Helm Chart for Apache Airflow¶
This chart will bootstrap an Airflow deployment on a Kubernetes cluster using the Helm package manager.
Requirements¶
Kubernetes 1.26+ cluster
Helm 3.0+
PV provisioner support in the underlying infrastructure (optionally)
Features¶
Supported executors:
LocalExecutor
,CeleryExecutor
,KubernetesExecutor
,LocalKubernetesExecutor
,CeleryKubernetesExecutor
Supported Airflow version:
1.10+
,2.0+
Supported database backend:
PostgreSQL
,MySQL
Autoscaling for
CeleryExecutor
provided by KEDAPostgreSQL
andPgBouncer
with a battle-tested configurationMonitoring:
StatsD/Prometheus metrics for Airflow
Prometheus metrics for PgBouncer
Flower
Automatic database migration after a new deployment
Administrator account creation during deployment
Kerberos secure configuration
One-command deployment for any type of executor. You don’t need to provide other services e.g. Redis/Database to test the Airflow.
Installing the Chart¶
To install this chart using Helm 3, run the following commands:
helm repo add apache-airflow https://airflow.apache.org
helm upgrade --install airflow apache-airflow/airflow --namespace airflow --create-namespace
The command deploys Airflow on the Kubernetes cluster in the default configuration. The Parameters reference section lists the parameters that can be configured during installation.
Tip
List all releases using helm list
.
Upgrading the Chart¶
To upgrade the chart with the release name airflow
:
helm upgrade airflow apache-airflow/airflow --namespace airflow
Note
To upgrade to a new version of the chart, run helm repo update
first.
Uninstalling the Chart¶
To uninstall/delete the airflow
deployment:
helm delete airflow --namespace airflow
The command removes all the Kubernetes components associated with the chart and deletes the release.
Note
Some kubernetes resources created by the chart helm hooks might be left in the namespace after executing helm uninstall
, for example, brokerUrlSecret
or fernetKeySecret
.
Installing the Chart with Argo CD, Flux, Rancher or Terraform¶
When installing the chart using Argo CD, Flux, Rancher or Terraform, you MUST set the four following values, or your application will not start as the migrations will not be run:
createUserJob:
useHelmHooks: false
applyCustomEnv: false
migrateDatabaseJob:
useHelmHooks: false
applyCustomEnv: false
This is so these CI/CD services can perform updates without issues and preserve the immutability of Kubernetes Job manifests.
This also applies if you install the chart using --wait
in your helm install
command.
Note
While deploying this Helm chart with Argo, you might encounter issues with database migrations not running automatically on upgrade.
To run database migrations with Argo CD automatically, you will need to add:
migrateDatabaseJob:
jobAnnotations:
"argocd.argoproj.io/hook": Sync
This will run database migrations every time there is a Sync
event in Argo CD. While it is not ideal to run the migrations on every sync, it is a trade-off that allows them to be run automatically.
If you use the Celery(Kubernetes)Executor with the built-in Redis, it is recommended that you set up a static Redis password either by supplying redis.passwordSecretName
and data.brokerUrlSecretName
or redis.password
.
By default, Helm hooks are also enabled for extraSecrets
or extraConfigMaps
. When using the above CI/CD tools, you might encounter issues due to these default hooks.
To avoid potential problems, it is recommended to disable these hooks by setting useHelmHooks=false
as shown in the following examples:
extraSecrets:
'{{ .Release.Name }}-example':
useHelmHooks: false
data: |
AIRFLOW_VAR_HELLO_MESSAGE: "Hi!"
extraConfigMaps:
'{{ .Release.Name }}-example':
useHelmHooks: false
data: |
AIRFLOW_VAR_HELLO_MESSAGE: "Hi!"
Naming Conventions¶
For new installations it is highly recommended to start using standard naming conventions.
It is not enabled by default as this may cause unexpected behaviours on existing installations. However you can enable it using useStandardNaming
:
useStandardNaming: true
For existing installations, all your resources will be recreated with a new name and helm will delete previous resources.
This won’t delete existing PVCs for logs used by StatefulSets/Deployments, but it will recreate them with brand new PVCs. If you do want to preserve logs history you’ll need to manually copy the data of these volumes into the new volumes after deployment. Depending on what storage backend/class you’re using this procedure may vary. If you don’t mind starting with fresh logs/redis volumes, you can just delete the old persistent volume claims, for example:
kubectl delete pvc -n airflow logs-gta-triggerer-0
kubectl delete pvc -n airflow logs-gta-worker-0
kubectl delete pvc -n airflow redis-db-gta-redis-0
Note
If you do not change useStandardNaming
or fullnameOverride
after upgrade, you can proceed as usual and no unexpected behaviours will be presented.