Parameters reference¶
The following tables lists the configurable parameters of the Airflow chart and their default values.
Common¶
Parameter |
Description |
Default |
---|---|---|
|
airflow_local_settings file as a string (can be templated). |
|
|
Airflow version (Used to make some decisions based on Airflow Version being deployed). |
|
|
Settings to go into the mounted airflow.cfg |
|
|
Default airflow digest to deploy. Overrides tag. |
|
|
Default airflow repository. Overrides all the specific images below. |
|
|
Default airflow tag to deploy. |
|
|
Airflow executor. |
|
|
The Fernet key used to encrypt passwords (can only be set during install, not upgrade). |
|
|
Enable PgBouncer. |
|
|
Enable default user creation. |
|
|
This string (can be templated) will be mounted into the Airflow webserver as a custom webserver_config.py. You can bake a webserver_config.py in to your image instead or specify a configmap containing the webserver_config.py. |
Examples: webserverConfig: |-
from airflow import configuration as conf
# The SQLAlchemy connection string.
SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')
# Flask-WTF flag for CSRF
CSRF_ENABLED = True
|
|
The configmap name containing the webserver_config.py. |
Examples: webserverConfigConfigMapName: my-webserver-configmap
|
|
The Flask secret key for Airflow Webserver to encrypt browser session. |
|
Airflow¶
Parameter |
Description |
Default |
---|---|---|
|
Airflow home directory. Used for mount paths. |
|
|
Whether various Airflow components launch pods. |
|
|
Git branch |
|
|
Git sync container name. |
|
|
Name of a Secret containing the repo GIT_SYNC_USERNAME and GIT_SYNC_PASSWORD. |
|
|
Repository depth. |
|
|
Enable Git sync. |
|
|
Environment variables for git sync container. |
Examples: env:
- name: GIT_SYNC_TIMEOUT
value: '60'
|
|
Mount additional volumes into git sync container. |
|
|
When using a ssh private key, the contents of your known_hosts file. |
Examples: knownHosts: |-
<host1>,<ip1> <key1>
<host2>,<ip2> <key2>
knownHosts: <host1>,<ip1> <key1>
|
|
The number of consecutive failures allowed before aborting. |
|
|
Git repository. |
|
|
Resources on workers git-sync sidecar |
Examples: resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
|
|
Git revision. |
|
|
Security context for the gitSync container (deprecated, use securityContexts instead). If not set, the values from securityContext will be used. |
Examples: securityContext:
runAsGroup: 0
runAsUser: 50000
|
|
Name of a Secret containing the repo sshKeySecret. |
|
|
Subpath within the repo where dags are located. |
|
|
Git sync container run as user parameter. |
|
|
Interval between git sync attempts in seconds. High values are more likely to cause DAGs to become out of sync between different components. Low values cause more traffic to the remote git repository. |
|
|
Access mode of the persistent volume. |
|
|
Annotations for the dag PVC |
|
|
Enable persistent volume for storing dags. |
|
|
The name of an existing PVC to use. |
|
|
Volume size for dags. |
|
|
If using a custom StorageClass, pass name here. |
|
|
Subpath within the PVC where dags are located. |
|
|
Elasticsearch connection configuration. |
Examples: connection:
host: '...'
pass: '...'
port: '...'
scheme: https
user: '...'
|
|
Host |
|
|
Password |
|
|
Port |
|
|
Scheme |
|
|
Username |
|
|
Enable Elasticsearch task logging. |
|
|
A secret containing the connection string. |
|
|
Enable |
|
|
Enable |
|
|
Enable |
|
|
Enable |
|
|
Enable |
|
|
Enable |
|
|
Enable |
|
|
Enable |
|
|
Enable |
|
|
Enable |
|
|
Environment variables for all Airflow containers. |
Examples: env:
- name: MYENVVAR
value: something_fun
|
|
Extra env ‘items’ that will be added to the definition of Airflow containers; a string is expected (can be templated). |
Examples: extraEnv: |-
- name: AIRFLOW__CORE__LOAD_EXAMPLES
value: True
|
|
Extra envFrom ‘items’ that will be added to the definition of Airflow containers; a string is expected (can be templated). |
Examples: extraEnvFrom: |-
- secretRef:
name: '{{ .Release.Name }}-airflow-connections'
extraEnvFrom: |-
- configMapRef:
name: '{{ .Release.Name }}-airflow-variables'
|
|
The Fernet key secret name. |
|
|
Group of airflow user. |
|
|
Annotations to add to logs PVC |
|
|
Enable persistent volume for storing logs. |
|
|
The name of an existing PVC to use. |
|
|
Volume size for logs. |
|
|
If using a custom StorageClass, pass name here. |
|
|
Whether Airflow can launch workers and/or pods in multiple namespaces. If true, it creates |
|
|
The contents of |
Examples: podTemplate: |-
apiVersion: v1
kind: Pod
metadata:
name: placeholder-name
labels:
tier: airflow
component: worker
release: {{ .Release.Name }}
spec:
priorityClassName: high-priority
containers:
- name: base
...
|
|
Secrets for all Airflow containers. |
Examples: secret:
- envName: SecretEnvVar
secretKey: somekey
secretName: somesecret
|
|
User of airflow user. |
|
|
VolumeMounts for all Airflow containers. |
|
|
Volumes for all Airflow containers. |
|
|
The Secret name containing Flask secret_key for the Webserver. |
|
Images¶
Parameter |
Description |
Default |
---|---|---|
|
The airflow image digest. If set, it will override the tag. |
|
|
The airflow image pull policy. |
|
|
The airflow image repository. |
|
|
The airflow image tag. |
|
|
The flower image pull policy. |
|
|
The flower image repository. |
|
|
The flower image tag. |
|
|
The gitSync image pull policy. |
|
|
The gitSync image repository. |
|
|
The gitSync image tag. |
|
|
The time (in seconds) to wait for the DB migrations to complete. |
|
|
The PgBouncer image pull policy. |
|
|
The PgBouncer image repository. |
|
|
The PgBouncer image tag. |
|
|
The PgBouncer exporter image pull policy. |
|
|
The PgBouncer exporter image repository. |
|
|
The PgBouncer exporter image tag. |
|
|
The pod_template image pull policy. |
|
|
The pod_template image repository. If |
|
|
The pod_template image tag. If |
|
|
The redis image pull policy. |
|
|
The redis image repository. |
|
|
The redis image tag. |
|
|
The StatsD image pull policy. |
|
|
The StatsD image repository. |
|
|
The StatsD image tag. |
|
|
To avoid images with user code for running and waiting for DB migrations set this to |
|
Ports¶
Parameter |
Description |
Default |
---|---|---|
|
Airflow UI port. |
|
|
Flower UI port. |
|
|
PgBouncer port. |
|
|
PgBouncer scrape port. |
|
|
Redis port. |
|
|
StatsD ingest port. |
|
|
StatsD scrape port. |
|
|
Triggerer logs port. |
|
|
Worker logs port. |
|
Database¶
Parameter |
Description |
Default |
---|---|---|
|
The name of the database. |
|
|
The database host. |
|
|
The user’s password. |
|
|
The database port. |
|
|
The database protocol. |
|
|
The database SSL parameter. |
|
|
The database user. |
|
|
Metadata connection string secret. |
|
|
Result backend connection configuration. |
|
|
The name of the database. |
|
|
The database host. |
|
|
The database password. |
|
|
The database port. |
|
|
The database protocol. |
|
|
The database SSL parameter. |
|
|
The database user. |
|
|
Result backend connection string secret. |
|
|
Assign a password to the ‘postgres’ admin user. Otherwise, remote access will be blocked for this user |
|
|
Password for the custom user to create. |
|
|
Password for the ‘postgres’ admin user. |
|
|
Name for a custom user to create |
|
|
Enable PostgreSQL subchart. |
|
|
The PostgreSQL image tag. |
|
PgBouncer¶
Parameter |
Description |
Default |
---|---|---|
|
Specify scheduling constraints for PgBouncer pods. |
|
|
Annotations to add to the PgBouncer deployment |
|
|
Args to use for PgBouncer (templated). |
|
|
The name of the file to load user names and passwords from |
|
|
Method of authenticating users |
|
|
The allowed ciphers, might be ‘fast’, ‘normal’ or list ciphers separated with ‘:’. |
|
|
Command to use for PgBouncer (templated). |
|
|
The PgBouncer config Secret name. |
|
|
Add extra general PgBouncer ini configuration: https://www.pgbouncer.org/config.html |
|
|
Add extra metadata database specific PgBouncer ini configuration: https://www.pgbouncer.org/config.html#section-databases |
|
|
Add extra result backend database specific PgBouncer ini configuration: https://www.pgbouncer.org/config.html#section-databases |
|
|
Additional NetworkPolicies as needed. |
|
|
Mount additional volumes into PgBouncer. |
|
|
Mount additional volumes into PgBouncer. |
|
|
Log successful logins. |
|
|
Log disconnections with reasons. |
|
|
Maximum clients that can connect to PgBouncer (higher = more file descriptors). |
|
|
Metadata pool size. |
|
|
Metrics Exporter liveness probe initial delay |
|
|
Metrics Exporter liveness probe frequency |
|
|
Metrics Exporter liveness probe command timeout |
|
|
Metrics Exporter readiness probe initial delay |
|
|
Metrics Exporter readiness probe frequency |
|
|
Metrics Exporter readiness probe command timeout |
|
|
Resources for the PgBouncer metric exporter. |
Examples: resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
|
|
SSL mode for |
|
|
Select certain nodes for PgBouncer pods. |
|
|
Add annotations for the PgBouncer Pod. |
|
|
Max unavailable pods for PgBouncer. |
|
|
Min available pods for PgBouncer. |
|
|
Enabled PodDistributionBudget. |
|
|
Specify priority for PgBouncer pods. |
|
|
Number of PgBouncer replicas to run in Deployment. |
|
|
Resources for the PgBouncer pods. |
Examples: resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
|
|
Result backend pool size. |
|
|
Extra annotations for the PgBouncer Service. |
|
|
Annotations to add to the worker Kubernetes ServiceAccount. |
|
|
Specifies whether a ServiceAccount should be created. |
|
|
The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name. |
|
|
Certificate Authority for server side |
|
|
Server Certificate for server side |
|
|
Private key used to authenticate with the server |
|
|
SSL mode for PgBouncer. |
|
|
Specify Tolerations for PgBouncer pods. |
|
|
Specify topology spread constraints for PgBouncer pods. |
|
|
PgBouncer run as user parameter. |
|
|
Increase PgBouncer verbosity. |
|
Scheduler¶
Parameter |
Description |
Default |
---|---|---|
|
Specify scheduling constraints for scheduler pods. |
|
|
Annotations to add to the scheduler deployment |
|
|
Args to use when running the Airflow scheduler (templated). |
|
|
Command to use when running the Airflow scheduler (templated). |
|
|
Add additional env vars to scheduler. |
|
|
Launch additional containers into scheduler. |
|
|
Add additional init containers into scheduler. |
|
|
Mount additional volumes into scheduler. |
|
|
Mount additional volumes into scheduler. |
|
|
HostAliases for the scheduler pod. |
Examples: hostAliases:
- hostnames:
- foo.local
ip: 127.0.0.1
hostAliases:
- hostnames:
- foo.remote
ip: 10.1.2.3
|
|
Labels to add to the scheduler objects and pods. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. |
|
|
Number of seconds after the container has started before liveness probes are initiated. |
|
|
How often (in seconds) to perform the probe. Minimum value is 1. |
|
|
Number of seconds after which the probe times out. Minimum value is 1 seconds. |
|
|
Select certain nodes for scheduler pods. |
|
|
Annotations to add to the scheduler pods. |
|
|
Max unavailable pods for scheduler. |
|
|
Min available pods for scheduler. |
|
|
Enable pod disruption budget. |
|
|
Specify priority for scheduler pods. |
|
|
Airflow 2.0 allows users to run multiple schedulers. This feature is only recommended for MySQL 8+ and PostgreSQL |
|
|
Resources for scheduler pods. |
Examples: resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
|
|
This setting tells Kubernetes that its ok to evict when it wants to scale a node down. |
|
|
Security context for the scheduler pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used. |
Examples: securityContext:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Annotations to add to the scheduler Kubernetes ServiceAccount. |
|
|
Specifies whether a ServiceAccount should be created. |
|
|
The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name. |
|
|
Specifies the strategy used to replace old Pods by new ones when deployed as a Deployment (when not using LocalExecutor and workers.persistence). |
|
|
Specify Tolerations for scheduler pods. |
|
|
Specify topology spread constraints for scheduler pods. |
|
|
Specifies the strategy used to replace old Pods by new ones when deployed as a StatefulSet (when using LocalExecutor and workers.persistence). |
|
|
Enable wait-for-airflow-migrations init container. |
|
|
Add additional env vars to wait-for-airflow-migrations init container. |
|
Webserver¶
Parameter |
Description |
Default |
---|---|---|
|
Specify scheduling constraints for webserver pods. |
|
|
Allow webserver to read k8s pod logs. Useful when you don’t have an external log store. |
|
|
Annotations to add to the webserver deployment |
|
|
Args to use when running the Airflow webserver (templated). |
|
|
Command to use when running the Airflow webserver (templated). |
|
|
Default user email address. |
|
|
Default user firstname. |
|
|
Default user lastname. |
|
|
Default user password. |
|
|
Default user role. |
|
|
Default user username. |
|
|
Add additional env vars to webserver. |
|
|
Launch additional containers into webserver. |
|
|
Add additional init containers into webserver. |
|
|
Additional NetworkPolicies as needed (Deprecated - renamed to webserver.networkPolicy.ingress.from). |
|
|
Mount additional volumes into webserver. |
|
|
Mount additional volumes into webserver. |
|
|
HostAliases for the webserver pod. |
Examples: hostAliases:
- hostnames:
- foo.local
ip: 127.0.0.1
hostAliases:
- hostnames:
- foo.remote
ip: 10.1.2.3
|
|
Labels to add to the webserver objects and pods. |
|
|
Webserver Liveness probe failure threshold. |
|
|
Webserver Liveness probe initial delay. |
|
|
Webserver Liveness probe period seconds. |
|
|
Webserver Liveness probe scheme. |
|
|
Webserver Liveness probe timeout seconds. |
|
|
Peers for webserver NetworkPolicyingress. |
|
|
Ports for webserver NetworkPolicyingress (if from is set). |
Examples: ports:
- port: 8070
|
|
Select certain nodes for webserver pods. |
|
|
Annotations to add to the webserver pods. |
|
|
Max unavailable pods for webserver. |
|
|
Min available pods for webserver. |
|
|
Enable pod disruption budget. |
|
|
Specify priority for webserver pods. |
|
|
Webserver Readiness probe failure threshold. |
|
|
Webserver Readiness probe initial delay. |
|
|
Webserver Readiness probe period seconds. |
|
|
Webserver Readiness probe scheme. |
|
|
Webserver Readiness probe timeout seconds. |
|
|
How many Airflow webserver replicas should run. |
|
|
Resources for webserver pods. |
Examples: resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
|
|
Security context for the webserver job pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used. |
Examples: securityContext:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Annotations for the webserver Service. |
|
|
Webserver Service loadBalancerIP. |
|
|
Webserver Service |
Examples: loadBalancerSourceRanges:
- 10.123.0.0/16
|
|
Ports for the webserver Service. |
Examples: ports:
- name: airflow-ui
port: 80
targetPort: airflow-ui
ports:
- name: only_sidecar
port: 80
targetPort: 8888
|
|
Webserver Service type. |
|
|
Annotations to add to the webserver Kubernetes ServiceAccount. |
|
|
Specifies whether a ServiceAccount should be created. |
|
|
The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name. |
|
|
Specifies the strategy used to replace old Pods by new ones. |
|
|
Specify Tolerations for webserver pods. |
|
|
Enable wait-for-airflow-migrations init container. |
|
|
Add additional env vars to wait-for-airflow-migrations init container. |
|
Workers¶
Parameter |
Description |
Default |
---|---|---|
|
Specify scheduling constraints for worker pods. |
|
|
Annotations to add to the worker deployment |
|
|
Args to use when running Airflow workers (templated). |
|
|
Command to use when running Airflow workers (templated). |
|
|
Add additional env vars to worker. |
|
|
Launch additional containers into workers. Note, if used with KubernetesExecutor, you are responsible for signaling sidecars to exit when the main container finishes so Airflow can continue the worker shutdown process! |
|
|
Add additional init containers into workers. |
|
|
Mount additional volumes into workers. |
|
|
Mount additional volumes into workers. |
|
|
Specify HostAliases for workers. |
Examples: hostAliases:
- hostnames:
- test.hostname.one
ip: 127.0.0.2
hostAliases:
- hostnames:
- test.hostname.two
ip: 127.0.0.3
|
|
Advanced KEDA configuration. |
|
|
HorizontalPodAutoscalerConfig specifies horizontal scale config. |
|
|
HorizontalPodAutoscalerBehavior configures the scaling behavior of the target. |
|
|
How many seconds KEDA will wait before scaling to zero. |
|
|
Allow KEDA autoscaling. Persistence.enabled must be set to false to use KEDA. |
|
|
Maximum number of workers created by KEDA. |
|
|
Minimum number of workers created by KEDA. |
|
|
Labels used in matchLabels for namespace in the PgBouncer NetworkPolicy. |
|
|
How often KEDA polls the airflow DB to report new scale requests to the HPA. |
|
|
Enable Kerberos sidecar for the worker. |
|
|
Resources on workers kerberos sidecar |
Examples: resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
|
|
Labels to add to the worker objects and pods. |
|
|
Enable liveness probe for celery workers. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. |
|
|
Number of seconds after the container has started before liveness probes are initiated. |
|
|
How often (in seconds) to perform the probe. Minimum value is 1. |
|
|
Number of seconds after which the probe times out. Minimum value is 1 seconds. |
|
|
Select certain nodes for worker pods. |
|
|
Annotations to add to worker volumes. |
|
|
Enable persistent volumes. |
|
|
Execute init container to chown log directory. This is currently only needed in kind, due to usage of local-path provisioner. |
|
|
Volume size for worker StatefulSet. |
|
|
If using a custom StorageClass, pass name ref to all StatefulSets here. |
|
|
Annotations to add to the worker pods. |
|
|
Specify priority for worker pods. |
|
|
Number of Airflow Celery workers in StatefulSet. |
|
|
Resources on workers |
Examples: resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
|
|
This setting tells Kubernetes that it’s ok to evict when it wants to scale a node down. |
|
|
Security context for the worker pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used. |
Examples: securityContext:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Annotations to add to the worker Kubernetes ServiceAccount. |
|
|
Specifies whether a ServiceAccount should be created. |
|
|
The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name. |
|
|
Specifies the strategy used to replace old Pods by new ones when deployed as a Deployment. |
|
|
Grace period for tasks to finish after SIGTERM is sent from Kubernetes. |
|
|
Specify Tolerations for worker pods. |
|
|
Specify topology spread constraints for worker pods. |
|
|
Specifies the strategy used to replace old Pods by new ones when deployed as a StatefulSet. |
|
|
Enable wait-for-airflow-migrations init container. |
|
|
Add additional env vars to wait-for-airflow-migrations init container. |
|
Triggerer¶
Parameter |
Description |
Default |
---|---|---|
|
Specify scheduling constraints for triggerer pods. |
|
|
Annotations to add to the triggerer deployment |
|
|
Args to use when running the Airflow triggerer (templated). |
|
|
Command to use when running the Airflow triggerer (templated). |
|
|
Enable triggerer |
|
|
Add additional env vars to triggerer. |
|
|
Launch additional containers into triggerer. |
|
|
Add additional init containers into triggerer. |
|
|
Mount additional volumes into triggerer. |
|
|
Mount additional volumes into triggerer. |
|
|
Labels to add to the triggerer objects and pods. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. |
|
|
Number of seconds after the container has started before liveness probes are initiated. |
|
|
How often (in seconds) to perform the probe. Minimum value is 1. |
|
|
Number of seconds after which the probe times out. Minimum value is 1 seconds. |
|
|
Select certain nodes for triggerer pods. |
|
|
Annotations to add to triggerer volumes. |
|
|
Enable persistent volumes. |
|
|
Execute init container to chown log directory. This is currently only needed in kind, due to usage of local-path provisioner. |
|
|
Volume size for triggerer StatefulSet. |
|
|
If using a custom StorageClass, pass name ref to all StatefulSets here. |
|
|
Annotations to add to the triggerer pods. |
|
|
Specify priority for triggerer pods. |
|
|
Number of triggerers to run. |
|
|
Resources for triggerer pods. |
Examples: resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
|
|
This setting tells Kubernetes that its ok to evict when it wants to scale a node down. |
|
|
Security context for the triggerer pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used. |
Examples: securityContext:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Annotations to add to the triggerer Kubernetes ServiceAccount. |
|
|
Specifies whether a ServiceAccount should be created. |
|
|
The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name. |
|
|
Specifies the strategy used to replace old Pods by new ones when deployed as a Deployment. |
|
|
Grace period for tasks to finish after SIGTERM is sent from Kubernetes. |
|
|
Specify Tolerations for triggerer pods. |
|
|
Specify topology spread constraints for triggerer pods. |
|
|
Specifies the strategy used to replace old Pods by new ones when deployed as a StatefulSet. |
|
|
Enable wait-for-airflow-migrations init container. |
|
|
Add additional env vars to wait-for-airflow-migrations init container. |
|
DagProcessor¶
Parameter |
Description |
Default |
---|---|---|
|
Specify scheduling constraints for dag processor pods. |
|
|
Annotations to add to the dag processor deployment |
|
|
Args to use when running the Airflow dag processor (templated). |
|
|
Command to use when running the Airflow dag processor (templated). |
|
|
Enable standalone dag processor (requires Airflow 2.3.0+). |
|
|
Add additional env vars to dag processor. |
|
|
Launch additional containers into dag processor. |
|
|
Add additional init containers into dag processor. |
|
|
Mount additional volumes into dag processor. |
|
|
Mount additional volumes into dag processor. |
|
|
Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. |
|
|
Number of seconds after the container has started before liveness probes are initiated. |
|
|
How often (in seconds) to perform the probe. Minimum value is 1. |
|
|
Number of seconds after which the probe times out. Minimum value is 1 seconds. |
|
|
Select certain nodes for dag processor pods. |
|
|
Annotations to add to the dag processor pods. |
|
|
Specify priority for dag processor pods. |
|
|
Number of dag processors to run. |
|
|
Resources for dag processor pods. |
Examples: resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
|
|
This setting tells Kubernetes that its ok to evict when it wants to scale a node down. |
|
|
Security context for the dag processor pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used. |
Examples: securityContext:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Annotations to add to the dag processor Kubernetes ServiceAccount. |
|
|
Specifies whether a ServiceAccount should be created. |
|
|
The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name. |
|
|
Specifies the strategy used to replace old Pods by new ones when deployed as a Deployment. |
|
|
Grace period for tasks to finish after SIGTERM is sent from Kubernetes. |
|
|
Specify Tolerations for dag processor pods. |
|
|
Specify topology spread constraints for dag processor pods. |
|
|
Enable wait-for-airflow-migrations init container. |
|
|
Add additional env vars to wait-for-airflow-migrations init container. |
|
Flower¶
Parameter |
Description |
Default |
---|---|---|
|
Specify scheduling constraints for Flower pods. |
|
|
Annotations to add to the flower deployment |
|
|
Args to use when running flower (templated). |
|
|
Command to use when running flower (templated). |
|
|
Enable Flower. |
|
|
Add additional env vars to flower. |
|
|
Launch additional containers into the flower pods. |
|
|
Additional NetworkPolicies as needed (Deprecated - renamed to flower.networkPolicy.ingress.from). |
|
|
Mount additional volumes into the flower pods. |
|
|
Mount additional volumes into the flower pods. |
|
|
Labels to add to the flower objects and pods. |
|
|
Peers for flower NetworkPolicyingress. |
|
|
Ports for flower NetworkPolicyingress (if from is set). |
Examples: ports:
- port: 5565
|
|
Select certain nodes for Flower pods. |
|
|
Password use to access Flower. |
|
|
Annotations to add to the Flower pods. |
|
|
Specify priority for Flower pods. |
|
|
Resources for Flower pods. |
Examples: resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
|
|
A secret containing the user and password pair. |
|
|
Security context for the flower pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used. |
Examples: securityContext:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Annotations for the flower Service. |
|
|
Flower Service loadBalancerIP. |
|
|
Flower Service |
Examples: loadBalancerSourceRanges:
- 10.123.0.0/16
|
|
Ports for the flower Service. |
Examples: ports:
- name: flower-ui
port: 8080
targetPort: flower-ui
|
|
Flower Service type. |
|
|
Annotations to add to the worker Kubernetes ServiceAccount. |
|
|
Specifies whether a ServiceAccount should be created. |
|
|
The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name. |
|
|
Specify Tolerations for Flower pods. |
|
|
Specify topology spread constraints for Flower pods. |
|
|
Username use to access Flower. |
|
Redis¶
Parameter |
Description |
Default |
---|---|---|
|
Direct url to the redis broker (when using an external redis instance) (can only be set during install, not upgrade). |
|
|
Redis broker URL secret. |
|
|
Specify scheduling constraints for Redis pods. |
|
|
Enable the Redis provisioned by the chart (you can also use an external Redis instance with data.brokerUrl or data.brokerUrlSecretName). |
|
|
Select certain nodes for Redis pods. |
|
|
If password is set, create secret with it, else generate a new one on install (can only be set during install, not upgrade). |
|
|
Redis password secret. |
|
|
Annotations to add to redis volumes. |
|
|
Enable persistent volumes. |
|
|
Volume size for Redis StatefulSet. |
|
|
If using a custom StorageClass, pass name ref to all StatefulSets here. |
|
|
Annotations to add to the redis pods. |
|
|
Resources for the Redis pods |
Examples: resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
|
|
This setting tells Kubernetes that its ok to evict when it wants to scale a node down. |
|
|
Security context for the cleanup job pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used. |
Examples: securityContext:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Annotations to add to the worker Kubernetes ServiceAccount. |
|
|
Specifies whether a ServiceAccount should be created. |
|
|
The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name. |
|
|
Grace period for Redis to exit after SIGTERM is sent from Kubernetes. |
|
|
Specify Tolerations for Redis pods. |
|
|
Specify topology spread constraints for Redis pods. |
|
|
Redis run as user parameter. |
|
StatsD¶
Parameter |
Description |
Default |
---|---|---|
|
Specify scheduling constraints for StatsD pods. |
|
|
Annotations to add to the StatsD deployment. |
|
|
Args to use when running statsd-exporter (templated). |
|
|
Enable StatsD. |
|
|
Additional mappings for StatsD exporter.If set, will merge default mapping and extra mappings, default mapping has higher priority. So, if you want to change some default mapping, please use overrideMappings |
|
|
Additional NetworkPolicies as needed. |
|
|
Select certain nodes for StatsD pods. |
|
|
Override mappings for StatsD exporter.If set, will ignore setting item in default and extraMappings. So, If you use it, ensure all mapping item contains in it. |
|
|
Annotations to add to the StatsD pods. |
|
|
Specify priority for StatsD pods. |
|
|
Resources for StatsD pods. |
Examples: resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
|
|
Security context for the StatsD pod (deprecated, use securityContexts instead). |
Examples: securityContext:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Extra annotations for the StatsD Service. |
|
|
Annotations to add to the StatsD Kubernetes ServiceAccount. |
|
|
Specifies whether a ServiceAccount should be created. |
|
|
The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name. |
|
|
Specify Tolerations for StatsD pods. |
|
|
Specify topology spread constraints for StatsD pods. |
|
|
StatsD run as user parameter. |
|
Jobs¶
Parameter |
Description |
Default |
---|---|---|
|
Specify scheduling constraints for cleanup pods. |
|
|
Args to use when running the cleanup cronjob (templated). |
|
|
Command to use when running the cleanup cronjob (templated). |
|
|
Enable cleanup. |
|
|
Add additional env vars to cleanup. |
|
|
Annotations to add to the cleanup cronjob. |
|
|
labels to add to cleanup pods. |
|
|
Select certain nodes for cleanup pods. |
|
|
Annotations to add to cleanup pods. |
|
|
Resources for or cleanup pods |
Examples: resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
|
|
Cleanup schedule. |
|
|
Security context for the cleanup job pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used. |
Examples: securityContext:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Annotations to add to the cleanup CronJob Kubernetes ServiceAccount. |
|
|
Specifies whether a ServiceAccount should be created. |
|
|
The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name. |
|
|
Specify Tolerations for cleanup pods. |
|
|
Specify topology spread constraints for cleanup pods. |
|
|
Specify scheduling constraints for the create user job pod. |
|
|
Annotations to add to the create user job pod. |
|
|
Specify if you want additional configured env vars applied to this job |
|
|
Args to use when running create user job (templated). |
|
|
Command to use when running create user job (templated). |
|
|
Add additional env vars to the create user job pod. |
|
|
Launch additional containers for the create user job pod |
|
|
Mount additional volumes into create user job |
|
|
Mount additional volumes into create user job |
|
|
Annotations to add to the create user job job. |
|
|
Labels to add to the create user job objects and pods. |
|
|
Select certain nodes for the create user job pod. |
|
|
Resources for the create user job pod |
Examples: resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
|
|
Security context for the create user job pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used. |
Examples: securityContext:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Annotations to add to the create user job Kubernetes ServiceAccount. |
|
|
Specifies whether a ServiceAccount should be created. |
|
|
The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name. |
|
|
Specify Tolerations for the create user job pod. |
|
|
Specify topology spread constraints for the create user job pod. |
|
|
Limit the lifetime of the job object after it finished execution |
|
|
Specify if you want to use the default Helm Hook annotations |
|
|
Specify scheduling constraints for the migrate database job pod. |
|
|
Annotations to add to the migrate database job pod. |
|
|
Specify if you want additional configured env vars applied to this job |
|
|
Args to use when running migrate database job (templated). |
|
|
Command to use when running migrate database job (templated). |
|
|
Enable migrate database job. |
|
|
Launch additional containers for the migrate database job pod |
|
|
Mount additional volumes into migrate database job |
|
|
Mount additional volumes into migrate database job |
|
|
Annotations to add to the migrate database job. |
|
|
Select certain nodes for the migrate database job pod. |
|
|
Resources for the migrate database job pod |
Examples: resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
|
|
Security context for the migrate database job pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used. |
Examples: securityContext:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Annotations to add to the migrate database job Kubernetes ServiceAccount. |
|
|
Specifies whether a ServiceAccount should be created. |
|
|
The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name. |
|
|
Specify Tolerations for the migrate database job pod. |
|
|
Specify topology spread constraints for migrate database job pod. |
|
|
Limit the lifetime of the job object after it finished execution |
|
|
Specify if you want to use the default Helm Hook annotations |
|
Kubernetes¶
Parameter |
Description |
Default |
---|---|---|
|
Specify scheduling constraints for all pods. |
|
|
Extra annotations to apply to the main Airflow configmap. |
|
|
Extra annotations to apply to all Airflow pods. |
|
|
Container security context definition for the cleanup. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Pod security context definition for the cleanup. |
Examples: pod:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Container security context definition for the create user job. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Pod security context definition for the create user job. |
Examples: pod:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Container security context definition for the dag processor. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Pod security context definition for the dag processor. |
Examples: pod:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Container security context definition for the wait for migrations. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Container security context definition for the git sync sidecar. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Extra ConfigMaps that will be managed by the chart. |
Examples: extraConfigMaps:
'{{ .Release.Name }}-airflow-variables':
data: |-
AIRFLOW_VAR_HELLO_MESSAGE: 'Hi!'
AIRFLOW_VAR_KUBERNETES_NAMESPACE: '{{ .Release.Namespace }}'
|
|
Extra secrets that will be managed by the chart. |
Examples: extraSecrets:
'{{ .Release.Name }}-airflow-connections':
data: |-
AIRFLOW_CONN_GCP: 'base64_encoded_gcp_conn_string'
AIRFLOW_CONN_AWS: 'base64_encoded_aws_conn_string'
stringData: 'AIRFLOW_CONN_OTHER: ''other_conn'''
|
|
Container security context definition for the network policy. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Pod security context definition for the network policy. |
Examples: pod:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Add common labels to all objects and pods defined in this chart. |
|
|
Define default/max/min values for pods and containers in namespace. |
|
|
Container security context definition for the migrate database job. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Pod security context definition for the migrate database job. |
Examples: pod:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Enabled network policies. |
|
|
Select certain nodes for all pods. |
|
|
Container security context definition for the metrics exporter sidecar. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Container security context definition for the PgBouncer. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Define any ResourceQuotas for namespace. |
|
|
Specifies whether RBAC resources should be created. |
|
|
Specifies whether SCC RoleBinding resource should be created (refer to Production Guide). |
|
|
Container security context definition for the redis. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Pod security context definition for the redis. |
Examples: pod:
fsGroup: 0
runAsGroup: 0
runAsUser: 999
|
|
Registry connection configuration. |
Examples: connection:
email: '...'
host: '...'
pass: '...'
user: '...'
|
|
|
|
|
Host |
|
|
Password |
|
|
Username |
|
|
Registry connection string secret. |
|
|
Container security context definition for the scheduler. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Pod security context definition for the scheduler. |
Examples: pod:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Container security context definition for the wait for migrations. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Default pod security context definition (deprecated, use securityContexts instead). The values in this parameter will be used when securityContext is not defined for specific Pods |
Examples: securityContext:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Default container security context definition. The values in this parameter will be used when securityContexts is not defined for specific containers |
Examples: container:
allowPrivilegeEscalation: false
|
|
Default pod security context definition. The values in this parameter will be used when securityContexts is not defined for specific Pods. |
Examples: pod:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Container security context definition for the statsd. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Pod security context definition for the statsd. |
Examples: pod:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Specify Tolerations for all pods. |
|
|
Specify topology spread constraints for all pods. |
|
|
Container security context definition for the triggerer. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Pod security context definition for the triggerer. |
Examples: pod:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Container security context definition for the wait for migrations. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Container security context definition for the webserver. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Pod security context definition for the webserver. |
Examples: pod:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Specify topology spread constraints for webserver pods. |
|
|
Container security context definition for the wait for migrations. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Container security context definition for the kerberos sidecar. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Container security context definition for the persistence. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Container security context definition for the workers. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
|
Pod security context definition for the workers. |
Examples: pod:
fsGroup: 0
runAsGroup: 0
runAsUser: 50000
|
|
Container security context definition for the wait for migrations. |
Examples: container:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
|
Ingress¶
Parameter |
Description |
Default |
---|---|---|
|
Enable all ingress resources (deprecated - use ingress.web.enabled and ingress.flower.enabled). |
|
|
Annotations for the flower Ingress. |
|
|
Enable flower ingress resource. |
|
|
The hostname for the flower Ingress. (Deprecated - renamed to ingress.flower.hosts) |
|
|
The hostnames or hosts configuration for the flower Ingress. |
|
|
The Ingress Class for the flower Ingress. |
|
|
The path for the flower Ingress. |
|
|
The pathType for the flower Ingress (required for Kubernetes 1.19 and above). |
|
|
Enable TLS termination for the flower Ingress. |
|
|
The name of a pre-created Secret containing a TLS private key and certificate. |
|
|
Annotations for the web Ingress. |
|
|
Enable web ingress resource. |
|
|
The hostname for the web Ingress. (Deprecated - renamed to ingress.web.hosts) |
|
|
The hostnames or hosts configuration for the web Ingress. |
|
|
The Ingress Class for the web Ingress. |
|
|
The path for the web Ingress. |
|
|
The pathType for the web Ingress (required for Kubernetes 1.19 and above). |
|
|
HTTP paths to add to the web Ingress before the default path. |
|
|
HTTP paths to add to the web Ingress after the default path. |
|
|
Enable TLS termination for the web Ingress. |
|
|
The name of a pre-created Secret containing a TLS private key and certificate. |
|
Kerberos¶
Parameter |
Description |
Default |
---|---|---|
|
Name for kerberos credentials cache file. |
|
|
Path to mount shared volume for kerberos credentials cache. |
|
|
Contents of krb5.conf. |
|
|
Path to mount krb5.conf kerberos configuration file. |
|
|
Enable kerberos. |
|
|
Kerberos keytab base64 encoded content. |
|
|
Path to mount the keytab for refreshing credentials in the kerberos sidecar. |
|
|
Principal to use when refreshing kerberos credentials. |
|
|
How often (in seconds) airflow kerberos will reinitialize the credentials cache. |
|
Specify each parameter using the --set key=value[,key=value]
argument to helm install
. For example,
helm install my-release apache-airflow/airflow \
--set executor=CeleryExecutor \
--set enablePodLaunching=false .