airflow

Helm chart

Last changed

Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Tag:

# Licensed to the Apache Software Foundation (ASF) under one

# or more contributor license agreements. See the NOTICE file

# distributed with this work for additional information

# regarding copyright ownership. The ASF licenses this file

# to you under the Apache License, Version 2.0 (the

# "License"); you may not use this file except in compliance

# with the License. You may obtain a copy of the License at

# http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing,

# software distributed under the License is distributed on an

# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

# KIND, either express or implied. See the License for the

# specific language governing permissions and limitations

# under the License.

# Provide a name to substitute for the full names of resources

fullnameOverride: ""

# Default values for Airflow.

# This is a YAML-formatted file.

# Declare variables to be passed into your templates.

# Provide a name to substitute for the name of the chart

nameOverride: ""

# Use standard naming for all resources using airflow.fullname template

# Consider removing this later and default it to true

# to make this chart follow standard naming conventions using the fullname template.

# For now this is an opt-in switch for backwards compatibility to leverage the standard naming convention

# and being able to use fully fullnameOverride and nameOverride in all resources

# For new installations - it is recommended to set it to True to follow standard naming conventions

# For existing installations, this will rename and redeploy your resources with the new names. Be aware that

# this will recreate your Deployment/StatefulSets along with their persistent volume claims and data storage

# migration may be needed to keep your old data

useStandardNaming: false

# Max number of old replicasets to retain. Can be overridden by each Deployment's revisionHistoryLimit

revisionHistoryLimit: ~

# User and group of Airflow user

uid: 50000

gid: 0

# Default security context for Airflow (deprecated, use `securityContexts` instead)

securityContext: {}

# runAsUser: 50000

# fsGroup: 0

# runAsGroup: 0

# Detailed default security context for Airflow Deployments

securityContexts:

pod: {}

containers: {}

# Global container lifecycle hooks for Airflow containers

containerLifecycleHooks: {}

# Airflow home directory

# Used for mount paths

airflowHome: /opt/airflow

# Default Airflow repository -- overridden by all the specific images below

defaultAirflowRepository: cgr.dev/chainguard-private/airflow

# Default Airflow tag to deploy

defaultAirflowTag: latest

# Default Airflow digest. If specified, it takes precedence over tag

defaultAirflowDigest: sha256:b6f84d34e308de2c13d6545b2b27139c6ebbe058a6aef3420c709d8fd0485133

# Airflow version (Used to make some decisions based on Airflow Version being deployed)

# Version 3.1.0 and above is supported.

airflowVersion: "3.2.2"

images:

airflow:

repository: ~

tag: ~

# Specifying digest takes precedence over tag.

digest: ~

pullPolicy: IfNotPresent

# To avoid images with user code, you can turn this to 'true' and

# all the 'run-airflow-migrations' and 'wait-for-airflow-migrations' jobs/containers

# will use the images from 'defaultAirflowRepository:defaultAirflowTag' values

# to run and wait for DB migrations .

useDefaultImageForMigration: false

# timeout (in seconds) for airflow-migrations to complete

migrationsWaitTimeout: 60

pod_template:

# Note that `images.pod_template.repository` and `images.pod_template.tag` parameters can be overridden

# in `config.kubernetes_executor` section. So for these parameters to have effect

# `config.kubernetes_executor.worker_container_repository` and

# `config.kubernetes_executor.worker_container_tag` must be not set .

repository: ~

tag: ~

pullPolicy: IfNotPresent

flower:

repository: cgr.dev/chainguard-private/flower

tag: latest@sha256:717be87c725ded6b34ebeaf0f077acf9c3520f12c66bb6aac56ba9fa9fe27db3

pullPolicy: IfNotPresent

statsd:

repository: cgr.dev/chainguard-private/prometheus-statsd-exporter

tag: latest@sha256:2a28d85d64c22f549ad7fd48bbd40ff2de95650e7cde7adc9f5e2793fe70e448

pullPolicy: IfNotPresent

redis:

repository: cgr.dev/chainguard-private/redis

# Redis is limited to 7.2-bookworm due to licencing change

# https://redis.io/blog/redis-adopts-dual-source-available-licensing/

tag: latest@sha256:d13a71528be960770ccdd5a0dc7afa9afec54d67ed4fe4c118a9ee009ac62bd0

pullPolicy: IfNotPresent

100

pgbouncer:

101

repository: cgr.dev/chainguard-private/pgbouncer

102

tag: latest@sha256:e2b6293fc391686b939af9c90c70c8ee3add321f8512faf95a824ff062c0b1d1

103

pullPolicy: IfNotPresent

104

pgbouncerExporter:

105

repository: cgr.dev/chainguard-private/prometheus-pgbouncer-exporter

106

tag: latest@sha256:4bb81191d9efc4d97a1ed86007fdb675a6edd61019bb0342351d8f0db8180653

107

pullPolicy: IfNotPresent

108

gitSync:

109

repository: cgr.dev/chainguard-private/git-sync

110

tag: latest@sha256:6f6f4d0cd27303d8d6306a49cfab019f875f70d1e3acf454826b319c6f2ef0cf

111

pullPolicy: IfNotPresent

112

otelCollector:

113

repository: otel/opentelemetry-collector-contrib

114

tag: "0.70.0"

115

pullPolicy: IfNotPresent

116

# Select certain nodes for Airflow pods.

117

nodeSelector: {}

118

affinity: {}

119

tolerations: []

120

topologySpreadConstraints: []

121

schedulerName: ~

122

# Add common labels to all objects and pods defined in this chart.

123

labels: {}

124

# Whenever service links should be added to each pod.

125

enableServiceLinks: ~

126

# List of existing Kubernetes secrets containing Base64 encoded credentials to connect to private

127

# registries. Items can be either strings or {name: secret} objects.

128

imagePullSecrets: []

129

# Ingress configuration

130

ingress:

131

# Enable all ingress resources

132

# (deprecated, use

133

# `ingress.web.enabled`,

134

# `ingress.apiServer.enabled` and/or

135

# `ingress.flower.enabled`

136

# instead)

137

enabled: ~

138

# Configs for the Ingress of the API Server (Airflow 3+)

139

apiServer:

140

# Enable API Server ingress resource

141

enabled: false

142

# Annotations for the API Server Ingress

143

annotations: {}

144

# The path for the API Server Ingress

145

path: "/"

146

# The pathType for the above path

147

pathType: "ImplementationSpecific"

148

# The hostname for the API Server Ingress (deprecated, use `ingress.apiServer.hosts` instead)

149

host: ""

150

# The hostnames or hosts configuration for the API Server Ingress (templated)

151

hosts: []

152

# - name: ""

153

# # configs for API Server Ingress TLS

154

# tls:

155

# # Enable TLS termination for the API Server Ingress

156

# enabled: false

157

# # The name of a pre-created Secret containing a TLS private key and certificate

158

# secretName: ""

159

160

# The Ingress Class for the API Server Ingress

161

ingressClassName: ""

162

# Configs for API Server Ingress TLS (deprecated, use `ingress.apiServer.hosts[*].tls` instead)

163

tls:

164

# Enable TLS termination for the API Server Ingress

165

enabled: false

166

# The name of a pre-created Secret containing a TLS private key and certificate

167

secretName: ""

168

# HTTP paths to add to the API Server Ingress before the default path

169

precedingPaths: []

170

# HTTP paths to add to the API Server Ingress after the default path

171

succeedingPaths: []

172

# Configs for the Ingress of the web Service (Airflow <3.0.0)

173

web:

174

# Enable web ingress resource

175

enabled: false

176

# Annotations for the web Ingress

177

annotations: {}

178

# The path for the web Ingress

179

path: "/"

180

# The pathType for the above path

181

pathType: "ImplementationSpecific"

182

# The hostname for the web Ingress (deprecated, use `ingress.web.hosts` instead)

183

host: ""

184

# The hostnames or hosts configuration for the web Ingress (templated)

185

hosts: []

186

# - name: ""

187

# # Configs for web Ingress TLS

188

# tls:

189

# # Enable TLS termination for the web Ingress

190

# enabled: false

191

# # The name of a pre-created Secret containing a TLS private key and certificate

192

# secretName: ""

193

194

# The Ingress Class for the web Ingress

195

ingressClassName: ""

196

# Configs for web Ingress TLS (deprecated, use `ingress.web.hosts[*].tls` instead)

197

tls:

198

# Enable TLS termination for the web Ingress

199

enabled: false

200

# The name of a pre-created Secret containing a TLS private key and certificate

201

secretName: ""

202

# HTTP paths to add to the web Ingress before the default path

203

precedingPaths: []

204

# HTTP paths to add to the web Ingress after the default path

205

succeedingPaths: []

206

# Configs for the Ingress of the flower Service

207

flower:

208

# Enable web ingress resource

209

enabled: false

210

# Annotations for the flower Ingress

211

annotations: {}

212

# The path for the flower Ingress

213

path: "/"

214

# The pathType for the above path

215

pathType: "ImplementationSpecific"

216

# The hostname for the flower Ingress (deprecated, use `ingress.flower.hosts` instead)

217

host: ""

218

# The hostnames or hosts configuration for the flower Ingress (templated)

219

hosts: []

220

# - name: ""

221

# tls:

222

# # Enable TLS termination for the flower Ingress

223

# enabled: false

224

# # The name of a pre-created Secret containing a TLS private key and certificate

225

# secretName: ""

226

227

# The Ingress Class for the flower Ingress

228

ingressClassName: ""

229

# Configs for flower Ingress TLS (deprecated, use `ingress.flower.hosts[*].tls` instead)

230

tls:

231

# Enable TLS termination for the flower Ingress

232

enabled: false

233

# The name of a pre-created Secret containing a TLS private key and certificate

234

secretName: ""

235

# Configs for the Ingress of the StatsD Service

236

statsd:

237

# Enable web ingress resource

238

enabled: false

239

# Annotations for the StatsD Ingress

240

annotations: {}

241

# The path for the StatsD Ingress

242

path: "/metrics"

243

# The pathType for the above path

244

pathType: "ImplementationSpecific"

245

# The hostname for the StatsD Ingress (deprecated, use `ingress.statsd.hosts` instead)

246

host: ""

247

# The hostnames or hosts configuration for the StatsD Ingress (templated)

248

hosts: []

249

# - name: ""

250

# tls:

251

# # Enable TLS termination for the StatsD Ingress

252

# enabled: false

253

# # The name of a pre-created Secret containing a TLS private key and certificate

254

# secretName: ""

255

256

# The Ingress Class for the StatsD Ingress

257

ingressClassName: ""

258

# Configs for the Ingress of the PgBouncer Service

259

pgbouncer:

260

# Enable web ingress resource

261

enabled: false

262

# Annotations for the PgBouncer Ingress

263

annotations: {}

264

# The path for the PgBouncer Ingress

265

path: "/metrics"

266

# The pathType for the above path

267

pathType: "ImplementationSpecific"

268

# The hostname for the PgBouncer Ingress (deprecated, use `ingress.pgbouncer.hosts` instead)

269

host: ""

270

# The hostnames or hosts configuration for the PgBouncer Ingress (templated)

271

hosts: []

272

# - name: ""

273

# tls:

274

# # Enable TLS termination for the PgBouncer Ingress

275

# enabled: false

276

# # The name of a pre-created Secret containing a TLS private key and certificate

277

# secretName: ""

278

279

# The Ingress Class for the PgBouncer Ingress

280

ingressClassName: ""

281

# Network policy configuration

282

networkPolicies:

283

# Enabled network policies

284

enabled: false

285

# Extra annotations to apply to all Airflow pods (templated)

286

airflowPodAnnotations: {}

287

# Extra annotations to apply to main Airflow ConfigMap

288

airflowConfigAnnotations: {}

289

# 'airflow_local_settings' file as a string (templated)

290

airflowLocalSettings: |-

291

292

{{- if not (or .Values.webserverSecretKey .Values.webserverSecretKeySecretName) }}

293

from airflow.www.utils import UIAlert

294

295

DASHBOARD_UIALERTS = [

296

UIAlert(

297

'Usage of a dynamic webserver secret key detected. We recommend a static webserver secret key instead.'

298

' See the <a href='

299

'"https://airflow.apache.org/docs/helm-chart/stable/production-guide.html#webserver-secret-key" '

300

'target="_blank" rel="noopener noreferrer">'

301

'Helm Chart Production Guide</a> for more details.',

302

category="warning",

303

roles=["Admin"],

304

html=True,

305

)

306

]

307

308

309

# Enable RBAC (default on most clusters these days)

310

rbac:

311

# Specifies whether RBAC resources should be created

312

create: true

313

createSCCRoleBinding: false

314

# Airflow executor

315

# One or multiple of: LocalExecutor, CeleryExecutor, KubernetesExecutor

316

# For Airflow <3.0, LocalKubernetesExecutor and CeleryKubernetesExecutor are supported.

317

# Specify executors in a prioritized list to leverage multiple execution environments as needed:

318

# https://airflow.apache.org/docs/apache-airflow/stable/core-concepts/executor/index.html#using-multiple-executors-concurrently

319

executor: "CeleryExecutor"

320

# If this is true and using LocalExecutor/KubernetesExecutor/CeleryKubernetesExecutor, the scheduler's

321

# Service Account will have access to communicate with the api-server and launch pods/jobs.

322

# If this is true and using CeleryExecutor/KubernetesExecutor/CeleryKubernetesExecutor, the workers

323

# will be able to launch pods/jobs.

324

allowPodLaunching: true

325

allowJobLaunching: false

326

# Environment variables for all Airflow containers

327

env: []

328

# - name: ""

329

# value: ""

330

331

# Volumes for all Airflow containers

332

volumes: []

333

# VolumeMounts for all Airflow containers

334

volumeMounts: []

335

# Secrets for all Airflow containers

336

secret: []

337

# - envName: ""

338

# secretName: ""

339

# secretKey: ""

340

341

# Enables selected built-in secrets that are set via environment variables by default.

342

# Those secrets are provided by the Helm Chart secrets by default but in some cases you

343

# might want to provide some of those variables with _CMD or _SECRET variable, and you should

344

# in this case disable setting of those variables by setting the relevant configuration to 'false'.

345

enableBuiltInSecretEnvVars:

346

AIRFLOW__CORE__FERNET_KEY: true

347

AIRFLOW__DATABASE__SQL_ALCHEMY_CONN: true

348

AIRFLOW_CONN_AIRFLOW_DB: true

349

AIRFLOW__API__SECRET_KEY: true

350

AIRFLOW__API_AUTH__JWT_SECRET: true

351

AIRFLOW__WEBSERVER__SECRET_KEY: true

352

AIRFLOW__CELERY__RESULT_BACKEND: true

353

AIRFLOW__CELERY__BROKER_URL: true

354

AIRFLOW__ELASTICSEARCH__HOST: true

355

AIRFLOW__OPENSEARCH__HOST: true

356

# Priority Classes that will be installed by charts.

357

# Ideally, there should be an entry for dagProcessor, flower,

358

# pgbouncer, scheduler, statsd, triggerer, webserver/api-server, worker.

359

# The format for priorityClasses is an array with each element having:

360

# * name is the name of the priorityClass. Ensure the same name is given to the respective section as well

361

# * preemptionPolicy for the priorityClass

362

# * value is the preemption value for the priorityClass

363

priorityClasses: []

364

# - name: class1 (if this is for dagProcessor, ensure overriding `dagProcessor.priorityClass` too)

365

# preemptionPolicy: PreemptLowerPriority

366

# value: 10000

367

# - name: class2

368

# preemptionPolicy: Never

369

# value: 100000

370

371

# Extra secrets that will be managed by the chart

372

# (You can use them with `extraEnv` or `extraEnvFrom` or some of the `extraVolumes` values).

373

# The format for secret data is "key/value" where

374

# * key (templated) is the name of the secret that will be created

375

# * value: an object with the standard 'data' or 'stringData' key (or both).

376

# The value associated with those keys must be a string (templated)

377

extraSecrets: {}

378

# extraSecrets:

379

# '{{ .Release.Name }}-airflow-connections':

380

# type: 'Opaque'

381

# labels:

382

# my.custom.label/v1: my_custom_label_value_1

383

# data: |

384

# AIRFLOW_CONN_GCP: 'base64_encoded_gcp_conn_string'

385

# AIRFLOW_CONN_AWS: 'base64_encoded_aws_conn_string'

386

# stringData: |

387

# AIRFLOW_CONN_OTHER: 'other_conn'

388

# '{{ .Release.Name }}-other-secret-name-suffix':

389

# data: |

390

# ...

391

# 'proxy-config':

392

# stringData: |

393

# HTTP_PROXY: http://proxy_user:proxy_password@192.168.0.10:2080

394

# HTTPS_PROXY: http://proxy_user:proxy_password@192.168.0.10:2080

395

# NO_PROXY: "localhost,127.0.0.1,.svc.cluster.local,kubernetes.default.svc"

396

397

# Extra ConfigMaps that will be managed by the chart

398

# (You can use them with `extraEnv` or `extraEnvFrom` or some of the `extraVolumes` values).

399

# The format for ConfigMap data is "key/value" where

400

# * key (templated) is the name of the ConfigMap that will be created

401

# * value: an object with the standard 'data' key.

402

# The value associated with this keys must be a string (templated)

403

extraConfigMaps: {}

404

# extraConfigMaps:

405

# '{{ .Release.Name }}-airflow-variables':

406

# labels:

407

# my.custom.label/v2: my_custom_label_value_2

408

# data: |

409

# AIRFLOW_VAR_HELLO_MESSAGE: "Hi!"

410

# AIRFLOW_VAR_KUBERNETES_NAMESPACE: "{{ .Release.Namespace }}"

411

412

# Extra env 'items' that will be added to the definition of Airflow containers

413

# a string is expected (templated).

414

# TODO: difference from `env`? This is a templated string. Probably should template `env` and remove this.

415

extraEnv: ~

416

# extraEnv: |

417

# - name: AIRFLOW__CORE__LOAD_EXAMPLES

418

# value: 'True'

419

420

# Extra envFrom 'items' that will be added to the definition of Airflow containers

421

# A string is expected (templated).

422

extraEnvFrom: ~

423

# extraEnvFrom: |

424

# - secretRef:

425

# name: '{{ .Release.Name }}-airflow-connections'

426

# - configMapRef:

427

# name: '{{ .Release.Name }}-airflow-variables'

428

429

# Airflow database & redis config

430

data:

431

# If secret name is provided, secret itself has to be created manually with 'connection' key like:

432

433

# kind: Secret

434

# apiVersion: v1

435

# metadata:

436

# name: custom-airflow-metadata-secret

437

# type: Opaque

438

# data:

439

# connection: base64_encoded_connection_string

440

441

# The 'connection' key is base64-encoded SQLAlchemy connection string, e.g.:

442

# postgresql+psycopg2://airflow:password@postgres/airflow

443

metadataSecretName: ~

444

# If not set, falls back to metadataSecretName. The secret must contain 'connection' key which is

445

# a base64-encoded connection string, e.g.:

446

# postgresql+psycopg2://user:password@host/db

447

resultBackendSecretName: ~

448

brokerUrlSecretName: ~

449

# If `metadataSecretName` is not specified, pass connection values below

450

metadataConnection:

451

user: postgres

452

pass: postgres

453

protocol: postgresql

454

host: ~

455

port: 5432

456

db: postgres

457

sslmode: disable

458

# Add custom annotations to the metadata connection secret

459

secretAnnotations: {}

460

# `resultBackendConnection` defaults to the same database as metadataConnection

461

resultBackendConnection: ~

462

# or, you can use a different database like:

463

# resultBackendConnection:

464

# user: postgres

465

# pass: postgres

466

# protocol: postgresql

467

# host: ~

468

# port: 5432

469

# db: postgres

470

# sslmode: disable

471

472

# Add custom annotations to the result backend connection secret

473

resultBackendConnectionSecretAnnotations: {}

474

# Note: `brokerUrl` can only be set during 'helm install', not 'helm upgrade' command

475

brokerUrl: ~

476

# Add custom annotations to the broker url secret

477

brokerUrlSecretAnnotations: {}

478

# Fernet key settings

479

# Note: `fernetKey` can only be set during 'helm install', not 'helm upgrade' command

480

fernetKey: ~

481

# If set, the secret must contain a 'fernet-key' key with a base64-encoded key value

482

fernetKeySecretName: ~

483

# Fernet key secret example:

484

# kind: Secret

485

# apiVersion: v1

486

# metadata:

487

# name: custom-fernet-key-secret

488

# type: Opaque

489

# data:

490

# fernet-key: <base64_encoded_fernet_key>

491

492

# Add custom annotations to the fernet key secret

493

fernetKeySecretAnnotations: {}

494

# Flask secret key for Airflow 3+ Api: '[api] secret_key' in airflow.cfg

495

apiSecretKey: ~

496

# Add custom annotations to the api secret

497

apiSecretAnnotations: {}

498

# If set, the secret must contain a key 'api-secret-key' with a base64-encoded key value

499

apiSecretKeySecretName: ~

500

# API secret key example:

501

# kind: Secret

502

# apiVersion: v1

503

# metadata:

504

# name: custom-api-secret

505

# type: Opaque

506

# data:

507

# api-secret-key: <base64_encoded_api_secret_key>

508

509

# Secret key used to encode and decode JWTs: '[api_auth] jwt_secret' in airflow.cfg

510

# Note: It is not advised to use in production as during helm upgrade it will be changed

511

# which can cause dag failures during component rollouts

512

jwtSecret: ~

513

# Add custom annotations to the JWT secret

514

jwtSecretAnnotations: {}

515

# If set, the secret must contain a key 'jwt-secret' with a base64-encoded key value

516

jwtSecretName: ~

517

# JWT secret example:

518

# kind: Secret

519

# apiVersion: v1

520

# metadata:

521

# name: custom-jwt-secret

522

# type: Opaque

523

# data:

524

# jwt-secret: <base64_encoded_jwt_secret>

525

526

# Flask secret key for Airflow <3 Webserver: '[webserver] secret_key' in airflow.cfg

527

# (deprecated, use `apiSecretKey` instead (Airflow 3+))

528

webserverSecretKey: ~

529

# Add custom annotations to the webserver secret

530

# (deprecated, use `apiSecretAnnotations` instead (Airflow 3+))

531

webserverSecretAnnotations: {}

532

# If set, the secret must contain a key 'webserver-secret-key' with a base64-encoded key value

533

# (deprecated, use `apiSecretKeySecretName` instead (Airflow 3+))

534

webserverSecretKeySecretName: ~

535

# Webserver secret key secret example:

536

# kind: Secret

537

# apiVersion: v1

538

# metadata:

539

# name: custom-webserver-secret

540

# type: Opaque

541

# data:

542

# webserver-secret-key: <base64_encoded_secret_key>

543

544

# In order to use kerberos you need to create secret containing the keytab file.

545

# The secret name should follow naming convention of the application where resources are

546

# name '{{ .Release.Name }}-<postfix>'. In case of the keytab file, the '<postfix>' is "kerberos-keytab".

547

# If your release is named "my-release" the name of the secret should be "my-release-kerberos-keytab".

548

549

# The Keytab content should be available in the "kerberos.keytab" key of the secret.

550

# apiVersion: v1

551

# kind: Secret

552

# data:

553

# kerberos.keytab: <base64_encoded keytab file content>

554

# type: Opaque

555

556

# If you have keytab file you can do it with similar:

557

# kubectl create secret generic {{ .Release.Name }}-kerberos-keytab --from-file=kerberos.keytab

558

559

# Alternatively, instead of manually creating the secret, it is possible to specify

560

# `kerberos.keytabBase64Content` parameter. This parameter should contain base64 encoded keytab.

561

kerberos:

562

enabled: false

563

ccacheMountPath: /var/kerberos-ccache

564

ccacheFileName: cache

565

configPath: /etc/krb5.conf

566

keytabBase64Content: ~

567

keytabPath: /etc/airflow.keytab

568

principal: airflow@FOO.COM

569

reinitFrequency: 3600

570

config: |

571

# This is an example config showing how you can use templating and how "example" config

572

# might look like. It works with the test kerberos server that we are using during integration

573

# testing at Apache Airflow (see 'scripts/ci/docker-compose/integration-kerberos.yml' but in

574

# order to make it production-ready you must replace it with your own configuration that

575

# Matches your kerberos deployment. Administrators of your Kerberos instance should

576

# provide the right configuration.

577

578

[logging]

579

default = "FILE:{{ template "airflow_logs_no_quote" . }}/kerberos_libs.log"

580

kdc = "FILE:{{ template "airflow_logs_no_quote" . }}/kerberos_kdc.log"

581

admin_server = "FILE:{{ template "airflow_logs_no_quote" . }}/kadmind.log"

582

583

[libdefaults]

584

default_realm = FOO.COM

585

ticket_lifetime = 10h

586

renew_lifetime = 7d

587

forwardable = true

588

589

[realms]

590

FOO.COM = {

591

kdc = kdc-server.foo.com

592

admin_server = admin_server.foo.com

593

}

594

# Airflow Worker Config

595

workers:

596

# Number of Airflow Celery workers (deprecated, use `workers.celery.replicas` instead)

597

replicas: 1

598

# Max number of old Airflow Celery workers ReplicaSets to retain

599

# (deprecated, use `workers.celery.revisionHistoryLimit` instead)

600

revisionHistoryLimit: ~

601

# Command to use when running Airflow Celery workers and using pod-template-file (templated)

602

# (deprecated, use `workers.celery.command` and/or `workers.kubernetes.command` instead)

603

command: ~

604

# Args to use when running Airflow Celery workers (templated)

605

# (deprecated, use `workers.celery.args` instead)

606

args:

607

- "bash"

608

- "-c"

609

# The format below is necessary to get `helm lint` happy

610

- |-

611

exec \

612

airflow celery worker

613

{{- if and .Values.workers.queue (ne .Values.workers.queue "default") }}

614

615

616

# If the Airflow Celery worker stops responding for 5 minutes (5*60s)

617

# kill the worker and let Kubernetes restart it

618

# (deprecated, use `workers.celery.livenessProbe` section instead)

619

livenessProbe:

620

# (deprecated, use `workers.celery.livenessProbe.enabled` instead)

621

enabled: true

622

# (deprecated, use `workers.celery.livenessProbe.initialDelaySeconds` instead)

623

initialDelaySeconds: 10

624

# (deprecated, use `workers.celery.livenessProbe.timeoutSeconds` instead)

625

timeoutSeconds: 20

626

# (deprecated, use `workers.celery.livenessProbe.failureThreshold` instead)

627

failureThreshold: 5

628

# (deprecated, use `workers.celery.livenessProbe.periodSeconds` instead)

629

periodSeconds: 60

630

# (deprecated, use `workers.celery.livenessProbe.command` instead)

631

command: ~

632

# Update Strategy when Airflow Celery worker is deployed as a StatefulSet

633

# (deprecated, use `workers.celery.updateStrategy` instead)

634

updateStrategy: ~

635

# Update Strategy when Airflow Celery worker is deployed as a Deployment

636

# (deprecated, use `workers.celery.strategy` instead)

637

strategy:

638

rollingUpdate:

639

maxSurge: "100%"

640

maxUnavailable: "50%"

641

# Allow relaxing ordering guarantees for Airflow Celery worker while preserving its uniqueness and identity

642

# (deprecated, use `workers.celery.podManagementPolicy` instead)

643

# podManagementPolicy: Parallel

644

645

# When not set, the values defined in the global securityContext will

646

# be used in Airflow Celery workers and pod-template-file

647

# (deprecated, use `workers.celery.securityContexts` and/or `workers.kubernetes.securityContexts` instead)

648

securityContext: {}

649

# runAsUser: 50000

650

# fsGroup: 0

651

# runAsGroup: 0

652

653

# Detailed default security context for the

654

# Airflow Celery workers and pod-template-file on container and pod level

655

# (deprecated, use `workers.celery.securityContexts` and/or `workers.kubernetes.securityContexts` instead)

656

securityContexts:

657

# (deprecated, use

658

# `workers.celery.securityContexts.pod` and/or

659

# `workers.kubernetes.securityContexts.pod`

660

# instead)

661

pod: {}

662

# (deprecated, use

663

# `workers.celery.securityContexts.container` and/or

664

# `workers.kubernetes.securityContexts.container`

665

# instead)

666

container: {}

667

# Container level Lifecycle Hooks definition for

668

# Airflow Celery workers and pods created with pod-template-file

669

# (deprecated, use

670

# `workers.celery.containerLifecycleHooks` and/or

671

# `workers.kubernetes.containerLifecycleHooks`

672

# instead)

673

containerLifecycleHooks: {}

674

# Airflow Celery workers pod disruption budget

675

# (deprecated, use `workers.celery.podDisruptionBudget` instead)

676

podDisruptionBudget:

677

# (deprecated, use `workers.celery.podDisruptionBudget.enabled` instead)

678

enabled: false

679

# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)

680

# (deprecated, use `workers.celery.podDisruptionBudget.config` instead)

681

config:

682

# (deprecated, use `workers.celery.podDisruptionBudget.config.maxUnavailable` instead)

683

maxUnavailable: 1

684

# (deprecated, use `workers.celery.podDisruptionBudget.config.minAvailable` instead)

685

# minAvailable: 1

686

# Create Service Account for Airflow Celery workers and pods created with pod-template-file

687

# (deprecated, use `workers.celery.serviceAccount` and/or `workers.kubernetes.serviceAccount` instead)

688

serviceAccount:

689

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

690

# (deprecated, use

691

# `workers.celery.serviceAccount.automountServiceAccountToken` and/or

692

# `workers.kubernetes.serviceAccount.automountServiceAccountToken`

693

# instead)

694

automountServiceAccountToken: true

695

# Specifies whether a Service Account should be created

696

# (deprecated, use

697

# `workers.celery.serviceAccount.create` and/or

698

# `workers.kubernetes.serviceAccount.create`

699

# instead)

700

create: true

701

# The name of the Service Account to use.

702

# If not set and `create` is 'true', a name is generated using the release name

703

# (deprecated, use

704

# `workers.celery.serviceAccount.name` and/or

705

# `workers.kubernetes.serviceAccount.name`

706

# instead)

707

708

# Annotations to add to worker Kubernetes Service Account.

709

# (deprecated, use

710

# `workers.celery.serviceAccount.annotations` and/or

711

# `workers.kubernetes.serviceAccount.annotations`

712

# instead)

713

annotations: {}

714

# Allow KEDA autoscaling for Airflow Celery workers

715

# (deprecated, use `workers.celery.keda` instead)

716

keda:

717

# (deprecated, use `workers.celery.keda.enabled` instead)

718

enabled: false

719

# (deprecated, use `workers.celery.keda.namespaceLabels` instead)

720

namespaceLabels: {}

721

# How often KEDA polls the Airflow DB to report new scale requests to the HPA

722

# (deprecated, use `workers.celery.keda.pollingInterval` instead)

723

pollingInterval: 5

724

# How many seconds KEDA will wait before scaling to zero.

725

# Note: HPA has a separate cooldown period for scale-downs

726

# (deprecated, use `workers.celery.keda.cooldownPeriod` instead)

727

cooldownPeriod: 30

728

# Minimum number of Airflow Celery workers created by keda

729

# (deprecated, use `workers.celery.keda.minReplicaCount` instead)

730

minReplicaCount: 0

731

# Maximum number of Airflow Celery workers created by keda

732

# (deprecated, use `workers.celery.keda.maxReplicaCount` instead)

733

maxReplicaCount: 10

734

# Specify HPA related options

735

# (deprecated, use `workers.celery.keda.advanced` instead)

736

advanced: {}

737

# horizontalPodAutoscalerConfig:

738

# behavior:

739

# scaleDown:

740

# stabilizationWindowSeconds: 300

741

# policies:

742

# - type: Percent

743

# value: 100

744

# periodSeconds: 15

745

746

# Query to use for KEDA autoscaling. Must return a single integer.

747

# (deprecated, use `workers.celery.keda.query` instead)

748

query: >-

749

SELECT ceil(COUNT(*)::decimal / {{ .Values.config.celery.worker_concurrency }}) FROM task_instance WHERE (state='running' OR state='queued') AND queue IN ( {{- range $i, $q := splitList "," .Values.workers.queue -}} {{- if $i }},{{ end }}'{{ $q | trim }}' {{- end -}} ) {{- if contains "CeleryKubernetesExecutor" .Values.executor }} AND queue != '{{ .Values.config.celery_kubernetes_executor.kubernetes_queue }}' {{- else if contains "KubernetesExecutor" .Values.executor }} AND executor IS DISTINCT FROM 'KubernetesExecutor' {{- else if contains "airflow.providers.edge3.executors.EdgeExecutor" .Values.executor }} AND executor IS DISTINCT FROM 'EdgeExecutor' {{- end }}

750

# Weather to use PGBouncer to connect to the database or not when it is enabled

751

# This configuration will be ignored if PGBouncer is not enabled

752

# (deprecated, use `workers.celery.keda.usePgbouncer` instead)

753

usePgbouncer: true

754

# Allow HPA for Airflow Celery workers (KEDA must be disabled)

755

# (deprecated, use `workers.celery.hpa` instead)

756

hpa:

757

# (deprecated, use `workers.celery.hpa.enabled` instead)

758

enabled: false

759

# Minimum number of Airflow Celery workers created by HPA

760

# (deprecated, use `workers.celery.hpa.minReplicaCount` instead)

761

minReplicaCount: 0

762

# Maximum number of Airflow Celery workers created by HPA

763

# (deprecated, use `workers.celery.hpa.maxReplicaCount` instead)

764

maxReplicaCount: 5

765

# Specifications for which to use to calculate the desired replica count

766

# (deprecated, use `workers.celery.hpa.metrics` instead)

767

metrics:

768

- type: Resource

769

resource:

770

771

target:

772

type: Utilization

773

averageUtilization: 80

774

# Scaling behavior of the target in both Up and Down directions

775

# (deprecated, use `workers.celery.hpa.behavior` instead)

776

behavior: {}

777

# Persistence volume configuration for Airflow Celery workers

778

# (deprecated, use `workers.celery.persistence` instead)

779

persistence:

780

# Enable persistent volumes (deprecated, use `workers.celery.persistence.enabled` instead)

781

enabled: true

782

# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed

783

# (deprecated, use `workers.celery.persistence.persistentVolumeClaimRetentionPolicy` instead)

784

persistentVolumeClaimRetentionPolicy: ~

785

# persistentVolumeClaimRetentionPolicy:

786

# whenDeleted: Delete

787

# whenScaled: Delete

788

789

# Volume size for Airflow Celery worker StatefulSet

790

# (deprecated, use `workers.celery.persistence.size` instead)

791

size: 100Gi

792

# If using a custom storageClass, pass name ref to all StatefulSets here

793

# (deprecated, use `workers.celery.persistence.storageClassName` instead)

794

storageClassName:

795

# Execute init container to chown log directory.

796

# This is currently only needed in kind, due to usage

797

# of local-path provisioner.

798

# (deprecated, use `workers.celery.persistence.fixPermissions` instead)

799

fixPermissions: false

800

# Annotations to add to Airflow Celery worker volumes

801

# (deprecated, use `workers.celery.persistence.annotations` instead)

802

annotations: {}

803

# Detailed default security context for persistence on container level

804

# (deprecated, use `workers.celery.persistence.securityContexts` instead)

805

securityContexts:

806

# (deprecated, use `workers.celery.persistence.securityContexts.container` instead)

807

container: {}

808

# Kerberos sidecar configuration for Airflow Celery workers and pods created with pod-template-file

809

# (deprecated, use `workers.celery.kerberosSidecar` and/or `workers.kubernetes.kerberosSidecar` instead)

810

kerberosSidecar:

811

# Enable kerberos sidecar

812

# (deprecated, use

813

# `workers.celery.kerberosSidecar.enabled` and/or

814

# `workers.kubernetes.kerberosSidecar.enabled`

815

# instead)

816

enabled: false

817

# (deprecated, use

818

# `workers.celery.kerberosSidecar.resources` and/or

819

# `workers.kubernetes.kerberosSidecar.resources`

820

# instead)

821

resources: {}

822

# limits:

823

# cpu: 100m

824

# memory: 128Mi

825

# requests:

826

# cpu: 100m

827

# memory: 128Mi

828

829

# Detailed default security context for kerberos sidecar on container level

830

# (deprecated, use

831

# `workers.celery.kerberosSidecar.securityContexts` and/or

832

# `workers.kubernetes.kerberosSidecar.securityContexts`

833

# instead)

834

securityContexts:

835

# (deprecated, use

836

# `workers.celery.kerberosSidecar.securityContexts.container` and/or

837

# `workers.kubernetes.kerberosSidecar.securityContexts.container`

838

# instead)

839

container: {}

840

# Container level lifecycle hooks

841

# (deprecated, use

842

# `workers.celery.kerberosSidecar.containerLifecycleHooks` and/or

843

# `workers.kubernetes.kerberosSidecar.containerLifecycleHooks`

844

# instead)

845

containerLifecycleHooks: {}

846

# Kerberos init container configuration for Airflow Celery workers and pods created with pod-template-file

847

# (deprecated, use

848

# `workers.celery.kerberosInitContainer` and/or

849

# `workers.kubernetes.kerberosInitContainer`

850

# instead)

851

kerberosInitContainer:

852

# Enable kerberos init container

853

# (deprecated, use

854

# `workers.celery.kerberosInitContainer.enabled` and/or

855

# `workers.kubernetes.kerberosInitContainer.enabled`

856

# instead)

857

enabled: false

858

# (deprecated, use

859

# `workers.celery.kerberosInitContainer.resources` and/or

860

# `workers.kubernetes.kerberosInitContainer.resources`

861

# instead)

862

resources: {}

863

# limits:

864

# cpu: 100m

865

# memory: 128Mi

866

# requests:

867

# cpu: 100m

868

# memory: 128Mi

869

870

# Detailed default security context for kerberos init container

871

# (deprecated, use

872

# `workers.celery.kerberosInitContainer.securityContexts` and/or

873

# `workers.kubernetes.kerberosInitContainer.securityContexts`

874

# instead)

875

securityContexts:

876

# (deprecated, use

877

# `workers.celery.kerberosInitContainer.securityContexts.container` and/or

878

# `workers.kubernetes.kerberosInitContainer.securityContexts.container`

879

# instead)

880

container: {}

881

# Container level lifecycle hooks

882

# (deprecated, use

883

# `workers.celery.kerberosInitContainer.containerLifecycleHooks` and/or

884

# `workers.kubernetes.kerberosInitContainer.containerLifecycleHooks`

885

# instead)

886

containerLifecycleHooks: {}

887

# Resource configuration for Airflow Celery workers and pods created with pod-template-file

888

# (deprecated, use `workers.celery.resources` and/or `workers.kubernetes.resources` instead)

889

resources: {}

890

# limits:

891

# cpu: 100m

892

# memory: 128Mi

893

# requests:

894

# cpu: 100m

895

# memory: 128Mi

896

897

# Grace period for tasks to finish after SIGTERM is sent from Kubernetes.

898

# It is used by Airflow Celery workers and pod-template-file.

899

# (deprecated, use

900

# `workers.celery.terminationGracePeriodSeconds` and/or

901

# `workers.kubernetes.terminationGracePeriodSeconds`

902

# instead)

903

terminationGracePeriodSeconds: 600

904

# This setting tells Kubernetes that its ok to evict when it wants to scale a node down.

905

# It is used by Airflow Celery workers and pod-template-file.

906

# (deprecated, use

907

# `workers.celery.safeToEvict` and/or

908

# `workers.kubernetes.safeToEvict`

909

# instead)

910

safeToEvict: false

911

# Launch additional containers into Airflow Celery worker

912

# and pods created with pod-template-file (templated).

913

# (deprecated, use

914

# `workers.celery.extraContainers` and/or

915

# `workers.kubernetes.extraContainers`

916

# instead)

917

# Note: If used with KubernetesExecutor, you are responsible for signaling sidecars to exit when the main

918

# container finishes so Airflow can continue the worker shutdown process!

919

extraContainers: []

920

# Add additional init containers into Airflow Celery workers

921

# and pods created with pod-template-file (templated).

922

# (deprecated, use

923

# `workers.celery.extraInitContainers` and/or

924

# `workers.kubernetes.extraInitContainers`

925

# instead)

926

extraInitContainers: []

927

# Additional volumes attached to the Airflow Celery workers

928

# and pods created with pod-template-file

929

# (deprecated, use `workers.celery.extraVolumes` and/or `workers.kubernetes.extraVolumes` instead)

930

extraVolumes: []

931

# Mount additional volumes into workers pods. It can be templated like in the following example:

932

# extraVolumes:

933

# - name: my-templated-extra-volume

934

# secret:

935

# secretName: '{{ include "my_secret_template" . }}'

936

# defaultMode: 0640

937

# optional: true

938

939

# Additional volume mounts attached to the Airflow Celery workers

940

# and pods created with pod-template-file

941

# (deprecated, use

942

# `workers.celery.extraVolumeMounts` and/or

943

# `workers.kubernetes.extraVolumeMounts`

944

# instead)

945

extraVolumeMounts: []

946

# Mount additional volumes into workers pods. It can be templated like in the following example:

947

# extraVolumeMounts:

948

# - name: my-templated-extra-volume

949

# mountPath: "{{ .Values.my_custom_path }}"

950

# readOnly: true

951

952

# Expose additional ports of Airflow Celery workers. These can be used for additional metric collection.

953

# (deprecated, use `workers.celery.extraPorts` instead)

954

extraPorts: []

955

# Select certain nodes for Airflow Celery worker pods and pods created with pod-template-file

956

# (deprecated, use `workers.celery.nodeSelector` and/or `workers.kubernetes.nodeSelector` instead)

957

nodeSelector: {}

958

# (deprecated, use `workers.celery.runtimeClassName` and/or `workers.kubernetes.runtimeClassName` instead)

959

runtimeClassName: ~

960

# (deprecated, use `workers.celery.priorityClassName` and/or `workers.kubernetes.priorityClassName` instead)

961

priorityClassName: ~

962

# (deprecated, use `workers.celery.affinity` and/or `workers.kubernetes.affinity` instead)

963

affinity: {}

964

# Default Airflow Celery worker affinity is:

965

# podAntiAffinity:

966

# preferredDuringSchedulingIgnoredDuringExecution:

967

# - podAffinityTerm:

968

# labelSelector:

969

# matchLabels:

970

# component: worker

971

# topologyKey: kubernetes.io/hostname

972

# weight: 100

973

974

# (deprecated, use `workers.celery.tolerations` and/or `workers.kubernetes.tolerations` instead)

975

tolerations: []

976

# (deprecated, use

977

# `workers.celery.topologySpreadConstraints` and/or

978

# `workers.kubernetes.topologySpreadConstraints`

979

# instead)

980

topologySpreadConstraints: []

981

# hostAliases to use in Airflow Celery worker pods and pods created with pod-template-file

982

# (deprecated, use `workers.celery.hostAliases` and/or `workers.kubernetes.hostAliases` instead)

983

# See:

984

# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

985

hostAliases: []

986

# - ip: "127.0.0.2"

987

# hostnames:

988

# - "test.hostname.one"

989

# - ip: "127.0.0.3"

990

# hostnames:

991

# - "test.hostname.two"

992

993

# Annotations for the Airflow Celery worker resource

994

# (deprecated, use `workers.celery.annotations` instead)

995

annotations: {}

996

# Pod annotations for the Airflow Celery workers and pods created with pod-template-file (templated)

997

# (deprecated, use `workers.celery.podAnnotations` and/or `workers.kubernetes.podAnnotations` instead)

998

podAnnotations: {}

999

# Labels specific to Airflow Celery workers objects and pods created with pod-template-file

1000

# (deprecated, use `workers.celery.labels` and/or `workers.kubernetes.labels` instead)

1001

labels: {}

1002

# Log groomer configuration for Airflow Celery workers

1003

# (deprecated, use `workers.celery.logGroomerSidecar` instead)

1004

logGroomerSidecar:

1005

# Whether to deploy the Airflow Celery worker log groomer sidecar

1006

# (deprecated, use `workers.celery.logGroomerSidecar.enabled` instead)

1007

enabled: true

1008

# Whether persistence is required for log groomer sidecar. When false, the log groomer

1009

# can run on Deployments (without persistence) using an `emptyDir` volume for logs.

1010

# Note: This parameter is transitional for chart 1.2x. In chart 2.x, log groomer will

1011

# work without persistence by default and this parameter will be removed.

1012

# (deprecated, use `workers.celery.logGroomerSidecar.requirePersistence` instead)

1013

requirePersistence: true

1014

# Command to use when running the Airflow Celery worker log groomer sidecar (templated)

1015

# (deprecated, use `workers.celery.logGroomerSidecar.command` instead)

1016

command: ~

1017

# Args to use when running the Airflow Celery worker log groomer sidecar (templated)

1018

# (deprecated, use `workers.celery.logGroomerSidecar.args` instead)

1019

args: ["bash", "/clean-logs"]

1020

# Number of days to retain logs

1021

# (deprecated, use `workers.celery.logGroomerSidecar.retentionDays` instead)

1022

retentionDays: 15

1023

# Number of minutes to retain logs.

1024

# This can be used for finer granularity than days.

1025

# Total retention is `retentionDays` + `retentionMinutes`.

1026

# (deprecated, use `workers.celery.logGroomerSidecar.retentionMinutes` instead)

1027

retentionMinutes: 0

1028

# Frequency to attempt to groom logs (in minutes)

1029

# (deprecated, use `workers.celery.logGroomerSidecar.frequencyMinutes` instead)

1030

frequencyMinutes: 15

1031

# Max size of logs in bytes. 0 = disabled

1032

# (deprecated, use `workers.celery.logGroomerSidecar.maxSizeBytes` instead)

1033

maxSizeBytes: 0

1034

# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.

1035

# (deprecated, use `workers.celery.logGroomerSidecar.maxSizePercent` instead)

1036

maxSizePercent: 0

1037

# (deprecated, use `workers.celery.logGroomerSidecar.resources` instead)

1038

resources: {}

1039

# limits:

1040

# cpu: 100m

1041

# memory: 128Mi

1042

# requests:

1043

# cpu: 100m

1044

# memory: 128Mi

1045

1046

# Detailed default security context for `logGroomerSidecar` for container level

1047

# (deprecated, use `workers.celery.logGroomerSidecar.securityContexts` instead)

1048

securityContexts:

1049

# (deprecated, use `workers.celery.logGroomerSidecar.securityContexts.container` instead)

1050

container: {}

1051

# (deprecated, use `workers.celery.logGroomerSidecar.env` instead)

1052

env: []

1053

# Container level lifecycle hooks

1054

# (deprecated, use `workers.celery.logGroomerSidecar.containerLifecycleHooks` instead)

1055

containerLifecycleHooks: {}

1056

# Configuration of wait-for-airflow-migration init container for Airflow Celery workers

1057

# (deprecated, use `workers.celery.waitForMigrations` instead)

1058

waitForMigrations:

1059

# Whether to create init container to wait for db migrations

1060

# (deprecated, use `workers.celery.waitForMigrations.enabled` instead)

1061

enabled: true

1062

# (deprecated, use `workers.celery.waitForMigrations.env` instead)

1063

env: []

1064

# Detailed default security context for wait-for-airflow-migrations container

1065

# (deprecated, use `workers.celery.waitForMigrations.securityContexts` instead)

1066

securityContexts:

1067

# (deprecated, use `workers.celery.waitForMigrations.securityContexts.container` instead)

1068

container: {}

1069

# Additional env variable configuration for Airflow Celery workers and pods created with pod-template-file

1070

# (deprecated, use `workers.celery.env` and/or `workers.kubernetes.env` instead)

1071

env: []

1072

# Additional volume claim templates for Airflow Celery workers.

1073

# Requires mounting of specified volumes under extraVolumeMounts.

1074

# (deprecated, use `workers.celery.volumeClaimTemplates` instead)

1075

volumeClaimTemplates: []

1076

# Volume Claim Templates example:

1077

# volumeClaimTemplates:

1078

# - metadata:

1079

# name: data-volume-1

1080

# spec:

1081

# storageClassName: "storage-class-1"

1082

# accessModes:

1083

# - "ReadWriteOnce"

1084

# resources:

1085

# requests:

1086

# storage: "10Gi"

1087

# - metadata:

1088

# name: data-volume-2

1089

# spec:

1090

# storageClassName: "storage-class-2"

1091

# accessModes:

1092

# - "ReadWriteOnce"

1093

# resources:

1094

# requests:

1095

# storage: "20Gi"

1096

1097

# (deprecated, use `workers.celery.schedulerName` and/or `workers.kubernetes.schedulerName` instead)

1098

schedulerName: ~

1099

celery:

1100

# Number of Airflow Celery workers

1101

replicas: ~

1102

# Max number of old Airflow Celery workers ReplicaSets to retain

1103

revisionHistoryLimit: ~

1104

# Command to use when running Airflow Celery workers (templated)

1105

command: ~

1106

# Args to use when running Airflow Celery workers (templated)

1107

args: ~

1108

# If the Airflow Celery worker stops responding for 5 minutes (5*60s)

1109

# kill the worker and let Kubernetes restart it

1110

livenessProbe:

1111

enabled: ~

1112

initialDelaySeconds: ~

1113

timeoutSeconds: ~

1114

failureThreshold: ~

1115

periodSeconds: ~

1116

command: ~

1117

# Enable the default workers defined by the root `workers` and `workers.celery`

1118

# configurations to be created.

1119

# If false, only dedicated workers defined in 'sets' will be created.

1120

enableDefault: true

1121

# Queue name for the default workers

1122

queue: "default"

1123

# List of worker sets. Each item can overwrite values from the parent `workers` and `workers.celery`

1124

# section.

1125

sets: []

1126

# sets:

1127

# - name: highcpu

1128

# replicas: 2

1129

# queue: "highcpu"

1130

# resources:

1131

# requests:

1132

# memory: "2Gi"

1133

# cpu: "4000m"

1134

# limits:

1135

# memory: "4Gi"

1136

# cpu: "8000m"

1137

# - name: highmem

1138

# replicas: 2

1139

# queue: "highmem"

1140

# resources:

1141

# requests:

1142

# memory: "4Gi"

1143

# cpu: "2000m"

1144

# limits:

1145

# memory: "8Gi"

1146

# cpu: "4000m"

1147

1148

# Update Strategy when Airflow Celery worker is deployed as a StatefulSet

1149

updateStrategy: ~

1150

# Update Strategy when Airflow Celery worker is deployed as a Deployment

1151

strategy: ~

1152

# Allow relaxing ordering guarantees for Airflow Celery worker

1153

# while preserving its uniqueness and identity

1154

# podManagementPolicy: Parallel

1155

1156

# Detailed default security context for Airflow Celery workers for container and pod level

1157

# If not set, the values from `workers.securityContexts` section will be used.

1158

securityContexts:

1159

pod: {}

1160

container: {}

1161

# Container level Lifecycle Hooks definition for Airflow Celery workers

1162

containerLifecycleHooks: {}

1163

# Airflow Celery workers pod disruption budget

1164

podDisruptionBudget:

1165

enabled: ~

1166

# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)

1167

config:

1168

maxUnavailable: ~

1169

# minAvailable: ~

1170

# Create Service Account for Airflow Celery workers

1171

serviceAccount:

1172

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1173

automountServiceAccountToken: ~

1174

# Specifies whether a Service Account should be created

1175

create: ~

1176

# The name of the Service Account to use.

1177

# If not set and `create` is 'true', a name is generated using the release name

1178

1179

# Annotations to add to worker Kubernetes Service Account.

1180

annotations: {}

1181

# Allow KEDA autoscaling for Airflow Celery workers

1182

keda:

1183

enabled: ~

1184

namespaceLabels: {}

1185

# How often KEDA polls the airflow DB to report new scale requests to the HPA

1186

pollingInterval: ~

1187

# How many seconds KEDA will wait before scaling to zero.

1188

# Note: HPA has a separate cooldown period for scale-downs

1189

cooldownPeriod: ~

1190

# Minimum number of Airflow Celery workers created by KEDA

1191

minReplicaCount: ~

1192

# Maximum number of Airflow Celery workers created by KEDA

1193

maxReplicaCount: ~

1194

# Specify HPA related options

1195

advanced: {}

1196

# horizontalPodAutoscalerConfig:

1197

# behavior:

1198

# scaleDown:

1199

# stabilizationWindowSeconds: 300

1200

# policies:

1201

# - type: Percent

1202

# value: 100

1203

# periodSeconds: 15

1204

1205

# Query to use for KEDA autoscaling. Must return a single integer

1206

query: ~

1207

# Weather to use PGBouncer to connect to the database or not when it is enabled

1208

# This configuration will be ignored if PGBouncer is not enabled

1209

usePgbouncer: ~

1210

# Allow HPA for Airflow Celery workers (KEDA must be disabled)

1211

hpa:

1212

enabled: ~

1213

# Minimum number of Airflow Celery workers created by HPA

1214

minReplicaCount: ~

1215

# Maximum number of Airflow Celery workers created by HPA

1216

maxReplicaCount: ~

1217

# Specifications for which to use to calculate the desired replica count

1218

metrics: ~

1219

# Scaling behavior of the target in both Up and Down directions

1220

behavior: {}

1221

# Persistence volume configuration for Airflow Celery workers

1222

persistence:

1223

# Enable persistent volumes

1224

enabled: ~

1225

# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed

1226

persistentVolumeClaimRetentionPolicy: ~

1227

# persistentVolumeClaimRetentionPolicy:

1228

# whenDeleted: Delete

1229

# whenScaled: Delete

1230

1231

# Volume size for Airflow Celery worker StatefulSet

1232

size: ~

1233

# If using a custom storageClass, pass name ref to all StatefulSets here

1234

storageClassName:

1235

# Execute init container to chown log directory.

1236

# This is currently only needed in kind, due to usage

1237

# of local-path provisioner.

1238

fixPermissions: ~

1239

# Annotations to add to Airflow Celery worker volumes

1240

annotations: {}

1241

# Detailed default security context for persistence on container level

1242

securityContexts:

1243

container: {}

1244

# Kerberos sidecar configuration for Airflow Celery workers

1245

kerberosSidecar:

1246

# Enable kerberos sidecar

1247

enabled: ~

1248

resources: {}

1249

# limits:

1250

# cpu: 100m

1251

# memory: 128Mi

1252

# requests:

1253

# cpu: 100m

1254

# memory: 128Mi

1255

1256

# Detailed default security context for kerberos sidecar on container level

1257

securityContexts:

1258

container: {}

1259

# Container level lifecycle hooks

1260

containerLifecycleHooks: {}

1261

# Kerberos init container configuration for Airflow Celery workers

1262

# If not set, the values from `workers.kerberosInitContainer` section will be used.

1263

kerberosInitContainer:

1264

# Enable kerberos init container

1265

# If `workers.kerberosInitContainer.enabled` is set to True, this flag has no effect

1266

enabled: ~

1267

resources: {}

1268

# limits:

1269

# cpu: 100m

1270

# memory: 128Mi

1271

# requests:

1272

# cpu: 100m

1273

# memory: 128Mi

1274

1275

# Detailed default security context for kerberos init container

1276

securityContexts:

1277

container: {}

1278

# Container level lifecycle hooks

1279

containerLifecycleHooks: {}

1280

# Resource configuration for Airflow Celery workers

1281

resources: {}

1282

# limits:

1283

# cpu: 100m

1284

# memory: 128Mi

1285

# requests:

1286

# cpu: 100m

1287

# memory: 128Mi

1288

1289

# Grace period for tasks to finish after SIGTERM is sent from Kubernetes

1290

terminationGracePeriodSeconds: ~

1291

# This setting tells Kubernetes that its ok to evict when it wants to scale a node down

1292

safeToEvict: ~

1293

# Launch additional containers into Airflow Celery worker (templated)

1294

extraContainers: []

1295

# Add additional init containers into Airflow Celery workers (templated)

1296

extraInitContainers: []

1297

# Additional volumes attached to the Airflow Celery workers

1298

extraVolumes: []

1299

# Mount additional volumes into workers pods. It can be templated like in the following example:

1300

# extraVolumes:

1301

# - name: my-templated-extra-volume

1302

# secret:

1303

# secretName: '{{ include "my_secret_template" . }}'

1304

# defaultMode: 0640

1305

# optional: true

1306

1307

# Additional volume mounts attached to the Airflow Celery workers

1308

extraVolumeMounts: []

1309

# Mount additional volumes into workers pods. It can be templated like in the following example:

1310

# extraVolumeMounts:

1311

# - name: my-templated-extra-volume

1312

# mountPath: "{{ .Values.my_custom_path }}"

1313

# readOnly: true

1314

1315

# Expose additional ports of Airflow Celery workers. These can be used for additional metric collection.

1316

extraPorts: []

1317

# Select certain nodes for Airflow Celery worker pods

1318

nodeSelector: {}

1319

runtimeClassName: ~

1320

priorityClassName: ~

1321

affinity: {}

1322

# Default Airflow Celery worker affinity is:

1323

# podAntiAffinity:

1324

# preferredDuringSchedulingIgnoredDuringExecution:

1325

# - podAffinityTerm:

1326

# labelSelector:

1327

# matchLabels:

1328

# component: worker

1329

# topologyKey: kubernetes.io/hostname

1330

# weight: 100

1331

1332

tolerations: []

1333

topologySpreadConstraints: []

1334

# hostAliases to use in Airflow Celery worker pods

1335

# See:

1336

# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

1337

hostAliases: []

1338

# - ip: "127.0.0.2"

1339

# hostnames:

1340

# - "test.hostname.one"

1341

# - ip: "127.0.0.3"

1342

# hostnames:

1343

# - "test.hostname.two"

1344

1345

# Annotations for the Airflow Celery worker resource

1346

annotations: {}

1347

# Pod annotations for the Airflow Celery workers (templated)

1348

podAnnotations: {}

1349

# Labels specific to Airflow Celery workers objects

1350

labels: {}

1351

# Log groomer configuration for Airflow Celery workers

1352

logGroomerSidecar:

1353

# Whether to deploy the Airflow Celery worker log groomer sidecar

1354

enabled: ~

1355

# Whether persistence is required for log groomer sidecar. When false, the log groomer

1356

# can run on Deployments (without persistence) using an `emptyDir` volume for logs.

1357

# Note: This parameter is transitional for chart 1.2x. In chart 2.x, log groomer will

1358

# work without persistence by default and this parameter will be removed.

1359

requirePersistence: ~

1360

# Command to use when running the Airflow Celery worker log groomer sidecar (templated)

1361

command: ~

1362

# Args to use when running the Airflow Celery worker log groomer sidecar (templated)

1363

args: []

1364

# Number of days to retain logs

1365

retentionDays: ~

1366

# Number of minutes to retain logs.

1367

# This can be used for finer granularity than days.

1368

# Total retention is `retentionDays` + `retentionMinutes`.

1369

retentionMinutes: ~

1370

# Frequency to attempt to groom logs (in minutes)

1371

frequencyMinutes: ~

1372

# Max size of logs in bytes. 0 = disabled

1373

maxSizeBytes: ~

1374

# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.

1375

maxSizePercent: ~

1376

resources: {}

1377

# limits:

1378

# cpu: 100m

1379

# memory: 128Mi

1380

# requests:

1381

# cpu: 100m

1382

# memory: 128Mi

1383

1384

# Detailed default security context for `logGroomerSidecar` for container level

1385

securityContexts:

1386

container: {}

1387

env: []

1388

# Container level lifecycle hooks

1389

containerLifecycleHooks: {}

1390

# Configuration of wait-for-airflow-migration init container for Airflow Celery workers

1391

waitForMigrations:

1392

# Whether to create init container to wait for db migrations

1393

enabled: ~

1394

env: []

1395

# Detailed default security context for wait-for-airflow-migrations container

1396

securityContexts:

1397

container: {}

1398

# Additional env variable configuration for Airflow Celery workers

1399

env: []

1400

# Additional volume claim templates for Airflow Celery workers.

1401

# Requires mounting of specified volumes under extraVolumeMounts.

1402

volumeClaimTemplates: []

1403

# Volume Claim Templates example:

1404

# volumeClaimTemplates:

1405

# - metadata:

1406

# name: data-volume-1

1407

# spec:

1408

# storageClassName: "storage-class-1"

1409

# accessModes:

1410

# - "ReadWriteOnce"

1411

# resources:

1412

# requests:

1413

# storage: "10Gi"

1414

# - metadata:

1415

# name: data-volume-2

1416

# spec:

1417

# storageClassName: "storage-class-2"

1418

# accessModes:

1419

# - "ReadWriteOnce"

1420

# resources:

1421

# requests:

1422

# storage: "20Gi"

1423

1424

schedulerName: ~

1425

kubernetes:

1426

# Command to use in pod-template-file (templated)

1427

command: ~

1428

# Detailed default security context for pod-template-file for container and pod level

1429

# If not set, the values from `workers.securityContexts` section will be used.

1430

securityContexts:

1431

pod: {}

1432

container: {}

1433

# Container level Lifecycle Hooks definition for pods created with pod-template-file

1434

containerLifecycleHooks: {}

1435

# Create Service Account for pods created with pod-template-file

1436

# When this section is specified, the Service Account is created from

1437

# 'templates/workers/worker-kubernetes-serviceaccount.yaml' file

1438

serviceAccount:

1439

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1440

# If not specified, the `workers.serviceAccount.automountServiceAccountToken` value will be taken

1441

automountServiceAccountToken: ~

1442

# Specifies whether a Service Account should be created.

1443

# If not specified, the Service Account will be generated and used from

1444

# 'templates/workers/worker-serviceaccount.yaml' file if `workers.serviceAccount.create`

1445

# will be 'true'

1446

create: ~

1447

# The name of the Service Account to use.

1448

# If not set and `create` is 'true', a name is generated using the release name

1449

# with Kubernetes dedicated name

1450

1451

# Annotations to add to worker Kubernetes Service Account.

1452

# If not specified, the `workers.serviceAccount.annotations` value will be taken

1453

annotations: {}

1454

# Kerberos sidecar configuration for pods created with pod-template-file

1455

kerberosSidecar:

1456

# Enable kerberos sidecar

1457

enabled: ~

1458

resources: {}

1459

# limits:

1460

# cpu: 100m

1461

# memory: 128Mi

1462

# requests:

1463

# cpu: 100m

1464

# memory: 128Mi

1465

1466

# Detailed default security context for kerberos sidecar on container level

1467

securityContexts:

1468

container: {}

1469

# Container level lifecycle hooks

1470

containerLifecycleHooks: {}

1471

# Kerberos init container configuration for pods created with pod-template-file

1472

# If not set, the values from `workers.kerberosInitContainer` section will be used.

1473

kerberosInitContainer:

1474

# Enable kerberos init container

1475

# If `workers.kerberosInitContainer.enabled` is set to True, this flag has no effect

1476

enabled: ~

1477

resources: {}

1478

# limits:

1479

# cpu: 100m

1480

# memory: 128Mi

1481

# requests:

1482

# cpu: 100m

1483

# memory: 128Mi

1484

1485

# Detailed default security context for kerberos init container

1486

securityContexts:

1487

container: {}

1488

# Container level lifecycle hooks

1489

containerLifecycleHooks: {}

1490

# Resource configuration for pods created with pod-template-file

1491

resources: {}

1492

# limits:

1493

# cpu: 100m

1494

# memory: 128Mi

1495

# requests:

1496

# cpu: 100m

1497

# memory: 128Mi

1498

1499

# Grace period for tasks to finish after SIGTERM is sent from Kubernetes

1500

terminationGracePeriodSeconds: ~

1501

# This setting tells Kubernetes that its ok to evict when it wants to scale a node down

1502

safeToEvict: ~

1503

# Launch additional containers into pods created with pod-template-file (templated).

1504

# Note: You are responsible for signaling sidecars to exit when the main

1505

# container finishes so Airflow can continue the worker shutdown process!

1506

extraContainers: []

1507

# Add additional init containers into pods created with pod-template-file (templated)

1508

extraInitContainers: []

1509

# Additional volumes attached to the pods created with pod-template-file

1510

extraVolumes: []

1511

# Mount additional volumes into workers pods. It can be templated like in the following example:

1512

# extraVolumes:

1513

# - name: my-templated-extra-volume

1514

# secret:

1515

# secretName: '{{ include "my_secret_template" . }}'

1516

# defaultMode: 0640

1517

# optional: true

1518

1519

# Additional volume mounts attached to the pods created with pod-template-file

1520

extraVolumeMounts: []

1521

# Mount additional volumes into workers pods. It can be templated like in the following example:

1522

# extraVolumeMounts:

1523

# - name: my-templated-extra-volume

1524

# mountPath: "{{ .Values.my_custom_path }}"

1525

# readOnly: true

1526

1527

# Select certain nodes for pods created with pod-template-file

1528

nodeSelector: {}

1529

runtimeClassName: ~

1530

priorityClassName: ~

1531

affinity: {}

1532

tolerations: []

1533

topologySpreadConstraints: []

1534

# hostAliases to use in pods created with pod-template-file

1535

# See:

1536

# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

1537

hostAliases: []

1538

# - ip: "127.0.0.2"

1539

# hostnames:

1540

# - "test.hostname.one"

1541

# - ip: "127.0.0.3"

1542

# hostnames:

1543

# - "test.hostname.two"

1544

1545

# Pod annotations for the pods created with pod-template-file (templated)

1546

podAnnotations: {}

1547

# Labels specific to pods created with pod-template-file

1548

labels: {}

1549

# Additional env variable configuration for pods created with pod-template-file

1550

env: []

1551

schedulerName: ~

1552

# Airflow scheduler settings

1553

scheduler:

1554

enabled: true

1555

# hostAliases for the scheduler pod

1556

hostAliases: []

1557

# - ip: "127.0.0.1"

1558

# hostnames:

1559

# - "foo.local"

1560

# - ip: "10.1.2.3"

1561

# hostnames:

1562

# - "foo.remote"

1563

1564

# If the scheduler stops heartbeating for 5 minutes (5*60s) kill the

1565

# scheduler and let Kubernetes restart it

1566

livenessProbe:

1567

initialDelaySeconds: 10

1568

timeoutSeconds: 20

1569

failureThreshold: 5

1570

periodSeconds: 60

1571

command: ~

1572

# Wait for at most 1 minute (6*10s) for the scheduler container to startup.

1573

# LivenessProbe kicks in after the first successful startupProbe

1574

startupProbe:

1575

initialDelaySeconds: 0

1576

failureThreshold: 6

1577

periodSeconds: 10

1578

timeoutSeconds: 20

1579

command: ~

1580

# Amount of scheduler replicas

1581

replicas: 1

1582

# Max number of old replicasets to retain

1583

revisionHistoryLimit: ~

1584

# Command to use when running the Airflow scheduler (templated).

1585

command: ~

1586

# Args to use when running the Airflow scheduler (templated).

1587

args: ["bash", "-c", "exec airflow scheduler"]

1588

# Update Strategy when scheduler is deployed as a StatefulSet

1589

# (when using LocalExecutor and `workers.persistence`)

1590

updateStrategy: ~

1591

# Update Strategy when scheduler is deployed as a Deployment

1592

# (when not using LocalExecutor and `workers.persistence`)

1593

strategy: ~

1594

# When not set, the values defined in the global `securityContext` will be used

1595

# (deprecated, use `scheduler.securityContexts` instead)

1596

securityContext: {}

1597

# runAsUser: 50000

1598

# fsGroup: 0

1599

# runAsGroup: 0

1600

1601

# Detailed default security context for scheduler Deployments for container and pod level

1602

securityContexts:

1603

pod: {}

1604

container: {}

1605

# Container level lifecycle hooks

1606

containerLifecycleHooks: {}

1607

# Grace period for tasks to finish after SIGTERM is sent from Kubernetes

1608

terminationGracePeriodSeconds: 10

1609

# Create Service Account

1610

serviceAccount:

1611

# Affects all executors that launch pods

1612

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1613

automountServiceAccountToken: true

1614

# Specifies whether a Service Account should be created

1615

create: true

1616

# The name of the Service Account to use.

1617

# If not set and `create` is 'true', a name is generated using the release name

1618

1619

# Annotations to add to scheduler Kubernetes Service Account.

1620

annotations: {}

1621

# Service Account Token Volume configuration

1622

# This is only used when `automountServiceAccountToken` is 'false'

1623

# and allows manual configuration of the Service Account token volume

1624

serviceAccountTokenVolume:

1625

# Enable manual Service Account token volume configuration

1626

enabled: false

1627

# Path where the Service Account token should be mounted

1628

mountPath: /var/run/secrets/kubernetes.io/serviceaccount

1629

# Name of the volume

1630

volumeName: kube-api-access

1631

# Token expiration in seconds

1632

expirationSeconds: 3600

1633

# Audience for the token

1634

audience: ~

1635

# Scheduler pod disruption budget

1636

podDisruptionBudget:

1637

enabled: false

1638

# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)

1639

config:

1640

maxUnavailable: 1

1641

# minAvailable: 1

1642

resources: {}

1643

# limits:

1644

# cpu: 100m

1645

# memory: 128Mi

1646

# requests:

1647

# cpu: 100m

1648

# memory: 128Mi

1649

1650

# This setting tells Kubernetes that its ok to evict

1651

# when it wants to scale a node down.

1652

safeToEvict: true

1653

# Launch additional containers into scheduler (templated).

1654

extraContainers: []

1655

# Add additional init containers into scheduler (templated).

1656

extraInitContainers: []

1657

# Mount additional volumes into scheduler.

1658

extraVolumes: []

1659

extraVolumeMounts: []

1660

# It can be templated like in the following example:

1661

# extraVolumes:

1662

# - name: my-templated-extra-volume

1663

# secret:

1664

# secretName: '{{ include "my_secret_template" . }}'

1665

# defaultMode: 0640

1666

# optional: true

1667

1668

# extraVolumeMounts:

1669

# - name: my-templated-extra-volume

1670

# mountPath: "{{ .Values.my_custom_path }}"

1671

# readOnly: true

1672

1673

# Select certain nodes for Airflow scheduler pods.

1674

nodeSelector: {}

1675

affinity: {}

1676

# default scheduler affinity is:

1677

# podAntiAffinity:

1678

# preferredDuringSchedulingIgnoredDuringExecution:

1679

# - podAffinityTerm:

1680

# labelSelector:

1681

# matchLabels:

1682

# component: scheduler

1683

# topologyKey: kubernetes.io/hostname

1684

# weight: 100

1685

1686

tolerations: []

1687

topologySpreadConstraints: []

1688

priorityClassName: ~

1689

# Annotations for scheduler Deployment

1690

annotations: {}

1691

# Pod annotations for scheduler pods (templated)

1692

podAnnotations: {}

1693

# Labels specific to scheduler objects and pods

1694

labels: {}

1695

logGroomerSidecar:

1696

# Whether to deploy the Airflow scheduler log groomer sidecar.

1697

enabled: true

1698

# Command to use when running the Airflow scheduler log groomer sidecar (templated).

1699

command: ~

1700

# Args to use when running the Airflow scheduler log groomer sidecar (templated).

1701

args: ["bash", "/clean-logs"]

1702

# Number of days to retain logs

1703

retentionDays: 15

1704

# Number of minutes to retain logs.

1705

# This can be used for finer granularity than days.

1706

# Total retention is `retentionDays` + `retentionMinutes`.

1707

retentionMinutes: 0

1708

# Frequency to attempt to groom logs, in minutes

1709

frequencyMinutes: 15

1710

# Max size of logs in bytes. 0 = disabled

1711

maxSizeBytes: 0

1712

# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.

1713

maxSizePercent: 0

1714

resources: {}

1715

# limits:

1716

# cpu: 100m

1717

# memory: 128Mi

1718

# requests:

1719

# cpu: 100m

1720

# memory: 128Mi

1721

1722

# Detailed default security context for `logGroomerSidecar` for container level

1723

securityContexts:

1724

container: {}

1725

# Container level lifecycle hooks

1726

containerLifecycleHooks: {}

1727

env: []

1728

waitForMigrations:

1729

# Whether to create init container to wait for db migrations

1730

enabled: true

1731

env: []

1732

# Detailed default security context for waitForMigrations for container level

1733

securityContexts:

1734

container: {}

1735

env: []

1736

# Airflow create user job settings

1737

createUserJob:

1738

# Whether the create user job should be created

1739

enabled: true

1740

# Create initial user.

1741

defaultUser:

1742

role: Admin

1743

username: admin

1744

email: admin@example.com

1745

firstName: admin

1746

lastName: user

1747

password: admin

1748

# Limit the lifetime of the job object after it finished execution.

1749

ttlSecondsAfterFinished: 300

1750

# Command to use when running the create user job (templated).

1751

command: ~

1752

# Args to use when running the create user job (templated).

1753

args:

1754

- "bash"

1755

- "-c"

1756

# The format below is necessary to get `helm lint` happy

1757

- |-

1758

exec \

1759

airflow users create "$@"

1760

- --

1761

# yamllint disable rule:line-length

1762

- "-r"

1763

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.role }}{{ else }}{{ .Values.createUserJob.defaultUser.role }}{{ end }}"

1764

- "-u"

1765

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.username }}{{ else }}{{ .Values.createUserJob.defaultUser.username }}{{ end }}"

1766

- "-e"

1767

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.email }}{{ else }}{{ .Values.createUserJob.defaultUser.email }}{{ end }}"

1768

- "-f"

1769

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.firstName }}{{ else }}{{ .Values.createUserJob.defaultUser.firstName }}{{ end }}"

1770

- "-l"

1771

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.lastName }}{{ else }}{{ .Values.createUserJob.defaultUser.lastName }}{{ end }}"

1772

- "-p"

1773

- "{{ if .Values.webserver.defaultUser }}{{ .Values.webserver.defaultUser.password }}{{ else }}{{ .Values.createUserJob.defaultUser.password }}{{ end }}"

1774

# Annotations on the create user job pod (templated)

1775

annotations: {}

1776

# `jobAnnotations` are annotations on the create user job

1777

jobAnnotations: {}

1778

restartPolicy: OnFailure

1779

# Labels specific to `createUserJob` objects and pods

1780

labels: {}

1781

# When not set, the values defined in the global `securityContext` will be used

1782

# (deprecated, use `createUserJob.securityContexts` instead)

1783

securityContext: {}

1784

# runAsUser: 50000

1785

# fsGroup: 0

1786

# runAsGroup: 0

1787

1788

# Detailed default security context for `createUserJob` for container and pod level

1789

securityContexts:

1790

pod: {}

1791

container: {}

1792

# Container level lifecycle hooks

1793

containerLifecycleHooks: {}

1794

# Create Service Account

1795

serviceAccount:

1796

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1797

automountServiceAccountToken: true

1798

# Specifies whether a Service Account should be created

1799

create: true

1800

# The name of the Service Account to use.

1801

# If not set and `create` is 'true', a name is generated using the release name

1802

1803

# Annotations to add to create user Kubernetes Service Account.

1804

annotations: {}

1805

# Launch additional containers into user creation job

1806

extraContainers: []

1807

# Add additional init containers into user creation job (templated).

1808

extraInitContainers: []

1809

# Mount additional volumes into user creation job.

1810

extraVolumes: []

1811

extraVolumeMounts: []

1812

# It can be templated like in the following example:

1813

# extraVolumes:

1814

# - name: my-templated-extra-volume

1815

# secret:

1816

# secretName: '{{ include "my_secret_template" . }}'

1817

# defaultMode: 0640

1818

# optional: true

1819

1820

# extraVolumeMounts:

1821

# - name: my-templated-extra-volume

1822

# mountPath: "{{ .Values.my_custom_path }}"

1823

# readOnly: true

1824

1825

nodeSelector: {}

1826

affinity: {}

1827

tolerations: []

1828

topologySpreadConstraints: []

1829

priorityClassName: ~

1830

# In case you need to disable the helm hooks that create the jobs after install.

1831

# Disable this if you are e.g. using ArgoCD

1832

useHelmHooks: true

1833

applyCustomEnv: true

1834

env: []

1835

resources: {}

1836

# limits:

1837

# cpu: 100m

1838

# memory: 128Mi

1839

# requests:

1840

# cpu: 100m

1841

# memory: 128Mi

1842

# Airflow database migration job settings

1843

migrateDatabaseJob:

1844

enabled: true

1845

# Limit the lifetime of the job object after it finished execution.

1846

ttlSecondsAfterFinished: 300

1847

# Command to use when running the migrate database job (templated).

1848

command: ~

1849

# Args to use when running the migrate database job (templated).

1850

args:

1851

- "bash"

1852

- "-c"

1853

- >-

1854

exec \

1855

1856

airflow db migrate

1857

# Annotations on the database migration pod (templated)

1858

annotations: {}

1859

# `jobAnnotations` are annotations on the database migration job

1860

jobAnnotations: {}

1861

restartPolicy: OnFailure

1862

# Labels specific to migrate database job objects and pods

1863

labels: {}

1864

# When not set, the values defined in the global `securityContext` will be used

1865

# (deprecated, use `migrateDatabaseJob.securityContexts` instead)

1866

securityContext: {}

1867

# runAsUser: 50000

1868

# fsGroup: 0

1869

# runAsGroup: 0

1870

1871

# Detailed default security context for `migrateDatabaseJob` for container and pod level

1872

securityContexts:

1873

pod: {}

1874

container: {}

1875

# Container level lifecycle hooks

1876

containerLifecycleHooks: {}

1877

# Create Service Account

1878

serviceAccount:

1879

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1880

automountServiceAccountToken: true

1881

# Specifies whether a Service Account should be created

1882

create: true

1883

# The name of the Service Account to use.

1884

# If not set and `create` is 'true', a name is generated using the release name

1885

1886

# Annotations to add to migrate database job Kubernetes Service Account.

1887

annotations: {}

1888

resources: {}

1889

# limits:

1890

# cpu: 100m

1891

# memory: 128Mi

1892

# requests:

1893

# cpu: 100m

1894

# memory: 128Mi

1895

1896

# Launch additional containers into database migration job

1897

extraContainers: []

1898

# Add additional init containers into migrate database job (templated).

1899

extraInitContainers: []

1900

# Mount additional volumes into database migration job.

1901

extraVolumes: []

1902

extraVolumeMounts: []

1903

# It can be templated like in the following example:

1904

# extraVolumes:

1905

# - name: my-templated-extra-volume

1906

# secret:

1907

# secretName: '{{ include "my_secret_template" . }}'

1908

# defaultMode: 0640

1909

# optional: true

1910

1911

# extraVolumeMounts:

1912

# - name: my-templated-extra-volume

1913

# mountPath: "{{ .Values.my_custom_path }}"

1914

# readOnly: true

1915

1916

nodeSelector: {}

1917

affinity: {}

1918

tolerations: []

1919

topologySpreadConstraints: []

1920

priorityClassName: ~

1921

# In case you need to disable the helm hooks that create the jobs after install.

1922

# Disable this if you are using ArgoCD for example

1923

useHelmHooks: true

1924

applyCustomEnv: true

1925

env: []

1926

apiServer:

1927

enabled: true

1928

# Number of Airflow API servers in the Deployment.

1929

# Omitted from the Deployment, when HPA is enabled.

1930

replicas: 1

1931

# Max number of old ReplicaSets to retain

1932

revisionHistoryLimit: ~

1933

# Labels specific to Airflow API server objects and pods

1934

labels: {}

1935

# Command to use when running the Airflow API server (templated).

1936

command: ~

1937

# Args to use when running the Airflow API server (templated).

1938

args: ["bash", "-c", "exec airflow api-server"]

1939

# Example: To enable proxy headers support when running behind a reverse proxy:

1940

# args: ["bash", "-c", "exec airflow api-server --proxy-headers"]

1941

1942

allowPodLogReading: true

1943

# Environment variables for the Airflow API server.

1944

env: []

1945

# Example: To configure FORWARDED_ALLOW_IPS when running behind a reverse proxy:

1946

# env:

1947

# - name: FORWARDED_ALLOW_IPS

1948

# value: "*" # Use "*" for trusted environments, or specify proxy IP ranges for production

1949

1950

# Allow Horizontal Pod Autoscaler (HPA) configuration for api-server. (optional)

1951

# HPA automatically scales the number of api-server pods based on observed metrics.

1952

# HPA automatically adjusts api-server replicas between `minReplicaCount` and `maxReplicaCount` based on metrics.

1953

hpa:

1954

enabled: false

1955

# Minimum number of api-servers created by HPA

1956

minReplicaCount: 1

1957

# Maximum number of api-servers created by HPA

1958

maxReplicaCount: 5

1959

# Specifications for which to use to calculate the desired replica count

1960

metrics:

1961

- type: Resource

1962

resource:

1963

1964

target:

1965

type: Utilization

1966

averageUtilization: 50

1967

# Scaling behavior of the target in both Up and Down directions

1968

behavior: {}

1969

serviceAccount:

1970

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

1971

automountServiceAccountToken: true

1972

# Specifies whether a Service Account should be created

1973

create: true

1974

# The name of the Service Account to use.

1975

# If not set and `create` is 'true', a name is generated using the release name

1976

1977

# Annotations to add to Airflow API server Kubernetes Service Account.

1978

annotations: {}

1979

service:

1980

type: ClusterIP

1981

# Service annotations

1982

annotations: {}

1983

ports:

1984

- name: api-server

1985

port: "{{ .Values.ports.apiServer }}"

1986

loadBalancerIP: ~

1987

# Limit load balancer source ips to list of CIDRs

1988

loadBalancerSourceRanges: []

1989

# loadBalancerSourceRanges:

1990

# - "10.123.0.0/16"

1991

podDisruptionBudget:

1992

enabled: false

1993

# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)

1994

config:

1995

maxUnavailable: 1

1996

# minAvailable: 1

1997

# Allow overriding Update Strategy for API server

1998

strategy: ~

1999

# Detailed default security contexts for Airflow API server Deployments for container and pod level

2000

securityContexts:

2001

pod: {}

2002

container: {}

2003

# Container level lifecycle hooks

2004

containerLifecycleHooks: {}

2005

waitForMigrations:

2006

# Whether to create init container to wait for db migrations

2007

enabled: true

2008

env: []

2009

# Detailed default security context for waitForMigrations for container level

2010

securityContexts:

2011

container: {}

2012

# Launch additional containers into the Airflow API server pods.

2013

extraContainers: []

2014

# Add additional init containers into API server (templated).

2015

extraInitContainers: []

2016

# Mount additional volumes into API server.

2017

extraVolumes: []

2018

extraVolumeMounts: []

2019

# It can be templated like in the following example:

2020

# extraVolumes:

2021

# - name: my-templated-extra-volume

2022

# secret:

2023

# secretName: '{{ include "my_secret_template" . }}'

2024

# defaultMode: 0640

2025

# optional: true

2026

2027

# extraVolumeMounts:

2028

# - name: my-templated-extra-volume

2029

# mountPath: "{{ .Values.my_custom_path }}"

2030

# readOnly: true

2031

2032

# Select certain nodes for Airflow API server pods.

2033

nodeSelector: {}

2034

affinity: {}

2035

tolerations: []

2036

topologySpreadConstraints: []

2037

priorityClassName: ~

2038

# hostAliases for API server pod

2039

hostAliases: []

2040

# Annotations for Airflow API server Deployment

2041

annotations: {}

2042

# Pod annotations for API server pods (templated)

2043

podAnnotations: {}

2044

networkPolicy:

2045

ingress:

2046

# Peers for Airflow API server NetworkPolicy ingress

2047

from: []

2048

# Ports for Airflow API server NetworkPolicy ingress (if `from` is set)

2049

ports:

2050

- port: "{{ .Values.ports.apiServer }}"

2051

resources: {}

2052

# limits:

2053

# cpu: 100m

2054

# memory: 128Mi

2055

# requests:

2056

# cpu: 100m

2057

# memory: 128Mi

2058

2059

# Add custom annotations to the `apiServer` ConfigMap

2060

configMapAnnotations: {}

2061

# This string (templated) will be mounted into the Airflow API Server

2062

# as a custom webserver_config.py. You can bake a webserver_config.py into

2063

# your image instead or specify a ConfigMap containing the

2064

# webserver_config.py.

2065

apiServerConfig: ~

2066

# apiServerConfig: |

2067

# from airflow import configuration as conf

2068

2069

# # The SQLAlchemy connection string.

2070

# SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')

2071

2072

# # Flask-WTF flag for CSRF

2073

# CSRF_ENABLED = True

2074

apiServerConfigConfigMapName: ~

2075

livenessProbe:

2076

initialDelaySeconds: 15

2077

timeoutSeconds: 5

2078

failureThreshold: 5

2079

periodSeconds: 10

2080

scheme: HTTP

2081

readinessProbe:

2082

initialDelaySeconds: 15

2083

timeoutSeconds: 5

2084

failureThreshold: 5

2085

periodSeconds: 10

2086

scheme: HTTP

2087

startupProbe:

2088

initialDelaySeconds: 0

2089

timeoutSeconds: 20

2090

failureThreshold: 6

2091

periodSeconds: 10

2092

scheme: HTTP

2093

# Airflow webserver settings (only Airflow<3.0)

2094

webserver:

2095

enabled: true

2096

# Add custom annotations to the webserver ConfigMap

2097

configMapAnnotations: {}

2098

# hostAliases for the webserver pod

2099

hostAliases: []

2100

# - ip: "127.0.0.1"

2101

# hostnames:

2102

# - "foo.local"

2103

# - ip: "10.1.2.3"

2104

# hostnames:

2105

# - "foo.remote"

2106

2107

allowPodLogReading: true

2108

livenessProbe:

2109

initialDelaySeconds: 15

2110

timeoutSeconds: 5

2111

failureThreshold: 5

2112

periodSeconds: 10

2113

scheme: HTTP

2114

readinessProbe:

2115

initialDelaySeconds: 15

2116

timeoutSeconds: 5

2117

failureThreshold: 5

2118

periodSeconds: 10

2119

scheme: HTTP

2120

# Wait for at most 1 minute (6*10s) for the webserver container to startup.

2121

# LivenessProbe kicks in after the first successful startupProbe

2122

startupProbe:

2123

initialDelaySeconds: 0

2124

timeoutSeconds: 20

2125

failureThreshold: 6

2126

periodSeconds: 10

2127

scheme: HTTP

2128

# Number of webservers

2129

replicas: 1

2130

# Max number of old replicasets to retain

2131

revisionHistoryLimit: ~

2132

# Command to use when running the Airflow webserver (templated).

2133

command: ~

2134

# Args to use when running the Airflow webserver (templated).

2135

args: ["bash", "-c", "exec airflow webserver"]

2136

# Grace period for webserver to finish after SIGTERM is sent from Kubernetes

2137

terminationGracePeriodSeconds: 30

2138

# Allow HPA

2139

hpa:

2140

enabled: false

2141

# Minimum number of webservers created by HPA

2142

minReplicaCount: 1

2143

# Maximum number of webservers created by HPA

2144

maxReplicaCount: 5

2145

# Specifications for which to use to calculate the desired replica count

2146

metrics:

2147

- type: Resource

2148

resource:

2149

2150

target:

2151

type: Utilization

2152

averageUtilization: 80

2153

# Scaling behavior of the target in both Up and Down directions

2154

behavior: {}

2155

# Create Service Account

2156

serviceAccount:

2157

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2158

automountServiceAccountToken: true

2159

# Specifies whether a Service Account should be created

2160

create: true

2161

# The name of the Service Account to use.

2162

# If not set and `create` is 'true', a name is generated using the release name

2163

2164

# Annotations to add to webserver Kubernetes Service Account.

2165

annotations: {}

2166

# Webserver pod disruption budget

2167

podDisruptionBudget:

2168

enabled: false

2169

# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)

2170

config:

2171

maxUnavailable: 1

2172

# minAvailable: 1

2173

# Allow overriding Update Strategy for Webserver

2174

strategy: ~

2175

# When not set, the values defined in the global `securityContext` will be used

2176

# (deprecated, use `webserver.securityContexts` instead)

2177

securityContext: {}

2178

# runAsUser: 50000

2179

# fsGroup: 0

2180

# runAsGroup: 0

2181

2182

# Detailed default security contexts for webserver Deployments for container and pod level

2183

securityContexts:

2184

pod: {}

2185

container: {}

2186

# Container level lifecycle hooks

2187

containerLifecycleHooks: {}

2188

# Additional network policies as needed (deprecated, use `webserver.networkPolicy.ingress.from` instead)

2189

extraNetworkPolicies: []

2190

networkPolicy:

2191

ingress:

2192

# Peers for webserver NetworkPolicy ingress

2193

from: []

2194

# Ports for webserver NetworkPolicy ingress (if `from` is set)

2195

ports:

2196

- port: "{{ .Values.ports.airflowUI }}"

2197

resources: {}

2198

# limits:

2199

# cpu: 100m

2200

# memory: 128Mi

2201

# requests:

2202

# cpu: 100m

2203

# memory: 128Mi

2204

2205

# Create initial user. (deprecated, use `createUserJob` section instead)

2206

# defaultUser:

2207

# enabled: true

2208

# role: Admin

2209

# username: admin

2210

# email: admin@example.com

2211

# firstName: admin

2212

# lastName: user

2213

# password: admin

2214

2215

# Launch additional containers into webserver (templated).

2216

extraContainers: []

2217

# Add additional init containers into webserver (templated).

2218

extraInitContainers: []

2219

# Mount additional volumes into webserver.

2220

extraVolumes: []

2221

extraVolumeMounts: []

2222

# It can be templated like in the following example:

2223

# extraVolumes:

2224

# - name: my-templated-extra-volume

2225

# secret:

2226

# secretName: '{{ include "my_secret_template" . }}'

2227

# defaultMode: 0640

2228

# optional: true

2229

2230

# extraVolumeMounts:

2231

# - name: my-templated-extra-volume

2232

# mountPath: "{{ .Values.my_custom_path }}"

2233

# readOnly: true

2234

2235

# This string (templated) will be mounted into the Airflow Webserver

2236

# as a custom webserver_config.py. You can bake a webserver_config.py into

2237

# your image instead or specify a ConfigMap containing the

2238

# webserver_config.py.

2239

webserverConfig: ~

2240

# webserverConfig: |

2241

# from airflow import configuration as conf

2242

2243

# # The SQLAlchemy connection string.

2244

# SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')

2245

2246

# # Flask-WTF flag for CSRF

2247

# CSRF_ENABLED = True

2248

webserverConfigConfigMapName: ~

2249

service:

2250

type: ClusterIP

2251

# Service annotations

2252

annotations: {}

2253

ports:

2254

- name: airflow-ui

2255

port: "{{ .Values.ports.airflowUI }}"

2256

# To change the port used to access the webserver:

2257

# ports:

2258

# - name: airflow-ui

2259

# port: 80

2260

# targetPort: airflow-ui

2261

# To only expose a sidecar, not the webserver directly:

2262

# ports:

2263

# - name: only_sidecar

2264

# port: 80

2265

# targetPort: 8888

2266

# If you have a public IP, set NodePort to set an external port.

2267

# Service type must be 'NodePort':

2268

# ports:

2269

# - name: airflow-ui

2270

# port: 8080

2271

# targetPort: 8080

2272

# nodePort: 31151

2273

2274

loadBalancerIP: ~

2275

# Limit load balancer source ips to list of CIDRs

2276

loadBalancerSourceRanges: []

2277

# loadBalancerSourceRanges:

2278

# - "10.123.0.0/16"

2279

# Select certain nodes for Airflow webserver pods.

2280

nodeSelector: {}

2281

priorityClassName: ~

2282

affinity: {}

2283

# default webserver affinity is:

2284

# podAntiAffinity:

2285

# preferredDuringSchedulingIgnoredDuringExecution:

2286

# - podAffinityTerm:

2287

# labelSelector:

2288

# matchLabels:

2289

# component: webserver

2290

# topologyKey: kubernetes.io/hostname

2291

# weight: 100

2292

2293

tolerations: []

2294

topologySpreadConstraints: []

2295

# Annotations for webserver Deployment

2296

annotations: {}

2297

# Pod annotations for webserver pods (templated)

2298

podAnnotations: {}

2299

# Labels specific webserver app

2300

labels: {}

2301

waitForMigrations:

2302

# Whether to create init container to wait for db migrations

2303

enabled: true

2304

env: []

2305

# Detailed default security context for waitForMigrations for container level

2306

securityContexts:

2307

container: {}

2308

env: []

2309

# Airflow Triggerer Config

2310

triggerer:

2311

enabled: true

2312

# Number of Airflow triggerers in the Deployment

2313

replicas: 1

2314

# Max number of old replicasets to retain

2315

revisionHistoryLimit: ~

2316

# Command to use when running Airflow triggerers (templated).

2317

command: ~

2318

# Args to use when running Airflow triggerer (templated).

2319

args: ["bash", "-c", "exec airflow triggerer"]

2320

# Update Strategy when triggerer is deployed as a StatefulSet

2321

updateStrategy: ~

2322

# Update Strategy when triggerer is deployed as a Deployment

2323

strategy:

2324

rollingUpdate:

2325

maxSurge: "100%"

2326

maxUnavailable: "50%"

2327

# If the triggerer stops heartbeating for 5 minutes (5*60s) kill the

2328

# triggerer and let Kubernetes restart it

2329

livenessProbe:

2330

initialDelaySeconds: 10

2331

timeoutSeconds: 20

2332

failureThreshold: 5

2333

periodSeconds: 60

2334

command: ~

2335

# Create Service Account

2336

serviceAccount:

2337

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2338

automountServiceAccountToken: true

2339

# Specifies whether a Service Account should be created

2340

create: true

2341

# The name of the Service Account to use.

2342

# If not set and `create` is 'true', a name is generated using the release name

2343

2344

# Annotations to add to triggerer Kubernetes Service Account.

2345

annotations: {}

2346

# When not set, the values defined in the global `securityContext` will be used

2347

# (deprecated, use `triggerer.securityContexts` instead)

2348

securityContext: {}

2349

# runAsUser: 50000

2350

# fsGroup: 0

2351

# runAsGroup: 0

2352

2353

# Detailed default security context for triggerer for container and pod level

2354

securityContexts:

2355

pod: {}

2356

container: {}

2357

# Container level lifecycle hooks

2358

containerLifecycleHooks: {}

2359

persistence:

2360

# Enable persistent volumes

2361

enabled: true

2362

# This policy determines whether PVCs should be deleted when StatefulSet is scaled down or removed.

2363

persistentVolumeClaimRetentionPolicy: ~

2364

# Volume size for triggerer StatefulSet

2365

size: 100Gi

2366

# If using a custom storageClass, pass name ref to all statefulSets here

2367

storageClassName:

2368

# Execute init container to chown log directory.

2369

# This is currently only needed in kind, due to usage

2370

# of local-path provisioner.

2371

fixPermissions: false

2372

# Annotations to add to triggerer volumes

2373

annotations: {}

2374

# Triggerer pod disruption budget

2375

podDisruptionBudget:

2376

enabled: false

2377

# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)

2378

config:

2379

maxUnavailable: 1

2380

# minAvailable: 1

2381

resources: {}

2382

# limits:

2383

# cpu: 100m

2384

# memory: 128Mi

2385

# requests:

2386

# cpu: 100m

2387

# memory: 128Mi

2388

2389

# Grace period for triggerer to finish after SIGTERM is sent from Kubernetes

2390

terminationGracePeriodSeconds: 60

2391

# This setting tells Kubernetes that its ok to evict

2392

# when it wants to scale a node down.

2393

safeToEvict: true

2394

# Launch additional containers into triggerer (templated).

2395

extraContainers: []

2396

# Add additional init containers into triggerers (templated).

2397

extraInitContainers: []

2398

# Mount additional volumes into triggerer.

2399

extraVolumes: []

2400

extraVolumeMounts: []

2401

# It can be templated like in the following example:

2402

# extraVolumes:

2403

# - name: my-templated-extra-volume

2404

# secret:

2405

# secretName: '{{ include "my_secret_template" . }}'

2406

# defaultMode: 0640

2407

# optional: true

2408

2409

# extraVolumeMounts:

2410

# - name: my-templated-extra-volume

2411

# mountPath: "{{ .Values.my_custom_path }}"

2412

# readOnly: true

2413

2414

# Select certain nodes for Airflow triggerer pods.

2415

nodeSelector: {}

2416

affinity: {}

2417

# default triggerer affinity is:

2418

# podAntiAffinity:

2419

# preferredDuringSchedulingIgnoredDuringExecution:

2420

# - podAffinityTerm:

2421

# labelSelector:

2422

# matchLabels:

2423

# component: triggerer

2424

# topologyKey: kubernetes.io/hostname

2425

# weight: 100

2426

2427

tolerations: []

2428

topologySpreadConstraints: []

2429

# hostAliases for the triggerer pod

2430

hostAliases: []

2431

# - ip: "127.0.0.1"

2432

# hostnames:

2433

# - "foo.local"

2434

# - ip: "10.1.2.3"

2435

# hostnames:

2436

# - "foo.remote"

2437

2438

priorityClassName: ~

2439

# Annotations for the triggerer Deployment

2440

annotations: {}

2441

# Pod annotations for triggerer pods (templated)

2442

podAnnotations: {}

2443

# Labels specific to triggerer objects and pods

2444

labels: {}

2445

logGroomerSidecar:

2446

# Whether to deploy the Airflow triggerer log groomer sidecar.

2447

enabled: true

2448

# Command to use when running the Airflow triggerer log groomer sidecar (templated).

2449

command: ~

2450

# Args to use when running the Airflow triggerer log groomer sidecar (templated).

2451

args: ["bash", "/clean-logs"]

2452

# Number of days to retain logs

2453

retentionDays: 15

2454

# Number of minutes to retain logs.

2455

# This can be used for finer granularity than days.

2456

# Total retention is `retentionDays` + `retentionMinutes`.

2457

retentionMinutes: 0

2458

# frequency to attempt to groom logs, in minutes

2459

frequencyMinutes: 15

2460

# Max size of logs in bytes. 0 = disabled

2461

maxSizeBytes: 0

2462

# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.

2463

maxSizePercent: 0

2464

resources: {}

2465

# limits:

2466

# cpu: 100m

2467

# memory: 128Mi

2468

# requests:

2469

# cpu: 100m

2470

# memory: 128Mi

2471

2472

# Detailed default security context for `logGroomerSidecar` for container level

2473

securityContexts:

2474

container: {}

2475

# Container level lifecycle hooks

2476

containerLifecycleHooks: {}

2477

env: []

2478

waitForMigrations:

2479

# Whether to create init container to wait for db migrations

2480

enabled: true

2481

env: []

2482

# Detailed default security context for waitForMigrations for container level

2483

securityContexts:

2484

container: {}

2485

env: []

2486

# Allow KEDA autoscaling.

2487

keda:

2488

enabled: false

2489

namespaceLabels: {}

2490

# How often KEDA polls the Airflow DB to report new scale requests to the HPA

2491

pollingInterval: 5

2492

# How many seconds KEDA will wait before scaling to zero.

2493

# Note that HPA has a separate cooldown period for scale-downs

2494

cooldownPeriod: 30

2495

# Minimum number of triggerers created by keda

2496

minReplicaCount: 0

2497

# Maximum number of triggerers created by keda

2498

maxReplicaCount: 10

2499

# Specify HPA related options

2500

advanced: {}

2501

# horizontalPodAutoscalerConfig:

2502

# behavior:

2503

# scaleDown:

2504

# stabilizationWindowSeconds: 300

2505

# policies:

2506

# - type: Percent

2507

# value: 100

2508

# periodSeconds: 15

2509

2510

# Query to use for KEDA autoscaling. Must return a single integer.

2511

query: >-

2512

SELECT ceil(COUNT(*)::decimal / {{ include "triggerer.capacity" . }}) FROM trigger

2513

# Whether to use PGBouncer to connect to the database or not when it is enabled

2514

# This configuration will be ignored if PGBouncer is not enabled

2515

usePgbouncer: false

2516

# Airflow Dag Processor Config

2517

dagProcessor:

2518

enabled: ~

2519

# Dag Bundle Configuration

2520

# Define Dag bundles in a structured YAML format. This will be automatically

2521

# converted to JSON string format for `config.dag_processor.dag_bundle_config_list`.

2522

dagBundleConfigList:

2523

- name: dags-folder

2524

classpath: "airflow.dag_processing.bundles.local.LocalDagBundle"

2525

kwargs: {}

2526

# Example:

2527

# dagBundleConfigList:

2528

# - name: bundle1

2529

# classpath: "airflow.providers.git.bundles.git.GitDagBundle"

2530

# kwargs:

2531

# git_conn_id: "GITHUB__repo1"

2532

# subdir: "dags"

2533

# tracking_ref: "main"

2534

# refresh_interval: 60

2535

# - name: bundle2

2536

# classpath: "airflow.providers.git.bundles.git.GitDagBundle"

2537

# kwargs:

2538

# git_conn_id: "GITHUB__repo2"

2539

# subdir: "dags"

2540

# tracking_ref: "develop"

2541

# refresh_interval: 120

2542

# - name: dags-folder

2543

# classpath: "airflow.dag_processing.bundles.local.LocalDagBundle"

2544

# kwargs: {}

2545

2546

# Number of Airflow dag processors in the Deployment

2547

replicas: 1

2548

# Max number of old ReplicaSets to retain

2549

revisionHistoryLimit: ~

2550

# Command to use when running Airflow dag processors (templated).

2551

command: ~

2552

# Args to use when running Airflow dag processor (templated).

2553

args: ["bash", "-c", "exec airflow dag-processor"]

2554

# Update Strategy for dag processors

2555

strategy:

2556

rollingUpdate:

2557

maxSurge: "100%"

2558

maxUnavailable: "50%"

2559

# If the dag processor stops heartbeating for 5 minutes (5*60s) kill the

2560

# dag processor and let Kubernetes restart it

2561

livenessProbe:

2562

initialDelaySeconds: 10

2563

timeoutSeconds: 20

2564

failureThreshold: 5

2565

periodSeconds: 60

2566

command: ~

2567

# Create Service Account

2568

serviceAccount:

2569

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2570

automountServiceAccountToken: true

2571

# Specifies whether a Service Account should be created

2572

create: true

2573

# The name of the Service Account to use.

2574

# If not set and `create` is 'true', a name is generated using the release name

2575

2576

# Annotations to add to dag processor Kubernetes Service Account.

2577

annotations: {}

2578

# Dag processor pod disruption budget

2579

podDisruptionBudget:

2580

enabled: false

2581

# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)

2582

config:

2583

maxUnavailable: 1

2584

# minAvailable: 1

2585

# When not set, the values defined in the global `securityContext` will be used

2586

# (deprecated, use `dagProcessor.securityContexts` instead)

2587

securityContext: {}

2588

# runAsUser: 50000

2589

# fsGroup: 0

2590

# runAsGroup: 0

2591

2592

# Detailed default security context for dagProcessor for container and pod level

2593

securityContexts:

2594

pod: {}

2595

container: {}

2596

# Container level lifecycle hooks

2597

containerLifecycleHooks: {}

2598

resources: {}

2599

# limits:

2600

# cpu: 100m

2601

# memory: 128Mi

2602

# requests:

2603

# cpu: 100m

2604

# memory: 128Mi

2605

2606

# Grace period for dag processor to finish after SIGTERM is sent from Kubernetes

2607

terminationGracePeriodSeconds: 60

2608

# This setting tells Kubernetes that its ok to evict

2609

# when it wants to scale a node down.

2610

safeToEvict: true

2611

# Launch additional containers into dag processor (templated).

2612

extraContainers: []

2613

# Add additional init containers into dag processors (templated).

2614

extraInitContainers: []

2615

# Mount additional volumes into dag processor.

2616

extraVolumes: []

2617

extraVolumeMounts: []

2618

# It can be templated like in the following example:

2619

# extraVolumes:

2620

# - name: my-templated-extra-volume

2621

# secret:

2622

# secretName: '{{ include "my_secret_template" . }}'

2623

# defaultMode: 0640

2624

# optional: true

2625

2626

# extraVolumeMounts:

2627

# - name: my-templated-extra-volume

2628

# mountPath: "{{ .Values.my_custom_path }}"

2629

# readOnly: true

2630

2631

# Select certain nodes for Airflow dag processor pods.

2632

nodeSelector: {}

2633

affinity: {}

2634

# Default dag processor affinity is:

2635

# podAntiAffinity:

2636

# preferredDuringSchedulingIgnoredDuringExecution:

2637

# - podAffinityTerm:

2638

# labelSelector:

2639

# matchLabels:

2640

# component: dag-processor

2641

# topologyKey: kubernetes.io/hostname

2642

# weight: 100

2643

2644

tolerations: []

2645

topologySpreadConstraints: []

2646

priorityClassName: ~

2647

# Annotations for the dag processor Deployment

2648

annotations: {}

2649

# Pod annotations for dag processor pods (templated)

2650

podAnnotations: {}

2651

logGroomerSidecar:

2652

# Whether to deploy the Airflow dag processor log groomer sidecar.

2653

enabled: true

2654

# Command to use when running the Airflow dag processor log groomer sidecar (templated).

2655

command: ~

2656

# Args to use when running the Airflow dag processor log groomer sidecar (templated).

2657

args: ["bash", "/clean-logs"]

2658

# Number of days to retain logs

2659

retentionDays: 15

2660

# Number of minutes to retain logs.

2661

# This can be used for finer granularity than days.

2662

# Total retention is `retentionDays` + `retentionMinutes`.

2663

retentionMinutes: 0

2664

# frequency to attempt to groom logs, in minutes

2665

frequencyMinutes: 15

2666

# Max size of logs in bytes. 0 = disabled

2667

maxSizeBytes: 0

2668

# Max size of logs as a percent of disk usage. 0 = disabled. Ignored if `maxSizeBytes` is set.

2669

maxSizePercent: 0

2670

resources: {}

2671

# limits:

2672

# cpu: 100m

2673

# memory: 128Mi

2674

# requests:

2675

# cpu: 100m

2676

# memory: 128Mi

2677

2678

securityContexts:

2679

container: {}

2680

env: []

2681

waitForMigrations:

2682

# Whether to create init container to wait for db migrations

2683

enabled: true

2684

env: []

2685

# Detailed default security context for waitForMigrations for container level

2686

securityContexts:

2687

container: {}

2688

# Labels specific to dag processor objects

2689

labels: {}

2690

# Environment variables to add to dag processor container

2691

env: []

2692

# Flower settings

2693

flower:

2694

# Enable flower.

2695

# If True, and using CeleryExecutor/CeleryKubernetesExecutor, will deploy flower app.

2696

enabled: false

2697

livenessProbe:

2698

initialDelaySeconds: 10

2699

timeoutSeconds: 5

2700

failureThreshold: 10

2701

periodSeconds: 5

2702

readinessProbe:

2703

initialDelaySeconds: 10

2704

timeoutSeconds: 5

2705

failureThreshold: 10

2706

periodSeconds: 5

2707

# Wait for at most 1 minute (6*10s) for the flower container to startup.

2708

# LivenessProbe kicks in after the first successful StartupProbe

2709

startupProbe:

2710

initialDelaySeconds: 0

2711

timeoutSeconds: 20

2712

failureThreshold: 6

2713

periodSeconds: 10

2714

# Max number of old ReplicaSets to retain

2715

revisionHistoryLimit: ~

2716

# Command to use when running flower (templated).

2717

command: ~

2718

# Args to use when running flower (templated).

2719

args:

2720

- "bash"

2721

- "-c"

2722

# The format below is necessary to get `helm lint` happy

2723

- |-

2724

exec \

2725

airflow celery flower

2726

# Additional network policies as needed (deprecated, use `flower.networkPolicy.ingress.from` instead)

2727

extraNetworkPolicies: []

2728

networkPolicy:

2729

ingress:

2730

# Peers for flower NetworkPolicy ingress

2731

from: []

2732

# Ports for flower NetworkPolicy ingress (if `from` is set)

2733

ports:

2734

- port: "{{ .Values.ports.flowerUI }}"

2735

resources: {}

2736

# limits:

2737

# cpu: 100m

2738

# memory: 128Mi

2739

# requests:

2740

# cpu: 100m

2741

# memory: 128Mi

2742

2743

# When not set, the values defined in the global `securityContext` will be used

2744

# (deprecated, use `flower.securityContexts` instead)

2745

securityContext: {}

2746

# runAsUser: 50000

2747

# fsGroup: 0

2748

# runAsGroup: 0

2749

2750

# Detailed default security context for flower for container and pod level

2751

securityContexts:

2752

pod: {}

2753

container: {}

2754

# Container level lifecycle hooks

2755

containerLifecycleHooks: {}

2756

# Create Service Account

2757

serviceAccount:

2758

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2759

automountServiceAccountToken: true

2760

# Specifies whether a Service Account should be created

2761

create: true

2762

# The name of the Service Account to use.

2763

# If not set and `create` is 'true', a name is generated using the release name

2764

2765

# Annotations to add to worker Kubernetes Service Account.

2766

annotations: {}

2767

# If set, the secret must contain a base64-encoded 'connection' key with

2768

# a Flower basic auth connection string user:password.

2769

secretName: ~

2770

# Example secret:

2771

# kind: Secret

2772

# apiVersion: v1

2773

# metadata:

2774

# name: custom-flower-secret

2775

# type: Opaque

2776

# data:

2777

# connection: <base64_encoded_user_password>

2778

2779

# Add custom annotations to the flower secret

2780

secretAnnotations: {}

2781

# If `secretName` is not specified, set username and password (secret will be created automatically)

2782

username: ~

2783

password: ~

2784

service:

2785

type: ClusterIP

2786

# Service annotations

2787

annotations: {}

2788

ports:

2789

- name: flower-ui

2790

port: "{{ .Values.ports.flowerUI }}"

2791

# To change the port used to access flower:

2792

# ports:

2793

# - name: flower-ui

2794

# port: 8080

2795

# targetPort: flower-ui

2796

2797

loadBalancerIP: ~

2798

# Limit load balancer source ips to list of CIDRs

2799

loadBalancerSourceRanges: []

2800

# loadBalancerSourceRanges:

2801

# - "10.123.0.0/16"

2802

# Launch additional containers into the flower pods.

2803

extraContainers: []

2804

# Mount additional volumes into the flower pods.

2805

extraVolumes: []

2806

extraVolumeMounts: []

2807

# It can be templated like in the following example:

2808

# extraVolumes:

2809

# - name: my-templated-extra-volume

2810

# secret:

2811

# secretName: '{{ include "my_secret_template" . }}'

2812

# defaultMode: 0640

2813

# optional: true

2814

2815

# extraVolumeMounts:

2816

# - name: my-templated-extra-volume

2817

# mountPath: "{{ .Values.my_custom_path }}"

2818

# readOnly: true

2819

2820

# Select certain nodes for Airflow flower pods.

2821

nodeSelector: {}

2822

affinity: {}

2823

tolerations: []

2824

topologySpreadConstraints: []

2825

priorityClassName: ~

2826

# Annotations for the flower Deployment

2827

annotations: {}

2828

# Pod annotations for flower pods (templated)

2829

podAnnotations: {}

2830

# Labels specific to flower objects and pods

2831

labels: {}

2832

env: []

2833

# StatsD settings

2834

statsd:

2835

# Add custom annotations to the StatsD ConfigMap

2836

configMapAnnotations: {}

2837

# When otelCollector.metricsEnabled is true, [metrics] statsd_on is set to

2838

# False in the rendered Airflow config because Airflow can only export metrics

2839

# to one backend at a time.

2840

enabled: true

2841

# Max number of old ReplicaSets to retain

2842

revisionHistoryLimit: ~

2843

# Arguments for StatsD exporter command.

2844

# By default contains path in the container to the mapping config file.

2845

args: ["--statsd.mapping-config=/etc/statsd-exporter/mappings.yml"]

2846

# If you ever need to fully override the entire `args` list, you can

2847

# supply your own array here; if set, all below flag-specific values

2848

# under `statsd.cache` section are ignored.

2849

# args:

2850

# - "--statsd.cache-size=1000"

2851

# - "--statsd.cache-type=random"

2852

# - "--ttl=10m"

2853

2854

cache:

2855

# Maximum number of metric‐mapping entries to keep in cache.

2856

# When you send more distinct metric names than this, older entries

2857

# will be evicted according to cacheType.

2858

size: 1000

2859

# Metrics Eviction policy for the mapping cache.

2860

# - lru → Least‐Recently‐Used eviction

2861

# - random → Random eviction

2862

type: lru

2863

# Per‐metric time‐to‐live. When set to a non‐zero duration, any metric

2864

# series that hasn't received an update in this interval will be dropped

2865

# from the exported '/metrics' output.

2866

# Format: Go duration string (e.g. "30s", "5m", "1h")

2867

# Default: "0s" (disabled, never expires)

2868

ttl: "0s"

2869

# Annotations to add to the StatsD Deployment.

2870

annotations: {}

2871

# Grace period for StatsD to finish after SIGTERM is sent from Kubernetes

2872

terminationGracePeriodSeconds: 30

2873

# Create Service Account

2874

serviceAccount:

2875

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

2876

automountServiceAccountToken: true

2877

# Specifies whether a Service Account should be created

2878

create: true

2879

# The name of the Service Account to use.

2880

# If not set and `create` is 'true', a name is generated using the release name

2881

2882

# Annotations to add to worker Kubernetes Service Account.

2883

annotations: {}

2884

uid: 65534

2885

# (deprecated, use `statsd.securityContexts` instead)

2886

securityContext: {}

2887

# runAsUser: 65534

2888

# fsGroup: 0

2889

# runAsGroup: 0

2890

2891

# Detailed default security context for StatsD Deployments for container and pod level

2892

securityContexts:

2893

pod: {}

2894

container: {}

2895

# Container level lifecycle hooks

2896

containerLifecycleHooks: {}

2897

# Additional network policies as needed

2898

extraNetworkPolicies: []

2899

resources: {}

2900

# limits:

2901

# cpu: 100m

2902

# memory: 128Mi

2903

# requests:

2904

# cpu: 100m

2905

# memory: 128Mi

2906

2907

service:

2908

extraAnnotations: {}

2909

# Select certain nodes for StatsD pods.

2910

nodeSelector: {}

2911

affinity: {}

2912

tolerations: []

2913

topologySpreadConstraints: []

2914

priorityClassName: ~

2915

# Additional mappings for StatsD exporter.

2916

# If set, will merge default mapping and extra mappings, where default mapping has higher priority.

2917

# If you want to change some default mapping, please use `overrideMappings` setting.

2918

extraMappings: []

2919

# Override mappings for StatsD exporter.

2920

# If set, will ignore setting item in default and `extraMappings`.

2921

# If you use it, ensure that it contains all mapping items.

2922

overrideMappings: []

2923

# Pod annotations for StatsD pods (templated)

2924

podAnnotations: {}

2925

# Labels specific to StatsD objects and pods

2926

labels: {}

2927

# Environment variables to add to StatsD container

2928

env: []

2929

# OpenTelemetry Collector settings

2930

otelCollector:

2931

# Send Airflow traces to the OTel Collector (sets [traces] otel_on).

2932

tracesEnabled: false

2933

# Send Airflow metrics to the OTel Collector (sets [metrics] otel_on and disables statsd).

2934

metricsEnabled: false

2935

# Default value for the OTEL_METRIC_EXPORT_INTERVAL env var on Airflow pods.

2936

# Interval (in milliseconds) at which the OTel SDK exports metrics to the collector.

2937

metricExportIntervalMs: 30000

2938

# Override the OTel Collector config.yml. When set (non-empty), this string replaces

2939

# the chart's default collector config. The value is rendered with `tpl`, so you can

2940

# reference values like `{{ .Values.ports.otelCollectorOtlpHttp }}` or

2941

# `{{ include "airflow.fullname" . }}` from inside the string. Leave empty to use

2942

# the chart default.

2943

config: ~

2944

# config: |

2945

# extensions:

2946

# health_check:

2947

# endpoint: 0.0.0.0:13133

2948

# receivers:

2949

# otlp:

2950

# protocols:

2951

# http:

2952

# endpoint: 0.0.0.0:{{ .Values.ports.otelCollectorOtlpHttp }}

2953

# processors:

2954

# batch: {}

2955

# exporters:

2956

# logging:

2957

# verbosity: basic

2958

# service:

2959

# extensions: [health_check]

2960

# pipelines:

2961

# traces:

2962

# receivers: [otlp]

2963

# processors: [batch]

2964

# exporters: [logging]

2965

2966

# Args to pass to the OTel Collector container (templated).

2967

args:

2968

- "--config=/etc/otel-collector/config.yml"

2969

# Max number of old ReplicaSets to retain

2970

revisionHistoryLimit: ~

2971

# Annotations to add to the OTel Collector Deployment

2972

annotations: {}

2973

# Grace period for OTel Collector to finish after SIGTERM

2974

terminationGracePeriodSeconds: 30

2975

livenessProbe:

2976

initialDelaySeconds: 10

2977

periodSeconds: 15

2978

readinessProbe:

2979

initialDelaySeconds: 10

2980

periodSeconds: 15

2981

resources: {}

2982

# limits:

2983

# cpu: 100m

2984

# memory: 128Mi

2985

# requests:

2986

# cpu: 100m

2987

# memory: 128Mi

2988

2989

service:

2990

annotations: {}

2991

nodeSelector: {}

2992

affinity: {}

2993

tolerations: []

2994

topologySpreadConstraints: []

2995

priorityClassName: ~

2996

labels: {}

2997

podAnnotations: {}

2998

securityContexts:

2999

pod: {}

3000

container: {}

3001

# Additional ingress peers/rules for the OTel Collector NetworkPolicy.

3002

# Only used when `networkPolicies.enabled` is true.

3003

extraNetworkPolicies: []

3004

serviceAccount:

3005

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

3006

# The default OTel Collector config does not talk to the Kubernetes API, so credentials

3007

# are not auto-mounted. Flip to true if you override `otelCollector.config` to use

3008

# processors that need API access (e.g. `k8sattributes`).

3009

automountServiceAccountToken: false

3010

# Specifies whether a Service Account should be created

3011

create: true

3012

# The name of the Service Account to use.

3013

# If not set and `create` is 'true', a name is generated using the release name

3014

3015

# Annotations to add to the OTel Collector Kubernetes ServiceAccount.

3016

annotations: {}

3017

# PgBouncer settings

3018

pgbouncer:

3019

# Enable PgBouncer

3020

enabled: false

3021

# Number of PgBouncer replicas to run in Deployment

3022

replicas: 1

3023

# Max number of old replicasets to retain

3024

revisionHistoryLimit: ~

3025

# Command to use for PgBouncer (templated).

3026

command: ["pgbouncer", "-u", "nobody", "/etc/pgbouncer/pgbouncer.ini"]

3027

# Args to use for PgBouncer (templated).

3028

args: ~

3029

auth_type: scram-sha-256

3030

auth_file: /etc/pgbouncer/users.txt

3031

# Whether to mount the config secret files at a default location (/etc/pgbouncer/*).

3032

# Can be skipped to allow for other means to get the values, e.g. secrets provider class.

3033

mountConfigSecret: true

3034

# Annotations to be added to the PgBouncer Deployment

3035

annotations: {}

3036

# Pod annotations for PgBouncer pods (templated)

3037

podAnnotations: {}

3038

# Add custom annotations to the PgBouncer certificates secret

3039

certificatesSecretAnnotations: {}

3040

# Create Service Account

3041

serviceAccount:

3042

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

3043

automountServiceAccountToken: true

3044

# Specifies whether a Service Account should be created

3045

create: true

3046

# The name of the Service Account to use.

3047

# If not set and `create` is 'true', a name is generated using the release name

3048

3049

# Annotations to add to worker Kubernetes Service Account.

3050

annotations: {}

3051

# Additional network policies as needed

3052

extraNetworkPolicies: []

3053

# Pool sizes

3054

metadataPoolSize: 10

3055

resultBackendPoolSize: 5

3056

# Maximum clients that can connect to PgBouncer (higher = more file descriptors)

3057

maxClientConn: 100

3058

# Supply the name of existing secret with 'pgbouncer.ini' and 'users.txt' defined

3059

configSecretName: ~

3060

# Secret example:

3061

# apiVersion: v1

3062

# kind: Secret

3063

# metadata:

3064

# name: pgbouncer-config-secret

3065

# data:

3066

# pgbouncer.ini: <base64_encoded pgbouncer.ini file content>

3067

# users.txt: <base64_encoded users.txt file content>

3068

# type: Opaque

3069

3070

# Add custom annotations to the PgBouncer config secret

3071

configSecretAnnotations: {}

3072

# PgBouncer pod disruption budget

3073

podDisruptionBudget:

3074

enabled: false

3075

# PDB configuration (`minAvailable` and `maxUnavailable` are mutually exclusive)

3076

config:

3077

maxUnavailable: 1

3078

# minAvailable: 1

3079

resources: {}

3080

# resource:

3081

# limits:

3082

# cpu: 100m

3083

# memory: 128Mi

3084

# requests:

3085

# cpu: 100m

3086

# memory: 128Mi

3087

3088

service:

3089

extraAnnotations: {}

3090

clusterIp: ~

3091

# https://www.pgbouncer.org/config.html

3092

verbose: 0

3093

logDisconnections: 0

3094

logConnections: 0

3095

sslmode: "prefer"

3096

ciphers: "normal"

3097

ssl:

3098

ca: ~

3099

cert: ~

3100

key: ~

3101

# Add extra PgBouncer ini configuration in the databases section:

3102

# https://www.pgbouncer.org/config.html#section-databases

3103

extraIniMetadata: ~

3104

extraIniResultBackend: ~

3105

# Add extra general PgBouncer ini configuration: https://www.pgbouncer.org/config.html

3106

extraIni: ~

3107

# Mount additional volumes into PgBouncer.

3108

# Volumes apply to all PgBouncer containers, while volume mounts apply to the PgBouncer

3109

# container itself. Metrics exporter container has its own mounts.

3110

extraVolumes: []

3111

extraVolumeMounts: []

3112

# It can be templated like in the following example:

3113

# extraVolumes:

3114

# - name: my-templated-extra-volume

3115

# secret:

3116

# secretName: '{{ include "my_secret_template" . }}'

3117

# defaultMode: 0640

3118

# optional: true

3119

3120

# extraVolumeMounts:

3121

# - name: my-templated-extra-volume

3122

# mountPath: "{{ .Values.my_custom_path }}"

3123

# readOnly: true

3124

3125

# Launch additional containers into PgBouncer pod.

3126

extraContainers: []

3127

# Select certain nodes for PgBouncer pods.

3128

nodeSelector: {}

3129

affinity: {}

3130

tolerations: []

3131

topologySpreadConstraints: []

3132

priorityClassName: ~

3133

uid: 65534

3134

# Detailed default security context for PgBouncer for container level

3135

securityContexts:

3136

pod: {}

3137

container: {}

3138

# Container level lifecycle hooks

3139

containerLifecycleHooks:

3140

preStop:

3141

exec:

3142

# Allow existing queries clients to complete within 120 seconds

3143

command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"]

3144

metricsExporterSidecar:

3145

resources: {}

3146

# limits:

3147

# cpu: 100m

3148

# memory: 128Mi

3149

# requests:

3150

# cpu: 100m

3151

# memory: 128Mi

3152

3153

sslmode: "disable"

3154

# Supply the name of existing secret with PGBouncer connection URI containing

3155

# stats user and password, where 'connection' key is base64-encoded value.

3156

statsSecretName: ~

3157

# Secret example:

3158

# apiVersion: v1

3159

# kind: Secret

3160

# metadata:

3161

# name: pgbouncer-stats-secret

3162

# data:

3163

# connection: postgresql://<stats user>:<password>@127.0.0.1:6543/pgbouncer?<connection params>

3164

# type: Opaque

3165

3166

# Key containing the PGBouncer connection URI, defaults to 'connection' if not defined

3167

statsSecretKey: ~

3168

# Add custom annotations to the PgBouncer stats secret

3169

statsSecretAnnotations: {}

3170

# Detailed default security context for metricsExporterSidecar for container level

3171

securityContexts:

3172

container: {}

3173

# Container level lifecycle hooks

3174

containerLifecycleHooks: {}

3175

livenessProbe:

3176

initialDelaySeconds: 10

3177

periodSeconds: 10

3178

timeoutSeconds: 1

3179

readinessProbe:

3180

initialDelaySeconds: 10

3181

periodSeconds: 10

3182

timeoutSeconds: 1

3183

# Mount additional volumes into the metrics exporter.

3184

extraVolumeMounts: []

3185

# It can be templated like in the following example:

3186

# extraVolumeMounts:

3187

# - name: my-templated-extra-volume

3188

# mountPath: "{{ .Values.my_custom_path }}"

3189

# readOnly: true

3190

# Labels specific to PgBouncer objects and pods

3191

labels: {}

3192

# Environment variables to add to PgBouncer container

3193

env: []

3194

# Configuration for the redis provisioned by the chart

3195

redis:

3196

enabled: true

3197

terminationGracePeriodSeconds: 600

3198

# Annotations for Redis Statefulset

3199

annotations: {}

3200

# Create Service Account

3201

serviceAccount:

3202

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

3203

automountServiceAccountToken: true

3204

# Specifies whether a Service Account should be created

3205

create: true

3206

# The name of the Service Account to use.

3207

# If not set and `create` is 'true', a name is generated using the release name

3208

3209

# Annotations to add to worker Kubernetes Service Account.

3210

annotations: {}

3211

service:

3212

# Service type

3213

type: "ClusterIP"

3214

# If using ClusterIP service type, custom IP address can be specified

3215

clusterIP:

3216

# If using NodePort service type, custom node port can be specified

3217

nodePort:

3218

persistence:

3219

# Enable persistent volumes

3220

enabled: true

3221

# Volume size for worker StatefulSet

3222

size: 1Gi

3223

# If using a custom storageClass, pass name ref to all statefulSets here

3224

storageClassName:

3225

# Annotations to add to redis volumes

3226

annotations: {}

3227

# The name of an existing PVC to use

3228

existingClaim:

3229

persistentVolumeClaimRetentionPolicy: ~

3230

# persistentVolumeClaimRetentionPolicy:

3231

# whenDeleted: Delete

3232

# whenScaled: Delete

3233

# Configuration for empty dir volume (if `redis.persistence.enabled` == 'false')

3234

# emptyDirConfig:

3235

# sizeLimit: 1Gi

3236

# medium: Memory

3237

resources: {}

3238

# limits:

3239

# cpu: 100m

3240

# memory: 128Mi

3241

# requests:

3242

# cpu: 100m

3243

# memory: 128Mi

3244

3245

# If set use as redis secret. Make sure to also set `data.brokerUrlSecretName` value.

3246

passwordSecretName: ~

3247

# If `passwordSecretName` is not specified, set `password` field.

3248

# Otherwise a new password will be generated on install

3249

# Note: password can only be set during 'helm install', not 'helm upgrade'.

3250

password: ~

3251

# Add custom annotations to the redis password secret

3252

passwordSecretAnnotations: {}

3253

# This setting tells Kubernetes that its ok to evict

3254

# when it wants to scale a node down.

3255

safeToEvict: true

3256

# Select certain nodes for redis pods.

3257

nodeSelector: {}

3258

affinity: {}

3259

tolerations: []

3260

topologySpreadConstraints: []

3261

priorityClassName: ~

3262

# Set to 0 for backwards-compatibility

3263

uid: 0

3264

# (deprecated, use `redis.securityContexts` instead)

3265

securityContext: {}

3266

# runAsUser: 999

3267

# runAsGroup: 0

3268

3269

# Detailed default security context for redis for container and pod level

3270

securityContexts:

3271

pod: {}

3272

container: {}

3273

# Container level lifecycle hooks

3274

containerLifecycleHooks: {}

3275

# Labels specific to redis objects and pods

3276

labels: {}

3277

# Pod annotations for Redis pods (templated)

3278

podAnnotations: {}

3279

# Auth secret for a private registry (deprecated, use `imagePullSecrets` instead)

3280

# This is used if pulling Airflow images from a private registry

3281

registry:

3282

# Name of the Kubernetes secret containing Base64 encoded credentials to connect to a private registry

3283

# (deprecated, use `imagePullSecrets` instead).

3284

secretName: ~

3285

# Credentials to connect to a private registry, these will get Base64 encoded and stored in a secret

3286

# (deprecated, use `imagePullSecrets` instead - requires manual secret creation).

3287

connection: {}

3288

# Example:

3289

# connection:

3290

# user: ~

3291

# pass: ~

3292

# host: ~

3293

# email: ~

3294

# Elasticsearch logging configuration

3295

elasticsearch:

3296

# Enable elasticsearch task logging

3297

enabled: false

3298

# A secret containing the connection

3299

secretName: ~

3300

# Object representing the connection, if `secretName` not specified

3301

connection: {}

3302

# Example:

3303

# connection:

3304

# scheme: ~

3305

# user: ~

3306

# pass: ~

3307

# host: ~

3308

# port: ~

3309

3310

# Add custom annotations to the elasticsearch secret

3311

secretAnnotations: {}

3312

# OpenSearch logging configuration

3313

opensearch:

3314

# Enable opensearch task logging

3315

enabled: false

3316

# A secret containing the connection

3317

secretName: ~

3318

# Object representing the connection, if `secretName` not specified

3319

connection: {}

3320

# Example:

3321

# connection:

3322

# scheme: ~

3323

# user: ~

3324

# pass: ~

3325

# host: ~

3326

# port: ~

3327

# All ports used by chart

3328

ports:

3329

flowerUI: 5555

3330

airflowUI: 8080

3331

workerLogs: 8793

3332

triggererLogs: 8794

3333

redisDB: 6379

3334

statsdIngest: 9125

3335

statsdScrape: 9102

3336

otelCollectorOtlpHttp: 4318

3337

otelCollectorOtlpGrpc: 4317

3338

pgbouncer: 6543

3339

pgbouncerScrape: 9127

3340

apiServer: 8080

3341

# Define any ResourceQuotas for namespace

3342

quotas: {}

3343

# Define default/max/min values for pods and containers in namespace

3344

limits: []

3345

# This runs as a CronJob to cleanup old pods spawned by the KubernetesExecutor.

3346

# It is required to have KubernetesExecutor enabled.

3347

cleanup:

3348

enabled: false

3349

# Run every 15 minutes (templated).

3350

schedule: "*/15 * * * *"

3351

# To select a random-ish, deterministic starting minute between 3 and 12 inclusive for each release:

3352

# schedule: '{{- add 3 (regexFind ".$" (adler32sum .Release.Name)) -}}-59/15 * * * *'

3353

# To select the last digit of unix epoch time as the starting minute on each deploy:

3354

# schedule: '{{- now | unixEpoch | trunc -1 -}}-59/* * * * *'

3355

3356

# Command to use when running the cleanup CronJob (templated).

3357

command: ~

3358

# Args to use when running the cleanup CronJob (templated).

3359

args: ["bash", "-c", "exec airflow kubernetes cleanup-pods --namespace={{ .Release.Namespace }}"]

3360

# `jobAnnotations` are annotations on the cleanup CronJob

3361

jobAnnotations: {}

3362

# Select certain nodes for Airflow cleanup pods.

3363

nodeSelector: {}

3364

affinity: {}

3365

tolerations: []

3366

topologySpreadConstraints: []

3367

priorityClassName: ~

3368

# Pod annotations for cleanup pods (templated)

3369

podAnnotations: {}

3370

# Labels specific to cleanup objects and pods

3371

labels: {}

3372

resources: {}

3373

# limits:

3374

# cpu: 100m

3375

# memory: 128Mi

3376

# requests:

3377

# cpu: 100m

3378

# memory: 128Mi

3379

3380

# Create Service Account

3381

serviceAccount:

3382

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

3383

automountServiceAccountToken: true

3384

# Specifies whether a Service Account should be created

3385

create: true

3386

# The name of the Service Account to use.

3387

# If not set and `create` is 'true', a name is generated using the release name

3388

3389

# Annotations to add to cleanup CronJob Kubernetes Service Account.

3390

annotations: {}

3391

# Service Account Token Volume configuration

3392

# This is only used when `automountServiceAccountToken` is 'false'

3393

# and allows manual configuration of the Service Account token volume

3394

serviceAccountTokenVolume:

3395

# Enable manual Service Account token volume configuration

3396

enabled: false

3397

# Path where the Service Account token should be mounted

3398

mountPath: /var/run/secrets/kubernetes.io/serviceaccount

3399

# Name of the volume

3400

volumeName: kube-api-access

3401

# Token expiration in seconds

3402

expirationSeconds: 3600

3403

# Audience for the token

3404

audience: ~

3405

# When not set, the values defined in the global `securityContext` will be used

3406

# (deprecated, use `cleanup.securityContexts` instead)

3407

securityContext: {}

3408

# runAsUser: 50000

3409

# runAsGroup: 0

3410

3411

env: []

3412

# Detailed default security context for cleanup for container level

3413

securityContexts:

3414

pod: {}

3415

container: {}

3416

# container level lifecycle hooks

3417

containerLifecycleHooks: {}

3418

# Specify history limit

3419

# When set, overwrite the default k8s number of successful and failed CronJob executions that are saved.

3420

failedJobsHistoryLimit: ~

3421

successfulJobsHistoryLimit: ~

3422

# This runs as a CronJob to cleanup database for old entries.

3423

databaseCleanup:

3424

enabled: false

3425

applyCustomEnv: true

3426

# Run every week on Sunday at midnight (templated).

3427

schedule: "0 0 * * 0"

3428

# Command to use when running the database cleanup CronJob (templated).

3429

command: ~

3430

# Args to use when running the database cleanup CronJob (templated).

3431

args:

3432

- "bash"

3433

- "-c"

3434

- >-

3435

CLEAN_TS=$(date -d "-{{ .Values.databaseCleanup.retentionDays }} days" +"%Y-%m-%dT%H:%M:%S"); echo "Cleaning up metadata DB entries older than ${CLEAN_TS}"; exec airflow db clean --clean-before-timestamp "${CLEAN_TS}" --yes {{- if .Values.databaseCleanup.skipArchive }} --skip-archive{{ end }} {{- if .Values.databaseCleanup.verbose }} --verbose{{ end }} {{- with .Values.databaseCleanup.batchSize }} --batch-size {{ . }}{{ end }} {{- with .Values.databaseCleanup.tables }} --tables {{ . | join "," }}{{ end }}

3436

# Number of days to retain entries in the metadata database.

3437

retentionDays: 90

3438

# Don't preserve purged records in an archive table

3439

skipArchive: false

3440

# Table names to perform maintenance on. Supported values in:

3441

# https://airflow.apache.org/docs/apache-airflow/stable/cli-and-env-variables-ref.html#clean

3442

tables: []

3443

# Maximum number of rows to delete or archive in a single transaction

3444

batchSize: ~

3445

# Make logging output more verbose

3446

verbose: true

3447

# `jobAnnotations` are annotations on the database cleanup CronJob

3448

jobAnnotations: {}

3449

# Select certain nodes for Airflow database cleanup pods.

3450

nodeSelector: {}

3451

affinity: {}

3452

tolerations: []

3453

topologySpreadConstraints: []

3454

priorityClassName: ~

3455

# Pod annotations for database cleanup pods (templated)

3456

podAnnotations: {}

3457

# Labels specific to database cleanup objects and pods

3458

labels: {}

3459

resources: {}

3460

# limits:

3461

# cpu: 100m

3462

# memory: 128Mi

3463

# requests:

3464

# cpu: 100m

3465

# memory: 128Mi

3466

3467

# Create Service Account

3468

serviceAccount:

3469

# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

3470

automountServiceAccountToken: true

3471

# Specifies whether a Service Account should be created

3472

create: true

3473

# The name of the Service Account to use.

3474

# If not set and `create` is 'true', a name is generated using the release name

3475

3476

# Annotations to add to database cleanup CronJob Kubernetes Service Account.

3477

annotations: {}

3478

env: []

3479

# Detailed default security context for database cleanup for container level

3480

securityContexts:

3481

pod: {}

3482

container: {}

3483

# Container level lifecycle hooks

3484

containerLifecycleHooks: {}

3485

# Specify history limit

3486

# When set, overwrite the default k8s number of successful and failed CronJob executions that are saved.

3487

failedJobsHistoryLimit: 1

3488

successfulJobsHistoryLimit: 1

3489

# Time to live (in seconds) for Jobs created by this CronJob after they finish.

3490

ttlSecondsAfterFinished: ~

3491

# Configuration for postgresql subchart

3492

# Uses bitnamilegacy images to avoid Bitnami licensing restrictions

3493

# Not recommended for production - use external database instead

3494

postgresql:

3495

enabled: true

3496

image:

3497

repository: bitnamilegacy/postgresql

3498

tag: "16.1.0-debian-11-r15"

3499

auth:

3500

enablePostgresUser: true

3501

postgresPassword: postgres

3502

username: ""

3503

password: ""

3504

# Config settings to go into the mounted airflow.cfg

3505

3506

# Please note that these values are passed through the `tpl` function, so are

3507

# all subject to being rendered as go templates. If you need to include a

3508

# literal `{{` in a value, it must be expressed like this:

3509

# a: '{{ "{{ not a template }}" }}'

3510

3511

# Do not set config containing secrets via plain text values, use Env Var or k8s secret object

3512

# yamllint disable rule:line-length

3513

config:

3514

core:

3515

dags_folder: '{{ include "airflow_dags" . }}'

3516

# This is ignored when used with the official Docker image

3517

load_examples: 'False'

3518

executor: '{{ .Values.executor }}'

3519

auth_manager: "airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager"

3520

logging:

3521

remote_logging: '{{- ternary "True" "False" (or .Values.elasticsearch.enabled .Values.opensearch.enabled) }}'

3522

colored_console_log: 'False'

3523

metrics:

3524

statsd_on: '{{ ternary "True" "False" (and .Values.statsd.enabled (not .Values.otelCollector.metricsEnabled)) }}'

3525

statsd_port: 9125

3526

statsd_prefix: airflow

3527

statsd_host: '{{ printf "%s-statsd" (include "airflow.fullname" .) }}'

3528

otel_on: '{{ ternary "True" "False" .Values.otelCollector.metricsEnabled }}'

3529

otel_host: '{{ if .Values.otelCollector.metricsEnabled }}{{ printf "%s-otel-collector" (include "airflow.fullname" .) }}{{ end }}'

3530

otel_port: '{{ .Values.ports.otelCollectorOtlpHttp }}'

3531

traces:

3532

otel_on: '{{ ternary "True" "False" .Values.otelCollector.tracesEnabled }}'

3533

fab:

3534

enable_proxy_fix: 'True'

3535

webserver:

3536

# For Airflow 2.X

3537

enable_proxy_fix: 'True'

3538

celery:

3539

flower_url_prefix: '{{ ternary "" .Values.ingress.flower.path (eq .Values.ingress.flower.path "/") }}'

3540

worker_concurrency: 16

3541

sync_parallelism: '{{ include "cpu_count" (((.Values.scheduler).resources).limits).cpu }}'

3542

scheduler:

3543

standalone_dag_processor: '{{ ternary "True" "False" (or (semverCompare ">=3.0.0" .Values.airflowVersion) (.Values.dagProcessor.enabled | default false)) }}'

3544

dag_processor:

3545

# This value is generated by default from `.Values.dagProcessor.dagBundleConfigList` using the `dag_bundle_config_list` helper function.

3546

# It is recommended to configure this via `dagProcessor.dagBundleConfigList` rather than overriding `config.dag_processor.dag_bundle_config_list` directly.

3547

dag_bundle_config_list: '{{ include "dag_bundle_config_list" . }}'

3548

elasticsearch:

3549

json_format: 'True'

3550

log_id_template: "{dag_id}-{task_id}-{run_id}-{map_index}-{try_number}"

3551

elasticsearch_configs:

3552

max_retries: 3

3553

timeout: 30

3554

retry_timeout: 'True'

3555

kerberos:

3556

keytab: '{{ .Values.kerberos.keytabPath }}'

3557

reinit_frequency: '{{ .Values.kerberos.reinitFrequency }}'

3558

principal: '{{ .Values.kerberos.principal }}'

3559

ccache: '{{ .Values.kerberos.ccacheMountPath }}/{{ .Values.kerberos.ccacheFileName }}'

3560

celery_kubernetes_executor:

3561

kubernetes_queue: 'kubernetes'

3562

kubernetes_executor:

3563

namespace: '{{ .Release.Namespace }}'

3564

pod_template_file: '{{ include "airflow_pod_template_file" . }}/pod_template_file.yaml'

3565

worker_container_repository: '{{ .Values.images.airflow.repository | default .Values.defaultAirflowRepository }}'

3566

worker_container_tag: '{{ .Values.images.airflow.tag | default .Values.defaultAirflowTag }}'

3567

multi_namespace_mode: '{{ ternary "True" "False" .Values.multiNamespaceMode }}'

3568

# yamllint enable rule:line-length

3569

3570

# Whether Airflow can launch workers and/or pods in multiple namespaces

3571

# If true, it creates ClusterRole/ClusterRolebinding (with access to entire cluster)

3572

multiNamespaceMode: false

3573

# `podTemplate` is a templated string which overwrites the content of `pod_template_file.yaml` used by

3574

# KubernetesExecutor. The default `podTemplate` will use `workers` configuration parameters

3575

# (e.g. `workers.resources`). As such, you normally won't need to override this directly, however,

3576

# you can still provide a completely custom `pod_template_file.yaml` if desired.

3577

# If not set, a default one is created using `files/pod-template-file.kubernetes-helm-yaml`.

3578

podTemplate: ~

3579

# The following example is NOT functional, but meant to be illustrative of how you can provide a custom

3580

# `pod_template_file`. You're better off starting with the default in

3581

# `files/pod-template-file.kubernetes-helm-yaml` and modifying from there.

3582

# We will set `priorityClassName` in this example:

3583

# podTemplate: |

3584

# apiVersion: v1

3585

# kind: Pod

3586

# metadata:

3587

# name: placeholder-name

3588

# labels:

3589

# tier: airflow

3590

# component: worker

3591

# release: {{ .Release.Name }}

3592

# spec:

3593

# priorityClassName: high-priority

3594

# containers:

3595

# - name: base

3596

# ...

3597

3598

dags:

3599

# Where dags volume will be mounted. Works for both persistence and gitSync.

3600

# If not specified, dags mount path will be set to $AIRFLOW_HOME/dags

3601

mountPath: ~

3602

persistence:

3603

# Annotations for dags PVC

3604

annotations: {}

3605

# Enable persistent volume for storing dags

3606

enabled: false

3607

# Volume size for dags

3608

size: 1Gi

3609

# If using a custom storageClass, pass name here

3610

storageClassName:

3611

# Access mode of the persistent volume

3612

accessMode: ReadWriteOnce

3613

# The name of an existing PVC to use

3614

existingClaim:

3615

# Optional subpath for dag volume mount

3616

subPath: ~

3617

gitSync:

3618

enabled: false

3619

# Git repo clone url

3620

repo: https://github.com/apache/airflow.git

3621

# SSH example: git@github.com:apache/airflow.git

3622

# HTTPS example: https://github.com/apache/airflow.git

3623

3624

branch: v2-2-stable

3625

rev: HEAD

3626

# The git revision (branch, tag, or hash) to check out, v4 only

3627

ref: v2-2-stable

3628

depth: 1

3629

# The number of consecutive failures allowed before aborting

3630

maxFailures: 0

3631

# Subpath within the repo where dags are located.

3632

# Should be "" if dags are at repo root

3633

subPath: "tests/dags"

3634

# If your repo needs a username/password, you can load them to a k8s secret

3635

3636

# credentialsSecret: git-credentials

3637

3638

# Secret example:

3639

# apiVersion: v1

3640

# kind: Secret

3641

# metadata:

3642

# name: git-credentials

3643

# data:

3644

# # For git-sync v3

3645

# GIT_SYNC_USERNAME: <base64_encoded_git_username>

3646

# GIT_SYNC_PASSWORD: <base64_encoded_git_password>

3647

# # For git-sync v4

3648

# GITSYNC_USERNAME: <base64_encoded_git_username>

3649

# GITSYNC_PASSWORD: <base64_encoded_git_password>

3650

3651

# If you are using an ssh clone url, you can load the ssh private key to a k8s secret

3652

3653

# sshKeySecret: airflow-ssh-secret

3654

3655

# Secret example:

3656

# apiVersion: v1

3657

# kind: Secret

3658

# metadata:

3659

# name: airflow-ssh-secret

3660

# data:

3661

# gitSshKey: <base64_encoded_data>

3662

3663

# If `sshKeySecret` is not specified, you can set `sshKey`

3664

# sshKey: |

3665

# -----BEGIN {OPENSSH PRIVATE KEY}-----

3666

# ...

3667

# -----END {OPENSSH PRIVATE KEY}-----

3668

3669

# If you are using an ssh private key, you can additionally

3670

# specify the content of your known_hosts file

3671

# knownHosts: |

3672

# <host1>,<ip1> <key1>

3673

# <host2>,<ip2> <key2>

3674

3675

# Interval between git sync attempts in seconds.

3676

# High values are more likely to cause Dags to become out of sync between different components.

3677

# Low values cause more traffic to the remote git repository.

3678

# Go-style duration string (e.g. "100ms" or "0.1s" = 100ms).

3679

# For backwards compatibility, wait will be used if it is specified.

3680

period: 5s

3681

wait: ~

3682

# Add variables from secret into gitSync containers, such proxy-config

3683

envFrom: ~

3684

# envFrom: |

3685

# - secretRef:

3686

# name: 'proxy-config'

3687

3688

containerName: git-sync

3689

uid: 65533

3690

# When not set, the values defined in the global `securityContext` will be used

3691

# (deprecated, use `dags.gitSync.securityContexts` instead)

3692

securityContext: {}

3693

# runAsUser: 65533

3694

# runAsGroup: 0

3695

3696

securityContexts:

3697

container: {}

3698

# Container level lifecycle hooks

3699

containerLifecycleHooks: {}

3700

# Git-Sync liveness service HTTP bind port

3701

httpPort: 1234

3702

# Setting this to true, will remove readinessProbe usage and configure livenessProbe to

3703

# use a dedicated Git-Sync liveness service. In future, behaviour with value true will be

3704

# default one and old one will be removed

3705

recommendedProbeSetting: false

3706

startupProbe:

3707

enabled: true

3708

timeoutSeconds: 1

3709

initialDelaySeconds: 0

3710

periodSeconds: 5

3711

failureThreshold: 10

3712

# As Git-Sync is not service-type object, the usage of this section will be removed.

3713

# By setting `dags.gitSync.recommendedProbeSetting` to 'true', you will enable future behaviour.

3714

readinessProbe: {}

3715

# The behaviour of the LivenessProbe will change with the next release of Helm Chart.

3716

# To enable future behaviour set `dags.gitSync.recommendedProbeSetting` to 'true'.

3717

# New behaviour uses the recommended liveness configuration by using Git-Sync built-in

3718

# liveness service

3719

livenessProbe: {}

3720

# enabled: true

3721

# timeoutSeconds: 1

3722

# initialDelaySeconds: 0

3723

# periodSeconds: 5

3724

# failureThreshold: 10

3725

3726

# Mount additional volumes into git-sync.

3727

extraVolumeMounts: []

3728

# It can be templated like in the following example:

3729

# extraVolumeMounts:

3730

# - name: my-templated-extra-volume

3731

# mountPath: "{{ .Values.my_custom_path }}"

3732

# readOnly: true

3733

3734

# Supported env vars for gitsync can be found at https://github.com/kubernetes/git-sync

3735

env: []

3736

# - name: ""

3737

# value: ""

3738

3739

# Configuration for empty dir volume

3740

# emptyDirConfig:

3741

# sizeLimit: 1Gi

3742

# medium: Memory

3743

resources: {}

3744

# limits:

3745

# cpu: 100m

3746

# memory: 128Mi

3747

# requests:

3748

# cpu: 100m

3749

# memory: 128Mi

3750

logs:

3751

# Configuration for empty dir volume (if `logs.persistence.enabled` == 'false')

3752

# emptyDirConfig:

3753

# sizeLimit: 1Gi

3754

# medium: Memory

3755

persistence:

3756

# Enable persistent volume for storing logs

3757

enabled: false

3758

# Volume size for logs

3759

size: 100Gi

3760

# Annotations for the logs PVC

3761

annotations: {}

3762

# If using a custom storageClass, pass name here

3763

storageClassName:

3764

# The name of an existing PVC to use

3765

existingClaim:

3766

# The subpath of the existing PVC to use

3767

subPath:

3768

The trusted source for open source

Talk to an expert

Privacy

Terms

© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.

airflow

The trusted source for open source

Product

Solutions

Customers

Resources

Company