBytes: 0
# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.
maxSizePercent: 0
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for `logGroomerSidecar` for container level
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
env: []
waitForMigrations:
# Whether to create init container to wait for db migrations
enabled: true
env: []
# Detailed default security context for waitForMigrations for container level
securityContexts:
container: {}
env: []
# Allow KEDA autoscaling.
keda:
enabled: false
namespaceLabels: {}
# How often KEDA polls the Airflow DB to report new scale requests to the HPA
pollingInterval: 5
# How many seconds KEDA will wait before scaling to zero.
# Note that HPA has a separate cooldown period for scale-downs
cooldownPeriod: 30
# Minimum number of triggerers created by keda
minReplicaCount: 0
# Maximum number of triggerers created by keda
maxReplicaCount: 10
# Specify HPA related options
advanced: {}
# horizontalPodAutoscalerConfig:
# behavior:
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Percent
# value: 100
# periodSeconds: 15
# Query to use for KEDA autoscaling. Must return a single integer.
query: >-
SELECT ceil(COUNT(*)::decimal / {{ include "triggerer.capacity" . }})
FROM trigger
# Whether to use PGBouncer to connect to the database or not when it is enabled
# This configuration will be ignored if PGBouncer is not enabled
usePgbouncer: false
# Airflow Dag Processor Config
dagProcessor:
enabled: ~
# Dag Bundle Configuration
# Define Dag bundles in a structured YAML format. This will be automatically
# converted to JSON string format for `config.dag_processor.dag_bundle_config_list`.
dagBundleConfigList:
- name: dags-folder
classpath: "airflow.dag_processing.bundles.local.LocalDagBundle"
kwargs: {}
# Example:
# dagBundleConfigList:
# - name: bundle1
# classpath: "airflow.providers.git.bundles.git.GitDagBundle"
# kwargs:
# git_conn_id: "GITHUB__repo1"
# subdir: "dags"
# tracking_ref: "main"
# refresh_interval: 60
# - name: bundle2
# classpath: "airflow.providers.git.bundles.git.GitDagBundle"
# kwargs:
# git_conn_id: "GITHUB__repo2"
# subdir: "dags"
# tracking_ref: "develop"
# refresh_interval: 120
# - name: dags-folder
# classpath: "airflow.dag_processing.bundles.local.LocalDagBundle"
# kwargs: {}
# Number of Airflow dag processors in the Deployment
replicas: 1
# Max number of old ReplicaSets to retain
revisionHistoryLimit: ~
# Command to use when running Airflow dag processors (templated).
command: ~
# Args to use when running Airflow dag processor (templated).
args: ["bash", "-c", "exec airflow dag-processor"]
# Update Strategy for dag processors
strategy:
rollingUpdate:
maxSurge: "100%"
maxUnavailable: "50%"
# If the dag processor stops heartbeating for 5 minutes (5*60s) kill the
# dag processor and let Kubernetes restart it
livenessProbe:
initialDelaySeconds: 10
timeoutSeconds: 20
failureThreshold: 5
periodSeconds: 60
command: ~
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to dag processor Kubernetes Service Account.
annotations: {}
# Dag processor pod disruption budget
podDisruptionBudget:
enabled: false
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
config:
maxUnavailable: 1
# minAvailable: 1
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `dagProcessor.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for dagProcessor for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Grace period for dag processor to finish after SIGTERM is sent from Kubernetes
terminationGracePeriodSeconds: 60
# This setting tells Kubernetes that its ok to evict
# when it wants to scale a node down.
safeToEvict: true
# Launch additional containers into dag processor (templated).
extraContainers: []
# Add additional init containers into dag processors (templated).
extraInitContainers: []
# Mount additional volumes into dag processor.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Select certain nodes for Airflow dag processor pods.
nodeSelector: {}
affinity: {}
# Default dag processor affinity is:
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# component: dag-processor
# topologyKey: kubernetes.io/hostname
# weight: 100
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# Annotations for the dag processor Deployment
annotations: {}
# Pod annotations for dag processor pods (templated)
podAnnotations: {}
logGroomerSidecar:
# Whether to deploy the Airflow dag processor log groomer sidecar.
enabled: true
# Command to use when running the Airflow dag processor log groomer sidecar (templated).
command: ~
# Args to use when running the Airflow dag processor log groomer sidecar (templated).
args: ["bash", "/clean-logs"]
# Number of days to retain logs
retentionDays: 15
# Number of minutes to retain logs.
# This can be used for finer granularity than days.
# Total retention is `retentionDays` + `retentionMinutes`.
retentionMinutes: 0
# frequency to attempt to groom logs, in minutes
frequencyMinutes: 15
# Max size of logs in bytes. 0 = disabled
maxSizeBytes: 0
# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.
maxSizePercent: 0
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
securityContexts:
container: {}
env: []
waitForMigrations:
# Whether to create init container to wait for db migrations
enabled: true
env: []
# Detailed default security context for waitForMigrations for container level
securityContexts:
container: {}
# Labels specific to dag processor objects
labels: {}
# Environment variables to add to dag processor container
env: []
# Flower settings
flower:
# Enable flower.
# If True, and using CeleryExecutor/CeleryKubernetesExecutor, will deploy flower app.
enabled: false
livenessProbe:
initialDelaySeconds: 10
timeoutSeconds: 5
failureThreshold: 10
periodSeconds: 5
readinessProbe:
initialDelaySeconds: 10
timeoutSeconds: 5
failureThreshold: 10
periodSeconds: 5
# Wait for at most 1 minute (6*10s) for the flower container to startup.
# LivenessProbe kicks in after the first successful StartupProbe
startupProbe:
initialDelaySeconds: 0
timeoutSeconds: 20
failureThreshold: 6
periodSeconds: 10
# Max number of old ReplicaSets to retain
revisionHistoryLimit: ~
# Command to use when running flower (templated).
command: ~
# Args to use when running flower (templated).
args:
- "bash"
- "-c"
# The format below is necessary to get `helm lint` happy
- |-
exec \
airflow celery flower
# Additional network policies as needed (deprecated, use `flower.networkPolicy.ingress.from` instead)
extraNetworkPolicies: []
networkPolicy:
ingress:
# Peers for flower NetworkPolicy ingress
from: []
# Ports for flower NetworkPolicy ingress (if `from` is set)
ports:
- port: "{{ .Values.ports.flowerUI }}"
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `flower.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for flower for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to worker Kubernetes Service Account.
annotations: {}
# If set, the secret must contain a base64-encoded 'connection' key with
# a Flower basic auth connection string user:password.
secretName: ~
# Example secret:
# kind: Secret
# apiVersion: v1
# metadata:
# name: custom-flower-secret
# type: Opaque
# data:
# connection:
# Add custom annotations to the flower secret
secretAnnotations: {}
# If `secretName` is not specified, set username and password (secret will be created automatically)
username: ~
password: ~
service:
type: ClusterIP
# Service annotations
annotations: {}
ports:
- name: flower-ui
port: "{{ .Values.ports.flowerUI }}"
# To change the port used to access flower:
# ports:
# - name: flower-ui
# port: 8080
# targetPort: flower-ui
loadBalancerIP: ~
# Limit load balancer source ips to list of CIDRs
loadBalancerSourceRanges: []
# loadBalancerSourceRanges:
# - "10.123.0.0/16"
# Launch additional containers into the flower pods.
extraContainers: []
# Mount additional volumes into the flower pods.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Select certain nodes for Airflow flower pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# Annotations for the flower Deployment
annotations: {}
# Pod annotations for flower pods (templated)
podAnnotations: {}
# Labels specific to flower objects and pods
labels: {}
env: []
# StatsD settings
statsd:
# Add custom annotations to the StatsD ConfigMap
configMapAnnotations: {}
enabled: true
# Max number of old ReplicaSets to retain
revisionHistoryLimit: ~
# Arguments for StatsD exporter command.
# By default contains path in the container to the mapping config file.
args: ["--statsd.mapping-config=/etc/statsd-exporter/mappings.yml"]
# If you ever need to fully override the entire `args` list, you can
# supply your own array here; if set, all below flag-specific values
# under `statsd.cache` section are ignored.
# args:
# - "--statsd.cache-size=1000"
# - "--statsd.cache-type=random"
# - "--ttl=10m"
cache:
# Maximum number of metric‐mapping entries to keep in cache.
# When you send more distinct metric names than this, older entries
# will be evicted according to cacheType.
size: 1000
# Metrics Eviction policy for the mapping cache.
# - lru → Least‐Recently‐Used eviction
# - random → Random eviction
type: lru
# Per‐metric time‐to‐live. When set to a non‐zero duration, any metric
# series that hasn't received an update in this interval will be dropped
# from the exported '/metrics' output.
# Format: Go duration string (e.g. "30s", "5m", "1h")
# Default: "0s" (disabled, never expires)
ttl: "0s"
# Annotations to add to the StatsD Deployment.
annotations: {}
# Grace period for StatsD to finish after SIGTERM is sent from Kubernetes
terminationGracePeriodSeconds: 30
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to worker Kubernetes Service Account.
annotations: {}
uid: 65534
# (deprecated, use `statsd.securityContexts` instead)
securityContext: {}
# runAsUser: 65534
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for StatsD Deployments for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Additional network policies as needed
extraNetworkPolicies: []
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
service:
extraAnnotations: {}
# Select certain nodes for StatsD pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# Additional mappings for StatsD exporter.
# If set, will merge default mapping and extra mappings, where default mapping has higher priority.
# If you want to change some default mapping, please use `overrideMappings` setting.
extraMappings: []
# Override mappings for StatsD exporter.
# If set, will ignore setting item in default and `extraMappings`.
# If you use it, ensure that it contains all mapping items.
overrideMappings: []
# Pod annotations for StatsD pods (templated)
podAnnotations: {}
# Labels specific to StatsD objects and pods
labels: {}
# Environment variables to add to StatsD container
env: []
# PgBouncer settings
pgbouncer:
# Enable PgBouncer
enabled: false
# Number of PgBouncer replicas to run in Deployment
replicas: 1
# Max number of old replicasets to retain
revisionHistoryLimit: ~
# Command to use for PgBouncer (templated).
command: ["pgbouncer", "-u", "nobody", "/etc/pgbouncer/pgbouncer.ini"]
# Args to use for PgBouncer (templated).
args: ~
auth_type: scram-sha-256
auth_file: /etc/pgbouncer/users.txt
# Whether to mount the config secret files at a default location (/etc/pgbouncer/*).
# Can be skipped to allow for other means to get the values, e.g. secrets provider class.
mountConfigSecret: true
# Annotations to be added to the PgBouncer Deployment
annotations: {}
# Pod annotations for PgBouncer pods (templated)
podAnnotations: {}
# Add custom annotations to the PgBouncer certificates secret
certificatesSecretAnnotations: {}
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to worker Kubernetes Service Account.
annotations: {}
# Additional network policies as needed
extraNetworkPolicies: []
# Pool sizes
metadataPoolSize: 10
resultBackendPoolSize: 5
# Maximum clients that can connect to PgBouncer (higher = more file descriptors)
maxClientConn: 100
# Supply the name of existing secret with 'pgbouncer.ini' and 'users.txt' defined
configSecretName: ~
# Secret example:
# apiVersion: v1
# kind: Secret
# metadata:
# name: pgbouncer-config-secret
# data:
# pgbouncer.ini:
# users.txt:
# type: Opaque
# Add custom annotations to the PgBouncer config secret
configSecretAnnotations: {}
# PgBouncer pod disruption budget
podDisruptionBudget:
enabled: false
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
config:
maxUnavailable: 1
# minAvailable: 1
resources: {}
# resource:
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
service:
extraAnnotations: {}
clusterIp: ~
# https://www.pgbouncer.org/config.html
verbose: 0
logDisconnections: 0
logConnections: 0
sslmode: "prefer"
ciphers: "normal"
ssl:
ca: ~
cert: ~
key: ~
# Add extra PgBouncer ini configuration in the databases section:
# https://www.pgbouncer.org/config.html#section-databases
extraIniMetadata: ~
extraIniResultBackend: ~
# Add extra general PgBouncer ini configuration: https://www.pgbouncer.org/config.html
extraIni: ~
# Mount additional volumes into PgBouncer.
# Volumes apply to all PgBouncer containers, while volume mounts apply to the PgBouncer
# container itself. Metrics exporter container has its own mounts.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Launch additional containers into PgBouncer pod.
extraContainers: []
# Select certain nodes for PgBouncer pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
uid: 65534
# Detailed default security context for PgBouncer for container level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks:
preStop:
exec:
# Allow existing queries clients to complete within 120 seconds
command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"]
metricsExporterSidecar:
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
sslmode: "disable"
# Supply the name of existing secret with PGBouncer connection URI containing
# stats user and password, where 'connection' key is base64-encoded value.
statsSecretName: ~
# Secret example:
# apiVersion: v1
# kind: Secret
# metadata:
# name: pgbouncer-stats-secret
# data:
# connection: postgresql://:@127.0.0.1:6543/pgbouncer?
# type: Opaque
# Key containing the PGBouncer connection URI, defaults to 'connection' if not defined
statsSecretKey: ~
# Add custom annotations to the PgBouncer stats secret
statsSecretAnnotations: {}
# Detailed default security context for metricsExporterSidecar for container level
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
readinessProbe:
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
# Mount additional volumes into the metrics exporter.
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Labels specific to PgBouncer objects and pods
labels: {}
# Environment variables to add to PgBouncer container
env: []
# Configuration for the redis provisioned by the chart
redis:
enabled: true
terminationGracePeriodSeconds: 600
# Annotations for Redis Statefulset
annotations: {}
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to worker Kubernetes Service Account.
annotations: {}
service:
# Service type
type: "ClusterIP"
# If using ClusterIP service type, custom IP address can be specified
clusterIP:
# If using NodePort service type, custom node port can be specified
nodePort:
persistence:
# Enable persistent volumes
enabled: true
# Volume size for worker StatefulSet
size: 1Gi
# If using a custom storageClass, pass name ref to all statefulSets here
storageClassName:
# Annotations to add to redis volumes
annotations: {}
# The name of an existing PVC to use
existingClaim:
persistentVolumeClaimRetentionPolicy: ~
# persistentVolumeClaimRetentionPolicy:
# whenDeleted: Delete
# whenScaled: Delete
# Configuration for empty dir volume (if `redis.persistence.enabled` == 'false')
# emptyDirConfig:
# sizeLimit: 1Gi
# medium: Memory
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# If set use as redis secret. Make sure to also set `data.brokerUrlSecretName` value.
passwordSecretName: ~
# If `passwordSecretName` is not specified, set `password` field.
# Otherwise a new password will be generated on install
# Note: password can only be set during 'helm install', not 'helm upgrade'.
password: ~
# Add custom annotations to the redis password secret
passwordSecretAnnotations: {}
# This setting tells Kubernetes that its ok to evict
# when it wants to scale a node down.
safeToEvict: true
# Select certain nodes for redis pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# Set to 0 for backwards-compatibility
uid: 0
# (deprecated, use `redis.securityContexts` instead)
securityContext: {}
# runAsUser: 999
# runAsGroup: 0
# Detailed default security context for redis for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Labels specific to redis objects and pods
labels: {}
# Pod annotations for Redis pods (templated)
podAnnotations: {}
# Auth secret for a private registry (deprecated, use `imagePullSecrets` instead)
# This is used if pulling Airflow images from a private registry
registry:
# Name of the Kubernetes secret containing Base64 encoded credentials to connect to a private registry
# (deprecated, use `imagePullSecrets` instead).
secretName: ~
# Credentials to connect to a private registry, these will get Base64 encoded and stored in a secret
# (deprecated, use `imagePullSecrets` instead - requires manual secret creation).
connection: {}
# Example:
# connection:
# user: ~
# pass: ~
# host: ~
# email: ~
# Elasticsearch logging configuration
elasticsearch:
# Enable elasticsearch task logging
enabled: false
# A secret containing the connection
secretName: ~
# Object representing the connection, if `secretName` not specified
connection: {}
# Example:
# connection:
# scheme: ~
# user: ~
# pass: ~
# host: ~
# port: ~
# Add custom annotations to the elasticsearch secret
secretAnnotations: {}
# OpenSearch logging configuration
opensearch:
# Enable opensearch task logging
enabled: false
# A secret containing the connection
secretName: ~
# Object representing the connection, if `secretName` not specified
connection: {}
# Example:
# connection:
# scheme: ~
# user: ~
# pass: ~
# host: ~
# port: ~
# All ports used by chart
ports:
flowerUI: 5555
airflowUI: 8080
workerLogs: 8793
triggererLogs: 8794
redisDB: 6379
statsdIngest: 9125
statsdScrape: 9102
pgbouncer: 6543
pgbouncerScrape: 9127
apiServer: 8080
# Define any ResourceQuotas for namespace
quotas: {}
# Define default/max/min values for pods and containers in namespace
limits: []
# This runs as a CronJob to cleanup old pods spawned by the KubernetesExecutor.
# It is required to have KubernetesExecutor enabled.
cleanup:
enabled: false
# Run every 15 minutes (templated).
schedule: "*/15 * * * *"
# To select a random-ish, deterministic starting minute between 3 and 12 inclusive for each release:
# schedule: '{{- add 3 (regexFind ".$" (adler32sum .Release.Name)) -}}-59/15 * * * *'
# To select the last digit of unix epoch time as the starting minute on each deploy:
# schedule: '{{- now | unixEpoch | trunc -1 -}}-59/* * * * *'
# Command to use when running the cleanup CronJob (templated).
command: ~
# Args to use when running the cleanup CronJob (templated).
args: ["bash", "-c", "exec airflow kubernetes cleanup-pods --namespace={{ .Release.Namespace }}"]
# `jobAnnotations` are annotations on the cleanup CronJob
jobAnnotations: {}
# Select certain nodes for Airflow cleanup pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# Pod annotations for cleanup pods (templated)
podAnnotations: {}
# Labels specific to cleanup objects and pods
labels: {}
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to cleanup CronJob Kubernetes Service Account.
annotations: {}
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `cleanup.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# runAsGroup: 0
env: []
# Detailed default security context for cleanup for container level
securityContexts:
pod: {}
container: {}
# container level lifecycle hooks
containerLifecycleHooks: {}
# Specify history limit
# When set, overwrite the default k8s number of successful and failed CronJob executions that are saved.
failedJobsHistoryLimit: ~
successfulJobsHistoryLimit: ~
# This runs as a CronJob to cleanup database for old entries.
databaseCleanup:
enabled: false
applyCustomEnv: true
# Run every week on Sunday at midnight (templated).
schedule: "0 0 * * 0"
# Command to use when running the database cleanup CronJob (templated).
command: ~
# Args to use when running the database cleanup CronJob (templated).
args:
- "bash"
- "-c"
- >-
CLEAN_TS=$(date -d "-{{ .Values.databaseCleanup.retentionDays }} days" +"%Y-%m-%dT%H:%M:%S");
echo "Cleaning up metadata DB entries older than ${CLEAN_TS}";
exec airflow db clean --clean-before-timestamp "${CLEAN_TS}" --yes
{{- if .Values.databaseCleanup.skipArchive }} --skip-archive{{ end }}
{{- if .Values.databaseCleanup.verbose }} --verbose{{ end }}
{{- with .Values.databaseCleanup.batchSize }} --batch-size {{ . }}{{ end }}
{{- with .Values.databaseCleanup.tables }} --tables {{ . | join "," }}{{ end }}
# Number of days to retain entries in the metadata database.
retentionDays: 90
# Don't preserve purged records in an archive table
skipArchive: false
# Table names to perform maintenance on. Supported values in:
# https://airflow.apache.org/docs/apache-airflow/stable/cli-and-env-variables-ref.html#clean
tables: []
# Maximum number of rows to delete or archive in a single transaction
batchSize: ~
# Make logging output more verbose
verbose: true
# `jobAnnotations` are annotations on the database cleanup CronJob
jobAnnotations: {}
# Select certain nodes for Airflow database cleanup pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# Pod annotations for database cleanup pods (templated)
podAnnotations: {}
# Labels specific to database cleanup objects and pods
labels: {}
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to database cleanup CronJob Kubernetes Service Account.
annotations: {}
env: []
# Detailed default security context for database cleanup for container level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Specify history limit
# When set, overwrite the default k8s number of successful and failed CronJob executions that are saved.
failedJobsHistoryLimit: 1
successfulJobsHistoryLimit: 1
# Time to live (in seconds) for Jobs created by this CronJob after they finish.
ttlSecondsAfterFinished: ~
# Configuration for postgresql subchart
# Uses bitnamilegacy images to avoid Bitnami licensing restrictions
# Not recommended for production - use external database instead
postgresql:
enabled: true
image:
repository: bitnamilegacy/postgresql
tag: "16.1.0-debian-11-r15"
auth:
enablePostgresUser: true
postgresPassword: postgres
username: ""
password: ""
# Config settings to go into the mounted airflow.cfg
#
# Please note that these values are passed through the `tpl` function, so are
# all subject to being rendered as go templates. If you need to include a
# literal `{{` in a value, it must be expressed like this:
# a: '{{ "{{ not a template }}" }}'
#
# Do not set config containing secrets via plain text values, use Env Var or k8s secret object
# yamllint disable rule:line-length
config:
core:
dags_folder: '{{ include "airflow_dags" . }}'
# This is ignored when used with the official Docker image
load_examples: 'False'
executor: '{{ .Values.executor }}'
auth_manager: "airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager"
logging:
remote_logging: '{{- ternary "True" "False" (or .Values.elasticsearch.enabled .Values.opensearch.enabled) }}'
colored_console_log: 'False'
metrics:
statsd_on: '{{ ternary "True" "False" .Values.statsd.enabled }}'
statsd_port: 9125
statsd_prefix: airflow
statsd_host: '{{ printf "%s-statsd" (include "airflow.fullname" .) }}'
fab:
enable_proxy_fix: 'True'
webserver:
# For Airflow 2.X
enable_proxy_fix: 'True'
celery:
flower_url_prefix: '{{ ternary "" .Values.ingress.flower.path (eq .Values.ingress.flower.path "/") }}'
worker_concurrency: 16
sync_parallelism: '{{ include "cpu_count" (((.Values.scheduler).resources).limits).cpu }}'
scheduler:
standalone_dag_processor: '{{ ternary "True" "False" (or (semverCompare ">=3.0.0" .Values.airflowVersion) (.Values.dagProcessor.enabled | default false)) }}'
dag_processor:
# This value is generated by default from `.Values.dagProcessor.dagBundleConfigList` using the `dag_bundle_config_list` helper function.
# It is recommended to configure this via `dagProcessor.dagBundleConfigList` rather than overriding `config.dag_processor.dag_bundle_config_list` directly.
dag_bundle_config_list: '{{ include "dag_bundle_config_list" . }}'
elasticsearch:
json_format: 'True'
log_id_template: "{dag_id}-{task_id}-{run_id}-{map_index}-{try_number}"
elasticsearch_configs:
max_retries: 3
timeout: 30
retry_timeout: 'True'
kerberos:
keytab: '{{ .Values.kerberos.keytabPath }}'
reinit_frequency: '{{ .Values.kerberos.reinitFrequency }}'
principal: '{{ .Values.kerberos.principal }}'
ccache: '{{ .Values.kerberos.ccacheMountPath }}/{{ .Values.kerberos.ccacheFileName }}'
celery_kubernetes_executor:
kubernetes_queue: 'kubernetes'
kubernetes_executor:
namespace: '{{ .Release.Namespace }}'
pod_template_file: '{{ include "airflow_pod_template_file" . }}/pod_template_file.yaml'
worker_container_repository: '{{ .Values.images.airflow.repository | default .Values.defaultAirflowRepository }}'
worker_container_tag: '{{ .Values.images.airflow.tag | default .Values.defaultAirflowTag }}'
multi_namespace_mode: '{{ ternary "True" "False" .Values.multiNamespaceMode }}'
# yamllint enable rule:line-length
# Whether Airflow can launch workers and/or pods in multiple namespaces
# If true, it creates ClusterRole/ClusterRolebinding (with access to entire cluster)
multiNamespaceMode: false
# `podTemplate` is a templated string which overwrites the content of `pod_template_file.yaml` used by
# KubernetesExecutor. The default `podTemplate` will use `workers` configuration parameters
# (e.g. `workers.resources`). As such, you normally won't need to override this directly, however,
# you can still provide a completely custom `pod_template_file.yaml` if desired.
# If not set, a default one is created using `files/pod-template-file.kubernetes-helm-yaml`.
podTemplate: ~
# The following example is NOT functional, but meant to be illustrative of how you can provide a custom
# `pod_template_file`. You're better off starting with the default in
# `files/pod-template-file.kubernetes-helm-yaml` and modifying from there.
# We will set `priorityClassName` in this example:
# podTemplate: |
# apiVersion: v1
# kind: Pod
# metadata:
# name: placeholder-name
# labels:
# tier: airflow
# component: worker
# release: {{ .Release.Name }}
# spec:
# priorityClassName: high-priority
# containers:
# - name: base
# ...
dags:
# Where dags volume will be mounted. Works for both persistence and gitSync.
# If not specified, dags mount path will be set to $AIRFLOW_HOME/dags
mountPath: ~
persistence:
# Annotations for dags PVC
annotations: {}
# Enable persistent volume for storing dags
enabled: false
# Volume size for dags
size: 1Gi
# If using a custom storageClass, pass name here
storageClassName:
# Access mode of the persistent volume
accessMode: ReadWriteOnce
# The name of an existing PVC to use
existingClaim:
# Optional subpath for dag volume mount
subPath: ~
gitSync:
enabled: false
# Git repo clone url
repo: https://github.com/apache/airflow.git
# SSH example: git@github.com:apache/airflow.git
# HTTPS example: https://github.com/apache/airflow.git
branch: v2-2-stable
rev: HEAD
# The git revision (branch, tag, or hash) to check out, v4 only
ref: v2-2-stable
depth: 1
# The number of consecutive failures allowed before aborting
maxFailures: 0
# Subpath within the repo where dags are located.
# Should be "" if dags are at repo root
subPath: "tests/dags"
# If your repo needs a username/password, you can load them to a k8s secret
#
# credentialsSecret: git-credentials
#
# Secret example:
# apiVersion: v1
# kind: Secret
# metadata:
# name: git-credentials
# data:
# # For git-sync v3
# GIT_SYNC_USERNAME:
# GIT_SYNC_PASSWORD:
# # For git-sync v4
# GITSYNC_USERNAME:
# GITSYNC_PASSWORD:
# If you are using an ssh clone url, you can load the ssh private key to a k8s secret
#
# sshKeySecret: airflow-ssh-secret
#
# Secret example:
# apiVersion: v1
# kind: Secret
# metadata:
# name: airflow-ssh-secret
# data:
# gitSshKey:
# If `sshKeySecret` is not specified, you can set `sshKey`
# sshKey: |
# -----BEGIN {OPENSSH PRIVATE KEY}-----
# ...
# -----END {OPENSSH PRIVATE KEY}-----
# If you are using an ssh private key, you can additionally
# specify the content of your known_hosts file
# knownHosts: |
# ,
# ,
# Interval between git sync attempts in seconds.
# High values are more likely to cause DAGs to become out of sync between different components.
# Low values cause more traffic to the remote git repository.
# Go-style duration string (e.g. "100ms" or "0.1s" = 100ms).
# For backwards compatibility, wait will be used if it is specified.
period: 5s
wait: ~
# Add variables from secret into gitSync containers, such proxy-config
envFrom: ~
# envFrom: |
# - secretRef:
# name: 'proxy-config'
containerName: git-sync
uid: 65533
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `dags.gitSync.securityContexts` instead)
securityContext: {}
# runAsUser: 65533
# runAsGroup: 0
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Git-Sync liveness service HTTP bind port
httpPort: 1234
# Setting this to true, will remove readinessProbe usage and configure livenessProbe to
# use a dedicated Git-Sync liveness service. In future, behaviour with value true will be
# default one and old one will be removed
recommendedProbeSetting: false
startupProbe:
enabled: true
timeoutSeconds: 1
initialDelaySeconds: 0
periodSeconds: 5
failureThreshold: 10
# As Git-Sync is not service-type object, the usage of this section will be removed.
# By setting `dags.gitSync.recommendedProbeSetting` to 'true', you will enable future behaviour.
readinessProbe: {}
# The behaviour of the LivenessProbe will change with the next release of Helm Chart.
# To enable future behaviour set `dags.gitSync.recommendedProbeSetting` to 'true'.
# New behaviour uses the recommended liveness configuration by using Git-Sync built-in
# liveness service
livenessProbe: {}
# enabled: true
# timeoutSeconds: 1
# initialDelaySeconds: 0
# periodSeconds: 5
# failureThreshold: 10
# Mount additional volumes into git-sync.
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Supported env vars for gitsync can be found at https://github.com/kubernetes/git-sync
env: []
# - name: ""
# value: ""
# Configuration for empty dir volume
# emptyDirConfig:
# sizeLimit: 1Gi
# medium: Memory
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
logs:
# Configuration for empty dir volume (if `logs.persistence.enabled` == 'false')
# emptyDirConfig:
# sizeLimit: 1Gi
# medium: Memory
persistence:
# Enable persistent volume for storing logs
enabled: false
# Volume size for logs
size: 100Gi
# Annotations for the logs PVC
annotations: {}
# If using a custom storageClass, pass name here
storageClassName:
# The name of an existing PVC to use
existingClaim:
# The subpath of the existing PVC to use
subPath: