dvirlabs/dev-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dev-tools/charts/airflow/values.yaml
dvirlabs 4e7c81af8c Add airflow
2026-06-02 16:57:45 +03:00

4368 lines
132 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
---
# Default values for Airflow.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Provide a name to substitute for the full names of resources
fullnameOverride: ""
# Provide a name to substitute for the name of the chart
nameOverride: ""
# Use standard naming for all resources using airflow.fullname template
# Consider removing this later and default it to true
# to make this chart follow standard naming conventions using the fullname template.
# For now this is an opt-in switch for backwards compatibility to leverage the standard naming convention
# and being able to use fully fullnameOverride and nameOverride in all resources
# For new installations - it is recommended to set it to True to follow standard naming conventions
# For existing installations, this will rename and redeploy your resources with the new names. Be aware that
# this will recreate your Deployment/StatefulSets along with their persistent volume claims and data storage
# migration may be needed to keep your old data
useStandardNaming: false
# Max number of old replicasets to retain. Can be overridden by each Deployment's revisionHistoryLimit
revisionHistoryLimit: ~
# User and group of Airflow user
uid: 50000
gid: 0
# Default security context for Airflow (deprecated, use `securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for Airflow Deployments
securityContexts:
pod: {}
containers: {}
# Global container lifecycle hooks for Airflow containers
containerLifecycleHooks: {}
# Airflow home directory
# Used for mount paths
airflowHome: /opt/airflow
# Default Airflow repository -- overridden by all the specific images below
defaultAirflowRepository: apache/airflow
# Default Airflow tag to deploy
defaultAirflowTag: "3.2.0"
# Default Airflow digest. If specified, it takes precedence over tag
defaultAirflowDigest: ~
# Airflow version (Used to make some decisions based on Airflow Version being deployed)
# Version 2.11.0 and above is supported.
airflowVersion: "3.2.0"
images:
airflow:
repository: ~
tag: ~
# Specifying digest takes precedence over tag.
digest: ~
pullPolicy: IfNotPresent
# To avoid images with user code, you can turn this to 'true' and
# all the 'run-airflow-migrations' and 'wait-for-airflow-migrations' jobs/containers
# will use the images from 'defaultAirflowRepository:defaultAirflowTag' values
# to run and wait for DB migrations .
useDefaultImageForMigration: false
# timeout (in seconds) for airflow-migrations to complete
migrationsWaitTimeout: 60
pod_template:
# Note that `images.pod_template.repository` and `images.pod_template.tag` parameters can be overridden
# in `config.kubernetes_executor` section. So for these parameters to have effect
# `config.kubernetes_executor.worker_container_repository` and
# `config.kubernetes_executor.worker_container_tag` must be not set .
repository: ~
tag: ~
pullPolicy: IfNotPresent
flower:
repository: ~
tag: ~
pullPolicy: IfNotPresent
statsd:
repository: quay.io/prometheus/statsd-exporter
tag: v0.29.0
pullPolicy: IfNotPresent
redis:
repository: redis
# Redis is limited to 7.2-bookworm due to licencing change
# https://redis.io/blog/redis-adopts-dual-source-available-licensing/
tag: 7.2-bookworm
pullPolicy: IfNotPresent
pgbouncer:
repository: apache/airflow
tag: airflow-pgbouncer-2025.03.05-1.23.1
pullPolicy: IfNotPresent
pgbouncerExporter:
repository: apache/airflow
tag: airflow-pgbouncer-exporter-2025.03.05-0.18.0
pullPolicy: IfNotPresent
gitSync:
repository: registry.k8s.io/git-sync/git-sync
tag: v4.4.2
pullPolicy: IfNotPresent
# Select certain nodes for Airflow pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
schedulerName: ~
# Add common labels to all objects and pods defined in this chart.
labels: {}
# List of existing Kubernetes secrets containing Base64 encoded credentials to connect to private
# registries. Items can be either strings or {name: secret} objects.
imagePullSecrets: []
# Ingress configuration
ingress:
# Enable all ingress resources
# (deprecated, use
# `ingress.web.enabled`,
# `ingress.apiServer.enabled` and/or
# `ingress.flower.enabled`
# instead)
enabled: ~
# Configs for the Ingress of the API Server (Airflow 3+)
apiServer:
# Enable API Server ingress resource
enabled: false
# Annotations for the API Server Ingress
annotations: {}
# The path for the API Server Ingress
path: "/"
# The pathType for the above path
pathType: "ImplementationSpecific"
# The hostname for the API Server Ingress (deprecated, use `ingress.apiServer.hosts` instead)
host: ""
# The hostnames or hosts configuration for the API Server Ingress (templated)
hosts: []
# - name: ""
# # configs for API Server Ingress TLS
# tls:
# # Enable TLS termination for the API Server Ingress
# enabled: false
# # The name of a pre-created Secret containing a TLS private key and certificate
# secretName: ""
# The Ingress Class for the API Server Ingress
ingressClassName: ""
# Configs for API Server Ingress TLS (deprecated, use `ingress.apiServer.hosts[*].tls` instead)
tls:
# Enable TLS termination for the API Server Ingress
enabled: false
# The name of a pre-created Secret containing a TLS private key and certificate
secretName: ""
# HTTP paths to add to the API Server Ingress before the default path
precedingPaths: []
# HTTP paths to add to the API Server Ingress after the default path
succeedingPaths: []
# Configs for the Ingress of the web Service (Airflow <3.0.0)
web:
# Enable web ingress resource
enabled: false
# Annotations for the web Ingress
annotations: {}
# The path for the web Ingress
path: "/"
# The pathType for the above path
pathType: "ImplementationSpecific"
# The hostname for the web Ingress (deprecated, use `ingress.web.hosts` instead)
host: ""
# The hostnames or hosts configuration for the web Ingress (templated)
hosts: []
# - name: ""
# # Configs for web Ingress TLS
# tls:
# # Enable TLS termination for the web Ingress
# enabled: false
# # The name of a pre-created Secret containing a TLS private key and certificate
# secretName: ""
# The Ingress Class for the web Ingress
ingressClassName: ""
# Configs for web Ingress TLS (deprecated, use `ingress.web.hosts[*].tls` instead)
tls:
# Enable TLS termination for the web Ingress
enabled: false
# The name of a pre-created Secret containing a TLS private key and certificate
secretName: ""
# HTTP paths to add to the web Ingress before the default path
precedingPaths: []
# HTTP paths to add to the web Ingress after the default path
succeedingPaths: []
# Configs for the Ingress of the flower Service
flower:
# Enable web ingress resource
enabled: false
# Annotations for the flower Ingress
annotations: {}
# The path for the flower Ingress
path: "/"
# The pathType for the above path
pathType: "ImplementationSpecific"
# The hostname for the flower Ingress (deprecated, use `ingress.flower.hosts` instead)
host: ""
# The hostnames or hosts configuration for the flower Ingress (templated)
hosts: []
# - name: ""
# tls:
# # Enable TLS termination for the flower Ingress
# enabled: false
# # The name of a pre-created Secret containing a TLS private key and certificate
# secretName: ""
# The Ingress Class for the flower Ingress
ingressClassName: ""
# Configs for flower Ingress TLS (deprecated, use `ingress.flower.hosts[*].tls` instead)
tls:
# Enable TLS termination for the flower Ingress
enabled: false
# The name of a pre-created Secret containing a TLS private key and certificate
secretName: ""
# Configs for the Ingress of the StatsD Service
statsd:
# Enable web ingress resource
enabled: false
# Annotations for the StatsD Ingress
annotations: {}
# The path for the StatsD Ingress
path: "/metrics"
# The pathType for the above path
pathType: "ImplementationSpecific"
# The hostname for the StatsD Ingress (deprecated, use `ingress.statsd.hosts` instead)
host: ""
# The hostnames or hosts configuration for the StatsD Ingress (templated)
hosts: []
# - name: ""
# tls:
# # Enable TLS termination for the StatsD Ingress
# enabled: false
# # The name of a pre-created Secret containing a TLS private key and certificate
# secretName: ""
# The Ingress Class for the StatsD Ingress
ingressClassName: ""
# Configs for the Ingress of the PgBouncer Service
pgbouncer:
# Enable web ingress resource
enabled: false
# Annotations for the PgBouncer Ingress
annotations: {}
# The path for the PgBouncer Ingress
path: "/metrics"
# The pathType for the above path
pathType: "ImplementationSpecific"
# The hostname for the PgBouncer Ingress (deprecated, use `ingress.pgbouncer.hosts` instead)
host: ""
# The hostnames or hosts configuration for the PgBouncer Ingress (templated)
hosts: []
# - name: ""
# tls:
# # Enable TLS termination for the PgBouncer Ingress
# enabled: false
# # The name of a pre-created Secret containing a TLS private key and certificate
# secretName: ""
# The Ingress Class for the PgBouncer Ingress
ingressClassName: ""
# Network policy configuration
networkPolicies:
# Enabled network policies
enabled: false
# Extra annotations to apply to all Airflow pods (templated)
airflowPodAnnotations: {}
# Extra annotations to apply to main Airflow ConfigMap
airflowConfigAnnotations: {}
# 'airflow_local_settings' file as a string (templated)
airflowLocalSettings: |-
{{- if semverCompare "<3.0.0" .Values.airflowVersion }}
{{- if not (or .Values.webserverSecretKey .Values.webserverSecretKeySecretName) }}
from airflow.www.utils import UIAlert
DASHBOARD_UIALERTS = [
UIAlert(
'Usage of a dynamic webserver secret key detected. We recommend a static webserver secret key instead.'
' See the <a href='
'"https://airflow.apache.org/docs/helm-chart/stable/production-guide.html#webserver-secret-key" '
'target="_blank" rel="noopener noreferrer">'
'Helm Chart Production Guide</a> for more details.',
category="warning",
roles=["Admin"],
html=True,
)
]
{{- end }}
{{- end }}
# Enable RBAC (default on most clusters these days)
rbac:
# Specifies whether RBAC resources should be created
create: true
createSCCRoleBinding: false
# Airflow executor
# One or multiple of: LocalExecutor, CeleryExecutor, KubernetesExecutor
# For Airflow <3.0, LocalKubernetesExecutor and CeleryKubernetesExecutor are supported.
# Specify executors in a prioritized list to leverage multiple execution environments as needed:
# https://airflow.apache.org/docs/apache-airflow/stable/core-concepts/executor/index.html#using-multiple-executors-concurrently
executor: "CeleryExecutor"
# If this is true and using LocalExecutor/KubernetesExecutor/CeleryKubernetesExecutor, the scheduler's
# Service Account will have access to communicate with the api-server and launch pods/jobs.
# If this is true and using CeleryExecutor/KubernetesExecutor/CeleryKubernetesExecutor, the workers
# will be able to launch pods/jobs.
allowPodLaunching: true
allowJobLaunching: false
# Environment variables for all Airflow containers
env: []
# - name: ""
# value: ""
# Volumes for all Airflow containers
volumes: []
# VolumeMounts for all Airflow containers
volumeMounts: []
# Secrets for all Airflow containers
secret: []
# - envName: ""
# secretName: ""
# secretKey: ""
# Enables selected built-in secrets that are set via environment variables by default.
# Those secrets are provided by the Helm Chart secrets by default but in some cases you
# might want to provide some of those variables with _CMD or _SECRET variable, and you should
# in this case disable setting of those variables by setting the relevant configuration to 'false'.
enableBuiltInSecretEnvVars:
AIRFLOW__CORE__FERNET_KEY: true
AIRFLOW__DATABASE__SQL_ALCHEMY_CONN: true
AIRFLOW_CONN_AIRFLOW_DB: true
AIRFLOW__API__SECRET_KEY: true
AIRFLOW__API_AUTH__JWT_SECRET: true
AIRFLOW__WEBSERVER__SECRET_KEY: true
AIRFLOW__CELERY__RESULT_BACKEND: true
AIRFLOW__CELERY__BROKER_URL: true
AIRFLOW__ELASTICSEARCH__HOST: true
AIRFLOW__OPENSEARCH__HOST: true
# Priority Classes that will be installed by charts.
# Ideally, there should be an entry for dagProcessor, flower,
# pgbouncer, scheduler, statsd, triggerer, webserver/api-server, worker.
# The format for priorityClasses is an array with each element having:
# * name is the name of the priorityClass. Ensure the same name is given to the respective section as well
# * preemptionPolicy for the priorityClass
# * value is the preemption value for the priorityClass
priorityClasses: []
# - name: class1 (if this is for dagProcessor, ensure overriding `dagProcessor.priorityClass` too)
# preemptionPolicy: PreemptLowerPriority
# value: 10000
# - name: class2
# preemptionPolicy: Never
# value: 100000
# Extra secrets that will be managed by the chart
# (You can use them with `extraEnv` or `extraEnvFrom` or some of the `extraVolumes` values).
# The format for secret data is "key/value" where
# * key (templated) is the name of the secret that will be created
# * value: an object with the standard 'data' or 'stringData' key (or both).
# The value associated with those keys must be a string (templated)
extraSecrets: {}
# extraSecrets:
# '{{ .Release.Name }}-airflow-connections':
# type: 'Opaque'
# labels:
# my.custom.label/v1: my_custom_label_value_1
# data: |
# AIRFLOW_CONN_GCP: 'base64_encoded_gcp_conn_string'
# AIRFLOW_CONN_AWS: 'base64_encoded_aws_conn_string'
# stringData: |
# AIRFLOW_CONN_OTHER: 'other_conn'
# '{{ .Release.Name }}-other-secret-name-suffix':
# data: |
# ...
# 'proxy-config':
# stringData: |
# HTTP_PROXY: http://proxy_user:proxy_password@192.168.0.10:2080
# HTTPS_PROXY: http://proxy_user:proxy_password@192.168.0.10:2080
# NO_PROXY: "localhost,127.0.0.1,.svc.cluster.local,kubernetes.default.svc"
# Extra ConfigMaps that will be managed by the chart
# (You can use them with `extraEnv` or `extraEnvFrom` or some of the `extraVolumes` values).
# The format for ConfigMap data is "key/value" where
# * key (templated) is the name of the ConfigMap that will be created
# * value: an object with the standard 'data' key.
# The value associated with this keys must be a string (templated)
extraConfigMaps: {}
# extraConfigMaps:
# '{{ .Release.Name }}-airflow-variables':
# labels:
# my.custom.label/v2: my_custom_label_value_2
# data: |
# AIRFLOW_VAR_HELLO_MESSAGE: "Hi!"
# AIRFLOW_VAR_KUBERNETES_NAMESPACE: "{{ .Release.Namespace }}"
# Extra env 'items' that will be added to the definition of Airflow containers
# a string is expected (templated).
# TODO: difference from `env`? This is a templated string. Probably should template `env` and remove this.
extraEnv: ~
# extraEnv: |
# - name: AIRFLOW__CORE__LOAD_EXAMPLES
# value: 'True'
# Extra envFrom 'items' that will be added to the definition of Airflow containers
# A string is expected (templated).
extraEnvFrom: ~
# extraEnvFrom: |
# - secretRef:
# name: '{{ .Release.Name }}-airflow-connections'
# - configMapRef:
# name: '{{ .Release.Name }}-airflow-variables'
# Airflow database & redis config
data:
# If secret name is provided, secret itself has to be created manually with 'connection' key like:
#
# kind: Secret
# apiVersion: v1
# metadata:
# name: custom-airflow-metadata-secret
# type: Opaque
# data:
# connection: base64_encoded_connection_string
#
# The 'connection' key is base64-encoded SQLAlchemy connection string, e.g.:
# postgresql+psycopg2://airflow:password@postgres/airflow
metadataSecretName: ~
# If not set, falls back to metadataSecretName. The secret must contain 'connection' key which is
# a base64-encoded connection string, e.g.:
# postgresql+psycopg2://user:password@host/db
resultBackendSecretName: ~
brokerUrlSecretName: ~
# If `metadataSecretName` is not specified, pass connection values below
metadataConnection:
user: postgres
pass: postgres
protocol: postgresql
host: ~
port: 5432
db: postgres
sslmode: disable
# Add custom annotations to the metadata connection secret
secretAnnotations: {}
# `resultBackendConnection` defaults to the same database as metadataConnection
resultBackendConnection: ~
# or, you can use a different database like:
# resultBackendConnection:
# user: postgres
# pass: postgres
# protocol: postgresql
# host: ~
# port: 5432
# db: postgres
# sslmode: disable
# Add custom annotations to the result backend connection secret
resultBackendConnectionSecretAnnotations: {}
# Note: `brokerUrl` can only be set during 'helm install', not 'helm upgrade' command
brokerUrl: ~
# Add custom annotations to the broker url secret
brokerUrlSecretAnnotations: {}
# Fernet key settings
# Note: `fernetKey` can only be set during 'helm install', not 'helm upgrade' command
fernetKey: ~
# If set, the secret must contain a 'fernet-key' key with a base64-encoded key value
fernetKeySecretName: ~
# Fernet key secret example:
# kind: Secret
# apiVersion: v1
# metadata:
# name: custom-fernet-key-secret
# type: Opaque
# data:
# fernet-key: <base64_encoded_fernet_key>
# Add custom annotations to the fernet key secret
fernetKeySecretAnnotations: {}
# Flask secret key for Airflow 3+ Api: '[api] secret_key' in airflow.cfg
apiSecretKey: ~
# Add custom annotations to the api secret
apiSecretAnnotations: {}
# If set, the secret must contain a key 'api-secret-key' with a base64-encoded key value
apiSecretKeySecretName: ~
# API secret key example:
# kind: Secret
# apiVersion: v1
# metadata:
# name: custom-api-secret
# type: Opaque
# data:
# api-secret-key: <base64_encoded_api_secret_key>
# Secret key used to encode and decode JWTs: '[api_auth] jwt_secret' in airflow.cfg
# Note: It is not advised to use in production as during helm upgrade it will be changed
# which can cause dag failures during component rollouts
jwtSecret: ~
# Add custom annotations to the JWT secret
jwtSecretAnnotations: {}
# If set, the secret must contain a key 'jwt-secret' with a base64-encoded key value
jwtSecretName: ~
# JWT secret example:
# kind: Secret
# apiVersion: v1
# metadata:
# name: custom-jwt-secret
# type: Opaque
# data:
# jwt-secret: <base64_encoded_jwt_secret>
# Flask secret key for Airflow <3 Webserver: '[webserver] secret_key' in airflow.cfg
# (deprecated, use `apiSecretKey` instead (Airflow 3+))
webserverSecretKey: ~
# Add custom annotations to the webserver secret
# (deprecated, use `apiSecretAnnotations` instead (Airflow 3+))
webserverSecretAnnotations: {}
# If set, the secret must contain a key 'webserver-secret-key' with a base64-encoded key value
# (deprecated, use `apiSecretKeySecretName` instead (Airflow 3+))
webserverSecretKeySecretName: ~
# Webserver secret key secret example:
# kind: Secret
# apiVersion: v1
# metadata:
# name: custom-webserver-secret
# type: Opaque
# data:
# webserver-secret-key: <base64_encoded_secret_key>
# In order to use kerberos you need to create secret containing the keytab file.
# The secret name should follow naming convention of the application where resources are
# name '{{ .Release.Name }}-<postfix>'. In case of the keytab file, the '<postfix>' is "kerberos-keytab".
# If your release is named "my-release" the name of the secret should be "my-release-kerberos-keytab".
#
# The Keytab content should be available in the "kerberos.keytab" key of the secret.
# apiVersion: v1
# kind: Secret
# data:
# kerberos.keytab: <base64_encoded keytab file content>
# type: Opaque
#
# If you have keytab file you can do it with similar:
# kubectl create secret generic {{ .Release.Name }}-kerberos-keytab --from-file=kerberos.keytab
#
# Alternatively, instead of manually creating the secret, it is possible to specify
# `kerberos.keytabBase64Content` parameter. This parameter should contain base64 encoded keytab.
kerberos:
enabled: false
ccacheMountPath: /var/kerberos-ccache
ccacheFileName: cache
configPath: /etc/krb5.conf
keytabBase64Content: ~
keytabPath: /etc/airflow.keytab
principal: airflow@FOO.COM
reinitFrequency: 3600
config: |
# This is an example config showing how you can use templating and how "example" config
# might look like. It works with the test kerberos server that we are using during integration
# testing at Apache Airflow (see 'scripts/ci/docker-compose/integration-kerberos.yml' but in
# order to make it production-ready you must replace it with your own configuration that
# Matches your kerberos deployment. Administrators of your Kerberos instance should
# provide the right configuration.
[logging]
default = "FILE:{{ template "airflow_logs_no_quote" . }}/kerberos_libs.log"
kdc = "FILE:{{ template "airflow_logs_no_quote" . }}/kerberos_kdc.log"
admin_server = "FILE:{{ template "airflow_logs_no_quote" . }}/kadmind.log"
[libdefaults]
default_realm = FOO.COM
ticket_lifetime = 10h
renew_lifetime = 7d
forwardable = true
[realms]
FOO.COM = {
kdc = kdc-server.foo.com
admin_server = admin_server.foo.com
}
# Airflow Worker Config
workers:
# Number of Airflow Celery workers (deprecated, use `workers.celery.replicas` instead)
replicas: 1
# Max number of old Airflow Celery workers ReplicaSets to retain
# (deprecated, use `workers.celery.revisionHistoryLimit` instead)
revisionHistoryLimit: ~
# Command to use when running Airflow Celery workers and using pod-template-file (templated)
# (deprecated, use `workers.celery.command` and/or `workers.kubernetes.command` instead)
command: ~
# Args to use when running Airflow Celery workers (templated)
# (deprecated, use `workers.celery.args` instead)
args:
- "bash"
- "-c"
# The format below is necessary to get `helm lint` happy
- |-
exec \
airflow celery worker
{{- if and .Values.workers.queue (ne .Values.workers.queue "default") }}
{{- " -q " }}{{ .Values.workers.queue }}
{{- end }}
# If the Airflow Celery worker stops responding for 5 minutes (5*60s)
# kill the worker and let Kubernetes restart it
# (deprecated, use `workers.celery.livenessProbe` section instead)
livenessProbe:
# (deprecated, use `workers.celery.livenessProbe.enabled` instead)
enabled: true
# (deprecated, use `workers.celery.livenessProbe.initialDelaySeconds` instead)
initialDelaySeconds: 10
# (deprecated, use `workers.celery.livenessProbe.timeoutSeconds` instead)
timeoutSeconds: 20
# (deprecated, use `workers.celery.livenessProbe.failureThreshold` instead)
failureThreshold: 5
# (deprecated, use `workers.celery.livenessProbe.periodSeconds` instead)
periodSeconds: 60
# (deprecated, use `workers.celery.livenessProbe.command` instead)
command: ~
# Update Strategy when Airflow Celery worker is deployed as a StatefulSet
# (deprecated, use `workers.celery.updateStrategy` instead)
updateStrategy: ~
# Update Strategy when Airflow Celery worker is deployed as a Deployment
# (deprecated, use `workers.celery.strategy` instead)
strategy:
rollingUpdate:
maxSurge: "100%"
maxUnavailable: "50%"
# Allow relaxing ordering guarantees for Airflow Celery worker while preserving its uniqueness and identity
# (deprecated, use `workers.celery.podManagementPolicy` instead)
# podManagementPolicy: Parallel
# When not set, the values defined in the global securityContext will
# be used in Airflow Celery workers and pod-template-file
# (deprecated, use `workers.celery.securityContexts` and/or `workers.kubernetes.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for the
# Airflow Celery workers and pod-template-file on container and pod level
# (deprecated, use `workers.celery.securityContexts` and/or `workers.kubernetes.securityContexts` instead)
securityContexts:
# (deprecated, use
# `workers.celery.securityContexts.pod` and/or
# `workers.kubernetes.securityContexts.pod`
# instead)
pod: {}
# (deprecated, use
# `workers.celery.securityContexts.container` and/or
# `workers.kubernetes.securityContexts.container`
# instead)
container: {}
# Container level Lifecycle Hooks definition for
# Airflow Celery workers and pods created with pod-template-file
# (deprecated, use
# `workers.celery.containerLifecycleHooks` and/or
# `workers.kubernetes.containerLifecycleHooks`
# instead)
containerLifecycleHooks: {}
# Airflow Celery workers pod disruption budget
# (deprecated, use `workers.celery.podDisruptionBudget` instead)
podDisruptionBudget:
# (deprecated, use `workers.celery.podDisruptionBudget.enabled` instead)
enabled: false
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
# (deprecated, use `workers.celery.podDisruptionBudget.config` instead)
config:
# (deprecated, use `workers.celery.podDisruptionBudget.config.maxUnavailable` instead)
maxUnavailable: 1
# (deprecated, use `workers.celery.podDisruptionBudget.config.minAvailable` instead)
# minAvailable: 1
# Create Service Account for Airflow Celery workers and pods created with pod-template-file
# (deprecated, use `workers.celery.serviceAccount` and/or `workers.kubernetes.serviceAccount` instead)
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
# (deprecated, use
# `workers.celery.serviceAccount.automountServiceAccountToken` and/or
# `workers.kubernetes.serviceAccount.automountServiceAccountToken`
# instead)
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
# (deprecated, use
# `workers.celery.serviceAccount.create` and/or
# `workers.kubernetes.serviceAccount.create`
# instead)
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
# (deprecated, use
# `workers.celery.serviceAccount.name` and/or
# `workers.kubernetes.serviceAccount.name`
# instead)
name: ~
# Annotations to add to worker Kubernetes Service Account.
# (deprecated, use
# `workers.celery.serviceAccount.annotations` and/or
# `workers.kubernetes.serviceAccount.annotations`
# instead)
annotations: {}
# Allow KEDA autoscaling for Airflow Celery workers
# (deprecated, use `workers.celery.keda` instead)
keda:
# (deprecated, use `workers.celery.keda.enabled` instead)
enabled: false
# (deprecated, use `workers.celery.keda.namespaceLabels` instead)
namespaceLabels: {}
# How often KEDA polls the Airflow DB to report new scale requests to the HPA
# (deprecated, use `workers.celery.keda.pollingInterval` instead)
pollingInterval: 5
# How many seconds KEDA will wait before scaling to zero.
# Note: HPA has a separate cooldown period for scale-downs
# (deprecated, use `workers.celery.keda.cooldownPeriod` instead)
cooldownPeriod: 30
# Minimum number of Airflow Celery workers created by keda
# (deprecated, use `workers.celery.keda.minReplicaCount` instead)
minReplicaCount: 0
# Maximum number of Airflow Celery workers created by keda
# (deprecated, use `workers.celery.keda.maxReplicaCount` instead)
maxReplicaCount: 10
# Specify HPA related options
# (deprecated, use `workers.celery.keda.advanced` instead)
advanced: {}
# horizontalPodAutoscalerConfig:
# behavior:
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Percent
# value: 100
# periodSeconds: 15
# Query to use for KEDA autoscaling. Must return a single integer.
# (deprecated, use `workers.celery.keda.query` instead)
query: >-
SELECT ceil(COUNT(*)::decimal / {{ .Values.config.celery.worker_concurrency }})
FROM task_instance
WHERE (state='running' OR state='queued')
AND queue IN (
{{- range $i, $q := splitList "," .Values.workers.queue -}}
{{- if $i }},{{ end }}'{{ $q | trim }}'
{{- end -}}
)
{{- if contains "CeleryKubernetesExecutor" .Values.executor }}
AND queue != '{{ .Values.config.celery_kubernetes_executor.kubernetes_queue }}'
{{- else if contains "KubernetesExecutor" .Values.executor }}
AND executor IS DISTINCT FROM 'KubernetesExecutor'
{{- else if contains "airflow.providers.edge3.executors.EdgeExecutor" .Values.executor }}
AND executor IS DISTINCT FROM 'EdgeExecutor'
{{- end }}
# Weather to use PGBouncer to connect to the database or not when it is enabled
# This configuration will be ignored if PGBouncer is not enabled
# (deprecated, use `workers.celery.keda.usePgbouncer` instead)
usePgbouncer: true
# Allow HPA for Airflow Celery workers (KEDA must be disabled)
# (deprecated, use `workers.celery.hpa` instead)
hpa:
# (deprecated, use `workers.celery.hpa.enabled` instead)
enabled: false
# Minimum number of Airflow Celery workers created by HPA
# (deprecated, use `workers.celery.hpa.minReplicaCount` instead)
minReplicaCount: 0
# Maximum number of Airflow Celery workers created by HPA
# (deprecated, use `workers.celery.hpa.maxReplicaCount` instead)
maxReplicaCount: 5
# Specifications for which to use to calculate the desired replica count
# (deprecated, use `workers.celery.hpa.metrics` instead)
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
# Scaling behavior of the target in both Up and Down directions
# (deprecated, use `workers.celery.hpa.behavior` instead)
behavior: {}
# Persistence volume configuration for Airflow Celery workers
# (deprecated, use `workers.celery.persistence` instead)
persistence:
# Enable persistent volumes (deprecated, use `workers.celery.persistence.enabled` instead)
enabled: true
# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed
# (deprecated, use `workers.celery.persistence.persistentVolumeClaimRetentionPolicy` instead)
persistentVolumeClaimRetentionPolicy: ~
# persistentVolumeClaimRetentionPolicy:
# whenDeleted: Delete
# whenScaled: Delete
# Volume size for Airflow Celery worker StatefulSet
# (deprecated, use `workers.celery.persistence.size` instead)
size: 100Gi
# If using a custom storageClass, pass name ref to all StatefulSets here
# (deprecated, use `workers.celery.persistence.storageClassName` instead)
storageClassName:
# Execute init container to chown log directory.
# This is currently only needed in kind, due to usage
# of local-path provisioner.
# (deprecated, use `workers.celery.persistence.fixPermissions` instead)
fixPermissions: false
# Annotations to add to Airflow Celery worker volumes
# (deprecated, use `workers.celery.persistence.annotations` instead)
annotations: {}
# Detailed default security context for persistence on container level
# (deprecated, use `workers.celery.persistence.securityContexts` instead)
securityContexts:
# (deprecated, use `workers.celery.persistence.securityContexts.container` instead)
container: {}
# Kerberos sidecar configuration for Airflow Celery workers and pods created with pod-template-file
# (deprecated, use `workers.celery.kerberosSidecar` and/or `workers.kubernetes.kerberosSidecar` instead)
kerberosSidecar:
# Enable kerberos sidecar
# (deprecated, use
# `workers.celery.kerberosSidecar.enabled` and/or
# `workers.kubernetes.kerberosSidecar.enabled`
# instead)
enabled: false
# (deprecated, use
# `workers.celery.kerberosSidecar.resources` and/or
# `workers.kubernetes.kerberosSidecar.resources`
# instead)
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for kerberos sidecar on container level
# (deprecated, use
# `workers.celery.kerberosSidecar.securityContexts` and/or
# `workers.kubernetes.kerberosSidecar.securityContexts`
# instead)
securityContexts:
# (deprecated, use
# `workers.celery.kerberosSidecar.securityContexts.container` and/or
# `workers.kubernetes.kerberosSidecar.securityContexts.container`
# instead)
container: {}
# Container level lifecycle hooks
# (deprecated, use
# `workers.celery.kerberosSidecar.containerLifecycleHooks` and/or
# `workers.kubernetes.kerberosSidecar.containerLifecycleHooks`
# instead)
containerLifecycleHooks: {}
# Kerberos init container configuration for Airflow Celery workers and pods created with pod-template-file
# (deprecated, use
# `workers.celery.kerberosInitContainer` and/or
# `workers.kubernetes.kerberosInitContainer`
# instead)
kerberosInitContainer:
# Enable kerberos init container
# (deprecated, use
# `workers.celery.kerberosInitContainer.enabled` and/or
# `workers.kubernetes.kerberosInitContainer.enabled`
# instead)
enabled: false
# (deprecated, use
# `workers.celery.kerberosInitContainer.resources` and/or
# `workers.kubernetes.kerberosInitContainer.resources`
# instead)
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for kerberos init container
# (deprecated, use
# `workers.celery.kerberosInitContainer.securityContexts` and/or
# `workers.kubernetes.kerberosInitContainer.securityContexts`
# instead)
securityContexts:
# (deprecated, use
# `workers.celery.kerberosInitContainer.securityContexts.container` and/or
# `workers.kubernetes.kerberosInitContainer.securityContexts.container`
# instead)
container: {}
# Container level lifecycle hooks
# (deprecated, use
# `workers.celery.kerberosInitContainer.containerLifecycleHooks` and/or
# `workers.kubernetes.kerberosInitContainer.containerLifecycleHooks`
# instead)
containerLifecycleHooks: {}
# Resource configuration for Airflow Celery workers and pods created with pod-template-file
# (deprecated, use `workers.celery.resources` and/or `workers.kubernetes.resources` instead)
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Grace period for tasks to finish after SIGTERM is sent from Kubernetes.
# It is used by Airflow Celery workers and pod-template-file.
# (deprecated, use
# `workers.celery.terminationGracePeriodSeconds` and/or
# `workers.kubernetes.terminationGracePeriodSeconds`
# instead)
terminationGracePeriodSeconds: 600
# This setting tells Kubernetes that its ok to evict when it wants to scale a node down.
# It is used by Airflow Celery workers and pod-template-file.
# (deprecated, use
# `workers.celery.safeToEvict` and/or
# `workers.kubernetes.safeToEvict`
# instead)
safeToEvict: false
# Launch additional containers into Airflow Celery worker
# and pods created with pod-template-file (templated).
# (deprecated, use
# `workers.celery.extraContainers` and/or
# `workers.kubernetes.extraContainers`
# instead)
# Note: If used with KubernetesExecutor, you are responsible for signaling sidecars to exit when the main
# container finishes so Airflow can continue the worker shutdown process!
extraContainers: []
# Add additional init containers into Airflow Celery workers
# and pods created with pod-template-file (templated).
# (deprecated, use
# `workers.celery.extraInitContainers` and/or
# `workers.kubernetes.extraInitContainers`
# instead)
extraInitContainers: []
# Additional volumes attached to the Airflow Celery workers
# and pods created with pod-template-file
# (deprecated, use `workers.celery.extraVolumes` and/or `workers.kubernetes.extraVolumes` instead)
extraVolumes: []
# Mount additional volumes into workers pods. It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
# Additional volume mounts attached to the Airflow Celery workers
# and pods created with pod-template-file
# (deprecated, use
# `workers.celery.extraVolumeMounts` and/or
# `workers.kubernetes.extraVolumeMounts`
# instead)
extraVolumeMounts: []
# Mount additional volumes into workers pods. It can be templated like in the following example:
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Expose additional ports of Airflow Celery workers. These can be used for additional metric collection.
# (deprecated, use `workers.celery.extraPorts` instead)
extraPorts: []
# Select certain nodes for Airflow Celery worker pods and pods created with pod-template-file
# (deprecated, use `workers.celery.nodeSelector` and/or `workers.kubernetes.nodeSelector` instead)
nodeSelector: {}
# (deprecated, use `workers.celery.runtimeClassName` and/or `workers.kubernetes.runtimeClassName` instead)
runtimeClassName: ~
# (deprecated, use `workers.celery.priorityClassName` and/or `workers.kubernetes.priorityClassName` instead)
priorityClassName: ~
# (deprecated, use `workers.celery.affinity` and/or `workers.kubernetes.affinity` instead)
affinity: {}
# Default Airflow Celery worker affinity is:
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# component: worker
# topologyKey: kubernetes.io/hostname
# weight: 100
# (deprecated, use `workers.celery.tolerations` and/or `workers.kubernetes.tolerations` instead)
tolerations: []
# (deprecated, use
# `workers.celery.topologySpreadConstraints` and/or
# `workers.kubernetes.topologySpreadConstraints`
# instead)
topologySpreadConstraints: []
# hostAliases to use in Airflow Celery worker pods and pods created with pod-template-file
# (deprecated, use `workers.celery.hostAliases` and/or `workers.kubernetes.hostAliases` instead)
# See:
# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
hostAliases: []
# - ip: "127.0.0.2"
# hostnames:
# - "test.hostname.one"
# - ip: "127.0.0.3"
# hostnames:
# - "test.hostname.two"
# Annotations for the Airflow Celery worker resource
# (deprecated, use `workers.celery.annotations` instead)
annotations: {}
# Pod annotations for the Airflow Celery workers and pods created with pod-template-file (templated)
# (deprecated, use `workers.celery.podAnnotations` and/or `workers.kubernetes.podAnnotations` instead)
podAnnotations: {}
# Labels specific to Airflow Celery workers objects and pods created with pod-template-file
# (deprecated, use `workers.celery.labels` and/or `workers.kubernetes.labels` instead)
labels: {}
# Log groomer configuration for Airflow Celery workers
# (deprecated, use `workers.celery.logGroomerSidecar` instead)
logGroomerSidecar:
# Whether to deploy the Airflow Celery worker log groomer sidecar
# (deprecated, use `workers.celery.logGroomerSidecar.enabled` instead)
enabled: true
# Command to use when running the Airflow Celery worker log groomer sidecar (templated)
# (deprecated, use `workers.celery.logGroomerSidecar.command` instead)
command: ~
# Args to use when running the Airflow Celery worker log groomer sidecar (templated)
# (deprecated, use `workers.celery.logGroomerSidecar.args` instead)
args: ["bash", "/clean-logs"]
# Number of days to retain logs
# (deprecated, use `workers.celery.logGroomerSidecar.retentionDays` instead)
retentionDays: 15
# Number of minutes to retain logs.
# This can be used for finer granularity than days.
# Total retention is `retentionDays` + `retentionMinutes`.
# (deprecated, use `workers.celery.logGroomerSidecar.retentionMinutes` instead)
retentionMinutes: 0
# Frequency to attempt to groom logs (in minutes)
# (deprecated, use `workers.celery.logGroomerSidecar.frequencyMinutes` instead)
frequencyMinutes: 15
# Max size of logs in bytes. 0 = disabled
# (deprecated, use `workers.celery.logGroomerSidecar.maxSizeBytes` instead)
maxSizeBytes: 0
# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.
# (deprecated, use `workers.celery.logGroomerSidecar.maxSizePercent` instead)
maxSizePercent: 0
# (deprecated, use `workers.celery.logGroomerSidecar.resources` instead)
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for `logGroomerSidecar` for container level
# (deprecated, use `workers.celery.logGroomerSidecar.securityContexts` instead)
securityContexts:
# (deprecated, use `workers.celery.logGroomerSidecar.securityContexts.container` instead)
container: {}
# (deprecated, use `workers.celery.logGroomerSidecar.env` instead)
env: []
# Container level lifecycle hooks
# (deprecated, use `workers.celery.logGroomerSidecar.containerLifecycleHooks` instead)
containerLifecycleHooks: {}
# Configuration of wait-for-airflow-migration init container for Airflow Celery workers
# (deprecated, use `workers.celery.waitForMigrations` instead)
waitForMigrations:
# Whether to create init container to wait for db migrations
# (deprecated, use `workers.celery.waitForMigrations.enabled` instead)
enabled: true
# (deprecated, use `workers.celery.waitForMigrations.env` instead)
env: []
# Detailed default security context for wait-for-airflow-migrations container
# (deprecated, use `workers.celery.waitForMigrations.securityContexts` instead)
securityContexts:
# (deprecated, use `workers.celery.waitForMigrations.securityContexts.container` instead)
container: {}
# Additional env variable configuration for Airflow Celery workers and pods created with pod-template-file
# (deprecated, use `workers.celery.env` and/or `workers.kubernetes.env` instead)
env: []
# Additional volume claim templates for Airflow Celery workers.
# Requires mounting of specified volumes under extraVolumeMounts.
# (deprecated, use `workers.celery.volumeClaimTemplates` instead)
volumeClaimTemplates: []
# Volume Claim Templates example:
# volumeClaimTemplates:
# - metadata:
# name: data-volume-1
# spec:
# storageClassName: "storage-class-1"
# accessModes:
# - "ReadWriteOnce"
# resources:
# requests:
# storage: "10Gi"
# - metadata:
# name: data-volume-2
# spec:
# storageClassName: "storage-class-2"
# accessModes:
# - "ReadWriteOnce"
# resources:
# requests:
# storage: "20Gi"
# (deprecated, use `workers.celery.schedulerName` and/or `workers.kubernetes.schedulerName` instead)
schedulerName: ~
celery:
# Number of Airflow Celery workers
replicas: ~
# Max number of old Airflow Celery workers ReplicaSets to retain
revisionHistoryLimit: ~
# Command to use when running Airflow Celery workers (templated)
command: ~
# Args to use when running Airflow Celery workers (templated)
args: ~
# If the Airflow Celery worker stops responding for 5 minutes (5*60s)
# kill the worker and let Kubernetes restart it
livenessProbe:
enabled: ~
initialDelaySeconds: ~
timeoutSeconds: ~
failureThreshold: ~
periodSeconds: ~
command: ~
# Enable the default workers defined by the root `workers` and `workers.celery`
# configurations to be created.
# If false, only dedicated workers defined in 'sets' will be created.
enableDefault: true
# Queue name for the default workers
queue: "default"
# List of worker sets. Each item can overwrite values from the parent `workers` and `workers.celery`
# section.
sets: []
# sets:
# - name: highcpu
# replicas: 2
# queue: "highcpu"
# resources:
# requests:
# memory: "2Gi"
# cpu: "4000m"
# limits:
# memory: "4Gi"
# cpu: "8000m"
# - name: highmem
# replicas: 2
# queue: "highmem"
# resources:
# requests:
# memory: "4Gi"
# cpu: "2000m"
# limits:
# memory: "8Gi"
# cpu: "4000m"
# Update Strategy when Airflow Celery worker is deployed as a StatefulSet
updateStrategy: ~
# Update Strategy when Airflow Celery worker is deployed as a Deployment
strategy: ~
# Allow relaxing ordering guarantees for Airflow Celery worker
# while preserving its uniqueness and identity
# podManagementPolicy: Parallel
# Detailed default security context for Airflow Celery workers for container and pod level
# If not set, the values from `workers.securityContexts` section will be used.
securityContexts:
pod: {}
container: {}
# Container level Lifecycle Hooks definition for Airflow Celery workers
containerLifecycleHooks: {}
# Airflow Celery workers pod disruption budget
podDisruptionBudget:
enabled: ~
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
config:
maxUnavailable: ~
# minAvailable: ~
# Create Service Account for Airflow Celery workers
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: ~
# Specifies whether a Service Account should be created
create: ~
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to worker Kubernetes Service Account.
annotations: {}
# Allow KEDA autoscaling for Airflow Celery workers
keda:
enabled: ~
namespaceLabels: {}
# How often KEDA polls the airflow DB to report new scale requests to the HPA
pollingInterval: ~
# How many seconds KEDA will wait before scaling to zero.
# Note: HPA has a separate cooldown period for scale-downs
cooldownPeriod: ~
# Minimum number of Airflow Celery workers created by KEDA
minReplicaCount: ~
# Maximum number of Airflow Celery workers created by KEDA
maxReplicaCount: ~
# Specify HPA related options
advanced: {}
# horizontalPodAutoscalerConfig:
# behavior:
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Percent
# value: 100
# periodSeconds: 15
# Query to use for KEDA autoscaling. Must return a single integer
query: ~
# Weather to use PGBouncer to connect to the database or not when it is enabled
# This configuration will be ignored if PGBouncer is not enabled
usePgbouncer: ~
# Allow HPA for Airflow Celery workers (KEDA must be disabled)
hpa:
enabled: ~
# Minimum number of Airflow Celery workers created by HPA
minReplicaCount: ~
# Maximum number of Airflow Celery workers created by HPA
maxReplicaCount: ~
# Specifications for which to use to calculate the desired replica count
metrics: ~
# Scaling behavior of the target in both Up and Down directions
behavior: {}
# Persistence volume configuration for Airflow Celery workers
persistence:
# Enable persistent volumes
enabled: ~
# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed
persistentVolumeClaimRetentionPolicy: ~
# persistentVolumeClaimRetentionPolicy:
# whenDeleted: Delete
# whenScaled: Delete
# Volume size for Airflow Celery worker StatefulSet
size: ~
# If using a custom storageClass, pass name ref to all StatefulSets here
storageClassName:
# Execute init container to chown log directory.
# This is currently only needed in kind, due to usage
# of local-path provisioner.
fixPermissions: ~
# Annotations to add to Airflow Celery worker volumes
annotations: {}
# Detailed default security context for persistence on container level
securityContexts:
container: {}
# Kerberos sidecar configuration for Airflow Celery workers
kerberosSidecar:
# Enable kerberos sidecar
enabled: ~
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for kerberos sidecar on container level
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Kerberos init container configuration for Airflow Celery workers
# If not set, the values from `workers.kerberosInitContainer` section will be used.
kerberosInitContainer:
# Enable kerberos init container
# If `workers.kerberosInitContainer.enabled` is set to True, this flag has no effect
enabled: ~
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for kerberos init container
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Resource configuration for Airflow Celery workers
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Grace period for tasks to finish after SIGTERM is sent from Kubernetes
terminationGracePeriodSeconds: ~
# This setting tells Kubernetes that its ok to evict when it wants to scale a node down
safeToEvict: ~
# Launch additional containers into Airflow Celery worker (templated)
extraContainers: []
# Add additional init containers into Airflow Celery workers (templated)
extraInitContainers: []
# Additional volumes attached to the Airflow Celery workers
extraVolumes: []
# Mount additional volumes into workers pods. It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
# Additional volume mounts attached to the Airflow Celery workers
extraVolumeMounts: []
# Mount additional volumes into workers pods. It can be templated like in the following example:
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Expose additional ports of Airflow Celery workers. These can be used for additional metric collection.
extraPorts: []
# Select certain nodes for Airflow Celery worker pods
nodeSelector: {}
runtimeClassName: ~
priorityClassName: ~
affinity: {}
# Default Airflow Celery worker affinity is:
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# component: worker
# topologyKey: kubernetes.io/hostname
# weight: 100
tolerations: []
topologySpreadConstraints: []
# hostAliases to use in Airflow Celery worker pods
# See:
# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
hostAliases: []
# - ip: "127.0.0.2"
# hostnames:
# - "test.hostname.one"
# - ip: "127.0.0.3"
# hostnames:
# - "test.hostname.two"
# Annotations for the Airflow Celery worker resource
annotations: {}
# Pod annotations for the Airflow Celery workers (templated)
podAnnotations: {}
# Labels specific to Airflow Celery workers objects
labels: {}
# Log groomer configuration for Airflow Celery workers
logGroomerSidecar:
# Whether to deploy the Airflow Celery worker log groomer sidecar
enabled: ~
# Command to use when running the Airflow Celery worker log groomer sidecar (templated)
command: ~
# Args to use when running the Airflow Celery worker log groomer sidecar (templated)
args: []
# Number of days to retain logs
retentionDays: ~
# Number of minutes to retain logs.
# This can be used for finer granularity than days.
# Total retention is `retentionDays` + `retentionMinutes`.
retentionMinutes: ~
# Frequency to attempt to groom logs (in minutes)
frequencyMinutes: ~
# Max size of logs in bytes. 0 = disabled
maxSizeBytes: ~
# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.
maxSizePercent: ~
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for `logGroomerSidecar` for container level
securityContexts:
container: {}
env: []
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Configuration of wait-for-airflow-migration init container for Airflow Celery workers
waitForMigrations:
# Whether to create init container to wait for db migrations
enabled: ~
env: []
# Detailed default security context for wait-for-airflow-migrations container
securityContexts:
container: {}
# Additional env variable configuration for Airflow Celery workers
env: []
# Additional volume claim templates for Airflow Celery workers.
# Requires mounting of specified volumes under extraVolumeMounts.
volumeClaimTemplates: []
# Volume Claim Templates example:
# volumeClaimTemplates:
# - metadata:
# name: data-volume-1
# spec:
# storageClassName: "storage-class-1"
# accessModes:
# - "ReadWriteOnce"
# resources:
# requests:
# storage: "10Gi"
# - metadata:
# name: data-volume-2
# spec:
# storageClassName: "storage-class-2"
# accessModes:
# - "ReadWriteOnce"
# resources:
# requests:
# storage: "20Gi"
schedulerName: ~
kubernetes:
# Command to use in pod-template-file (templated)
command: ~
# Detailed default security context for pod-template-file for container and pod level
# If not set, the values from `workers.securityContexts` section will be used.
securityContexts:
pod: {}
container: {}
# Container level Lifecycle Hooks definition for pods created with pod-template-file
containerLifecycleHooks: {}
# Create Service Account for pods created with pod-template-file
# When this section is specified, the Service Account is created from
# 'templates/workers/worker-kubernetes-serviceaccount.yaml' file
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
# If not specified, the `workers.serviceAccount.automountServiceAccountToken` value will be taken
automountServiceAccountToken: ~
# Specifies whether a Service Account should be created.
# If not specified, the Service Account will be generated and used from
# 'templates/workers/worker-serviceaccount.yaml' file if `workers.serviceAccount.create`
# will be 'true'
create: ~
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
# with Kubernetes dedicated name
name: ~
# Annotations to add to worker Kubernetes Service Account.
# If not specified, the `workers.serviceAccount.annotations` value will be taken
annotations: {}
# Kerberos sidecar configuration for pods created with pod-template-file
kerberosSidecar:
# Enable kerberos sidecar
enabled: ~
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for kerberos sidecar on container level
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Kerberos init container configuration for pods created with pod-template-file
# If not set, the values from `workers.kerberosInitContainer` section will be used.
kerberosInitContainer:
# Enable kerberos init container
# If `workers.kerberosInitContainer.enabled` is set to True, this flag has no effect
enabled: ~
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for kerberos init container
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Resource configuration for pods created with pod-template-file
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Grace period for tasks to finish after SIGTERM is sent from Kubernetes
terminationGracePeriodSeconds: ~
# This setting tells Kubernetes that its ok to evict when it wants to scale a node down
safeToEvict: ~
# Launch additional containers into pods created with pod-template-file (templated).
# Note: You are responsible for signaling sidecars to exit when the main
# container finishes so Airflow can continue the worker shutdown process!
extraContainers: []
# Add additional init containers into pods created with pod-template-file (templated)
extraInitContainers: []
# Additional volumes attached to the pods created with pod-template-file
extraVolumes: []
# Mount additional volumes into workers pods. It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
# Additional volume mounts attached to the pods created with pod-template-file
extraVolumeMounts: []
# Mount additional volumes into workers pods. It can be templated like in the following example:
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Select certain nodes for pods created with pod-template-file
nodeSelector: {}
runtimeClassName: ~
priorityClassName: ~
affinity: {}
tolerations: []
topologySpreadConstraints: []
# hostAliases to use in pods created with pod-template-file
# See:
# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
hostAliases: []
# - ip: "127.0.0.2"
# hostnames:
# - "test.hostname.one"
# - ip: "127.0.0.3"
# hostnames:
# - "test.hostname.two"
# Pod annotations for the pods created with pod-template-file (templated)
podAnnotations: {}
# Labels specific to pods created with pod-template-file
labels: {}
# Additional env variable configuration for pods created with pod-template-file
env: []
schedulerName: ~
# Airflow scheduler settings
scheduler:
enabled: true
# hostAliases for the scheduler pod
hostAliases: []
# - ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - ip: "10.1.2.3"
# hostnames:
# - "foo.remote"
# If the scheduler stops heartbeating for 5 minutes (5*60s) kill the
# scheduler and let Kubernetes restart it
livenessProbe:
initialDelaySeconds: 10
timeoutSeconds: 20
failureThreshold: 5
periodSeconds: 60
command: ~
# Wait for at most 1 minute (6*10s) for the scheduler container to startup.
# LivenessProbe kicks in after the first successful startupProbe
startupProbe:
initialDelaySeconds: 0
failureThreshold: 6
periodSeconds: 10
timeoutSeconds: 20
command: ~
# Amount of scheduler replicas
replicas: 1
# Max number of old replicasets to retain
revisionHistoryLimit: ~
# Command to use when running the Airflow scheduler (templated).
command: ~
# Args to use when running the Airflow scheduler (templated).
args: ["bash", "-c", "exec airflow scheduler"]
# Update Strategy when scheduler is deployed as a StatefulSet
# (when using LocalExecutor and `workers.persistence`)
updateStrategy: ~
# Update Strategy when scheduler is deployed as a Deployment
# (when not using LocalExecutor and `workers.persistence`)
strategy: ~
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `scheduler.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for scheduler Deployments for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Grace period for tasks to finish after SIGTERM is sent from Kubernetes
terminationGracePeriodSeconds: 10
# Create Service Account
serviceAccount:
# Affects all executors that launch pods
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to scheduler Kubernetes Service Account.
annotations: {}
# Service Account Token Volume configuration
# This is only used when `automountServiceAccountToken` is 'false'
# and allows manual configuration of the Service Account token volume
serviceAccountTokenVolume:
# Enable manual Service Account token volume configuration
enabled: false
# Path where the Service Account token should be mounted
mountPath: /var/run/secrets/kubernetes.io/serviceaccount
# Name of the volume
volumeName: kube-api-access
# Token expiration in seconds
expirationSeconds: 3600
# Audience for the token
audience: ~
# Scheduler pod disruption budget
podDisruptionBudget:
enabled: false
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
config:
maxUnavailable: 1
# minAvailable: 1
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# This setting tells Kubernetes that its ok to evict
# when it wants to scale a node down.
safeToEvict: true
# Launch additional containers into scheduler (templated).
extraContainers: []
# Add additional init containers into scheduler (templated).
extraInitContainers: []
# Mount additional volumes into scheduler.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Select certain nodes for Airflow scheduler pods.
nodeSelector: {}
affinity: {}
# default scheduler affinity is:
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# component: scheduler
# topologyKey: kubernetes.io/hostname
# weight: 100
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# Annotations for scheduler Deployment
annotations: {}
# Pod annotations for scheduler pods (templated)
podAnnotations: {}
# Labels specific to scheduler objects and pods
labels: {}
logGroomerSidecar:
# Whether to deploy the Airflow scheduler log groomer sidecar.
enabled: true
# Command to use when running the Airflow scheduler log groomer sidecar (templated).
command: ~
# Args to use when running the Airflow scheduler log groomer sidecar (templated).
args: ["bash", "/clean-logs"]
# Number of days to retain logs
retentionDays: 15
# Number of minutes to retain logs.
# This can be used for finer granularity than days.
# Total retention is `retentionDays` + `retentionMinutes`.
retentionMinutes: 0
# Frequency to attempt to groom logs, in minutes
frequencyMinutes: 15
# Max size of logs in bytes. 0 = disabled
maxSizeBytes: 0
# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.
maxSizePercent: 0
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for `logGroomerSidecar` for container level
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
env: []
waitForMigrations:
# Whether to create init container to wait for db migrations
enabled: true
env: []
# Detailed default security context for waitForMigrations for container level
securityContexts:
container: {}
env: []
# Airflow create user job settings
createUserJob:
# Whether the create user job should be created
enabled: true
# Create initial user.
defaultUser:
role: Admin
username: admin
email: admin@example.com
firstName: admin
lastName: user
password: admin
# Limit the lifetime of the job object after it finished execution.
ttlSecondsAfterFinished: 300
# Command to use when running the create user job (templated).
command: ~
# Args to use when running the create user job (templated).
args:
- "bash"
- "-c"
# The format below is necessary to get `helm lint` happy
- |-
exec \
airflow users create "$@"
- --
# yamllint disable rule:line-length
- "-r"
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.role }}{{ else }}{{ .Values.createUserJob.defaultUser.role }}{{ end }}"
- "-u"
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.username }}{{ else }}{{ .Values.createUserJob.defaultUser.username }}{{ end }}"
- "-e"
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.email }}{{ else }}{{ .Values.createUserJob.defaultUser.email }}{{ end }}"
- "-f"
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.firstName }}{{ else }}{{ .Values.createUserJob.defaultUser.firstName }}{{ end }}"
- "-l"
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.lastName }}{{ else }}{{ .Values.createUserJob.defaultUser.lastName }}{{ end }}"
- "-p"
- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.password }}{{ else }}{{ .Values.createUserJob.defaultUser.password }}{{ end }}"
# Annotations on the create user job pod (templated)
annotations: {}
# `jobAnnotations` are annotations on the create user job
jobAnnotations: {}
restartPolicy: OnFailure
# Labels specific to `createUserJob` objects and pods
labels: {}
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `createUserJob.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for `createUserJob` for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to create user Kubernetes Service Account.
annotations: {}
# Launch additional containers into user creation job
extraContainers: []
# Add additional init containers into user creation job (templated).
extraInitContainers: []
# Mount additional volumes into user creation job.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# In case you need to disable the helm hooks that create the jobs after install.
# Disable this if you are e.g. using ArgoCD
useHelmHooks: true
applyCustomEnv: true
env: []
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Airflow database migration job settings
migrateDatabaseJob:
enabled: true
# Limit the lifetime of the job object after it finished execution.
ttlSecondsAfterFinished: 300
# Command to use when running the migrate database job (templated).
command: ~
# Args to use when running the migrate database job (templated).
args:
- "bash"
- "-c"
- >-
exec \
airflow db migrate
# Annotations on the database migration pod (templated)
annotations: {}
# `jobAnnotations` are annotations on the database migration job
jobAnnotations: {}
restartPolicy: OnFailure
# Labels specific to migrate database job objects and pods
labels: {}
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `migrateDatabaseJob.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for `migrateDatabaseJob` for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to migrate database job Kubernetes Service Account.
annotations: {}
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Launch additional containers into database migration job
extraContainers: []
# Add additional init containers into migrate database job (templated).
extraInitContainers: []
# Mount additional volumes into database migration job.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# In case you need to disable the helm hooks that create the jobs after install.
# Disable this if you are using ArgoCD for example
useHelmHooks: true
applyCustomEnv: true
env: []
apiServer:
enabled: true
# Number of Airflow API servers in the Deployment.
# Omitted from the Deployment, when HPA is enabled.
replicas: 1
# Max number of old ReplicaSets to retain
revisionHistoryLimit: ~
# Labels specific to Airflow API server objects and pods
labels: {}
# Command to use when running the Airflow API server (templated).
command: ~
# Args to use when running the Airflow API server (templated).
args: ["bash", "-c", "exec airflow api-server"]
# Example: To enable proxy headers support when running behind a reverse proxy:
# args: ["bash", "-c", "exec airflow api-server --proxy-headers"]
allowPodLogReading: true
# Environment variables for the Airflow API server.
env: []
# Example: To configure FORWARDED_ALLOW_IPS when running behind a reverse proxy:
# env:
# - name: FORWARDED_ALLOW_IPS
# value: "*" # Use "*" for trusted environments, or specify proxy IP ranges for production
# Allow Horizontal Pod Autoscaler (HPA) configuration for api-server. (optional)
# HPA automatically scales the number of api-server pods based on observed metrics.
# HPA automatically adjusts api-server replicas between `minReplicaCount` and `maxReplicaCount` based on metrics.
hpa:
enabled: false
# Minimum number of api-servers created by HPA
minReplicaCount: 1
# Maximum number of api-servers created by HPA
maxReplicaCount: 5
# Specifications for which to use to calculate the desired replica count
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50
# Scaling behavior of the target in both Up and Down directions
behavior: {}
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to Airflow API server Kubernetes Service Account.
annotations: {}
service:
type: ClusterIP
# Service annotations
annotations: {}
ports:
- name: api-server
port: "{{ .Values.ports.apiServer }}"
loadBalancerIP: ~
# Limit load balancer source ips to list of CIDRs
loadBalancerSourceRanges: []
# loadBalancerSourceRanges:
# - "10.123.0.0/16"
podDisruptionBudget:
enabled: false
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
config:
maxUnavailable: 1
# minAvailable: 1
# Allow overriding Update Strategy for API server
strategy: ~
# Detailed default security contexts for Airflow API server Deployments for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
waitForMigrations:
# Whether to create init container to wait for db migrations
enabled: true
env: []
# Detailed default security context for waitForMigrations for container level
securityContexts:
container: {}
# Launch additional containers into the Airflow API server pods.
extraContainers: []
# Add additional init containers into API server (templated).
extraInitContainers: []
# Mount additional volumes into API server.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Select certain nodes for Airflow API server pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# hostAliases for API server pod
hostAliases: []
# Annotations for Airflow API server Deployment
annotations: {}
# Pod annotations for API server pods (templated)
podAnnotations: {}
networkPolicy:
ingress:
# Peers for Airflow API server NetworkPolicy ingress
from: []
# Ports for Airflow API server NetworkPolicy ingress (if `from` is set)
ports:
- port: "{{ .Values.ports.apiServer }}"
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Add custom annotations to the `apiServer` ConfigMap
configMapAnnotations: {}
# This string (templated) will be mounted into the Airflow API Server
# as a custom webserver_config.py. You can bake a webserver_config.py into
# your image instead or specify a ConfigMap containing the
# webserver_config.py.
apiServerConfig: ~
# apiServerConfig: |
# from airflow import configuration as conf
# # The SQLAlchemy connection string.
# SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')
# # Flask-WTF flag for CSRF
# CSRF_ENABLED = True
apiServerConfigConfigMapName: ~
livenessProbe:
initialDelaySeconds: 15
timeoutSeconds: 5
failureThreshold: 5
periodSeconds: 10
scheme: HTTP
readinessProbe:
initialDelaySeconds: 15
timeoutSeconds: 5
failureThreshold: 5
periodSeconds: 10
scheme: HTTP
startupProbe:
initialDelaySeconds: 0
timeoutSeconds: 20
failureThreshold: 6
periodSeconds: 10
scheme: HTTP
# Airflow webserver settings (only Airflow<3.0)
webserver:
enabled: true
# Add custom annotations to the webserver ConfigMap
configMapAnnotations: {}
# hostAliases for the webserver pod
hostAliases: []
# - ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - ip: "10.1.2.3"
# hostnames:
# - "foo.remote"
allowPodLogReading: true
livenessProbe:
initialDelaySeconds: 15
timeoutSeconds: 5
failureThreshold: 5
periodSeconds: 10
scheme: HTTP
readinessProbe:
initialDelaySeconds: 15
timeoutSeconds: 5
failureThreshold: 5
periodSeconds: 10
scheme: HTTP
# Wait for at most 1 minute (6*10s) for the webserver container to startup.
# LivenessProbe kicks in after the first successful startupProbe
startupProbe:
initialDelaySeconds: 0
timeoutSeconds: 20
failureThreshold: 6
periodSeconds: 10
scheme: HTTP
# Number of webservers
replicas: 1
# Max number of old replicasets to retain
revisionHistoryLimit: ~
# Command to use when running the Airflow webserver (templated).
command: ~
# Args to use when running the Airflow webserver (templated).
args: ["bash", "-c", "exec airflow webserver"]
# Grace period for webserver to finish after SIGTERM is sent from Kubernetes
terminationGracePeriodSeconds: 30
# Allow HPA
hpa:
enabled: false
# Minimum number of webservers created by HPA
minReplicaCount: 1
# Maximum number of webservers created by HPA
maxReplicaCount: 5
# Specifications for which to use to calculate the desired replica count
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 80
# Scaling behavior of the target in both Up and Down directions
behavior: {}
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to webserver Kubernetes Service Account.
annotations: {}
# Webserver pod disruption budget
podDisruptionBudget:
enabled: false
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
config:
maxUnavailable: 1
# minAvailable: 1
# Allow overriding Update Strategy for Webserver
strategy: ~
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `webserver.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security contexts for webserver Deployments for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Additional network policies as needed (deprecated, use `webserver.networkPolicy.ingress.from` instead)
extraNetworkPolicies: []
networkPolicy:
ingress:
# Peers for webserver NetworkPolicy ingress
from: []
# Ports for webserver NetworkPolicy ingress (if `from` is set)
ports:
- port: "{{ .Values.ports.airflowUI }}"
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Create initial user. (deprecated, use `createUserJob` section instead)
# defaultUser:
# enabled: true
# role: Admin
# username: admin
# email: admin@example.com
# firstName: admin
# lastName: user
# password: admin
# Launch additional containers into webserver (templated).
extraContainers: []
# Add additional init containers into webserver (templated).
extraInitContainers: []
# Mount additional volumes into webserver.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# This string (templated) will be mounted into the Airflow Webserver
# as a custom webserver_config.py. You can bake a webserver_config.py into
# your image instead or specify a ConfigMap containing the
# webserver_config.py.
webserverConfig: ~
# webserverConfig: |
# from airflow import configuration as conf
# # The SQLAlchemy connection string.
# SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')
# # Flask-WTF flag for CSRF
# CSRF_ENABLED = True
webserverConfigConfigMapName: ~
service:
type: ClusterIP
# Service annotations
annotations: {}
ports:
- name: airflow-ui
port: "{{ .Values.ports.airflowUI }}"
# To change the port used to access the webserver:
# ports:
# - name: airflow-ui
# port: 80
# targetPort: airflow-ui
# To only expose a sidecar, not the webserver directly:
# ports:
# - name: only_sidecar
# port: 80
# targetPort: 8888
# If you have a public IP, set NodePort to set an external port.
# Service type must be 'NodePort':
# ports:
# - name: airflow-ui
# port: 8080
# targetPort: 8080
# nodePort: 31151
loadBalancerIP: ~
# Limit load balancer source ips to list of CIDRs
loadBalancerSourceRanges: []
# loadBalancerSourceRanges:
# - "10.123.0.0/16"
# Select certain nodes for Airflow webserver pods.
nodeSelector: {}
priorityClassName: ~
affinity: {}
# default webserver affinity is:
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# component: webserver
# topologyKey: kubernetes.io/hostname
# weight: 100
tolerations: []
topologySpreadConstraints: []
# Annotations for webserver Deployment
annotations: {}
# Pod annotations for webserver pods (templated)
podAnnotations: {}
# Labels specific webserver app
labels: {}
waitForMigrations:
# Whether to create init container to wait for db migrations
enabled: true
env: []
# Detailed default security context for waitForMigrations for container level
securityContexts:
container: {}
env: []
# Airflow Triggerer Config
triggerer:
enabled: true
# Number of Airflow triggerers in the Deployment
replicas: 1
# Max number of old replicasets to retain
revisionHistoryLimit: ~
# Command to use when running Airflow triggerers (templated).
command: ~
# Args to use when running Airflow triggerer (templated).
args: ["bash", "-c", "exec airflow triggerer"]
# Update Strategy when triggerer is deployed as a StatefulSet
updateStrategy: ~
# Update Strategy when triggerer is deployed as a Deployment
strategy:
rollingUpdate:
maxSurge: "100%"
maxUnavailable: "50%"
# If the triggerer stops heartbeating for 5 minutes (5*60s) kill the
# triggerer and let Kubernetes restart it
livenessProbe:
initialDelaySeconds: 10
timeoutSeconds: 20
failureThreshold: 5
periodSeconds: 60
command: ~
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to triggerer Kubernetes Service Account.
annotations: {}
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `triggerer.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for triggerer for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
persistence:
# Enable persistent volumes
enabled: true
# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed.
persistentVolumeClaimRetentionPolicy: ~
# Volume size for triggerer StatefulSet
size: 100Gi
# If using a custom storageClass, pass name ref to all statefulSets here
storageClassName:
# Execute init container to chown log directory.
# This is currently only needed in kind, due to usage
# of local-path provisioner.
fixPermissions: false
# Annotations to add to triggerer volumes
annotations: {}
# Triggerer pod disruption budget
podDisruptionBudget:
enabled: false
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
config:
maxUnavailable: 1
# minAvailable: 1
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Grace period for triggerer to finish after SIGTERM is sent from Kubernetes
terminationGracePeriodSeconds: 60
# This setting tells Kubernetes that its ok to evict
# when it wants to scale a node down.
safeToEvict: true
# Launch additional containers into triggerer (templated).
extraContainers: []
# Add additional init containers into triggerers (templated).
extraInitContainers: []
# Mount additional volumes into triggerer.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Select certain nodes for Airflow triggerer pods.
nodeSelector: {}
affinity: {}
# default triggerer affinity is:
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# component: triggerer
# topologyKey: kubernetes.io/hostname
# weight: 100
tolerations: []
topologySpreadConstraints: []
# hostAliases for the triggerer pod
hostAliases: []
# - ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - ip: "10.1.2.3"
# hostnames:
# - "foo.remote"
priorityClassName: ~
# Annotations for the triggerer Deployment
annotations: {}
# Pod annotations for triggerer pods (templated)
podAnnotations: {}
# Labels specific to triggerer objects and pods
labels: {}
logGroomerSidecar:
# Whether to deploy the Airflow triggerer log groomer sidecar.
enabled: true
# Command to use when running the Airflow triggerer log groomer sidecar (templated).
command: ~
# Args to use when running the Airflow triggerer log groomer sidecar (templated).
args: ["bash", "/clean-logs"]
# Number of days to retain logs
retentionDays: 15
# Number of minutes to retain logs.
# This can be used for finer granularity than days.
# Total retention is `retentionDays` + `retentionMinutes`.
retentionMinutes: 0
# frequency to attempt to groom logs, in minutes
frequencyMinutes: 15
# Max size of logs in bytes. 0 = disabled
maxSizeBytes: 0
# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.
maxSizePercent: 0
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Detailed default security context for `logGroomerSidecar` for container level
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
env: []
waitForMigrations:
# Whether to create init container to wait for db migrations
enabled: true
env: []
# Detailed default security context for waitForMigrations for container level
securityContexts:
container: {}
env: []
# Allow KEDA autoscaling.
keda:
enabled: false
namespaceLabels: {}
# How often KEDA polls the Airflow DB to report new scale requests to the HPA
pollingInterval: 5
# How many seconds KEDA will wait before scaling to zero.
# Note that HPA has a separate cooldown period for scale-downs
cooldownPeriod: 30
# Minimum number of triggerers created by keda
minReplicaCount: 0
# Maximum number of triggerers created by keda
maxReplicaCount: 10
# Specify HPA related options
advanced: {}
# horizontalPodAutoscalerConfig:
# behavior:
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Percent
# value: 100
# periodSeconds: 15
# Query to use for KEDA autoscaling. Must return a single integer.
query: >-
SELECT ceil(COUNT(*)::decimal / {{ include "triggerer.capacity" . }})
FROM trigger
# Whether to use PGBouncer to connect to the database or not when it is enabled
# This configuration will be ignored if PGBouncer is not enabled
usePgbouncer: false
# Airflow Dag Processor Config
dagProcessor:
enabled: ~
# Dag Bundle Configuration
# Define Dag bundles in a structured YAML format. This will be automatically
# converted to JSON string format for `config.dag_processor.dag_bundle_config_list`.
dagBundleConfigList:
- name: dags-folder
classpath: "airflow.dag_processing.bundles.local.LocalDagBundle"
kwargs: {}
# Example:
# dagBundleConfigList:
# - name: bundle1
# classpath: "airflow.providers.git.bundles.git.GitDagBundle"
# kwargs:
# git_conn_id: "GITHUB__repo1"
# subdir: "dags"
# tracking_ref: "main"
# refresh_interval: 60
# - name: bundle2
# classpath: "airflow.providers.git.bundles.git.GitDagBundle"
# kwargs:
# git_conn_id: "GITHUB__repo2"
# subdir: "dags"
# tracking_ref: "develop"
# refresh_interval: 120
# - name: dags-folder
# classpath: "airflow.dag_processing.bundles.local.LocalDagBundle"
# kwargs: {}
# Number of Airflow dag processors in the Deployment
replicas: 1
# Max number of old ReplicaSets to retain
revisionHistoryLimit: ~
# Command to use when running Airflow dag processors (templated).
command: ~
# Args to use when running Airflow dag processor (templated).
args: ["bash", "-c", "exec airflow dag-processor"]
# Update Strategy for dag processors
strategy:
rollingUpdate:
maxSurge: "100%"
maxUnavailable: "50%"
# If the dag processor stops heartbeating for 5 minutes (5*60s) kill the
# dag processor and let Kubernetes restart it
livenessProbe:
initialDelaySeconds: 10
timeoutSeconds: 20
failureThreshold: 5
periodSeconds: 60
command: ~
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to dag processor Kubernetes Service Account.
annotations: {}
# Dag processor pod disruption budget
podDisruptionBudget:
enabled: false
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
config:
maxUnavailable: 1
# minAvailable: 1
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `dagProcessor.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for dagProcessor for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Grace period for dag processor to finish after SIGTERM is sent from Kubernetes
terminationGracePeriodSeconds: 60
# This setting tells Kubernetes that its ok to evict
# when it wants to scale a node down.
safeToEvict: true
# Launch additional containers into dag processor (templated).
extraContainers: []
# Add additional init containers into dag processors (templated).
extraInitContainers: []
# Mount additional volumes into dag processor.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Select certain nodes for Airflow dag processor pods.
nodeSelector: {}
affinity: {}
# Default dag processor affinity is:
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# component: dag-processor
# topologyKey: kubernetes.io/hostname
# weight: 100
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# Annotations for the dag processor Deployment
annotations: {}
# Pod annotations for dag processor pods (templated)
podAnnotations: {}
logGroomerSidecar:
# Whether to deploy the Airflow dag processor log groomer sidecar.
enabled: true
# Command to use when running the Airflow dag processor log groomer sidecar (templated).
command: ~
# Args to use when running the Airflow dag processor log groomer sidecar (templated).
args: ["bash", "/clean-logs"]
# Number of days to retain logs
retentionDays: 15
# Number of minutes to retain logs.
# This can be used for finer granularity than days.
# Total retention is `retentionDays` + `retentionMinutes`.
retentionMinutes: 0
# frequency to attempt to groom logs, in minutes
frequencyMinutes: 15
# Max size of logs in bytes. 0 = disabled
maxSizeBytes: 0
# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.
maxSizePercent: 0
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
securityContexts:
container: {}
env: []
waitForMigrations:
# Whether to create init container to wait for db migrations
enabled: true
env: []
# Detailed default security context for waitForMigrations for container level
securityContexts:
container: {}
# Labels specific to dag processor objects
labels: {}
# Environment variables to add to dag processor container
env: []
# Flower settings
flower:
# Enable flower.
# If True, and using CeleryExecutor/CeleryKubernetesExecutor, will deploy flower app.
enabled: false
livenessProbe:
initialDelaySeconds: 10
timeoutSeconds: 5
failureThreshold: 10
periodSeconds: 5
readinessProbe:
initialDelaySeconds: 10
timeoutSeconds: 5
failureThreshold: 10
periodSeconds: 5
# Wait for at most 1 minute (6*10s) for the flower container to startup.
# LivenessProbe kicks in after the first successful StartupProbe
startupProbe:
initialDelaySeconds: 0
timeoutSeconds: 20
failureThreshold: 6
periodSeconds: 10
# Max number of old ReplicaSets to retain
revisionHistoryLimit: ~
# Command to use when running flower (templated).
command: ~
# Args to use when running flower (templated).
args:
- "bash"
- "-c"
# The format below is necessary to get `helm lint` happy
- |-
exec \
airflow celery flower
# Additional network policies as needed (deprecated, use `flower.networkPolicy.ingress.from` instead)
extraNetworkPolicies: []
networkPolicy:
ingress:
# Peers for flower NetworkPolicy ingress
from: []
# Ports for flower NetworkPolicy ingress (if `from` is set)
ports:
- port: "{{ .Values.ports.flowerUI }}"
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `flower.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for flower for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to worker Kubernetes Service Account.
annotations: {}
# If set, the secret must contain a base64-encoded 'connection' key with
# a Flower basic auth connection string user:password.
secretName: ~
# Example secret:
# kind: Secret
# apiVersion: v1
# metadata:
# name: custom-flower-secret
# type: Opaque
# data:
# connection: <base64_encoded_user_password>
# Add custom annotations to the flower secret
secretAnnotations: {}
# If `secretName` is not specified, set username and password (secret will be created automatically)
username: ~
password: ~
service:
type: ClusterIP
# Service annotations
annotations: {}
ports:
- name: flower-ui
port: "{{ .Values.ports.flowerUI }}"
# To change the port used to access flower:
# ports:
# - name: flower-ui
# port: 8080
# targetPort: flower-ui
loadBalancerIP: ~
# Limit load balancer source ips to list of CIDRs
loadBalancerSourceRanges: []
# loadBalancerSourceRanges:
# - "10.123.0.0/16"
# Launch additional containers into the flower pods.
extraContainers: []
# Mount additional volumes into the flower pods.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Select certain nodes for Airflow flower pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# Annotations for the flower Deployment
annotations: {}
# Pod annotations for flower pods (templated)
podAnnotations: {}
# Labels specific to flower objects and pods
labels: {}
env: []
# StatsD settings
statsd:
# Add custom annotations to the StatsD ConfigMap
configMapAnnotations: {}
enabled: true
# Max number of old ReplicaSets to retain
revisionHistoryLimit: ~
# Arguments for StatsD exporter command.
# By default contains path in the container to the mapping config file.
args: ["--statsd.mapping-config=/etc/statsd-exporter/mappings.yml"]
# If you ever need to fully override the entire `args` list, you can
# supply your own array here; if set, all below flag-specific values
# under `statsd.cache` section are ignored.
# args:
# - "--statsd.cache-size=1000"
# - "--statsd.cache-type=random"
# - "--ttl=10m"
cache:
# Maximum number of metricmapping entries to keep in cache.
# When you send more distinct metric names than this, older entries
# will be evicted according to cacheType.
size: 1000
# Metrics Eviction policy for the mapping cache.
# - lru → LeastRecentlyUsed eviction
# - random → Random eviction
type: lru
# Permetric timetolive. When set to a nonzero duration, any metric
# series that hasn't received an update in this interval will be dropped
# from the exported '/metrics' output.
# Format: Go duration string (e.g. "30s", "5m", "1h")
# Default: "0s" (disabled, never expires)
ttl: "0s"
# Annotations to add to the StatsD Deployment.
annotations: {}
# Grace period for StatsD to finish after SIGTERM is sent from Kubernetes
terminationGracePeriodSeconds: 30
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to worker Kubernetes Service Account.
annotations: {}
uid: 65534
# (deprecated, use `statsd.securityContexts` instead)
securityContext: {}
# runAsUser: 65534
# fsGroup: 0
# runAsGroup: 0
# Detailed default security context for StatsD Deployments for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Additional network policies as needed
extraNetworkPolicies: []
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
service:
extraAnnotations: {}
# Select certain nodes for StatsD pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# Additional mappings for StatsD exporter.
# If set, will merge default mapping and extra mappings, where default mapping has higher priority.
# If you want to change some default mapping, please use `overrideMappings` setting.
extraMappings: []
# Override mappings for StatsD exporter.
# If set, will ignore setting item in default and `extraMappings`.
# If you use it, ensure that it contains all mapping items.
overrideMappings: []
# Pod annotations for StatsD pods (templated)
podAnnotations: {}
# Labels specific to StatsD objects and pods
labels: {}
# Environment variables to add to StatsD container
env: []
# PgBouncer settings
pgbouncer:
# Enable PgBouncer
enabled: false
# Number of PgBouncer replicas to run in Deployment
replicas: 1
# Max number of old replicasets to retain
revisionHistoryLimit: ~
# Command to use for PgBouncer (templated).
command: ["pgbouncer", "-u", "nobody", "/etc/pgbouncer/pgbouncer.ini"]
# Args to use for PgBouncer (templated).
args: ~
auth_type: scram-sha-256
auth_file: /etc/pgbouncer/users.txt
# Whether to mount the config secret files at a default location (/etc/pgbouncer/*).
# Can be skipped to allow for other means to get the values, e.g. secrets provider class.
mountConfigSecret: true
# Annotations to be added to the PgBouncer Deployment
annotations: {}
# Pod annotations for PgBouncer pods (templated)
podAnnotations: {}
# Add custom annotations to the PgBouncer certificates secret
certificatesSecretAnnotations: {}
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to worker Kubernetes Service Account.
annotations: {}
# Additional network policies as needed
extraNetworkPolicies: []
# Pool sizes
metadataPoolSize: 10
resultBackendPoolSize: 5
# Maximum clients that can connect to PgBouncer (higher = more file descriptors)
maxClientConn: 100
# Supply the name of existing secret with 'pgbouncer.ini' and 'users.txt' defined
configSecretName: ~
# Secret example:
# apiVersion: v1
# kind: Secret
# metadata:
# name: pgbouncer-config-secret
# data:
# pgbouncer.ini: <base64_encoded pgbouncer.ini file content>
# users.txt: <base64_encoded users.txt file content>
# type: Opaque
# Add custom annotations to the PgBouncer config secret
configSecretAnnotations: {}
# PgBouncer pod disruption budget
podDisruptionBudget:
enabled: false
# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)
config:
maxUnavailable: 1
# minAvailable: 1
resources: {}
# resource:
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
service:
extraAnnotations: {}
clusterIp: ~
# https://www.pgbouncer.org/config.html
verbose: 0
logDisconnections: 0
logConnections: 0
sslmode: "prefer"
ciphers: "normal"
ssl:
ca: ~
cert: ~
key: ~
# Add extra PgBouncer ini configuration in the databases section:
# https://www.pgbouncer.org/config.html#section-databases
extraIniMetadata: ~
extraIniResultBackend: ~
# Add extra general PgBouncer ini configuration: https://www.pgbouncer.org/config.html
extraIni: ~
# Mount additional volumes into PgBouncer.
# Volumes apply to all PgBouncer containers, while volume mounts apply to the PgBouncer
# container itself. Metrics exporter container has its own mounts.
extraVolumes: []
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumes:
# - name: my-templated-extra-volume
# secret:
# secretName: '{{ include "my_secret_template" . }}'
# defaultMode: 0640
# optional: true
#
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Launch additional containers into PgBouncer pod.
extraContainers: []
# Select certain nodes for PgBouncer pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
uid: 65534
# Detailed default security context for PgBouncer for container level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks:
preStop:
exec:
# Allow existing queries clients to complete within 120 seconds
command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"]
metricsExporterSidecar:
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
sslmode: "disable"
# Supply the name of existing secret with PGBouncer connection URI containing
# stats user and password, where 'connection' key is base64-encoded value.
statsSecretName: ~
# Secret example:
# apiVersion: v1
# kind: Secret
# metadata:
# name: pgbouncer-stats-secret
# data:
# connection: postgresql://<stats user>:<password>@127.0.0.1:6543/pgbouncer?<connection params>
# type: Opaque
# Key containing the PGBouncer connection URI, defaults to 'connection' if not defined
statsSecretKey: ~
# Add custom annotations to the PgBouncer stats secret
statsSecretAnnotations: {}
# Detailed default security context for metricsExporterSidecar for container level
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
readinessProbe:
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
# Mount additional volumes into the metrics exporter.
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Labels specific to PgBouncer objects and pods
labels: {}
# Environment variables to add to PgBouncer container
env: []
# Configuration for the redis provisioned by the chart
redis:
enabled: true
terminationGracePeriodSeconds: 600
# Annotations for Redis Statefulset
annotations: {}
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to worker Kubernetes Service Account.
annotations: {}
service:
# Service type
type: "ClusterIP"
# If using ClusterIP service type, custom IP address can be specified
clusterIP:
# If using NodePort service type, custom node port can be specified
nodePort:
persistence:
# Enable persistent volumes
enabled: true
# Volume size for worker StatefulSet
size: 1Gi
# If using a custom storageClass, pass name ref to all statefulSets here
storageClassName:
# Annotations to add to redis volumes
annotations: {}
# The name of an existing PVC to use
existingClaim:
persistentVolumeClaimRetentionPolicy: ~
# persistentVolumeClaimRetentionPolicy:
# whenDeleted: Delete
# whenScaled: Delete
# Configuration for empty dir volume (if `redis.persistence.enabled` == 'false')
# emptyDirConfig:
# sizeLimit: 1Gi
# medium: Memory
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# If set use as redis secret. Make sure to also set `data.brokerUrlSecretName` value.
passwordSecretName: ~
# If `passwordSecretName` is not specified, set `password` field.
# Otherwise a new password will be generated on install
# Note: password can only be set during 'helm install', not 'helm upgrade'.
password: ~
# Add custom annotations to the redis password secret
passwordSecretAnnotations: {}
# This setting tells Kubernetes that its ok to evict
# when it wants to scale a node down.
safeToEvict: true
# Select certain nodes for redis pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# Set to 0 for backwards-compatibility
uid: 0
# (deprecated, use `redis.securityContexts` instead)
securityContext: {}
# runAsUser: 999
# runAsGroup: 0
# Detailed default security context for redis for container and pod level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Labels specific to redis objects and pods
labels: {}
# Pod annotations for Redis pods (templated)
podAnnotations: {}
# Auth secret for a private registry (deprecated, use `imagePullSecrets` instead)
# This is used if pulling Airflow images from a private registry
registry:
# Name of the Kubernetes secret containing Base64 encoded credentials to connect to a private registry
# (deprecated, use `imagePullSecrets` instead).
secretName: ~
# Credentials to connect to a private registry, these will get Base64 encoded and stored in a secret
# (deprecated, use `imagePullSecrets` instead - requires manual secret creation).
connection: {}
# Example:
# connection:
# user: ~
# pass: ~
# host: ~
# email: ~
# Elasticsearch logging configuration
elasticsearch:
# Enable elasticsearch task logging
enabled: false
# A secret containing the connection
secretName: ~
# Object representing the connection, if `secretName` not specified
connection: {}
# Example:
# connection:
# scheme: ~
# user: ~
# pass: ~
# host: ~
# port: ~
# Add custom annotations to the elasticsearch secret
secretAnnotations: {}
# OpenSearch logging configuration
opensearch:
# Enable opensearch task logging
enabled: false
# A secret containing the connection
secretName: ~
# Object representing the connection, if `secretName` not specified
connection: {}
# Example:
# connection:
# scheme: ~
# user: ~
# pass: ~
# host: ~
# port: ~
# All ports used by chart
ports:
flowerUI: 5555
airflowUI: 8080
workerLogs: 8793
triggererLogs: 8794
redisDB: 6379
statsdIngest: 9125
statsdScrape: 9102
pgbouncer: 6543
pgbouncerScrape: 9127
apiServer: 8080
# Define any ResourceQuotas for namespace
quotas: {}
# Define default/max/min values for pods and containers in namespace
limits: []
# This runs as a CronJob to cleanup old pods spawned by the KubernetesExecutor.
# It is required to have KubernetesExecutor enabled.
cleanup:
enabled: false
# Run every 15 minutes (templated).
schedule: "*/15 * * * *"
# To select a random-ish, deterministic starting minute between 3 and 12 inclusive for each release:
# schedule: '{{- add 3 (regexFind ".$" (adler32sum .Release.Name)) -}}-59/15 * * * *'
# To select the last digit of unix epoch time as the starting minute on each deploy:
# schedule: '{{- now | unixEpoch | trunc -1 -}}-59/* * * * *'
# Command to use when running the cleanup CronJob (templated).
command: ~
# Args to use when running the cleanup CronJob (templated).
args: ["bash", "-c", "exec airflow kubernetes cleanup-pods --namespace={{ .Release.Namespace }}"]
# `jobAnnotations` are annotations on the cleanup CronJob
jobAnnotations: {}
# Select certain nodes for Airflow cleanup pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# Pod annotations for cleanup pods (templated)
podAnnotations: {}
# Labels specific to cleanup objects and pods
labels: {}
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to cleanup CronJob Kubernetes Service Account.
annotations: {}
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `cleanup.securityContexts` instead)
securityContext: {}
# runAsUser: 50000
# runAsGroup: 0
env: []
# Detailed default security context for cleanup for container level
securityContexts:
pod: {}
container: {}
# container level lifecycle hooks
containerLifecycleHooks: {}
# Specify history limit
# When set, overwrite the default k8s number of successful and failed CronJob executions that are saved.
failedJobsHistoryLimit: ~
successfulJobsHistoryLimit: ~
# This runs as a CronJob to cleanup database for old entries.
databaseCleanup:
enabled: false
applyCustomEnv: true
# Run every week on Sunday at midnight (templated).
schedule: "0 0 * * 0"
# Command to use when running the database cleanup CronJob (templated).
command: ~
# Args to use when running the database cleanup CronJob (templated).
args:
- "bash"
- "-c"
- >-
CLEAN_TS=$(date -d "-{{ .Values.databaseCleanup.retentionDays }} days" +"%Y-%m-%dT%H:%M:%S");
echo "Cleaning up metadata DB entries older than ${CLEAN_TS}";
exec airflow db clean --clean-before-timestamp "${CLEAN_TS}" --yes
{{- if .Values.databaseCleanup.skipArchive }} --skip-archive{{ end }}
{{- if .Values.databaseCleanup.verbose }} --verbose{{ end }}
{{- with .Values.databaseCleanup.batchSize }} --batch-size {{ . }}{{ end }}
{{- with .Values.databaseCleanup.tables }} --tables {{ . | join "," }}{{ end }}
# Number of days to retain entries in the metadata database.
retentionDays: 90
# Don't preserve purged records in an archive table
skipArchive: false
# Table names to perform maintenance on. Supported values in:
# https://airflow.apache.org/docs/apache-airflow/stable/cli-and-env-variables-ref.html#clean
tables: []
# Maximum number of rows to delete or archive in a single transaction
batchSize: ~
# Make logging output more verbose
verbose: true
# `jobAnnotations` are annotations on the database cleanup CronJob
jobAnnotations: {}
# Select certain nodes for Airflow database cleanup pods.
nodeSelector: {}
affinity: {}
tolerations: []
topologySpreadConstraints: []
priorityClassName: ~
# Pod annotations for database cleanup pods (templated)
podAnnotations: {}
# Labels specific to database cleanup objects and pods
labels: {}
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Create Service Account
serviceAccount:
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
automountServiceAccountToken: true
# Specifies whether a Service Account should be created
create: true
# The name of the Service Account to use.
# If not set and `create` is 'true', a name is generated using the release name
name: ~
# Annotations to add to database cleanup CronJob Kubernetes Service Account.
annotations: {}
env: []
# Detailed default security context for database cleanup for container level
securityContexts:
pod: {}
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Specify history limit
# When set, overwrite the default k8s number of successful and failed CronJob executions that are saved.
failedJobsHistoryLimit: 1
successfulJobsHistoryLimit: 1
# Time to live (in seconds) for Jobs created by this CronJob after they finish.
ttlSecondsAfterFinished: ~
# Configuration for postgresql subchart
# Uses bitnamilegacy images to avoid Bitnami licensing restrictions
# Not recommended for production - use external database instead
postgresql:
enabled: true
image:
repository: bitnamilegacy/postgresql
tag: "16.1.0-debian-11-r15"
auth:
enablePostgresUser: true
postgresPassword: postgres
username: ""
password: ""
# Config settings to go into the mounted airflow.cfg
#
# Please note that these values are passed through the `tpl` function, so are
# all subject to being rendered as go templates. If you need to include a
# literal `{{` in a value, it must be expressed like this:
# a: '{{ "{{ not a template }}" }}'
#
# Do not set config containing secrets via plain text values, use Env Var or k8s secret object
# yamllint disable rule:line-length
config:
core:
dags_folder: '{{ include "airflow_dags" . }}'
# This is ignored when used with the official Docker image
load_examples: 'False'
executor: '{{ .Values.executor }}'
auth_manager: "airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager"
logging:
remote_logging: '{{- ternary "True" "False" (or .Values.elasticsearch.enabled .Values.opensearch.enabled) }}'
colored_console_log: 'False'
metrics:
statsd_on: '{{ ternary "True" "False" .Values.statsd.enabled }}'
statsd_port: 9125
statsd_prefix: airflow
statsd_host: '{{ printf "%s-statsd" (include "airflow.fullname" .) }}'
fab:
enable_proxy_fix: 'True'
webserver:
# For Airflow 2.X
enable_proxy_fix: 'True'
celery:
flower_url_prefix: '{{ ternary "" .Values.ingress.flower.path (eq .Values.ingress.flower.path "/") }}'
worker_concurrency: 16
sync_parallelism: '{{ include "cpu_count" (((.Values.scheduler).resources).limits).cpu }}'
scheduler:
standalone_dag_processor: '{{ ternary "True" "False" (or (semverCompare ">=3.0.0" .Values.airflowVersion) (.Values.dagProcessor.enabled | default false)) }}'
dag_processor:
# This value is generated by default from `.Values.dagProcessor.dagBundleConfigList` using the `dag_bundle_config_list` helper function.
# It is recommended to configure this via `dagProcessor.dagBundleConfigList` rather than overriding `config.dag_processor.dag_bundle_config_list` directly.
dag_bundle_config_list: '{{ include "dag_bundle_config_list" . }}'
elasticsearch:
json_format: 'True'
log_id_template: "{dag_id}-{task_id}-{run_id}-{map_index}-{try_number}"
elasticsearch_configs:
max_retries: 3
timeout: 30
retry_timeout: 'True'
kerberos:
keytab: '{{ .Values.kerberos.keytabPath }}'
reinit_frequency: '{{ .Values.kerberos.reinitFrequency }}'
principal: '{{ .Values.kerberos.principal }}'
ccache: '{{ .Values.kerberos.ccacheMountPath }}/{{ .Values.kerberos.ccacheFileName }}'
celery_kubernetes_executor:
kubernetes_queue: 'kubernetes'
kubernetes_executor:
namespace: '{{ .Release.Namespace }}'
pod_template_file: '{{ include "airflow_pod_template_file" . }}/pod_template_file.yaml'
worker_container_repository: '{{ .Values.images.airflow.repository | default .Values.defaultAirflowRepository }}'
worker_container_tag: '{{ .Values.images.airflow.tag | default .Values.defaultAirflowTag }}'
multi_namespace_mode: '{{ ternary "True" "False" .Values.multiNamespaceMode }}'
# yamllint enable rule:line-length
# Whether Airflow can launch workers and/or pods in multiple namespaces
# If true, it creates ClusterRole/ClusterRolebinding (with access to entire cluster)
multiNamespaceMode: false
# `podTemplate` is a templated string which overwrites the content of `pod_template_file.yaml` used by
# KubernetesExecutor. The default `podTemplate` will use `workers` configuration parameters
# (e.g. `workers.resources`). As such, you normally won't need to override this directly, however,
# you can still provide a completely custom `pod_template_file.yaml` if desired.
# If not set, a default one is created using `files/pod-template-file.kubernetes-helm-yaml`.
podTemplate: ~
# The following example is NOT functional, but meant to be illustrative of how you can provide a custom
# `pod_template_file`. You're better off starting with the default in
# `files/pod-template-file.kubernetes-helm-yaml` and modifying from there.
# We will set `priorityClassName` in this example:
# podTemplate: |
# apiVersion: v1
# kind: Pod
# metadata:
# name: placeholder-name
# labels:
# tier: airflow
# component: worker
# release: {{ .Release.Name }}
# spec:
# priorityClassName: high-priority
# containers:
# - name: base
# ...
dags:
# Where dags volume will be mounted. Works for both persistence and gitSync.
# If not specified, dags mount path will be set to $AIRFLOW_HOME/dags
mountPath: ~
persistence:
# Annotations for dags PVC
annotations: {}
# Enable persistent volume for storing dags
enabled: false
# Volume size for dags
size: 1Gi
# If using a custom storageClass, pass name here
storageClassName:
# Access mode of the persistent volume
accessMode: ReadWriteOnce
# The name of an existing PVC to use
existingClaim:
# Optional subpath for dag volume mount
subPath: ~
gitSync:
enabled: false
# Git repo clone url
repo: https://github.com/apache/airflow.git
# SSH example: git@github.com:apache/airflow.git
# HTTPS example: https://github.com/apache/airflow.git
branch: v2-2-stable
rev: HEAD
# The git revision (branch, tag, or hash) to check out, v4 only
ref: v2-2-stable
depth: 1
# The number of consecutive failures allowed before aborting
maxFailures: 0
# Subpath within the repo where dags are located.
# Should be "" if dags are at repo root
subPath: "tests/dags"
# If your repo needs a username/password, you can load them to a k8s secret
#
# credentialsSecret: git-credentials
#
# Secret example:
# apiVersion: v1
# kind: Secret
# metadata:
# name: git-credentials
# data:
# # For git-sync v3
# GIT_SYNC_USERNAME: <base64_encoded_git_username>
# GIT_SYNC_PASSWORD: <base64_encoded_git_password>
# # For git-sync v4
# GITSYNC_USERNAME: <base64_encoded_git_username>
# GITSYNC_PASSWORD: <base64_encoded_git_password>
# If you are using an ssh clone url, you can load the ssh private key to a k8s secret
#
# sshKeySecret: airflow-ssh-secret
#
# Secret example:
# apiVersion: v1
# kind: Secret
# metadata:
# name: airflow-ssh-secret
# data:
# gitSshKey: <base64_encoded_data>
# If `sshKeySecret` is not specified, you can set `sshKey`
# sshKey: |
# -----BEGIN {OPENSSH PRIVATE KEY}-----
# ...
# -----END {OPENSSH PRIVATE KEY}-----
# If you are using an ssh private key, you can additionally
# specify the content of your known_hosts file
# knownHosts: |
# <host1>,<ip1> <key1>
# <host2>,<ip2> <key2>
# Interval between git sync attempts in seconds.
# High values are more likely to cause DAGs to become out of sync between different components.
# Low values cause more traffic to the remote git repository.
# Go-style duration string (e.g. "100ms" or "0.1s" = 100ms).
# For backwards compatibility, wait will be used if it is specified.
period: 5s
wait: ~
# Add variables from secret into gitSync containers, such proxy-config
envFrom: ~
# envFrom: |
# - secretRef:
# name: 'proxy-config'
containerName: git-sync
uid: 65533
# When not set, the values defined in the global `securityContext` will be used
# (deprecated, use `dags.gitSync.securityContexts` instead)
securityContext: {}
# runAsUser: 65533
# runAsGroup: 0
securityContexts:
container: {}
# Container level lifecycle hooks
containerLifecycleHooks: {}
# Git-Sync liveness service HTTP bind port
httpPort: 1234
# Setting this to true, will remove readinessProbe usage and configure livenessProbe to
# use a dedicated Git-Sync liveness service. In future, behaviour with value true will be
# default one and old one will be removed
recommendedProbeSetting: false
startupProbe:
enabled: true
timeoutSeconds: 1
initialDelaySeconds: 0
periodSeconds: 5
failureThreshold: 10
# As Git-Sync is not service-type object, the usage of this section will be removed.
# By setting `dags.gitSync.recommendedProbeSetting` to 'true', you will enable future behaviour.
readinessProbe: {}
# The behaviour of the LivenessProbe will change with the next release of Helm Chart.
# To enable future behaviour set `dags.gitSync.recommendedProbeSetting` to 'true'.
# New behaviour uses the recommended liveness configuration by using Git-Sync built-in
# liveness service
livenessProbe: {}
# enabled: true
# timeoutSeconds: 1
# initialDelaySeconds: 0
# periodSeconds: 5
# failureThreshold: 10
# Mount additional volumes into git-sync.
extraVolumeMounts: []
# It can be templated like in the following example:
# extraVolumeMounts:
# - name: my-templated-extra-volume
# mountPath: "{{ .Values.my_custom_path }}"
# readOnly: true
# Supported env vars for gitsync can be found at https://github.com/kubernetes/git-sync
env: []
# - name: ""
# value: ""
# Configuration for empty dir volume
# emptyDirConfig:
# sizeLimit: 1Gi
# medium: Memory
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
logs:
# Configuration for empty dir volume (if `logs.persistence.enabled` == 'false')
# emptyDirConfig:
# sizeLimit: 1Gi
# medium: Memory
persistence:
# Enable persistent volume for storing logs
enabled: false
# Volume size for logs
size: 100Gi
# Annotations for the logs PVC
annotations: {}
# If using a custom storageClass, pass name here
storageClassName:
# The name of an existing PVC to use
existingClaim:
# The subpath of the existing PVC to use
subPath:
Reference in New Issue View Git Blame Copy Permalink