Parameters reference

The following tables lists the configurable parameters of the Airflow chart and their default values.

Common

Parameter

Description

Default

airflowLocalSettings

airflow_local_settings file as a string (can be templated).

See values.yaml

airflowVersion

Airflow version (Used to make some decisions based on Airflow Version being deployed).

2.6.2

config

Settings to go into the mounted airflow.cfg

See values.yaml

defaultAirflowDigest

Default airflow digest to deploy. Overrides tag.

~

defaultAirflowRepository

Default airflow repository. Overrides all the specific images below.

apache/airflow

defaultAirflowTag

Default airflow tag to deploy.

2.6.2

executor

Airflow executor.

CeleryExecutor

fernetKey

The Fernet key used to encrypt passwords (can only be set during install, not upgrade).

~

pgbouncer.enabled

Enable PgBouncer.

False

webserver.defaultUser.enabled

Enable default user creation.

True

webserver.webserverConfig

This string (can be templated) will be mounted into the Airflow webserver as a custom webserver_config.py. You can bake a webserver_config.py in to your image instead or specify a configmap containing the webserver_config.py.

~

Examples:

webserverConfig: |-
  from airflow import configuration as conf

  # The SQLAlchemy connection string.
  SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')

  # Flask-WTF flag for CSRF
  CSRF_ENABLED = True

webserver.webserverConfigConfigMapName

The configmap name containing the webserver_config.py.

~

Examples:

webserverConfigConfigMapName: my-webserver-configmap

webserverSecretKey

The Flask secret key for Airflow Webserver to encrypt browser session.

~

Airflow

Parameter

Description

Default

airflowHome

Airflow home directory. Used for mount paths.

/opt/airflow

allowPodLaunching

Whether various Airflow components launch pods.

True

dags.gitSync.branch

Git branch

v2-2-stable

dags.gitSync.containerName

Git sync container name.

git-sync

dags.gitSync.credentialsSecret

Name of a Secret containing the repo GIT_SYNC_USERNAME and GIT_SYNC_PASSWORD.

~

dags.gitSync.depth

Repository depth.

1

dags.gitSync.enabled

Enable Git sync.

False

dags.gitSync.env

Environment variables for git sync container.

[]

Examples:

env:
- name: GIT_SYNC_TIMEOUT
  value: '60'

dags.gitSync.extraVolumeMounts

Mount additional volumes into git sync container.

[]

dags.gitSync.knownHosts

When using a ssh private key, the contents of your known_hosts file.

~

Examples:

knownHosts: |-
  <host1>,<ip1> <key1>
  <host2>,<ip2> <key2>
knownHosts: <host1>,<ip1> <key1>

dags.gitSync.maxFailures

The number of consecutive failures allowed before aborting.

0

dags.gitSync.repo

Git repository.

https://github.com/apache/airflow.git

dags.gitSync.resources

Resources on workers git-sync sidecar

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

dags.gitSync.rev

Git revision.

HEAD

dags.gitSync.securityContext

Security context for the gitSync container (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  runAsGroup: 0
  runAsUser: 50000

dags.gitSync.sshKeySecret

Name of a Secret containing the repo sshKeySecret.

~

dags.gitSync.subPath

Subpath within the repo where dags are located.

tests/dags

dags.gitSync.uid

Git sync container run as user parameter.

65533

dags.gitSync.wait

Interval between git sync attempts in seconds. High values are more likely to cause DAGs to become out of sync between different components. Low values cause more traffic to the remote git repository.

5

dags.persistence.accessMode

Access mode of the persistent volume.

ReadWriteOnce

dags.persistence.annotations

Annotations for the dag PVC

{}

dags.persistence.enabled

Enable persistent volume for storing dags.

False

dags.persistence.existingClaim

The name of an existing PVC to use.

~

dags.persistence.size

Volume size for dags.

1Gi

dags.persistence.storageClassName

If using a custom StorageClass, pass name here.

~

dags.persistence.subPath

Subpath within the PVC where dags are located.

~

elasticsearch.connection

Elasticsearch connection configuration.

{}

Examples:

connection:
  host: '...'
  pass: '...'
  port: '...'
  scheme: https
  user: '...'

elasticsearch.connection.host

Host

""

elasticsearch.connection.pass

Password

""

elasticsearch.connection.port

Port

80

elasticsearch.connection.scheme

Scheme

http

elasticsearch.connection.user

Username

""

elasticsearch.enabled

Enable Elasticsearch task logging.

False

elasticsearch.secretName

A secret containing the connection string.

~

enableBuiltInSecretEnvVars.AIRFLOW_CONN_AIRFLOW_DB

Enable AIRFLOW_CONN_AIRFLOW_DB variable to be read from the Metadata Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__CELERY__BROKER_URL

Enable AIRFLOW__CELERY__BROKER_URL variable to be read from the Celery Broker URL Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__CELERY__CELERY_RESULT_BACKEND

Enable AIRFLOW__CELERY__CELERY_RESULT_BACKEND variable to be read from the Celery Result Backend Secret - Airflow 1.10.* variant

True

enableBuiltInSecretEnvVars.AIRFLOW__CELERY__RESULT_BACKEND

Enable AIRFLOW__CELERY__RESULT_BACKEND variable to be read from the Celery Result Backend Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__CORE__FERNET_KEY

Enable AIRFLOW__CORE__FERNET_KEY variable to be read from the Fernet key Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__CORE__SQL_ALCHEMY_CONN

Enable AIRFLOW__CORE__SQL_ALCHEMY_CONN variable to be read from the Metadata Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__DATABASE__SQL_ALCHEMY_CONN

Enable AIRFLOW__DATABASE__SQL_ALCHEMY_CONN variable to be read from the Metadata Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__ELASTICSEARCH__ELASTICSEARCH_HOST

Enable AIRFLOW__ELASTICSEARCH__ELASTICSEARCH_HOST variable to be read from the Elasticsearch Host Secret - Airflow <1.10.4 variant

True

enableBuiltInSecretEnvVars.AIRFLOW__ELASTICSEARCH__HOST

Enable AIRFLOW__ELASTICSEARCH__HOST variable to be read from the Elasticsearch Host Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__WEBSERVER__SECRET_KEY

Enable AIRFLOW__WEBSERVER__SECRET_KEY variable to be read from the Webserver Secret Key Secret

True

env

Environment variables for all Airflow containers.

[]

Examples:

env:
- name: MYENVVAR
  value: something_fun

extraEnv

Extra env ‘items’ that will be added to the definition of Airflow containers; a string is expected (can be templated).

~

Examples:

extraEnv: |-
  - name: AIRFLOW__CORE__LOAD_EXAMPLES
     value: True

extraEnvFrom

Extra envFrom ‘items’ that will be added to the definition of Airflow containers; a string is expected (can be templated).

~

Examples:

extraEnvFrom: |-
  - secretRef:
      name: '{{ .Release.Name }}-airflow-connections'
extraEnvFrom: |-
  - configMapRef:
      name: '{{ .Release.Name }}-airflow-variables'

fernetKeySecretName

The Fernet key secret name.

~

gid

Group of airflow user.

0

logs.persistence.annotations

Annotations to add to logs PVC

{}

logs.persistence.enabled

Enable persistent volume for storing logs.

False

logs.persistence.existingClaim

The name of an existing PVC to use.

~

logs.persistence.size

Volume size for logs.

100Gi

logs.persistence.storageClassName

If using a custom StorageClass, pass name here.

~

multiNamespaceMode

Whether Airflow can launch workers and/or pods in multiple namespaces. If true, it creates ClusterRole/ClusterRolebinding (with access to entire cluster)

False

podTemplate

The contents of pod_template_file.yaml used for KubernetesExecutor workers (templated). The default (see files/pod-template-file.kubernetes-helm-yaml) already takes into account normal workers configuration parameters (e.g. workers.resources), so you normally won’t need to override this directly.

~

Examples:

podTemplate: |-
  apiVersion: v1
  kind: Pod
  metadata:
    name: placeholder-name
    labels:
      tier: airflow
      component: worker
      release: {{ .Release.Name }}
  spec:
    priorityClassName: high-priority
    containers:
      - name: base
      ...

secret

Secrets for all Airflow containers.

[]

Examples:

secret:
- envName: SecretEnvVar
  secretKey: somekey
  secretName: somesecret

uid

User of airflow user.

50000

volumeMounts

VolumeMounts for all Airflow containers.

[]

volumes

Volumes for all Airflow containers.

[]

webserverSecretKeySecretName

The Secret name containing Flask secret_key for the Webserver.

~

Images

Parameter

Description

Default

images.airflow.digest

The airflow image digest. If set, it will override the tag.

~

images.airflow.pullPolicy

The airflow image pull policy.

IfNotPresent

images.airflow.repository

The airflow image repository.

~

images.airflow.tag

The airflow image tag.

~

images.flower.pullPolicy

The flower image pull policy.

IfNotPresent

images.flower.repository

The flower image repository.

~

images.flower.tag

The flower image tag.

~

images.gitSync.pullPolicy

The gitSync image pull policy.

IfNotPresent

images.gitSync.repository

The gitSync image repository.

registry.k8s.io/git-sync/git-sync

images.gitSync.tag

The gitSync image tag.

v3.6.3

images.migrationsWaitTimeout

The time (in seconds) to wait for the DB migrations to complete.

60

images.pgbouncer.pullPolicy

The PgBouncer image pull policy.

IfNotPresent

images.pgbouncer.repository

The PgBouncer image repository.

apache/airflow

images.pgbouncer.tag

The PgBouncer image tag.

airflow-pgbouncer-2023.02.24-1.16.1

images.pgbouncerExporter.pullPolicy

The PgBouncer exporter image pull policy.

IfNotPresent

images.pgbouncerExporter.repository

The PgBouncer exporter image repository.

apache/airflow

images.pgbouncerExporter.tag

The PgBouncer exporter image tag.

airflow-pgbouncer-exporter-2023.02.21-0.14.0

images.pod_template.pullPolicy

The pod_template image pull policy.

IfNotPresent

images.pod_template.repository

The pod_template image repository. If config.kubernetes.worker_container_repository is set, k8s executor will use config value instead.

~

images.pod_template.tag

The pod_template image tag. If config.kubernetes.worker_container_tag is set, k8s executor will use config value instead.

~

images.redis.pullPolicy

The redis image pull policy.

IfNotPresent

images.redis.repository

The redis image repository.

redis

images.redis.tag

The redis image tag.

7-bullseye

images.statsd.pullPolicy

The StatsD image pull policy.

IfNotPresent

images.statsd.repository

The StatsD image repository.

quay.io/prometheus/statsd-exporter

images.statsd.tag

The StatsD image tag.

v0.22.8

images.useDefaultImageForMigration

To avoid images with user code for running and waiting for DB migrations set this to true.

False

Ports

Parameter

Description

Default

ports.airflowUI

Airflow UI port.

8080

ports.flowerUI

Flower UI port.

5555

ports.pgbouncer

PgBouncer port.

6543

ports.pgbouncerScrape

PgBouncer scrape port.

9127

ports.redisDB

Redis port.

6379

ports.statsdIngest

StatsD ingest port.

9125

ports.statsdScrape

StatsD scrape port.

9102

ports.triggererLogs

Triggerer logs port.

8794

ports.workerLogs

Worker logs port.

8793

Database

Parameter

Description

Default

data.metadataConnection.db

The name of the database.

postgres

data.metadataConnection.host

The database host.

~

data.metadataConnection.pass

The user’s password.

postgres

data.metadataConnection.port

The database port.

5432

data.metadataConnection.protocol

The database protocol.

postgresql

data.metadataConnection.sslmode

The database SSL parameter.

disable

data.metadataConnection.user

The database user.

postgres

data.metadataSecretName

Metadata connection string secret.

~

data.resultBackendConnection

Result backend connection configuration.

~

data.resultBackendConnection.db

The name of the database.

~

data.resultBackendConnection.host

The database host.

~

data.resultBackendConnection.pass

The database password.

~

data.resultBackendConnection.port

The database port.

~

data.resultBackendConnection.protocol

The database protocol.

~

data.resultBackendConnection.sslmode

The database SSL parameter.

~

data.resultBackendConnection.user

The database user.

~

data.resultBackendSecretName

Result backend connection string secret.

~

postgresql.auth.enablePostgresUser

Assign a password to the ‘postgres’ admin user. Otherwise, remote access will be blocked for this user

True

postgresql.auth.password

Password for the custom user to create.

""

postgresql.auth.postgresPassword

Password for the ‘postgres’ admin user.

postgres

postgresql.auth.username

Name for a custom user to create

""

postgresql.enabled

Enable PostgreSQL subchart.

True

postgresql.images.tag

The PostgreSQL image tag.

11

PgBouncer

Parameter

Description

Default

pgbouncer.affinity

Specify scheduling constraints for PgBouncer pods.

{}

pgbouncer.annotations

Annotations to add to the PgBouncer deployment

{}

pgbouncer.args

Args to use for PgBouncer (templated).

~

pgbouncer.auth_file

The name of the file to load user names and passwords from

/etc/pgbouncer/users.txt

pgbouncer.auth_type

Method of authenticating users

md5

pgbouncer.ciphers

The allowed ciphers, might be ‘fast’, ‘normal’ or list ciphers separated with ‘:’.

normal

pgbouncer.command

Command to use for PgBouncer (templated).

['pgbouncer', '-u', 'nobody', '/etc/pgbouncer/pgbouncer.ini']

pgbouncer.configSecretName

The PgBouncer config Secret name.

~

pgbouncer.extraIni

Add extra general PgBouncer ini configuration: https://www.pgbouncer.org/config.html

~

pgbouncer.extraIniMetadata

Add extra metadata database specific PgBouncer ini configuration: https://www.pgbouncer.org/config.html#section-databases

~

pgbouncer.extraIniResultBackend

Add extra result backend database specific PgBouncer ini configuration: https://www.pgbouncer.org/config.html#section-databases

~

pgbouncer.extraNetworkPolicies

Additional NetworkPolicies as needed.

[]

pgbouncer.extraVolumeMounts

Mount additional volumes into PgBouncer.

[]

pgbouncer.extraVolumes

Mount additional volumes into PgBouncer.

[]

pgbouncer.logConnections

Log successful logins.

0

pgbouncer.logDisconnections

Log disconnections with reasons.

0

pgbouncer.maxClientConn

Maximum clients that can connect to PgBouncer (higher = more file descriptors).

100

pgbouncer.metadataPoolSize

Metadata pool size.

10

pgbouncer.metricsExporterSidecar.livenessProbe.initialDelaySeconds

Metrics Exporter liveness probe initial delay

10

pgbouncer.metricsExporterSidecar.livenessProbe.periodSeconds

Metrics Exporter liveness probe frequency

10

pgbouncer.metricsExporterSidecar.livenessProbe.timeoutSeconds

Metrics Exporter liveness probe command timeout

1

pgbouncer.metricsExporterSidecar.readinessProbe.initialDelaySeconds

Metrics Exporter readiness probe initial delay

10

pgbouncer.metricsExporterSidecar.readinessProbe.periodSeconds

Metrics Exporter readiness probe frequency

10

pgbouncer.metricsExporterSidecar.readinessProbe.timeoutSeconds

Metrics Exporter readiness probe command timeout

1

pgbouncer.metricsExporterSidecar.resources

Resources for the PgBouncer metric exporter.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

pgbouncer.metricsExporterSidecar.sslmode

SSL mode for metricsExporterSidecar

disable

pgbouncer.nodeSelector

Select certain nodes for PgBouncer pods.

{}

pgbouncer.podAnnotations

Add annotations for the PgBouncer Pod.

{}

pgbouncer.podDisruptionBudget.config.maxUnavailable

Max unavailable pods for PgBouncer.

1

pgbouncer.podDisruptionBudget.config.minAvailable

Min available pods for PgBouncer.

1

pgbouncer.podDisruptionBudget.enabled

Enabled PodDistributionBudget.

False

pgbouncer.priorityClassName

Specify priority for PgBouncer pods.

~

pgbouncer.replicas

Number of PgBouncer replicas to run in Deployment.

1

pgbouncer.resources

Resources for the PgBouncer pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

pgbouncer.resultBackendPoolSize

Result backend pool size.

5

pgbouncer.service.extraAnnotations

Extra annotations for the PgBouncer Service.

{}

pgbouncer.serviceAccount.annotations

Annotations to add to the worker Kubernetes ServiceAccount.

{}

pgbouncer.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

pgbouncer.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

pgbouncer.ssl.ca

Certificate Authority for server side

~

pgbouncer.ssl.cert

Server Certificate for server side

~

pgbouncer.ssl.key

Private key used to authenticate with the server

~

pgbouncer.sslmode

SSL mode for PgBouncer.

prefer

pgbouncer.tolerations

Specify Tolerations for PgBouncer pods.

[]

pgbouncer.topologySpreadConstraints

Specify topology spread constraints for PgBouncer pods.

[]

pgbouncer.uid

PgBouncer run as user parameter.

65534

pgbouncer.verbose

Increase PgBouncer verbosity.

0

Scheduler

Parameter

Description

Default

scheduler.affinity

Specify scheduling constraints for scheduler pods.

See values.yaml

scheduler.annotations

Annotations to add to the scheduler deployment

{}

scheduler.args

Args to use when running the Airflow scheduler (templated).

['bash', '-c', 'exec airflow scheduler']

scheduler.command

Command to use when running the Airflow scheduler (templated).

~

scheduler.env

Add additional env vars to scheduler.

[]

scheduler.extraContainers

Launch additional containers into scheduler.

[]

scheduler.extraInitContainers

Add additional init containers into scheduler.

[]

scheduler.extraVolumeMounts

Mount additional volumes into scheduler.

[]

scheduler.extraVolumes

Mount additional volumes into scheduler.

[]

scheduler.hostAliases

HostAliases for the scheduler pod.

[]

Examples:

hostAliases:
- hostnames:
  - foo.local
  ip: 127.0.0.1
hostAliases:
- hostnames:
  - foo.remote
  ip: 10.1.2.3

scheduler.labels

Labels to add to the scheduler objects and pods.

{}

scheduler.livenessProbe.failureThreshold

Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1.

5

scheduler.livenessProbe.initialDelaySeconds

Number of seconds after the container has started before liveness probes are initiated.

10

scheduler.livenessProbe.periodSeconds

How often (in seconds) to perform the probe. Minimum value is 1.

60

scheduler.livenessProbe.timeoutSeconds

Number of seconds after which the probe times out. Minimum value is 1 seconds.

20

scheduler.nodeSelector

Select certain nodes for scheduler pods.

{}

scheduler.podAnnotations

Annotations to add to the scheduler pods.

{}

scheduler.podDisruptionBudget.config.maxUnavailable

Max unavailable pods for scheduler.

1

scheduler.podDisruptionBudget.config.minAvailable

Min available pods for scheduler.

1

scheduler.podDisruptionBudget.enabled

Enable pod disruption budget.

False

scheduler.priorityClassName

Specify priority for scheduler pods.

~

scheduler.replicas

Airflow 2.0 allows users to run multiple schedulers. This feature is only recommended for MySQL 8+ and PostgreSQL

1

scheduler.resources

Resources for scheduler pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

scheduler.safeToEvict

This setting tells Kubernetes that its ok to evict when it wants to scale a node down.

True

scheduler.securityContext

Security context for the scheduler pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

scheduler.serviceAccount.annotations

Annotations to add to the scheduler Kubernetes ServiceAccount.

{}

scheduler.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

scheduler.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

scheduler.strategy

Specifies the strategy used to replace old Pods by new ones when deployed as a Deployment (when not using LocalExecutor and workers.persistence).

~

scheduler.tolerations

Specify Tolerations for scheduler pods.

[]

scheduler.topologySpreadConstraints

Specify topology spread constraints for scheduler pods.

[]

scheduler.updateStrategy

Specifies the strategy used to replace old Pods by new ones when deployed as a StatefulSet (when using LocalExecutor and workers.persistence).

~

scheduler.waitForMigrations.enabled

Enable wait-for-airflow-migrations init container.

True

scheduler.waitForMigrations.env

Add additional env vars to wait-for-airflow-migrations init container.

[]

Webserver

Parameter

Description

Default

webserver.affinity

Specify scheduling constraints for webserver pods.

See values.yaml

webserver.allowPodLogReading

Allow webserver to read k8s pod logs. Useful when you don’t have an external log store.

True

webserver.annotations

Annotations to add to the webserver deployment

{}

webserver.args

Args to use when running the Airflow webserver (templated).

['bash', '-c', 'exec airflow webserver']

webserver.command

Command to use when running the Airflow webserver (templated).

~

webserver.defaultUser.email

Default user email address.

admin@example.com

webserver.defaultUser.firstName

Default user firstname.

admin

webserver.defaultUser.lastName

Default user lastname.

user

webserver.defaultUser.password

Default user password.

admin

webserver.defaultUser.role

Default user role.

Admin

webserver.defaultUser.username

Default user username.

admin

webserver.env

Add additional env vars to webserver.

[]

webserver.extraContainers

Launch additional containers into webserver.

[]

webserver.extraInitContainers

Add additional init containers into webserver.

[]

webserver.extraNetworkPolicies

Additional NetworkPolicies as needed (Deprecated - renamed to webserver.networkPolicy.ingress.from).

[]

webserver.extraVolumeMounts

Mount additional volumes into webserver.

[]

webserver.extraVolumes

Mount additional volumes into webserver.

[]

webserver.hostAliases

HostAliases for the webserver pod.

[]

Examples:

hostAliases:
- hostnames:
  - foo.local
  ip: 127.0.0.1
hostAliases:
- hostnames:
  - foo.remote
  ip: 10.1.2.3

webserver.labels

Labels to add to the webserver objects and pods.

{}

webserver.livenessProbe.failureThreshold

Webserver Liveness probe failure threshold.

5

webserver.livenessProbe.initialDelaySeconds

Webserver Liveness probe initial delay.

15

webserver.livenessProbe.periodSeconds

Webserver Liveness probe period seconds.

10

webserver.livenessProbe.scheme

Webserver Liveness probe scheme.

HTTP

webserver.livenessProbe.timeoutSeconds

Webserver Liveness probe timeout seconds.

5

webserver.networkPolicy.ingress.from

Peers for webserver NetworkPolicyingress.

[]

webserver.networkPolicy.ingress.ports

Ports for webserver NetworkPolicyingress (if from is set).

[{'port': '{{ .Values.ports.airflowUI }}'}]

Examples:

ports:
- port: 8070

webserver.nodeSelector

Select certain nodes for webserver pods.

{}

webserver.podAnnotations

Annotations to add to the webserver pods.

{}

webserver.podDisruptionBudget.config.maxUnavailable

Max unavailable pods for webserver.

1

webserver.podDisruptionBudget.config.minAvailable

Min available pods for webserver.

1

webserver.podDisruptionBudget.enabled

Enable pod disruption budget.

False

webserver.priorityClassName

Specify priority for webserver pods.

~

webserver.readinessProbe.failureThreshold

Webserver Readiness probe failure threshold.

5

webserver.readinessProbe.initialDelaySeconds

Webserver Readiness probe initial delay.

15

webserver.readinessProbe.periodSeconds

Webserver Readiness probe period seconds.

10

webserver.readinessProbe.scheme

Webserver Readiness probe scheme.

HTTP

webserver.readinessProbe.timeoutSeconds

Webserver Readiness probe timeout seconds.

5

webserver.replicas

How many Airflow webserver replicas should run.

1

webserver.resources

Resources for webserver pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

webserver.securityContext

Security context for the webserver job pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

webserver.service.annotations

Annotations for the webserver Service.

{}

webserver.service.loadBalancerIP

Webserver Service loadBalancerIP.

~

webserver.service.loadBalancerSourceRanges

Webserver Service loadBalancerSourceRanges.

[]

Examples:

loadBalancerSourceRanges:
- 10.123.0.0/16

webserver.service.ports

Ports for the webserver Service.

[{'name': 'airflow-ui', 'port': '{{ .Values.ports.airflowUI }}'}]

Examples:

ports:
- name: airflow-ui
  port: 80
  targetPort: airflow-ui
ports:
- name: only_sidecar
  port: 80
  targetPort: 8888

webserver.service.type

Webserver Service type.

ClusterIP

webserver.serviceAccount.annotations

Annotations to add to the webserver Kubernetes ServiceAccount.

{}

webserver.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

webserver.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

webserver.strategy

Specifies the strategy used to replace old Pods by new ones.

~

webserver.tolerations

Specify Tolerations for webserver pods.

[]

webserver.waitForMigrations.enabled

Enable wait-for-airflow-migrations init container.

True

webserver.waitForMigrations.env

Add additional env vars to wait-for-airflow-migrations init container.

[]

Workers

Parameter

Description

Default

workers.affinity

Specify scheduling constraints for worker pods.

See values.yaml

workers.annotations

Annotations to add to the worker deployment

{}

workers.args

Args to use when running Airflow workers (templated).

['bash', '-c', 'exec \\\nairflow {{ semverCompare ">=2.0.0" .Values.airflowVersion | ternary "celery worker" "worker" }}']

workers.command

Command to use when running Airflow workers (templated).

~

workers.env

Add additional env vars to worker.

[]

workers.extraContainers

Launch additional containers into workers. Note, if used with KubernetesExecutor, you are responsible for signaling sidecars to exit when the main container finishes so Airflow can continue the worker shutdown process!

[]

workers.extraInitContainers

Add additional init containers into workers.

[]

workers.extraVolumeMounts

Mount additional volumes into workers.

[]

workers.extraVolumes

Mount additional volumes into workers.

[]

workers.hostAliases

Specify HostAliases for workers.

[]

Examples:

hostAliases:
- hostnames:
  - test.hostname.one
  ip: 127.0.0.2
hostAliases:
- hostnames:
  - test.hostname.two
  ip: 127.0.0.3

workers.keda.advanced

Advanced KEDA configuration.

{}

workers.keda.advanced.horizontalPodAutoscalerConfig

HorizontalPodAutoscalerConfig specifies horizontal scale config.

{}

workers.keda.advanced.horizontalPodAutoscalerConfig.behavior

HorizontalPodAutoscalerBehavior configures the scaling behavior of the target.

{}

workers.keda.cooldownPeriod

How many seconds KEDA will wait before scaling to zero.

30

workers.keda.enabled

Allow KEDA autoscaling. Persistence.enabled must be set to false to use KEDA.

False

workers.keda.maxReplicaCount

Maximum number of workers created by KEDA.

10

workers.keda.minReplicaCount

Minimum number of workers created by KEDA.

0

workers.keda.namespaceLabels

Labels used in matchLabels for namespace in the PgBouncer NetworkPolicy.

{}

workers.keda.pollingInterval

How often KEDA polls the airflow DB to report new scale requests to the HPA.

5

workers.kerberosSidecar.enabled

Enable Kerberos sidecar for the worker.

False

workers.kerberosSidecar.resources

Resources on workers kerberos sidecar

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

workers.labels

Labels to add to the worker objects and pods.

{}

workers.livenessProbe.enabled

Enable liveness probe for celery workers.

True

workers.livenessProbe.failureThreshold

Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1.

5

workers.livenessProbe.initialDelaySeconds

Number of seconds after the container has started before liveness probes are initiated.

10

workers.livenessProbe.periodSeconds

How often (in seconds) to perform the probe. Minimum value is 1.

60

workers.livenessProbe.timeoutSeconds

Number of seconds after which the probe times out. Minimum value is 1 seconds.

20

workers.nodeSelector

Select certain nodes for worker pods.

{}

workers.persistence.annotations

Annotations to add to worker volumes.

{}

workers.persistence.enabled

Enable persistent volumes.

True

workers.persistence.fixPermissions

Execute init container to chown log directory. This is currently only needed in kind, due to usage of local-path provisioner.

False

workers.persistence.size

Volume size for worker StatefulSet.

100Gi

workers.persistence.storageClassName

If using a custom StorageClass, pass name ref to all StatefulSets here.

~

workers.podAnnotations

Annotations to add to the worker pods.

{}

workers.priorityClassName

Specify priority for worker pods.

~

workers.replicas

Number of Airflow Celery workers in StatefulSet.

1

workers.resources

Resources on workers

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

workers.safeToEvict

This setting tells Kubernetes that it’s ok to evict when it wants to scale a node down.

True

workers.securityContext

Security context for the worker pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

workers.serviceAccount.annotations

Annotations to add to the worker Kubernetes ServiceAccount.

{}

workers.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

workers.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

workers.strategy

Specifies the strategy used to replace old Pods by new ones when deployed as a Deployment.

{'rollingUpdate': {'maxSurge': '100%', 'maxUnavailable': '50%'}}

workers.terminationGracePeriodSeconds

Grace period for tasks to finish after SIGTERM is sent from Kubernetes.

600

workers.tolerations

Specify Tolerations for worker pods.

[]

workers.topologySpreadConstraints

Specify topology spread constraints for worker pods.

[]

workers.updateStrategy

Specifies the strategy used to replace old Pods by new ones when deployed as a StatefulSet.

~

workers.waitForMigrations.enabled

Enable wait-for-airflow-migrations init container.

True

workers.waitForMigrations.env

Add additional env vars to wait-for-airflow-migrations init container.

[]

Triggerer

Parameter

Description

Default

triggerer.affinity

Specify scheduling constraints for triggerer pods.

See values.yaml

triggerer.annotations

Annotations to add to the triggerer deployment

{}

triggerer.args

Args to use when running the Airflow triggerer (templated).

['bash', '-c', 'exec airflow triggerer']

triggerer.command

Command to use when running the Airflow triggerer (templated).

~

triggerer.enabled

Enable triggerer

True

triggerer.env

Add additional env vars to triggerer.

[]

triggerer.extraContainers

Launch additional containers into triggerer.

[]

triggerer.extraInitContainers

Add additional init containers into triggerer.

[]

triggerer.extraVolumeMounts

Mount additional volumes into triggerer.

[]

triggerer.extraVolumes

Mount additional volumes into triggerer.

[]

triggerer.labels

Labels to add to the triggerer objects and pods.

{}

triggerer.livenessProbe.failureThreshold

Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1.

5

triggerer.livenessProbe.initialDelaySeconds

Number of seconds after the container has started before liveness probes are initiated.

10

triggerer.livenessProbe.periodSeconds

How often (in seconds) to perform the probe. Minimum value is 1.

60

triggerer.livenessProbe.timeoutSeconds

Number of seconds after which the probe times out. Minimum value is 1 seconds.

20

triggerer.nodeSelector

Select certain nodes for triggerer pods.

{}

triggerer.persistence.annotations

Annotations to add to triggerer volumes.

{}

triggerer.persistence.enabled

Enable persistent volumes.

True

triggerer.persistence.fixPermissions

Execute init container to chown log directory. This is currently only needed in kind, due to usage of local-path provisioner.

False

triggerer.persistence.size

Volume size for triggerer StatefulSet.

100Gi

triggerer.persistence.storageClassName

If using a custom StorageClass, pass name ref to all StatefulSets here.

~

triggerer.podAnnotations

Annotations to add to the triggerer pods.

{}

triggerer.priorityClassName

Specify priority for triggerer pods.

~

triggerer.replicas

Number of triggerers to run.

1

triggerer.resources

Resources for triggerer pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

triggerer.safeToEvict

This setting tells Kubernetes that its ok to evict when it wants to scale a node down.

True

triggerer.securityContext

Security context for the triggerer pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

triggerer.serviceAccount.annotations

Annotations to add to the triggerer Kubernetes ServiceAccount.

{}

triggerer.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

triggerer.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

triggerer.strategy

Specifies the strategy used to replace old Pods by new ones when deployed as a Deployment.

{'rollingUpdate': {'maxSurge': '100%', 'maxUnavailable': '50%'}}

triggerer.terminationGracePeriodSeconds

Grace period for tasks to finish after SIGTERM is sent from Kubernetes.

60

triggerer.tolerations

Specify Tolerations for triggerer pods.

[]

triggerer.topologySpreadConstraints

Specify topology spread constraints for triggerer pods.

[]

triggerer.updateStrategy

Specifies the strategy used to replace old Pods by new ones when deployed as a StatefulSet.

~

triggerer.waitForMigrations.enabled

Enable wait-for-airflow-migrations init container.

True

triggerer.waitForMigrations.env

Add additional env vars to wait-for-airflow-migrations init container.

[]

DagProcessor

Parameter

Description

Default

dagProcessor.affinity

Specify scheduling constraints for dag processor pods.

See values.yaml

dagProcessor.annotations

Annotations to add to the dag processor deployment

{}

dagProcessor.args

Args to use when running the Airflow dag processor (templated).

['bash', '-c', 'exec airflow dag-processor']

dagProcessor.command

Command to use when running the Airflow dag processor (templated).

~

dagProcessor.enabled

Enable standalone dag processor (requires Airflow 2.3.0+).

False

dagProcessor.env

Add additional env vars to dag processor.

[]

dagProcessor.extraContainers

Launch additional containers into dag processor.

[]

dagProcessor.extraInitContainers

Add additional init containers into dag processor.

[]

dagProcessor.extraVolumeMounts

Mount additional volumes into dag processor.

[]

dagProcessor.extraVolumes

Mount additional volumes into dag processor.

[]

dagProcessor.livenessProbe.failureThreshold

Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1.

5

dagProcessor.livenessProbe.initialDelaySeconds

Number of seconds after the container has started before liveness probes are initiated.

10

dagProcessor.livenessProbe.periodSeconds

How often (in seconds) to perform the probe. Minimum value is 1.

60

dagProcessor.livenessProbe.timeoutSeconds

Number of seconds after which the probe times out. Minimum value is 1 seconds.

20

dagProcessor.nodeSelector

Select certain nodes for dag processor pods.

{}

dagProcessor.podAnnotations

Annotations to add to the dag processor pods.

{}

dagProcessor.priorityClassName

Specify priority for dag processor pods.

~

dagProcessor.replicas

Number of dag processors to run.

1

dagProcessor.resources

Resources for dag processor pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

dagProcessor.safeToEvict

This setting tells Kubernetes that its ok to evict when it wants to scale a node down.

True

dagProcessor.securityContext

Security context for the dag processor pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

dagProcessor.serviceAccount.annotations

Annotations to add to the dag processor Kubernetes ServiceAccount.

{}

dagProcessor.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

dagProcessor.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

dagProcessor.strategy

Specifies the strategy used to replace old Pods by new ones when deployed as a Deployment.

{'rollingUpdate': {'maxSurge': '100%', 'maxUnavailable': '50%'}}

dagProcessor.terminationGracePeriodSeconds

Grace period for tasks to finish after SIGTERM is sent from Kubernetes.

60

dagProcessor.tolerations

Specify Tolerations for dag processor pods.

[]

dagProcessor.topologySpreadConstraints

Specify topology spread constraints for dag processor pods.

[]

dagProcessor.waitForMigrations.enabled

Enable wait-for-airflow-migrations init container.

True

dagProcessor.waitForMigrations.env

Add additional env vars to wait-for-airflow-migrations init container.

[]

Flower

Parameter

Description

Default

flower.affinity

Specify scheduling constraints for Flower pods.

{}

flower.annotations

Annotations to add to the flower deployment

{}

flower.args

Args to use when running flower (templated).

['bash', '-c', 'exec \\\nairflow {{ semverCompare ">=2.0.0" .Values.airflowVersion | ternary "celery flower" "flower" }}']

flower.command

Command to use when running flower (templated).

~

flower.enabled

Enable Flower.

False

flower.env

Add additional env vars to flower.

[]

flower.extraContainers

Launch additional containers into the flower pods.

[]

flower.extraNetworkPolicies

Additional NetworkPolicies as needed (Deprecated - renamed to flower.networkPolicy.ingress.from).

[]

flower.extraVolumeMounts

Mount additional volumes into the flower pods.

[]

flower.extraVolumes

Mount additional volumes into the flower pods.

[]

flower.labels

Labels to add to the flower objects and pods.

{}

flower.networkPolicy.ingress.from

Peers for flower NetworkPolicyingress.

[]

flower.networkPolicy.ingress.ports

Ports for flower NetworkPolicyingress (if from is set).

[{'port': '{{ .Values.ports.flowerUI }}'}]

Examples:

ports:
- port: 5565

flower.nodeSelector

Select certain nodes for Flower pods.

{}

flower.password

Password use to access Flower.

~

flower.podAnnotations

Annotations to add to the Flower pods.

{}

flower.priorityClassName

Specify priority for Flower pods.

~

flower.resources

Resources for Flower pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

flower.secretName

A secret containing the user and password pair.

~

flower.securityContext

Security context for the flower pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

flower.service.annotations

Annotations for the flower Service.

{}

flower.service.loadBalancerIP

Flower Service loadBalancerIP.

~

flower.service.loadBalancerSourceRanges

Flower Service loadBalancerSourceRanges.

[]

Examples:

loadBalancerSourceRanges:
- 10.123.0.0/16

flower.service.ports

Ports for the flower Service.

[{'name': 'flower-ui', 'port': '{{ .Values.ports.flowerUI }}'}]

Examples:

ports:
- name: flower-ui
  port: 8080
  targetPort: flower-ui

flower.service.type

Flower Service type.

ClusterIP

flower.serviceAccount.annotations

Annotations to add to the worker Kubernetes ServiceAccount.

{}

flower.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

flower.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

flower.tolerations

Specify Tolerations for Flower pods.

[]

flower.topologySpreadConstraints

Specify topology spread constraints for Flower pods.

[]

flower.username

Username use to access Flower.

~

Redis

Parameter

Description

Default

data.brokerUrl

Direct url to the redis broker (when using an external redis instance) (can only be set during install, not upgrade).

~

data.brokerUrlSecretName

Redis broker URL secret.

~

redis.affinity

Specify scheduling constraints for Redis pods.

{}

redis.enabled

Enable the Redis provisioned by the chart (you can also use an external Redis instance with data.brokerUrl or data.brokerUrlSecretName).

True

redis.nodeSelector

Select certain nodes for Redis pods.

{}

redis.password

If password is set, create secret with it, else generate a new one on install (can only be set during install, not upgrade).

~

redis.passwordSecretName

Redis password secret.

~

redis.persistence.annotations

Annotations to add to redis volumes.

{}

redis.persistence.enabled

Enable persistent volumes.

True

redis.persistence.size

Volume size for Redis StatefulSet.

1Gi

redis.persistence.storageClassName

If using a custom StorageClass, pass name ref to all StatefulSets here.

~

redis.podAnnotations

Annotations to add to the redis pods.

{}

redis.resources

Resources for the Redis pods

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

redis.safeToEvict

This setting tells Kubernetes that its ok to evict when it wants to scale a node down.

True

redis.securityContext

Security context for the cleanup job pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

redis.serviceAccount.annotations

Annotations to add to the worker Kubernetes ServiceAccount.

{}

redis.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

redis.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

redis.terminationGracePeriodSeconds

Grace period for Redis to exit after SIGTERM is sent from Kubernetes.

600

redis.tolerations

Specify Tolerations for Redis pods.

[]

redis.topologySpreadConstraints

Specify topology spread constraints for Redis pods.

[]

redis.uid

Redis run as user parameter.

0

StatsD

Parameter

Description

Default

statsd.affinity

Specify scheduling constraints for StatsD pods.

{}

statsd.annotations

Annotations to add to the StatsD deployment.

{}

statsd.args

Args to use when running statsd-exporter (templated).

['--statsd.mapping-config=/etc/statsd-exporter/mappings.yml']

statsd.enabled

Enable StatsD.

True

statsd.extraMappings

Additional mappings for StatsD exporter.If set, will merge default mapping and extra mappings, default mapping has higher priority. So, if you want to change some default mapping, please use overrideMappings

[]

statsd.extraNetworkPolicies

Additional NetworkPolicies as needed.

[]

statsd.nodeSelector

Select certain nodes for StatsD pods.

{}

statsd.overrideMappings

Override mappings for StatsD exporter.If set, will ignore setting item in default and extraMappings. So, If you use it, ensure all mapping item contains in it.

[]

statsd.podAnnotations

Annotations to add to the StatsD pods.

{}

statsd.priorityClassName

Specify priority for StatsD pods.

~

statsd.resources

Resources for StatsD pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

statsd.securityContext

Security context for the StatsD pod (deprecated, use securityContexts instead).

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

statsd.service.extraAnnotations

Extra annotations for the StatsD Service.

{}

statsd.serviceAccount.annotations

Annotations to add to the StatsD Kubernetes ServiceAccount.

{}

statsd.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

statsd.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

statsd.tolerations

Specify Tolerations for StatsD pods.

[]

statsd.topologySpreadConstraints

Specify topology spread constraints for StatsD pods.

[]

statsd.uid

StatsD run as user parameter.

65534

Jobs

Parameter

Description

Default

cleanup.affinity

Specify scheduling constraints for cleanup pods.

{}

cleanup.args

Args to use when running the cleanup cronjob (templated).

['bash', '-c', 'exec airflow kubernetes cleanup-pods --namespace={{ .Release.Namespace }}']

cleanup.command

Command to use when running the cleanup cronjob (templated).

~

cleanup.enabled

Enable cleanup.

False

cleanup.env

Add additional env vars to cleanup.

[]

cleanup.jobAnnotations

Annotations to add to the cleanup cronjob.

{}

cleanup.labels

labels to add to cleanup pods.

{}

cleanup.nodeSelector

Select certain nodes for cleanup pods.

{}

cleanup.podAnnotations

Annotations to add to cleanup pods.

{}

cleanup.resources

Resources for or cleanup pods

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

cleanup.schedule

Cleanup schedule.

*/15 * * * *

cleanup.securityContext

Security context for the cleanup job pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

cleanup.serviceAccount.annotations

Annotations to add to the cleanup CronJob Kubernetes ServiceAccount.

{}

cleanup.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

cleanup.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

cleanup.tolerations

Specify Tolerations for cleanup pods.

[]

cleanup.topologySpreadConstraints

Specify topology spread constraints for cleanup pods.

[]

createUserJob.affinity

Specify scheduling constraints for the create user job pod.

{}

createUserJob.annotations

Annotations to add to the create user job pod.

{}

createUserJob.applyCustomEnv

Specify if you want additional configured env vars applied to this job

True

createUserJob.args

Args to use when running create user job (templated).

['bash', '-c', 'exec \\\nairflow {{ semverCompare ">=2.0.0" .Values.airflowVersion | ternary "users create" "create_user" }} "$@"', '--', '-r', '{{ .Values.webserver.defaultUser.role }}', '-u', '{{ .Values.webserver.defaultUser.username }}', '-e', '{{ .Values.webserver.defaultUser.email }}', '-f', '{{ .Values.webserver.defaultUser.firstName }}', '-l', '{{ .Values.webserver.defaultUser.lastName }}', '-p', '{{ .Values.webserver.defaultUser.password }}']

createUserJob.command

Command to use when running create user job (templated).

~

createUserJob.env

Add additional env vars to the create user job pod.

[]

createUserJob.extraContainers

Launch additional containers for the create user job pod

[]

createUserJob.extraVolumeMounts

Mount additional volumes into create user job

[]

createUserJob.extraVolumes

Mount additional volumes into create user job

[]

createUserJob.jobAnnotations

Annotations to add to the create user job job.

{}

createUserJob.labels

Labels to add to the create user job objects and pods.

{}

createUserJob.nodeSelector

Select certain nodes for the create user job pod.

{}

createUserJob.resources

Resources for the create user job pod

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

createUserJob.securityContext

Security context for the create user job pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

createUserJob.serviceAccount.annotations

Annotations to add to the create user job Kubernetes ServiceAccount.

{}

createUserJob.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

createUserJob.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

createUserJob.tolerations

Specify Tolerations for the create user job pod.

[]

createUserJob.topologySpreadConstraints

Specify topology spread constraints for the create user job pod.

[]

createUserJob.ttlSecondsAfterFinished

Limit the lifetime of the job object after it finished execution

300

createUserJob.useHelmHooks

Specify if you want to use the default Helm Hook annotations

True

migrateDatabaseJob.affinity

Specify scheduling constraints for the migrate database job pod.

{}

migrateDatabaseJob.annotations

Annotations to add to the migrate database job pod.

{}

migrateDatabaseJob.applyCustomEnv

Specify if you want additional configured env vars applied to this job

True

migrateDatabaseJob.args

Args to use when running migrate database job (templated).

['bash', '-c', 'exec \\\nairflow {{ semverCompare ">=2.0.0" .Values.airflowVersion | ternary "db upgrade" "upgradedb" }}']

migrateDatabaseJob.command

Command to use when running migrate database job (templated).

~

migrateDatabaseJob.enabled

Enable migrate database job.

True

migrateDatabaseJob.extraContainers

Launch additional containers for the migrate database job pod

[]

migrateDatabaseJob.extraVolumeMounts

Mount additional volumes into migrate database job

[]

migrateDatabaseJob.extraVolumes

Mount additional volumes into migrate database job

[]

migrateDatabaseJob.jobAnnotations

Annotations to add to the migrate database job.

{}

migrateDatabaseJob.nodeSelector

Select certain nodes for the migrate database job pod.

{}

migrateDatabaseJob.resources

Resources for the migrate database job pod

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

migrateDatabaseJob.securityContext

Security context for the migrate database job pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

migrateDatabaseJob.serviceAccount.annotations

Annotations to add to the migrate database job Kubernetes ServiceAccount.

{}

migrateDatabaseJob.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

migrateDatabaseJob.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

migrateDatabaseJob.tolerations

Specify Tolerations for the migrate database job pod.

[]

migrateDatabaseJob.topologySpreadConstraints

Specify topology spread constraints for migrate database job pod.

[]

migrateDatabaseJob.ttlSecondsAfterFinished

Limit the lifetime of the job object after it finished execution

300

migrateDatabaseJob.useHelmHooks

Specify if you want to use the default Helm Hook annotations

True

Kubernetes

Parameter

Description

Default

affinity

Specify scheduling constraints for all pods.

{}

airflowConfigAnnotations

Extra annotations to apply to the main Airflow configmap.

{}

airflowPodAnnotations

Extra annotations to apply to all Airflow pods.

{}

cleanup.securityContexts.container

Container security context definition for the cleanup.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

cleanup.securityContexts.pod

Pod security context definition for the cleanup.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

createUserJob.securityContexts.container

Container security context definition for the create user job.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

createUserJob.securityContexts.pod

Pod security context definition for the create user job.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

dagProcessor.securityContexts.container

Container security context definition for the dag processor.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

dagProcessor.securityContexts.pod

Pod security context definition for the dag processor.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

dagProcessor.waitForMigrations.securityContexts.container

Container security context definition for the wait for migrations.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

dags.gitSync.securityContexts.container

Container security context definition for the git sync sidecar.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

extraConfigMaps

Extra ConfigMaps that will be managed by the chart.

{}

Examples:

extraConfigMaps:
  '{{ .Release.Name }}-airflow-variables':
    data: |-
      AIRFLOW_VAR_HELLO_MESSAGE: 'Hi!'
      AIRFLOW_VAR_KUBERNETES_NAMESPACE: '{{ .Release.Namespace }}'

extraSecrets

Extra secrets that will be managed by the chart.

{}

Examples:

extraSecrets:
  '{{ .Release.Name }}-airflow-connections':
    data: |-
      AIRFLOW_CONN_GCP: 'base64_encoded_gcp_conn_string'
      AIRFLOW_CONN_AWS: 'base64_encoded_aws_conn_string'
    stringData: 'AIRFLOW_CONN_OTHER: ''other_conn'''

flower.securityContexts.container

Container security context definition for the network policy.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

flower.securityContexts.pod

Pod security context definition for the network policy.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

labels

Add common labels to all objects and pods defined in this chart.

{}

limits

Define default/max/min values for pods and containers in namespace.

[]

migrateDatabaseJob.securityContexts.container

Container security context definition for the migrate database job.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

migrateDatabaseJob.securityContexts.pod

Pod security context definition for the migrate database job.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

networkPolicies.enabled

Enabled network policies.

False

nodeSelector

Select certain nodes for all pods.

{}

pgbouncer.metricsExporterSidecar.securityContexts.container

Container security context definition for the metrics exporter sidecar.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

pgbouncer.securityContexts.container

Container security context definition for the PgBouncer.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

quotas

Define any ResourceQuotas for namespace.

{}

rbac.create

Specifies whether RBAC resources should be created.

True

rbac.createSCCRoleBinding

Specifies whether SCC RoleBinding resource should be created (refer to Production Guide).

False

redis.securityContexts.container

Container security context definition for the redis.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

redis.securityContexts.pod

Pod security context definition for the redis.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 999

registry.connection

Registry connection configuration.

{}

Examples:

connection:
  email: '...'
  host: '...'
  pass: '...'
  user: '...'

registry.connection.email

Email

""

registry.connection.host

Host

""

registry.connection.pass

Password

""

registry.connection.user

Username

""

registry.secretName

Registry connection string secret.

~

scheduler.securityContexts.container

Container security context definition for the scheduler.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

scheduler.securityContexts.pod

Pod security context definition for the scheduler.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

scheduler.waitForMigrations.securityContexts.container

Container security context definition for the wait for migrations.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

securityContext

Default pod security context definition (deprecated, use securityContexts instead). The values in this parameter will be used when securityContext is not defined for specific Pods

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

securityContexts.container

Default container security context definition. The values in this parameter will be used when securityContexts is not defined for specific containers

{}

Examples:

container:
  allowPrivilegeEscalation: false

securityContexts.pod

Default pod security context definition. The values in this parameter will be used when securityContexts is not defined for specific Pods.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

statsd.securityContexts.container

Container security context definition for the statsd.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

statsd.securityContexts.pod

Pod security context definition for the statsd.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

tolerations

Specify Tolerations for all pods.

[]

topologySpreadConstraints

Specify topology spread constraints for all pods.

[]

triggerer.securityContexts.container

Container security context definition for the triggerer.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

triggerer.securityContexts.pod

Pod security context definition for the triggerer.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

triggerer.waitForMigrations.securityContexts.container

Container security context definition for the wait for migrations.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

webserver.securityContexts.container

Container security context definition for the webserver.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

webserver.securityContexts.pod

Pod security context definition for the webserver.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

webserver.topologySpreadConstraints

Specify topology spread constraints for webserver pods.

[]

webserver.waitForMigrations.securityContexts.container

Container security context definition for the wait for migrations.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

workers.kerberosSidecar.securityContexts.container

Container security context definition for the kerberos sidecar.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

workers.persistence.securityContexts.container

Container security context definition for the persistence.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

workers.securityContexts.container

Container security context definition for the workers.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

workers.securityContexts.pod

Pod security context definition for the workers.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

workers.waitForMigrations.securityContexts.container

Container security context definition for the wait for migrations.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

Ingress

Parameter

Description

Default

ingress.enabled

Enable all ingress resources (deprecated - use ingress.web.enabled and ingress.flower.enabled).

~

ingress.flower.annotations

Annotations for the flower Ingress.

{}

ingress.flower.enabled

Enable flower ingress resource.

False

ingress.flower.host

The hostname for the flower Ingress. (Deprecated - renamed to ingress.flower.hosts)

""

ingress.flower.hosts

The hostnames or hosts configuration for the flower Ingress.

[]

ingress.flower.ingressClassName

The Ingress Class for the flower Ingress.

""

ingress.flower.path

The path for the flower Ingress.

/

ingress.flower.pathType

The pathType for the flower Ingress (required for Kubernetes 1.19 and above).

ImplementationSpecific

ingress.flower.tls.enabled

Enable TLS termination for the flower Ingress.

False

ingress.flower.tls.secretName

The name of a pre-created Secret containing a TLS private key and certificate.

""

ingress.web.annotations

Annotations for the web Ingress.

{}

ingress.web.enabled

Enable web ingress resource.

False

ingress.web.host

The hostname for the web Ingress. (Deprecated - renamed to ingress.web.hosts)

""

ingress.web.hosts

The hostnames or hosts configuration for the web Ingress.

[]

ingress.web.ingressClassName

The Ingress Class for the web Ingress.

""

ingress.web.path

The path for the web Ingress.

/

ingress.web.pathType

The pathType for the web Ingress (required for Kubernetes 1.19 and above).

ImplementationSpecific

ingress.web.precedingPaths

HTTP paths to add to the web Ingress before the default path.

[]

ingress.web.succeedingPaths

HTTP paths to add to the web Ingress after the default path.

[]

ingress.web.tls.enabled

Enable TLS termination for the web Ingress.

False

ingress.web.tls.secretName

The name of a pre-created Secret containing a TLS private key and certificate.

""

Kerberos

Parameter

Description

Default

kerberos.ccacheFileName

Name for kerberos credentials cache file.

cache

kerberos.ccacheMountPath

Path to mount shared volume for kerberos credentials cache.

/var/kerberos-ccache

kerberos.config

Contents of krb5.conf.

See values.yaml

kerberos.configPath

Path to mount krb5.conf kerberos configuration file.

/etc/krb5.conf

kerberos.enabled

Enable kerberos.

False

kerberos.keytabBase64Content

Kerberos keytab base64 encoded content.

~

kerberos.keytabPath

Path to mount the keytab for refreshing credentials in the kerberos sidecar.

/etc/airflow.keytab

kerberos.principal

Principal to use when refreshing kerberos credentials.

airflow@FOO.COM

kerberos.reinitFrequency

How often (in seconds) airflow kerberos will reinitialize the credentials cache.

3600

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

helm install my-release apache-airflow/airflow \
  --set executor=CeleryExecutor \
  --set enablePodLaunching=false .

Was this entry helpful?