Parameters reference

The following tables lists the configurable parameters of the Airflow chart and their default values.

Common

Parameter

Description

Default

airflowLocalSettings

airflow_local_settings file as a string (can be templated).

See values.yaml

airflowVersion

Airflow version (Used to make some decisions based on Airflow Version being deployed).

2.3.0

config

Settings to go into the mounted airflow.cfg

See values.yaml

defaultAirflowRepository

Default airflow repository. Overrides all the specific images below.

apache/airflow

defaultAirflowTag

Default airflow tag to deploy.

2.3.0

executor

Airflow executor.

CeleryExecutor

fernetKey

The Fernet key used to encrypt passwords (can only be set during install, not upgrade).

~

pgbouncer.enabled

Enable PgBouncer.

False

webserver.defaultUser.enabled

Enable default user creation.

True

webserver.webserverConfig

This string (can be templated) will be mounted into the Airflow webserver as a custom webserver_config.py. You can bake a webserver_config.py in to your image instead.

~

Examples:

webserverConfig: |-
  from airflow import configuration as conf

  # The SQLAlchemy connection string.
  SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')

  # Flask-WTF flag for CSRF
  CSRF_ENABLED = True

webserverSecretKey

The Flask secret key for Airflow Webserver to encrypt browser session.

~

Airflow

Parameter

Description

Default

airflowHome

Airflow home directory. Used for mount paths.

/opt/airflow

allowPodLaunching

Whether various Airflow components launch pods.

True

dags.gitSync.branch

Git branch

v2-2-stable

dags.gitSync.containerName

Git sync container name.

git-sync

dags.gitSync.credentialsSecret

Name of a Secret containing the repo GIT_SYNC_USERNAME and GIT_SYNC_PASSWORD.

~

dags.gitSync.depth

Repository depth.

1

dags.gitSync.enabled

Enable Git sync.

False

dags.gitSync.env

Environment variables for git sync container.

[]

Examples:

env:
- name: GIT_SYNC_TIMEOUT
  value: '60'

dags.gitSync.extraVolumeMounts

Mount additional volumes into git sync container.

[]

dags.gitSync.knownHosts

When using a ssh private key, the contents of your known_hosts file.

~

Examples:

knownHosts: |-
  <host1>,<ip1> <key1>
  <host2>,<ip2> <key2>
knownHosts: <host1>,<ip1> <key1>

dags.gitSync.maxFailures

The number of consecutive failures allowed before aborting.

0

dags.gitSync.repo

Git repository.

https://github.com/apache/airflow.git

dags.gitSync.resources

Resources on workers git-sync sidecar

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

dags.gitSync.rev

Git revision.

HEAD

dags.gitSync.securityContext

Security context for the gitSync container. If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  runAsGroup: 0
  runAsUser: 50000

dags.gitSync.sshKeySecret

Name of a Secret containing the repo sshKeySecret.

~

dags.gitSync.subPath

Subpath within the repo where dags are located.

tests/dags

dags.gitSync.uid

Git sync container run as user parameter.

65533

dags.gitSync.wait

Interval between git sync attempts in seconds.

60

dags.persistence.accessMode

Access mode of the persistent volume.

ReadWriteOnce

dags.persistence.annotations

Annotations for the dag PVC

{}

dags.persistence.enabled

Enable persistent volume for storing dags.

False

dags.persistence.existingClaim

The name of an existing PVC to use.

~

dags.persistence.size

Volume size for dags.

1Gi

dags.persistence.storageClassName

If using a custom StorageClass, pass name here.

~

dags.persistence.subPath

Subpath within the PVC where dags are located.

~

elasticsearch.connection

Elasticsearch connection configuration.

{}

Examples:

connection:
  host: '...'
  pass: '...'
  port: '...'
  scheme: https
  user: '...'

elasticsearch.connection.host

Host

""

elasticsearch.connection.pass

Password

""

elasticsearch.connection.port

Port

80

elasticsearch.connection.scheme

Scheme

http

elasticsearch.connection.user

Username

""

elasticsearch.enabled

Enable Elasticsearch task logging.

False

elasticsearch.secretName

A secret containing the connection string.

~

enableBuiltInSecretEnvVars.AIRFLOW_CONN_AIRFLOW_DB

Enable AIRFLOW_CONN_AIRFLOW_DB variable to be read from the Metadata Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__CELERY__BROKER_URL

Enable AIRFLOW__CELERY__BROKER_URL variable to be read from the Celery Broker URL Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__CELERY__CELERY_RESULT_BACKEND

Enable AIRFLOW__CELERY__CELERY_RESULT_BACKEND variable to be read from the Celery Result Backend Secret - Airflow 1.10.* variant

True

enableBuiltInSecretEnvVars.AIRFLOW__CELERY__RESULT_BACKEND

Enable AIRFLOW__CELERY__RESULT_BACKEND variable to be read from the Celery Result Backend Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__CORE__FERNET_KEY

Enable AIRFLOW__CORE__FERNET_KEY variable to be read from the Fernet key Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__CORE__SQL_ALCHEMY_CONN

Enable AIRFLOW__CORE__SQL_ALCHEMY_CONN variable to be read from the Metadata Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__DATABASE__SQL_ALCHEMY_CONN

Enable AIRFLOW__DATABASE__SQL_ALCHEMY_CONN variable to be read from the Metadata Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__ELASTICSEARCH__ELASTICSEARCH_HOST

Enable AIRFLOW__ELASTICSEARCH__ELASTICSEARCH_HOST variable to be read from the Elasticsearch Host Secret - Airflow <1.10.4 variant

True

enableBuiltInSecretEnvVars.AIRFLOW__ELASTICSEARCH__HOST

Enable AIRFLOW__ELASTICSEARCH__HOST variable to be read from the Elasticsearch Host Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__WEBSERVER__SECRET_KEY

Enable AIRFLOW__WEBSERVER__SECRET_KEY variable to be read from the Webserver Secret Key Secret

True

env

Environment variables for all Airflow containers.

[]

Examples:

env:
- name: MYENVVAR
  value: something_fun

extraEnv

Extra env ‘items’ that will be added to the definition of Airflow containers; a string is expected (can be templated).

~

Examples:

extraEnv: |-
  - name: AIRFLOW__CORE__LOAD_EXAMPLES
     value: True

extraEnvFrom

Extra envFrom ‘items’ that will be added to the definition of Airflow containers; a string is expected (can be templated).

~

Examples:

extraEnvFrom: |-
  - secretRef:
      name: '{{ .Release.Name }}-airflow-connections'
extraEnvFrom: |-
  - configMapRef:
      name: '{{ .Release.Name }}-airflow-variables'

fernetKeySecretName

The Fernet key secret name.

~

gid

Group of airflow user.

0

logs.persistence.enabled

Enable persistent volume for storing logs.

False

logs.persistence.existingClaim

The name of an existing PVC to use.

~

logs.persistence.size

Volume size for logs.

100Gi

logs.persistence.storageClassName

If using a custom StorageClass, pass name here.

~

multiNamespaceMode

Whether Airflow can launch workers and/or pods in multiple namespaces. If true, it creates ClusterRole/ClusterRolebinding (with access to entire cluster)

False

podTemplate

The contents of pod_template_file.yaml used for KubernetesExecutor workers (templated). The default (see files/pod-template-file.kubernetes-helm-yaml) already takes into account normal workers configuration parameters (e.g. workers.resources), so you normally won’t need to override this directly.

~

Examples:

podTemplate: |-
  apiVersion: v1
  kind: Pod
  metadata:
    name: dummy-name
    labels:
      tier: airflow
      component: worker
      release: {{ .Release.Name }}
  spec:
    priorityClassName: high-priority
    containers:
      - name: base
      ...

secret

Secrets for all Airflow containers.

[]

Examples:

secret:
- envName: SecretEnvVar
  secretKey: somekey
  secretName: somesecret

uid

User of airflow user.

50000

webserverSecretKeySecretName

The Secret name containing Flask secret_key for the Webserver.

~

Images

Parameter

Description

Default

images.airflow.pullPolicy

The airflow image pull policy.

IfNotPresent

images.airflow.repository

The airflow image repository.

~

images.airflow.tag

The airflow image tag.

~

images.flower.pullPolicy

The flower image pull policy.

IfNotPresent

images.flower.repository

The flower image repository.

~

images.flower.tag

The flower image tag.

~

images.gitSync.pullPolicy

The gitSync image pull policy.

IfNotPresent

images.gitSync.repository

The gitSync image repository.

k8s.gcr.io/git-sync/git-sync

images.gitSync.tag

The gitSync image tag.

v3.4.0

images.migrationsWaitTimeout

The time (in seconds) to wait for the DB migrations to complete.

60

images.pgbouncer.pullPolicy

The PgBouncer image pull policy.

IfNotPresent

images.pgbouncer.repository

The PgBouncer image repository.

apache/airflow

images.pgbouncer.tag

The PgBouncer image tag.

airflow-pgbouncer-2021.04.28-1.14.0

images.pgbouncerExporter.pullPolicy

The PgBouncer exporter image pull policy.

IfNotPresent

images.pgbouncerExporter.repository

The PgBouncer exporter image repository.

apache/airflow

images.pgbouncerExporter.tag

The PgBouncer exporter image tag.

airflow-pgbouncer-exporter-2021.09.22-0.12.0

images.pod_template.pullPolicy

The pod_template image pull policy.

IfNotPresent

images.pod_template.repository

The pod_template image repository.

~

images.pod_template.tag

The pod_template image tag.

~

images.redis.pullPolicy

The redis image pull policy.

IfNotPresent

images.redis.repository

The redis image repository.

redis

images.redis.tag

The redis image tag.

6-bullseye

images.statsd.pullPolicy

The StatsD image pull policy.

IfNotPresent

images.statsd.repository

The StatsD image repository.

apache/airflow

images.statsd.tag

The StatsD image tag.

airflow-statsd-exporter-2021.04.28-v0.17.0

images.useDefaultImageForMigration

To avoid images with user code for running and waiting for DB migrations set this to true.

False

Ports

Parameter

Description

Default

ports.airflowUI

Airflow UI port.

8080

ports.flowerUI

Flower UI port.

5555

ports.pgbouncer

PgBouncer port.

6543

ports.pgbouncerScrape

PgBouncer scrape port.

9127

ports.redisDB

Redis port.

6379

ports.statsdIngest

StatsD ingest port.

9125

ports.statsdScrape

StatsD scrape port.

9102

ports.workerLogs

Worker logs port.

8793

Database

Parameter

Description

Default

data.metadataConnection.db

The name of the database.

postgres

data.metadataConnection.host

The database host.

~

data.metadataConnection.pass

The user’s password.

postgres

data.metadataConnection.port

The database port.

5432

data.metadataConnection.protocol

The database protocol.

postgresql

data.metadataConnection.sslmode

The database SSL parameter.

disable

data.metadataConnection.user

The database user.

postgres

data.metadataSecretName

Metadata connection string secret.

~

data.resultBackendConnection

Result backend connection configuration.

~

data.resultBackendConnection.db

The name of the database.

~

data.resultBackendConnection.host

The database host.

~

data.resultBackendConnection.pass

The database password.

~

data.resultBackendConnection.port

The database port.

~

data.resultBackendConnection.protocol

The database protocol.

~

data.resultBackendConnection.sslmode

The database SSL parameter.

~

data.resultBackendConnection.user

The database user.

~

data.resultBackendSecretName

Result backend connection string secret.

~

postgresql.enabled

Enable PostgreSQL subchart.

True

postgresql.postgresqlPassword

PostgreSQL password.

postgres

postgresql.postgresqlUsername

PostgreSQL username.

postgres

PgBouncer

Parameter

Description

Default

pgbouncer.affinity

Specify scheduling constraints for PgBouncer pods.

{}

pgbouncer.args

Args to use for PgBouncer (templated).

~

pgbouncer.auth_file

The name of the file to load user names and passwords from

/etc/pgbouncer/users.txt

pgbouncer.auth_type

Method of authenticating users

md5

pgbouncer.ciphers

The allowed ciphers, might be ‘fast’, ‘normal’ or list ciphers separated with ‘:’.

normal

pgbouncer.command

Command to use for PgBouncer (templated).

['pgbouncer', '-u', 'nobody', '/etc/pgbouncer/pgbouncer.ini']

pgbouncer.configSecretName

The PgBouncer config Secret name.

~

pgbouncer.extraIni

Add extra general PgBouncer ini configuration: https://www.pgbouncer.org/config.html

~

pgbouncer.extraIniMetadata

Add extra metadata database specific PgBouncer ini configuration: https://www.pgbouncer.org/config.html#section-databases

~

pgbouncer.extraIniResultBackend

Add extra result backend database specific PgBouncer ini configuration: https://www.pgbouncer.org/config.html#section-databases

~

pgbouncer.extraNetworkPolicies

Additional NetworkPolicies as needed.

[]

pgbouncer.extraVolumeMounts

Mount additional volumes into PgBouncer.

[]

pgbouncer.extraVolumes

Mount additional volumes into PgBouncer.

[]

pgbouncer.logConnections

Log successful logins.

0

pgbouncer.logDisconnections

Log disconnections with reasons.

0

pgbouncer.maxClientConn

Maximum clients that can connect to PgBouncer (higher = more file descriptors).

100

pgbouncer.metadataPoolSize

Metadata pool size.

10

pgbouncer.metricsExporterSidecar.resources

Resources for the PgBouncer metric exporter.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

pgbouncer.metricsExporterSidecar.sslmode

SSL mode for metricsExporterSidecar

disable

pgbouncer.nodeSelector

Select certain nodes for PgBouncer pods.

{}

pgbouncer.podDisruptionBudget.config.maxUnavailable

Max unavailable pods for PgBouncer.

1

pgbouncer.podDisruptionBudget.enabled

Enabled PodDistributionBudget.

False

pgbouncer.priorityClassName

Specify priority for PgBouncer pods.

~

pgbouncer.resources

Resources for the PgBouncer pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

pgbouncer.resultBackendPoolSize

Result backend pool size.

5

pgbouncer.service.extraAnnotations

Extra annotations for the PgBouncer Service.

{}

pgbouncer.serviceAccount.annotations

Annotations to add to the worker Kubernetes ServiceAccount.

{}

pgbouncer.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

pgbouncer.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

pgbouncer.ssl.ca

Certificate Authority for server side

~

pgbouncer.ssl.cert

Server Certificate for server side

~

pgbouncer.ssl.key

Private key used to authenticate with the server

~

pgbouncer.sslmode

SSL mode for PgBouncer.

prefer

pgbouncer.tolerations

Specify Tolerations for PgBouncer pods.

[]

pgbouncer.topologySpreadConstraints

Specify topology spread constraints for PgBouncer pods.

[]

pgbouncer.uid

PgBouncer run as user parameter.

65534

pgbouncer.verbose

Increase PgBouncer verbosity.

0

Scheduler

Parameter

Description

Default

scheduler.affinity

Specify scheduling constraints for scheduler pods.

See values.yaml

scheduler.args

Args to use when running the Airflow scheduler (templated).

['bash', '-c', 'exec airflow scheduler']

scheduler.command

Command to use when running the Airflow scheduler (templated).

~

scheduler.extraContainers

Launch additional containers into scheduler.

[]

scheduler.extraInitContainers

Add additional init containers into scheduler.

[]

scheduler.extraVolumeMounts

Mount additional volumes into scheduler.

[]

scheduler.extraVolumes

Mount additional volumes into scheduler.

[]

scheduler.livenessProbe.failureThreshold

Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1.

5

scheduler.livenessProbe.initialDelaySeconds

Number of seconds after the container has started before liveness probes are initiated.

10

scheduler.livenessProbe.periodSeconds

How often (in seconds) to perform the probe. Minimum value is 1.

60

scheduler.livenessProbe.timeoutSeconds

Number of seconds after which the probe times out. Minimum value is 1 seconds.

20

scheduler.logGroomerSidecar.args

Args to use when running the Airflow scheduler log groomer sidecar (templated).

['bash', '/clean-logs']

scheduler.logGroomerSidecar.command

Command to use when running the Airflow scheduler log groomer sidecar (templated).

~

scheduler.logGroomerSidecar.enabled

Whether to deploy the Airflow scheduler log groomer sidecar.

True

scheduler.logGroomerSidecar.resources

Resources for log groomer sidecar.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

scheduler.logGroomerSidecar.retentionDays

Number of days to retain the logs when running the Airflow scheduler log groomer sidecar.

15

scheduler.nodeSelector

Select certain nodes for scheduler pods.

{}

scheduler.podAnnotations

Annotations to add to the scheduler pods.

{}

scheduler.podDisruptionBudget.config.maxUnavailable

Max unavailable pods for scheduler.

1

scheduler.podDisruptionBudget.enabled

Enable pod disruption budget.

False

scheduler.priorityClassName

Specify priority for scheduler pods.

~

scheduler.replicas

Airflow 2.0 allows users to run multiple schedulers. This feature is only recommended for MySQL 8+ and PostgreSQL

1

scheduler.resources

Resources for scheduler pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

scheduler.safeToEvict

This setting tells Kubernetes that its ok to evict when it wants to scale a node down.

True

scheduler.securityContext

Security context for the scheduler pod. If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

scheduler.serviceAccount.annotations

Annotations to add to the scheduler Kubernetes ServiceAccount.

{}

scheduler.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

scheduler.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

scheduler.strategy

Specifies the strategy used to replace old Pods by new ones when deployed as a Deployment (when not using LocalExecutor and workers.persistence).

~

scheduler.tolerations

Specify Tolerations for scheduler pods.

[]

scheduler.topologySpreadConstraints

Specify topology spread constraints for scheduler pods.

[]

scheduler.updateStrategy

Specifies the strategy used to replace old Pods by new ones when deployed as a StatefulSet (when using LocalExecutor and workers.persistence).

~

scheduler.waitForMigrations.enabled

Enable wait-for-airflow-migrations init container.

True

Webserver

Parameter

Description

Default

webserver.affinity

Specify scheduling constraints for webserver pods.

See values.yaml

webserver.allowPodLogReading

Allow webserver to read k8s pod logs. Useful when you don’t have an external log store.

True

webserver.args

Args to use when running the Airflow webserver (templated).

['bash', '-c', 'exec airflow webserver']

webserver.command

Command to use when running the Airflow webserver (templated).

~

webserver.defaultUser.email

Default user email address.

admin@example.com

webserver.defaultUser.firstName

Default user firstname.

admin

webserver.defaultUser.lastName

Default user lastname.

user

webserver.defaultUser.password

Default user password.

admin

webserver.defaultUser.role

Default user role.

Admin

webserver.defaultUser.username

Default user username.

admin

webserver.extraContainers

Launch additional containers into webserver.

[]

webserver.extraInitContainers

Add additional init containers into webserver.

[]

webserver.extraNetworkPolicies

Additional NetworkPolicies as needed (Deprecated - renamed to webserver.networkPolicy.ingress.from).

[]

webserver.extraVolumeMounts

Mount additional volumes into webserver.

[]

webserver.extraVolumes

Mount additional volumes into webserver.

[]

webserver.livenessProbe.failureThreshold

Webserver Liveness probe failure threshold.

20

webserver.livenessProbe.initialDelaySeconds

Webserver Liveness probe initial delay.

15

webserver.livenessProbe.periodSeconds

Webserver Liveness probe period seconds.

5

webserver.livenessProbe.timeoutSeconds

Webserver Liveness probe timeout seconds.

30

webserver.networkPolicy.ingress.from

Peers for webserver NetworkPolicy ingress.

[]

webserver.networkPolicy.ingress.ports

Ports for webserver NetworkPolicy ingress (if from is set).

[{'port': '{{ .Values.ports.airflowUI }}'}]

Examples:

ports:
- port: 8070

webserver.nodeSelector

Select certain nodes for webserver pods.

{}

webserver.podAnnotations

Annotations to add to the webserver pods.

{}

webserver.podDisruptionBudget.config.maxUnavailable

Max unavailable pods for webserver.

1

webserver.podDisruptionBudget.enabled

Enable pod disruption budget.

False

webserver.priorityClassName

Specify priority for webserver pods.

~

webserver.readinessProbe.failureThreshold

Webserver Readiness probe failure threshold.

20

webserver.readinessProbe.initialDelaySeconds

Webserver Readiness probe initial delay.

15

webserver.readinessProbe.periodSeconds

Webserver Readiness probe period seconds.

5

webserver.readinessProbe.timeoutSeconds

Webserver Readiness probe timeout seconds.

30

webserver.replicas

How many Airflow webserver replicas should run.

1

webserver.resources

Resources for webserver pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

webserver.securityContext

Security context for the webserver job pod. If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

webserver.service.annotations

Annotations for the webserver Service.

{}

webserver.service.loadBalancerIP

Webserver Service loadBalancerIP.

~

webserver.service.loadBalancerSourceRanges

Webserver Service loadBalancerSourceRanges.

[]

Examples:

loadBalancerSourceRanges:
- 10.123.0.0/16

webserver.service.ports

Ports for the webserver Service.

[{'name': 'airflow-ui', 'port': '{{ .Values.ports.airflowUI }}'}]

Examples:

ports:
- name: airflow-ui
  port: 80
  targetPort: airflow-ui
ports:
- name: only_sidecar
  port: 80
  targetPort: 8888

webserver.service.type

Webserver Service type.

ClusterIP

webserver.serviceAccount.annotations

Annotations to add to the webserver Kubernetes ServiceAccount.

{}

webserver.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

webserver.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

webserver.strategy

Specifies the strategy used to replace old Pods by new ones.

~

webserver.tolerations

Specify Tolerations for webserver pods.

[]

webserver.waitForMigrations.enabled

Enable wait-for-airflow-migrations init container.

True

Workers

Parameter

Description

Default

workers.affinity

Specify scheduling constraints for worker pods.

See values.yaml

workers.args

Args to use when running Airflow workers (templated).

['bash', '-c', 'exec \\\nairflow {{ semverCompare ">=2.0.0" .Values.airflowVersion | ternary "celery worker" "worker" }}']

workers.command

Command to use when running Airflow workers (templated).

~

workers.extraContainers

Launch additional containers into workers. Note, if used with KubernetesExecutor, you are responsible for signaling sidecars to exit when the main container finishes so Airflow can continue the worker shutdown process!

[]

workers.extraInitContainers

Add additional init containers into workers.

[]

workers.extraVolumeMounts

Mount additional volumes into workers.

[]

workers.extraVolumes

Mount additional volumes into workers.

[]

workers.hostAliases

Specify HostAliases for workers.

[]

Examples:

hostAliases:
- hostnames:
  - test.hostname.one
  ip: 127.0.0.2
hostAliases:
- hostnames:
  - test.hostname.two
  ip: 127.0.0.3

workers.keda.cooldownPeriod

How many seconds KEDA will wait before scaling to zero.

30

workers.keda.enabled

Allow KEDA autoscaling. Persistence.enabled must be set to false to use KEDA.

False

workers.keda.maxReplicaCount

Maximum number of workers created by KEDA.

10

workers.keda.minReplicaCount

Minimum number of workers created by KEDA.

0

workers.keda.namespaceLabels

Labels used in matchLabels for namespace in the PgBouncer NetworkPolicy.

{}

workers.keda.pollingInterval

How often KEDA polls the airflow DB to report new scale requests to the HPA.

5

workers.kerberosSidecar.enabled

Enable Kerberos sidecar for the worker.

False

workers.kerberosSidecar.resources

Resources on workers kerberos sidecar

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

workers.logGroomerSidecar.args

Args to use when running the Airflow workers log groomer sidecar (templated).

['bash', '/clean-logs']

workers.logGroomerSidecar.command

Command to use when running the Airflow workers log groomer sidecar (templated).

~

workers.logGroomerSidecar.resources

Resources for Airflow workers log groomer sidecar.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

workers.logGroomerSidecar.retentionDays

Number of days to retain the logs when running the Airflow workers log groomer sidecar.

15

workers.nodeSelector

Select certain nodes for worker pods.

{}

workers.persistence.annotations

Annotations to add to worker volumes.

{}

workers.persistence.enabled

Enable persistent volumes.

True

workers.persistence.fixPermissions

Execute init container to chown log directory. This is currently only needed in kind, due to usage of local-path provisioner.

False

workers.persistence.size

Volume size for worker StatefulSet.

100Gi

workers.persistence.storageClassName

If using a custom StorageClass, pass name ref to all StatefulSets here.

~

workers.podAnnotations

Annotations to add to the worker pods.

{}

workers.priorityClassName

Specify priority for worker pods.

~

workers.replicas

Number of Airflow Celery workers in StatefulSet.

1

workers.resources

Resources on workers

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

workers.safeToEvict

This setting tells Kubernetes that it’s ok to evict when it wants to scale a node down.

True

workers.securityContext

Security context for the worker pod. If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

workers.serviceAccount.annotations

Annotations to add to the worker Kubernetes ServiceAccount.

{}

workers.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

workers.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

workers.strategy

Specifies the strategy used to replace old Pods by new ones when deployed as a Deployment.

{'rollingUpdate': {'maxSurge': '100%', 'maxUnavailable': '50%'}}

workers.terminationGracePeriodSeconds

Grace period for tasks to finish after SIGTERM is sent from Kubernetes.

600

workers.tolerations

Specify Tolerations for worker pods.

[]

workers.topologySpreadConstraints

Specify topology spread constraints for worker pods.

[]

workers.updateStrategy

Specifies the strategy used to replace old Pods by new ones when deployed as a StatefulSet.

~

Triggerer

Parameter

Description

Default

triggerer.affinity

Specify scheduling constraints for triggerer pods.

See values.yaml

triggerer.args

Args to use when running the Airflow triggerer (templated).

['bash', '-c', 'exec airflow triggerer']

triggerer.command

Command to use when running the Airflow triggerer (templated).

~

triggerer.enabled

Enable triggerer (requires Python 3.7+).

True

triggerer.extraContainers

Launch additional containers into triggerer.

[]

triggerer.extraInitContainers

Add additional init containers into triggerer.

[]

triggerer.extraVolumeMounts

Mount additional volumes into triggerer.

[]

triggerer.extraVolumes

Mount additional volumes into triggerer.

[]

triggerer.livenessProbe.failureThreshold

Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1.

5

triggerer.livenessProbe.initialDelaySeconds

Number of seconds after the container has started before liveness probes are initiated.

10

triggerer.livenessProbe.periodSeconds

How often (in seconds) to perform the probe. Minimum value is 1.

60

triggerer.livenessProbe.timeoutSeconds

Number of seconds after which the probe times out. Minimum value is 1 seconds.

20

triggerer.nodeSelector

Select certain nodes for triggerer pods.

{}

triggerer.podAnnotations

Annotations to add to the triggerer pods.

{}

triggerer.priorityClassName

Specify priority for triggerer pods.

~

triggerer.replicas

Number of triggerers to run.

1

triggerer.resources

Resources for triggerer pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

triggerer.safeToEvict

This setting tells Kubernetes that its ok to evict when it wants to scale a node down.

True

triggerer.securityContext

Security context for the triggerer pod. If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

triggerer.serviceAccount.annotations

Annotations to add to the triggerer Kubernetes ServiceAccount.

{}

triggerer.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

triggerer.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

triggerer.strategy

Specifies the strategy used to replace old Pods by new ones when deployed as a Deployment.

{'rollingUpdate': {'maxSurge': '100%', 'maxUnavailable': '50%'}}

triggerer.terminationGracePeriodSeconds

Grace period for tasks to finish after SIGTERM is sent from Kubernetes.

60

triggerer.tolerations

Specify Tolerations for triggerer pods.

[]

triggerer.topologySpreadConstraints

Specify topology spread constraints for triggerer pods.

[]

triggerer.waitForMigrations.enabled

Enable wait-for-airflow-migrations init container.

True

Flower

Parameter

Description

Default

flower.affinity

Specify scheduling constraints for Flower pods.

{}

flower.args

Args to use when running flower (templated).

['bash', '-c', 'exec \\\nairflow {{ semverCompare ">=2.0.0" .Values.airflowVersion | ternary "celery flower" "flower" }}']

flower.command

Command to use when running flower (templated).

~

flower.enabled

Enable Flower.

False

flower.extraContainers

Launch additional containers into the flower pods.

[]

flower.extraNetworkPolicies

Additional NetworkPolicies as needed (Deprecated - renamed to flower.networkPolicy.ingress.from).

[]

flower.extraVolumeMounts

Mount additional volumes into the flower pods.

[]

flower.extraVolumes

Mount additional volumes into the flower pods.

[]

flower.networkPolicy.ingress.from

Peers for flower NetworkPolicy ingress.

[]

flower.networkPolicy.ingress.ports

Ports for flower NetworkPolicy ingress (if from is set).

[{'port': '{{ .Values.ports.flowerUI }}'}]

Examples:

ports:
- port: 5565

flower.nodeSelector

Select certain nodes for Flower pods.

{}

flower.password

Password use to access Flower.

~

flower.podAnnotations

Annotations to add to the Flower pods.

{}

flower.priorityClassName

Specify priority for Flower pods.

~

flower.resources

Resources for Flower pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

flower.secretName

A secret containing the user and password pair.

~

flower.securityContext

Security context for the flower pod. If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

flower.service.annotations

Annotations for the flower Service.

{}

flower.service.loadBalancerIP

Flower Service loadBalancerIP.

~

flower.service.loadBalancerSourceRanges

Flower Service loadBalancerSourceRanges.

[]

Examples:

loadBalancerSourceRanges:
- 10.123.0.0/16

flower.service.ports

Ports for the flower Service.

[{'name': 'flower-ui', 'port': '{{ .Values.ports.flowerUI }}'}]

Examples:

ports:
- name: flower-ui
  port: 8080
  targetPort: flower-ui

flower.service.type

Flower Service type.

ClusterIP

flower.serviceAccount.annotations

Annotations to add to the worker Kubernetes ServiceAccount.

{}

flower.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

flower.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

flower.tolerations

Specify Tolerations for Flower pods.

[]

flower.topologySpreadConstraints

Specify topology spread constraints for Flower pods.

[]

flower.username

Username use to access Flower.

~

Redis

Parameter

Description

Default

data.brokerUrl

Direct url to the redis broker (when using an external redis instance) (can only be set during install, not upgrade).

~

data.brokerUrlSecretName

Redis broker URL secret.

~

redis.affinity

Specify scheduling constraints for Redis pods.

{}

redis.enabled

Enable the Redis provisioned by the chart (you can also use an external Redis instance with data.brokerUrl or data.brokerUrlSecretName).

True

redis.nodeSelector

Select certain nodes for Redis pods.

{}

redis.password

If password is set, create secret with it, else generate a new one on install (can only be set during install, not upgrade).

~

redis.passwordSecretName

Redis password secret.

~

redis.persistence.annotations

Annotations to add to redis volumes.

{}

redis.persistence.enabled

Enable persistent volumes.

True

redis.persistence.size

Volume size for Redis StatefulSet.

1Gi

redis.persistence.storageClassName

If using a custom StorageClass, pass name ref to all StatefulSets here.

~

redis.resources

Resources for the Redis pods

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

redis.safeToEvict

This setting tells Kubernetes that its ok to evict when it wants to scale a node down.

True

redis.securityContext

Security context for the cleanup job pod. If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 999

redis.serviceAccount.annotations

Annotations to add to the worker Kubernetes ServiceAccount.

{}

redis.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

redis.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

redis.terminationGracePeriodSeconds

Grace period for Redis to exit after SIGTERM is sent from Kubernetes.

600

redis.tolerations

Specify Tolerations for Redis pods.

[]

redis.topologySpreadConstraints

Specify topology spread constraints for Redis pods.

[]

redis.uid

Redis run as user parameter.

0

StatsD

Parameter

Description

Default

statsd.affinity

Specify scheduling constraints for StatsD pods.

{}

statsd.enabled

Enable StatsD.

True

statsd.extraMappings

Additional mappings for StatsD exporter.

[]

statsd.extraNetworkPolicies

Additional NetworkPolicies as needed.

[]

statsd.nodeSelector

Select certain nodes for StatsD pods.

{}

statsd.priorityClassName

Specify priority for StatsD pods.

~

statsd.resources

Resources for StatsD pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

statsd.securityContext

Security context for the StatsD pod. If not set, statsd.uid will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

statsd.service.extraAnnotations

Extra annotations for the StatsD Service.

{}

statsd.serviceAccount.annotations

Annotations to add to the StatsD Kubernetes ServiceAccount.

{}

statsd.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

statsd.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

statsd.tolerations

Specify Tolerations for StatsD pods.

[]

statsd.topologySpreadConstraints

Specify topology spread constraints for StatsD pods.

[]

statsd.uid

StatsD run as user parameter.

65534

Jobs

Parameter

Description

Default

cleanup.affinity

Specify scheduling constraints for cleanup pods.

{}

cleanup.args

Args to use when running the cleanup cronjob (templated).

['bash', '-c', 'exec airflow kubernetes cleanup-pods --namespace={{ .Release.Namespace }}']

cleanup.command

Command to use when running the cleanup cronjob (templated).

~

cleanup.enabled

Enable cleanup.

False

cleanup.nodeSelector

Select certain nodes for cleanup pods.

{}

cleanup.podAnnotations

Annotations to add to cleanup pods.

{}

cleanup.resources

Resources for or cleanup pods

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

cleanup.schedule

Cleanup schedule.

*/15 * * * *

cleanup.securityContext

Security context for the cleanup job pod. If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

cleanup.serviceAccount.annotations

Annotations to add to the cleanup CronJob Kubernetes ServiceAccount.

{}

cleanup.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

cleanup.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

cleanup.tolerations

Specify Tolerations for cleanup pods.

[]

cleanup.topologySpreadConstraints

Specify topology spread constraints for cleanup pods.

[]

createUserJob.affinity

Specify scheduling constraints for the create user job pod.

{}

createUserJob.annotations

Annotations to add to the create user job pod.

{}

createUserJob.args

Args to use when running create user job (templated).

['bash', '-c', 'exec \\\nairflow {{ semverCompare ">=2.0.0" .Values.airflowVersion | ternary "users create" "create_user" }} "$@"', '--', '-r', '{{ .Values.webserver.defaultUser.role }}', '-u', '{{ .Values.webserver.defaultUser.username }}', '-e', '{{ .Values.webserver.defaultUser.email }}', '-f', '{{ .Values.webserver.defaultUser.firstName }}', '-l', '{{ .Values.webserver.defaultUser.lastName }}', '-p', '{{ .Values.webserver.defaultUser.password }}']

createUserJob.command

Command to use when running create user job (templated).

~

createUserJob.extraContainers

Launch additional containers for the create user job pod

[]

createUserJob.extraVolumeMounts

Mount additional volumes into create user job

[]

createUserJob.extraVolumes

Mount additional volumes into create user job

[]

createUserJob.jobAnnotations

Annotations to add to the create user job job.

{}

createUserJob.nodeSelector

Select certain nodes for the create user job pod.

{}

createUserJob.resources

Resources for the create user job pod

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

createUserJob.securityContext

Security context for the create user job pod. If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

createUserJob.serviceAccount.annotations

Annotations to add to the create user job Kubernetes ServiceAccount.

{}

createUserJob.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

createUserJob.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

createUserJob.tolerations

Specify Tolerations for the create user job pod.

[]

createUserJob.topologySpreadConstraints

Specify topology spread constraints for the create user job pod.

[]

createUserJob.useHelmHooks

Specify if you want to use the default Helm Hook annotations

True

migrateDatabaseJob.affinity

Specify scheduling constraints for the migrate database job pod.

{}

migrateDatabaseJob.annotations

Annotations to add to the migrate database job pod.

{}

migrateDatabaseJob.args

Args to use when running migrate database job (templated).

['bash', '-c', 'exec \\\nairflow {{ semverCompare ">=2.0.0" .Values.airflowVersion | ternary "db upgrade" "upgradedb" }}']

migrateDatabaseJob.command

Command to use when running migrate database job (templated).

~

migrateDatabaseJob.enabled

Enable migrate database job.

True

migrateDatabaseJob.extraContainers

Launch additional containers for the migrate database job pod

[]

migrateDatabaseJob.extraVolumeMounts

Mount additional volumes into migrate database job

[]

migrateDatabaseJob.extraVolumes

Mount additional volumes into migrate database job

[]

migrateDatabaseJob.jobAnnotations

Annotations to add to the migrate database job.

{}

migrateDatabaseJob.nodeSelector

Select certain nodes for the migrate database job pod.

{}

migrateDatabaseJob.resources

Resources for the migrate database job pod

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

migrateDatabaseJob.securityContext

Security context for the migrate database job pod. If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

migrateDatabaseJob.serviceAccount.annotations

Annotations to add to the migrate database job Kubernetes ServiceAccount.

{}

migrateDatabaseJob.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

migrateDatabaseJob.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

migrateDatabaseJob.tolerations

Specify Tolerations for the migrate database job pod.

[]

migrateDatabaseJob.topologySpreadConstraints

Specify topology spread constraints for migrate database job pod.

[]

migrateDatabaseJob.useHelmHooks

Specify if you want to use the default Helm Hook annotations

True

Kubernetes

Parameter

Description

Default

affinity

Specify scheduling constraints for all pods.

{}

airflowConfigAnnotations

Extra annotations to apply to the main Airflow configmap.

{}

airflowPodAnnotations

Extra annotations to apply to all Airflow pods.

{}

extraConfigMaps

Extra ConfigMaps that will be managed by the chart.

{}

Examples:

extraConfigMaps:
  '{{ .Release.Name }}-airflow-variables':
    data: |-
      AIRFLOW_VAR_HELLO_MESSAGE: 'Hi!'
      AIRFLOW_VAR_KUBERNETES_NAMESPACE: '{{ .Release.Namespace }}'

extraSecrets

Extra secrets that will be managed by the chart.

{}

Examples:

extraSecrets:
  '{{ .Release.Name }}-airflow-connections':
    data: |-
      AIRFLOW_CONN_GCP: 'base64_encoded_gcp_conn_string'
      AIRFLOW_CONN_AWS: 'base64_encoded_aws_conn_string'
    stringData: 'AIRFLOW_CONN_OTHER: ''other_conn'''

labels

Add common labels to all objects and pods defined in this chart.

{}

limits

Define default/max/min values for pods and containers in namespace.

[]

networkPolicies.enabled

Enabled network policies.

False

nodeSelector

Select certain nodes for all pods.

{}

quotas

Define any ResourceQuotas for namespace.

{}

rbac.create

Specifies whether RBAC resources should be created.

True

rbac.createSCCRoleBinding

Specifies whether SCC RoleBinding resource should be created (refer to Production Guide).

False

registry.connection

Registry connection configuration.

{}

Examples:

connection:
  email: '...'
  host: '...'
  pass: '...'
  user: '...'

registry.connection.email

Email

""

registry.connection.host

Host

""

registry.connection.pass

Password

""

registry.connection.user

Username

""

registry.secretName

Registry connection string secret.

~

securityContext

Pod security context definition. The values in this parameter will be used when securityContext is not defined for specific Pods

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

tolerations

Specify Tolerations for all pods.

[]

topologySpreadConstraints

Specify topology spread constraints for all pods.

[]

webserver.topologySpreadConstraints

Specify topology spread constraints for webserver pods.

[]

Ingress

Parameter

Description

Default

ingress.enabled

Enable all ingress resources (deprecated - use ingress.web.enabled and ingress.flower.enabled).

~

ingress.flower.annotations

Annotations for the flower Ingress.

{}

ingress.flower.enabled

Enable flower ingress resource.

False

ingress.flower.host

The hostname for the flower Ingress. (Deprecated - renamed to ingress.flower.hosts)

""

ingress.flower.hosts

The hostnames or hosts configuration for the flower Ingress.

[]

ingress.flower.ingressClassName

The Ingress Class for the flower Ingress.

""

ingress.flower.path

The path for the flower Ingress.

/

ingress.flower.pathType

The pathType for the flower Ingress (required for Kubernetes 1.19 and above).

ImplementationSpecific

ingress.flower.tls.enabled

Enable TLS termination for the flower Ingress.

False

ingress.flower.tls.secretName

The name of a pre-created Secret containing a TLS private key and certificate.

""

ingress.web.annotations

Annotations for the web Ingress.

{}

ingress.web.enabled

Enable web ingress resource.

False

ingress.web.host

The hostname for the web Ingress. (Deprecated - renamed to ingress.web.hosts)

""

ingress.web.hosts

The hostnames or hosts configuration for the web Ingress.

[]

ingress.web.ingressClassName

The Ingress Class for the web Ingress.

""

ingress.web.path

The path for the web Ingress.

/

ingress.web.pathType

The pathType for the web Ingress (required for Kubernetes 1.19 and above).

ImplementationSpecific

ingress.web.precedingPaths

HTTP paths to add to the web Ingress before the default path.

[]

ingress.web.succeedingPaths

HTTP paths to add to the web Ingress after the default path.

[]

ingress.web.tls.enabled

Enable TLS termination for the web Ingress.

False

ingress.web.tls.secretName

The name of a pre-created Secret containing a TLS private key and certificate.

""

Kerberos

Parameter

Description

Default

kerberos.ccacheFileName

Name for kerberos credentials cache file.

cache

kerberos.ccacheMountPath

Path to mount shared volume for kerberos credentials cache.

/var/kerberos-ccache

kerberos.config

Contents of krb5.conf.

See values.yaml

kerberos.configPath

Path to mount krb5.conf kerberos configuration file.

/etc/krb5.conf

kerberos.enabled

Enable kerberos.

False

kerberos.keytabBase64Content

Kerberos keytab base64 encoded content.

~

kerberos.keytabPath

Path to mount the keytab for refreshing credentials in the kerberos sidecar.

/etc/airflow.keytab

kerberos.principal

Principal to use when refreshing kerberos credentials.

airflow@FOO.COM

kerberos.reinitFrequency

How often (in seconds) airflow kerberos will reinitialize the credentials cache.

3600

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

helm install my-release apache-airflow/airflow \
  --set executor=CeleryExecutor \
  --set enablePodLaunching=false .

Was this entry helpful?