Parameters reference

The following tables lists the configurable parameters of the Airflow chart and their default values.

Common

Parameter

Description

Default

airflowLocalSettings

airflow_local_settings file as a string (can be templated).

See values.yaml

airflowVersion

Airflow version (Used to make some decisions based on Airflow Version being deployed).

2.10.4

apiServer.defaultUser.enabled

Enable default user creation.

True

config

Settings to go into the mounted airflow.cfg

See values.yaml

defaultAirflowDigest

Default airflow digest to deploy. Overrides tag.

~

defaultAirflowRepository

Default airflow repository. Overrides all the specific images below.

apache/airflow

defaultAirflowTag

Default airflow tag to deploy.

2.10.4

executor

Airflow executor.

CeleryExecutor

fernetKey

The Fernet key used to encrypt passwords (can only be set during install, not upgrade).

~

pgbouncer.enabled

Enable PgBouncer.

False

schedulerName

Specify kube scheduler name for Pods.

~

webserver.defaultUser.enabled

Enable default user creation.

True

webserver.webserverConfig

This string (can be templated) will be mounted into the Airflow webserver as a custom webserver_config.py. You can bake a webserver_config.py in to your image instead or specify a configmap containing the webserver_config.py.

~

Examples:

webserverConfig: |-
  from airflow import configuration as conf

  # The SQLAlchemy connection string.
  SQLALCHEMY_DATABASE_URI = conf.get('database', 'SQL_ALCHEMY_CONN')

  # Flask-WTF flag for CSRF
  CSRF_ENABLED = True

webserver.webserverConfigConfigMapName

The configmap name containing the webserver_config.py.

~

Examples:

webserverConfigConfigMapName: my-webserver-configmap

webserverSecretKey

The Flask secret key for Airflow Webserver to encrypt browser session.

~

Airflow

Parameter

Description

Default

airflowHome

Airflow home directory. Used for mount paths.

/opt/airflow

allowPodLaunching

Whether various Airflow components launch pods.

True

dags.gitSync.branch

Git branch

v2-2-stable

dags.gitSync.containerName

Git sync container name.

git-sync

dags.gitSync.credentialsSecret

Name of a Secret containing the repo GIT_SYNC_USERNAME and GIT_SYNC_PASSWORD.

~

dags.gitSync.depth

Repository depth.

1

dags.gitSync.emptyDirConfig

Configuration for dags empty dir volume.

~

dags.gitSync.enabled

Enable Git sync.

False

dags.gitSync.env

Environment variables for git sync container.

[]

Examples:

env:
- name: GIT_SYNC_TIMEOUT
  value: '60'

dags.gitSync.envFrom

Extra envFrom ‘items’ that will be added to the definition of Airflow gitSync containers; a string or array are expected (can be templated).

~

Examples:

envFrom: |-
  - secretRef:
      name: 'proxy-config
envFrom: |-
  - configMapRef:
      name: 'proxy-config

dags.gitSync.extraVolumeMounts

Mount additional volumes into git sync container.

[]

dags.gitSync.knownHosts

When using a ssh private key, the contents of your known_hosts file.

~

Examples:

knownHosts: |-
  <host1>,<ip1> <key1>
  <host2>,<ip2> <key2>
knownHosts: <host1>,<ip1> <key1>

dags.gitSync.maxFailures

The number of consecutive failures allowed before aborting.

0

dags.gitSync.period

Interval between git sync attempts in Go-style duration string. High values are more likely to cause DAGs to become out of sync between different components. Low values cause more traffic to the remote git repository.

5s

dags.gitSync.ref

Git revision branch, tag, or hash.

v2-2-stable

dags.gitSync.repo

Git repository.

https://github.com/apache/airflow.git

dags.gitSync.resources

Resources on workers git-sync sidecar

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

dags.gitSync.rev

Git revision.

HEAD

dags.gitSync.securityContext

Security context for the gitSync container (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  runAsGroup: 0
  runAsUser: 50000

dags.gitSync.sshKey

SSH private key

~

dags.gitSync.sshKeySecret

Name of a Secret containing the repo sshKeySecret.

~

dags.gitSync.subPath

Subpath within the repo where dags are located.

tests/dags

dags.gitSync.uid

Git sync container run as user parameter.

65533

dags.gitSync.wait

Interval between git sync attempts in seconds. High values are more likely to cause DAGs to become out of sync between different components. Low values cause more traffic to the remote git repository.

~

dags.mountPath

Where dags volume will be mounted. Works for both persistence and gitSync. If not specified, dags mount path will be set to $AIRFLOW_HOME/dags

~

dags.persistence.accessMode

Access mode of the persistent volume.

ReadWriteOnce

dags.persistence.annotations

Annotations for the dag PVC

{}

dags.persistence.enabled

Enable persistent volume for storing dags.

False

dags.persistence.existingClaim

The name of an existing PVC to use.

~

dags.persistence.size

Volume size for dags.

1Gi

dags.persistence.storageClassName

If using a custom StorageClass, pass name here.

~

dags.persistence.subPath

Subpath within the PVC where dags are located.

~

elasticsearch.connection

Elasticsearch connection configuration.

{}

Examples:

connection:
  host: '...'
  pass: '...'
  port: '...'
  scheme: https
  user: '...'

elasticsearch.connection.host

Host

""

elasticsearch.connection.pass

Password

""

elasticsearch.connection.port

Port

80

elasticsearch.connection.scheme

Scheme

http

elasticsearch.connection.user

Username

""

elasticsearch.enabled

Enable Elasticsearch task logging.

False

elasticsearch.secretName

A secret containing the connection string.

~

enableBuiltInSecretEnvVars.AIRFLOW_CONN_AIRFLOW_DB

Enable AIRFLOW_CONN_AIRFLOW_DB variable to be read from the Metadata Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__CELERY__BROKER_URL

Enable AIRFLOW__CELERY__BROKER_URL variable to be read from the Celery Broker URL Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__CELERY__CELERY_RESULT_BACKEND

Enable AIRFLOW__CELERY__CELERY_RESULT_BACKEND variable to be read from the Celery Result Backend Secret - Airflow 1.10.* variant

True

enableBuiltInSecretEnvVars.AIRFLOW__CELERY__RESULT_BACKEND

Enable AIRFLOW__CELERY__RESULT_BACKEND variable to be read from the Celery Result Backend Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__CORE__FERNET_KEY

Enable AIRFLOW__CORE__FERNET_KEY variable to be read from the Fernet key Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__CORE__SQL_ALCHEMY_CONN

Enable AIRFLOW__CORE__SQL_ALCHEMY_CONN variable to be read from the Metadata Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__DATABASE__SQL_ALCHEMY_CONN

Enable AIRFLOW__DATABASE__SQL_ALCHEMY_CONN variable to be read from the Metadata Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__ELASTICSEARCH__ELASTICSEARCH_HOST

Enable AIRFLOW__ELASTICSEARCH__ELASTICSEARCH_HOST variable to be read from the Elasticsearch Host Secret - Airflow <1.10.4 variant

True

enableBuiltInSecretEnvVars.AIRFLOW__ELASTICSEARCH__HOST

Enable AIRFLOW__ELASTICSEARCH__HOST variable to be read from the Elasticsearch Host Secret

True

enableBuiltInSecretEnvVars.AIRFLOW__WEBSERVER__SECRET_KEY

Enable AIRFLOW__WEBSERVER__SECRET_KEY variable to be read from the Webserver Secret Key Secret

True

env

Environment variables for all Airflow containers.

[]

Examples:

env:
- name: MYENVVAR
  value: something_fun

extraEnv

Extra env ‘items’ that will be added to the definition of Airflow containers; a string is expected (can be templated).

~

Examples:

extraEnv: |-
  - name: AIRFLOW__CORE__LOAD_EXAMPLES
     value: True

extraEnvFrom

Extra envFrom ‘items’ that will be added to the definition of Airflow containers; a string is expected (can be templated).

~

Examples:

extraEnvFrom: |-
  - secretRef:
      name: '{{ .Release.Name }}-airflow-connections'
extraEnvFrom: |-
  - configMapRef:
      name: '{{ .Release.Name }}-airflow-variables'

fernetKeySecretName

The Fernet key secret name.

~

gid

Group of airflow user.

0

logs.emptyDirConfig

Configuration for logs empty dir volume.

~

logs.persistence.annotations

Annotations to add to logs PVC

{}

logs.persistence.enabled

Enable persistent volume for storing logs.

False

logs.persistence.existingClaim

The name of an existing PVC to use.

~

logs.persistence.size

Volume size for logs.

100Gi

logs.persistence.storageClassName

If using a custom StorageClass, pass name here.

~

multiNamespaceMode

Whether Airflow can launch workers and/or pods in multiple namespaces. If true, it creates ClusterRole/ClusterRolebinding (with access to entire cluster)

False

podTemplate

The contents of pod_template_file.yaml used for KubernetesExecutor workers (templated). The default (see files/pod-template-file.kubernetes-helm-yaml) already takes into account normal workers configuration parameters (e.g. workers.resources), so you normally won’t need to override this directly.

~

Examples:

podTemplate: |-
  apiVersion: v1
  kind: Pod
  metadata:
    name: placeholder-name
    labels:
      tier: airflow
      component: worker
      release: {{ .Release.Name }}
  spec:
    priorityClassName: high-priority
    containers:
      - name: base
      ...

secret

Secrets for all Airflow containers.

[]

Examples:

secret:
- envName: SecretEnvVar
  secretKey: somekey
  secretName: somesecret

uid

User of airflow user.

50000

volumeMounts

VolumeMounts for all Airflow containers.

[]

volumes

Volumes for all Airflow containers.

[]

webserverSecretKeySecretName

The Secret name containing Flask secret_key for the Webserver.

~

Images

Parameter

Description

Default

images.airflow.digest

The airflow image digest. If set, it will override the tag.

~

images.airflow.pullPolicy

The airflow image pull policy.

IfNotPresent

images.airflow.repository

The airflow image repository.

~

images.airflow.tag

The airflow image tag.

~

images.flower.pullPolicy

The flower image pull policy.

IfNotPresent

images.flower.repository

The flower image repository.

~

images.flower.tag

The flower image tag.

~

images.gitSync.pullPolicy

The gitSync image pull policy.

IfNotPresent

images.gitSync.repository

The gitSync image repository.

registry.k8s.io/git-sync/git-sync

images.gitSync.tag

The gitSync image tag.

v4.3.0

images.migrationsWaitTimeout

The time (in seconds) to wait for the DB migrations to complete.

60

images.pgbouncer.pullPolicy

The PgBouncer image pull policy.

IfNotPresent

images.pgbouncer.repository

The PgBouncer image repository.

apache/airflow

images.pgbouncer.tag

The PgBouncer image tag.

airflow-pgbouncer-2024.09.19-1.22.1

images.pgbouncerExporter.pullPolicy

The PgBouncer exporter image pull policy.

IfNotPresent

images.pgbouncerExporter.repository

The PgBouncer exporter image repository.

apache/airflow

images.pgbouncerExporter.tag

The PgBouncer exporter image tag.

airflow-pgbouncer-exporter-2024.06.18-0.17.0

images.pod_template.pullPolicy

The pod_template image pull policy.

IfNotPresent

images.pod_template.repository

The pod_template image repository. If config.kubernetes.worker_container_repository is set, k8s executor will use config value instead.

~

images.pod_template.tag

The pod_template image tag. If config.kubernetes.worker_container_tag is set, k8s executor will use config value instead.

~

images.redis.pullPolicy

The redis image pull policy.

IfNotPresent

images.redis.repository

The redis image repository.

redis

images.redis.tag

The redis image tag.

7.2-bookworm

images.statsd.pullPolicy

The StatsD image pull policy.

IfNotPresent

images.statsd.repository

The StatsD image repository.

quay.io/prometheus/statsd-exporter

images.statsd.tag

The StatsD image tag.

v0.28.0

images.useDefaultImageForMigration

To avoid images with user code for running and waiting for DB migrations set this to true.

False

Ports

Parameter

Description

Default

ports.airflowUI

Airflow UI port.

8080

ports.apiServer

API server port.

9091

ports.flowerUI

Flower UI port.

5555

ports.pgbouncer

PgBouncer port.

6543

ports.pgbouncerScrape

PgBouncer scrape port.

9127

ports.redisDB

Redis port.

6379

ports.statsdIngest

StatsD ingest port.

9125

ports.statsdScrape

StatsD scrape port.

9102

ports.triggererLogs

Triggerer logs port.

8794

ports.workerLogs

Worker logs port.

8793

Database

Parameter

Description

Default

data.metadataConnection.db

The name of the database.

postgres

data.metadataConnection.host

The database host.

~

data.metadataConnection.pass

The user’s password.

postgres

data.metadataConnection.port

The database port.

5432

data.metadataConnection.protocol

The database protocol.

postgresql

data.metadataConnection.sslmode

The database SSL parameter.

disable

data.metadataConnection.user

The database user.

postgres

data.metadataSecretName

Metadata connection string secret.

~

data.resultBackendConnection

Result backend connection configuration.

~

data.resultBackendConnection.db

The name of the database.

~

data.resultBackendConnection.host

The database host.

~

data.resultBackendConnection.pass

The database password.

~

data.resultBackendConnection.port

The database port.

~

data.resultBackendConnection.protocol

The database protocol.

~

data.resultBackendConnection.sslmode

The database SSL parameter.

~

data.resultBackendConnection.user

The database user.

~

data.resultBackendSecretName

Result backend connection string secret.

~

postgresql.auth.enablePostgresUser

Assign a password to the ‘postgres’ admin user. Otherwise, remote access will be blocked for this user

True

postgresql.auth.password

Password for the custom user to create.

""

postgresql.auth.postgresPassword

Password for the ‘postgres’ admin user.

postgres

postgresql.auth.username

Name for a custom user to create

""

postgresql.enabled

Enable PostgreSQL subchart.

True

PgBouncer

Parameter

Description

Default

pgbouncer.affinity

Specify scheduling constraints for PgBouncer pods.

{}

pgbouncer.annotations

Annotations to add to the PgBouncer deployment

{}

pgbouncer.args

Args to use for PgBouncer (templated).

~

pgbouncer.auth_file

The name of the file to load user names and passwords from

/etc/pgbouncer/users.txt

pgbouncer.auth_type

Method of authenticating users

scram-sha-256

pgbouncer.ciphers

The allowed ciphers, might be ‘fast’, ‘normal’ or list ciphers separated with ‘:’.

normal

pgbouncer.command

Command to use for PgBouncer (templated).

['pgbouncer', '-u', 'nobody', '/etc/pgbouncer/pgbouncer.ini']

pgbouncer.configSecretName

The PgBouncer config Secret name.

~

pgbouncer.env

Add additional env vars to pgbouncer container.

[]

pgbouncer.extraContainers

Launch additional containers into pgbouncer.

[]

pgbouncer.extraIni

Add extra general PgBouncer ini configuration: https://www.pgbouncer.org/config.html

~

pgbouncer.extraIniMetadata

Add extra metadata database specific PgBouncer ini configuration: https://www.pgbouncer.org/config.html#section-databases

~

pgbouncer.extraIniResultBackend

Add extra result backend database specific PgBouncer ini configuration: https://www.pgbouncer.org/config.html#section-databases

~

pgbouncer.extraNetworkPolicies

Additional NetworkPolicies as needed.

[]

pgbouncer.extraVolumeMounts

Mount additional volumes into PgBouncer.

[]

pgbouncer.extraVolumes

Mount additional volumes into PgBouncer.

[]

pgbouncer.logConnections

Log successful logins.

0

pgbouncer.logDisconnections

Log disconnections with reasons.

0

pgbouncer.maxClientConn

Maximum clients that can connect to PgBouncer (higher = more file descriptors).

100

pgbouncer.metadataPoolSize

Metadata pool size.

10

pgbouncer.metricsExporterSidecar.livenessProbe.initialDelaySeconds

Metrics Exporter liveness probe initial delay

10

pgbouncer.metricsExporterSidecar.livenessProbe.periodSeconds

Metrics Exporter liveness probe frequency

10

pgbouncer.metricsExporterSidecar.livenessProbe.timeoutSeconds

Metrics Exporter liveness probe command timeout

1

pgbouncer.metricsExporterSidecar.readinessProbe.initialDelaySeconds

Metrics Exporter readiness probe initial delay

10

pgbouncer.metricsExporterSidecar.readinessProbe.periodSeconds

Metrics Exporter readiness probe frequency

10

pgbouncer.metricsExporterSidecar.readinessProbe.timeoutSeconds

Metrics Exporter readiness probe command timeout

1

pgbouncer.metricsExporterSidecar.resources

Resources for the PgBouncer metric exporter.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

pgbouncer.metricsExporterSidecar.sslmode

SSL mode for metricsExporterSidecar

disable

pgbouncer.metricsExporterSidecar.statsSecretKey

Key referencing the PGBouncer Metrics connection URI within an existing Secrets object. Defaults to connection if left null.

~

pgbouncer.metricsExporterSidecar.statsSecretName

Name of an existing Secrets object containing PgBouncer Metrics secrets.

~

pgbouncer.nodeSelector

Select certain nodes for PgBouncer pods.

{}

pgbouncer.podAnnotations

Add annotations for the PgBouncer Pod.

{}

pgbouncer.podDisruptionBudget.config.maxUnavailable

Max unavailable pods for PgBouncer.

1

pgbouncer.podDisruptionBudget.config.minAvailable

Min available pods for PgBouncer.

1

pgbouncer.podDisruptionBudget.enabled

Enabled PodDistributionBudget.

False

pgbouncer.priorityClassName

Specify priority for PgBouncer pods.

~

pgbouncer.replicas

Number of PgBouncer replicas to run in Deployment.

1

pgbouncer.resources

Resources for the PgBouncer pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

pgbouncer.resultBackendPoolSize

Result backend pool size.

5

pgbouncer.service.clusterIp

Specific ClusterIP for the PgBouncer Service.

~

pgbouncer.service.extraAnnotations

Extra annotations for the PgBouncer Service.

{}

pgbouncer.serviceAccount.annotations

Annotations to add to the worker Kubernetes ServiceAccount.

{}

pgbouncer.serviceAccount.automountServiceAccountToken

Specifies if ServiceAccount’s API credentials should be mounted onto Pods

True

pgbouncer.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

pgbouncer.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

pgbouncer.ssl.ca

Certificate Authority for server side

~

pgbouncer.ssl.cert

Server Certificate for server side

~

pgbouncer.ssl.key

Private key used to authenticate with the server

~

pgbouncer.sslmode

SSL mode for PgBouncer.

prefer

pgbouncer.tolerations

Specify Tolerations for PgBouncer pods.

[]

pgbouncer.topologySpreadConstraints

Specify topology spread constraints for PgBouncer pods.

[]

pgbouncer.uid

PgBouncer run as user parameter.

65534

pgbouncer.verbose

Increase PgBouncer verbosity.

0

API Server

Parameter

Description

Default

apiServer.affinity

Specify scheduling constraints for API server pods.

See values.yaml

apiServer.allowPodLogReading

Allow API server to read k8s pod logs. Useful when you don’t have an external log store.

True

apiServer.annotations

Annotations to add to the API server deployment

{}

apiServer.args

Args to use when running the Airflow API server (templated).

['bash', '-c', 'exec airflow fastapi-api']

apiServer.command

Command to use when running the Airflow API server (templated).

~

apiServer.configMapAnnotations

Extra annotations to apply to the API server configmap.

{}

apiServer.defaultUser.email

Default user email address.

admin@example.com

apiServer.defaultUser.firstName

Default user firstname.

admin

apiServer.defaultUser.lastName

Default user lastname.

user

apiServer.defaultUser.password

Default user password.

admin

apiServer.defaultUser.role

Default user role.

Admin

apiServer.defaultUser.username

Default user username.

admin

apiServer.env

Add additional env vars to API server.

[]

apiServer.extraContainers

Launch additional containers into API server.

[]

apiServer.extraInitContainers

Add additional init containers into API server.

[]

apiServer.extraVolumeMounts

Mount additional volumes into API server.

[]

apiServer.extraVolumes

Mount additional volumes into API server.

[]

apiServer.hostAliases

HostAliases for the API server pod.

[]

Examples:

hostAliases:
- hostnames:
  - foo.local
  ip: 127.0.0.1
hostAliases:
- hostnames:
  - foo.remote
  ip: 10.1.2.3

apiServer.labels

Labels to add to the API server objects and pods.

{}

apiServer.livenessProbe.failureThreshold

API server Liveness probe failure threshold.

5

apiServer.livenessProbe.initialDelaySeconds

API server Liveness probe initial delay.

15

apiServer.livenessProbe.periodSeconds

API server Liveness probe period seconds.

10

apiServer.livenessProbe.scheme

API server Liveness probe scheme.

HTTP

apiServer.livenessProbe.timeoutSeconds

API server Liveness probe timeout seconds.

5

apiServer.networkPolicy.ingress.from

Peers for API server NetworkPolicyingress.

[]

apiServer.networkPolicy.ingress.ports

Ports for API server NetworkPolicyingress (if from is set).

[{'port': '{{ .Values.ports.apiServer }}'}]

Examples:

ports:
- port: 9091

apiServer.nodeSelector

Select certain nodes for API server pods.

{}

apiServer.podAnnotations

Annotations to add to the API server pods.

{}

apiServer.podDisruptionBudget.config.maxUnavailable

Max unavailable pods for API server.

1

apiServer.podDisruptionBudget.config.minAvailable

Min available pods for API server.

1

apiServer.podDisruptionBudget.enabled

Enable pod disruption budget.

False

apiServer.priorityClassName

Specify priority for API server pods.

~

apiServer.readinessProbe.failureThreshold

API server Readiness probe failure threshold.

5

apiServer.readinessProbe.initialDelaySeconds

API server Readiness probe initial delay.

15

apiServer.readinessProbe.periodSeconds

API server Readiness probe period seconds.

10

apiServer.readinessProbe.scheme

API server Readiness probe scheme.

HTTP

apiServer.readinessProbe.timeoutSeconds

API server Readiness probe timeout seconds.

5

apiServer.replicas

How many Airflow API server replicas should run.

1

apiServer.resources

Resources for API server pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

apiServer.service.annotations

Annotations for the API server Service.

{}

apiServer.service.loadBalancerIP

API server Service loadBalancerIP.

~

apiServer.service.loadBalancerSourceRanges

API server Service loadBalancerSourceRanges.

[]

Examples:

loadBalancerSourceRanges:
- 10.123.0.0/16

apiServer.service.ports

Ports for the API server Service.

[{'name': 'api-server', 'port': '{{ .Values.ports.apiServer }}'}]

Examples:

ports:
- name: api-server
  port: 9091
  targetPort: api-server
ports:
- name: only_sidecar
  port: 9080
  targetPort: 8888

apiServer.service.type

API server Service type.

ClusterIP

apiServer.serviceAccount.annotations

Annotations to add to the API server Kubernetes ServiceAccount.

{}

apiServer.serviceAccount.automountServiceAccountToken

Specifies if ServiceAccount’s API credentials should be mounted onto Pods

True

apiServer.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

apiServer.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

apiServer.startupProbe.failureThreshold

API server Startup probe failure threshold.

6

apiServer.startupProbe.periodSeconds

API server Startup probe period seconds.

10

apiServer.startupProbe.scheme

API server Startup probe scheme.

HTTP

apiServer.startupProbe.timeoutSeconds

API server Startup probe timeout seconds.

20

apiServer.strategy

Specifies the strategy used to replace old Pods by new ones.

~

apiServer.tolerations

Specify Tolerations for API server pods.

[]

apiServer.waitForMigrations.enabled

Enable wait-for-airflow-migrations init container.

True

apiServer.waitForMigrations.env

Add additional env vars to wait-for-airflow-migrations init container.

[]

Scheduler

Parameter

Description

Default

scheduler.affinity

Specify scheduling constraints for scheduler pods.

See values.yaml

scheduler.annotations

Annotations to add to the scheduler deployment

{}

scheduler.args

Args to use when running the Airflow scheduler (templated).

['bash', '-c', 'exec airflow scheduler']

scheduler.command

Command to use when running the Airflow scheduler (templated).

~

scheduler.enabled

Enable scheduler

True

scheduler.env

Add additional env vars to scheduler.

[]

scheduler.extraContainers

Launch additional containers into scheduler (templated).

[]

scheduler.extraInitContainers

Add additional init containers into scheduler (templated).

[]

scheduler.extraVolumeMounts

Mount additional volumes into scheduler.

[]

scheduler.extraVolumes

Mount additional volumes into scheduler.

[]

scheduler.hostAliases

HostAliases for the scheduler pod.

[]

Examples:

hostAliases:
- hostnames:
  - foo.local
  ip: 127.0.0.1
hostAliases:
- hostnames:
  - foo.remote
  ip: 10.1.2.3

scheduler.labels

Labels to add to the scheduler objects and pods.

{}

scheduler.livenessProbe.failureThreshold

Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1.

5

scheduler.livenessProbe.initialDelaySeconds

Number of seconds after the container has started before liveness probes are initiated.

10

scheduler.livenessProbe.periodSeconds

How often (in seconds) to perform the probe. Minimum value is 1.

60

scheduler.livenessProbe.timeoutSeconds

Number of seconds after which the probe times out. Minimum value is 1 seconds.

20

scheduler.nodeSelector

Select certain nodes for scheduler pods.

{}

scheduler.podAnnotations

Annotations to add to the scheduler pods.

{}

scheduler.podDisruptionBudget.config.maxUnavailable

Max unavailable pods for scheduler.

1

scheduler.podDisruptionBudget.config.minAvailable

Min available pods for scheduler.

1

scheduler.podDisruptionBudget.enabled

Enable pod disruption budget.

False

scheduler.priorityClassName

Specify priority for scheduler pods.

~

scheduler.replicas

Airflow 2.0 allows users to run multiple schedulers. This feature is only recommended for MySQL 8+ and PostgreSQL

1

scheduler.resources

Resources for scheduler pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

scheduler.safeToEvict

This setting tells Kubernetes that its ok to evict when it wants to scale a node down.

True

scheduler.securityContext

Security context for the scheduler pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

scheduler.serviceAccount.annotations

Annotations to add to the scheduler Kubernetes ServiceAccount.

{}

scheduler.serviceAccount.automountServiceAccountToken

Specifies if ServiceAccount’s API credentials should be mounted onto Pods

True

scheduler.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

scheduler.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

scheduler.startupProbe.failureThreshold

Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1.

6

scheduler.startupProbe.periodSeconds

How often (in seconds) to perform the probe. Minimum value is 1.

10

scheduler.startupProbe.timeoutSeconds

Number of seconds after which the probe times out. Minimum value is 1 seconds.

20

scheduler.strategy

Specifies the strategy used to replace old Pods by new ones when deployed as a Deployment (when not using LocalExecutor and workers.persistence).

~

scheduler.terminationGracePeriodSeconds

Grace period for scheduler to finish after SIGTERM is sent from Kubernetes.

10

scheduler.tolerations

Specify Tolerations for scheduler pods.

[]

scheduler.topologySpreadConstraints

Specify topology spread constraints for scheduler pods.

[]

scheduler.updateStrategy

Specifies the strategy used to replace old Pods by new ones when deployed as a StatefulSet (when using LocalExecutor and workers.persistence).

~

scheduler.waitForMigrations.enabled

Enable wait-for-airflow-migrations init container.

True

scheduler.waitForMigrations.env

Add additional env vars to wait-for-airflow-migrations init container.

[]

Webserver

Parameter

Description

Default

webserver.affinity

Specify scheduling constraints for webserver pods.

See values.yaml

webserver.allowPodLogReading

Allow webserver to read k8s pod logs. Useful when you don’t have an external log store.

True

webserver.annotations

Annotations to add to the webserver deployment

{}

webserver.args

Args to use when running the Airflow webserver (templated).

['bash', '-c', 'exec airflow webserver']

webserver.command

Command to use when running the Airflow webserver (templated).

~

webserver.configMapAnnotations

Extra annotations to apply to the webserver configmap.

{}

webserver.defaultUser.email

Default user email address.

admin@example.com

webserver.defaultUser.firstName

Default user firstname.

admin

webserver.defaultUser.lastName

Default user lastname.

user

webserver.defaultUser.password

Default user password.

admin

webserver.defaultUser.role

Default user role.

Admin

webserver.defaultUser.username

Default user username.

admin

webserver.enabled

Enable webserver

True

webserver.env

Add additional env vars to webserver.

[]

webserver.extraContainers

Launch additional containers into webserver (templated).

[]

webserver.extraInitContainers

Add additional init containers into webserver (templated).

[]

webserver.extraNetworkPolicies

Additional NetworkPolicies as needed (Deprecated - renamed to webserver.networkPolicy.ingress.from).

[]

webserver.extraVolumeMounts

Mount additional volumes into webserver.

[]

webserver.extraVolumes

Mount additional volumes into webserver.

[]

webserver.hostAliases

HostAliases for the webserver pod.

[]

Examples:

hostAliases:
- hostnames:
  - foo.local
  ip: 127.0.0.1
hostAliases:
- hostnames:
  - foo.remote
  ip: 10.1.2.3

webserver.hpa.behavior

HorizontalPodAutoscalerBehavior configures the scaling behavior of the target.

{}

webserver.hpa.enabled

Allow HPA autoscaling

False

webserver.hpa.maxReplicaCount

Maximum number of webservers created by HPA.

5

webserver.hpa.metrics

Specifications for which to use to calculate the desired replica count.

[{'type': 'Resource', 'resource': {'name': 'cpu', 'target': {'type': 'Utilization', 'averageUtilization': 80}}}]

webserver.hpa.minReplicaCount

Minimum number of webservers created by HPA.

1

webserver.labels

Labels to add to the webserver objects and pods.

{}

webserver.livenessProbe.failureThreshold

Webserver Liveness probe failure threshold.

5

webserver.livenessProbe.initialDelaySeconds

Webserver Liveness probe initial delay.

15

webserver.livenessProbe.periodSeconds

Webserver Liveness probe period seconds.

10

webserver.livenessProbe.scheme

Webserver Liveness probe scheme.

HTTP

webserver.livenessProbe.timeoutSeconds

Webserver Liveness probe timeout seconds.

5

webserver.networkPolicy.ingress.from

Peers for webserver NetworkPolicyingress.

[]

webserver.networkPolicy.ingress.ports

Ports for webserver NetworkPolicyingress (if from is set).

[{'port': '{{ .Values.ports.airflowUI }}'}]

Examples:

ports:
- port: 8070

webserver.nodeSelector

Select certain nodes for webserver pods.

{}

webserver.podAnnotations

Annotations to add to the webserver pods.

{}

webserver.podDisruptionBudget.config.maxUnavailable

Max unavailable pods for webserver.

1

webserver.podDisruptionBudget.config.minAvailable

Min available pods for webserver.

1

webserver.podDisruptionBudget.enabled

Enable pod disruption budget.

False

webserver.priorityClassName

Specify priority for webserver pods.

~

webserver.readinessProbe.failureThreshold

Webserver Readiness probe failure threshold.

5

webserver.readinessProbe.initialDelaySeconds

Webserver Readiness probe initial delay.

15

webserver.readinessProbe.periodSeconds

Webserver Readiness probe period seconds.

10

webserver.readinessProbe.scheme

Webserver Readiness probe scheme.

HTTP

webserver.readinessProbe.timeoutSeconds

Webserver Readiness probe timeout seconds.

5

webserver.replicas

How many Airflow webserver replicas should run.

1

webserver.resources

Resources for webserver pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

webserver.securityContext

Security context for the webserver job pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

webserver.service.annotations

Annotations for the webserver Service.

{}

webserver.service.loadBalancerIP

Webserver Service loadBalancerIP.

~

webserver.service.loadBalancerSourceRanges

Webserver Service loadBalancerSourceRanges.

[]

Examples:

loadBalancerSourceRanges:
- 10.123.0.0/16

webserver.service.ports

Ports for the webserver Service.

[{'name': 'airflow-ui', 'port': '{{ .Values.ports.airflowUI }}'}]

Examples:

ports:
- name: airflow-ui
  port: 80
  targetPort: airflow-ui
ports:
- name: only_sidecar
  port: 80
  targetPort: 8888

webserver.service.type

Webserver Service type.

ClusterIP

webserver.serviceAccount.annotations

Annotations to add to the webserver Kubernetes ServiceAccount.

{}

webserver.serviceAccount.automountServiceAccountToken

Specifies if ServiceAccount’s API credentials should be mounted onto Pods

True

webserver.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

webserver.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

webserver.startupProbe.failureThreshold

Webserver Startup probe failure threshold.

6

webserver.startupProbe.periodSeconds

Webserver Startup probe period seconds.

10

webserver.startupProbe.scheme

Webserver Startup probe scheme.

HTTP

webserver.startupProbe.timeoutSeconds

Webserver Startup probe timeout seconds.

20

webserver.strategy

Specifies the strategy used to replace old Pods by new ones.

~

webserver.terminationGracePeriodSeconds

Grace period for webserver to finish after SIGTERM is sent from Kubernetes.

30

webserver.tolerations

Specify Tolerations for webserver pods.

[]

webserver.waitForMigrations.enabled

Enable wait-for-airflow-migrations init container.

True

webserver.waitForMigrations.env

Add additional env vars to wait-for-airflow-migrations init container.

[]

Workers

Parameter

Description

Default

workers.affinity

Specify scheduling constraints for worker pods.

See values.yaml

workers.annotations

Annotations to add to the worker deployment

{}

workers.args

Args to use when running Airflow workers (templated).

['bash', '-c', 'exec \\\nairflow {{ semverCompare ">=2.0.0" .Values.airflowVersion | ternary "celery worker" "worker" }}']

workers.command

Command to use when running Airflow workers (templated).

~

workers.env

Add additional env vars to worker.

[]

workers.extraContainers

Launch additional containers into workers (templated). Note, if used with KubernetesExecutor, you are responsible for signaling sidecars to exit when the main container finishes so Airflow can continue the worker shutdown process!

[]

workers.extraInitContainers

Add additional init containers into workers (templated).

[]

workers.extraVolumeMounts

Mount additional volumes into workers.

[]

workers.extraVolumes

Mount additional volumes into workers.

[]

workers.hostAliases

Specify HostAliases for workers.

[]

Examples:

hostAliases:
- hostnames:
  - test.hostname.one
  ip: 127.0.0.2
hostAliases:
- hostnames:
  - test.hostname.two
  ip: 127.0.0.3

workers.hpa.behavior

HorizontalPodAutoscalerBehavior configures the scaling behavior of the target.

{}

workers.hpa.enabled

Allow HPA autoscaling (KEDA must be disabled).

False

workers.hpa.maxReplicaCount

Maximum number of workers created by HPA.

5

workers.hpa.metrics

Specifications for which to use to calculate the desired replica count.

[{'type': 'Resource', 'resource': {'name': 'cpu', 'target': {'type': 'Utilization', 'averageUtilization': 80}}}]

workers.hpa.minReplicaCount

Minimum number of workers created by HPA.

0

workers.keda.advanced

Advanced KEDA configuration.

{}

workers.keda.advanced.horizontalPodAutoscalerConfig

HorizontalPodAutoscalerConfig specifies horizontal scale config.

{}

workers.keda.advanced.horizontalPodAutoscalerConfig.behavior

HorizontalPodAutoscalerBehavior configures the scaling behavior of the target.

{}

workers.keda.cooldownPeriod

How many seconds KEDA will wait before scaling to zero.

30

workers.keda.enabled

Allow KEDA autoscaling.

False

workers.keda.maxReplicaCount

Maximum number of workers created by KEDA.

10

workers.keda.minReplicaCount

Minimum number of workers created by KEDA.

0

workers.keda.namespaceLabels

Labels used in matchLabels for namespace in the PgBouncer NetworkPolicy.

{}

workers.keda.pollingInterval

How often KEDA polls the airflow DB to report new scale requests to the HPA.

5

workers.keda.query

Query to use for KEDA autoscaling. Must return a single integer.

SELECT ceil(COUNT(*)::decimal / {{ .Values.config.celery.worker_concurrency }}) FROM task_instance WHERE (state='running' OR state='queued') {{- if or (contains "CeleryKubernetesExecutor" .Values.executor) (contains "KubernetesExecutor" .Values.executor) }} AND queue != '{{ .Values.config.celery_kubernetes_executor.kubernetes_queue }}' {{- end }}

workers.keda.usePgbouncer

Weather to use PGBouncer to connect to the database or not when it is enabled. This configuration will be ignored if PGBouncer is not enabled.

True

workers.kerberosInitContainer.enabled

Enable Kerberos init container for the worker.

False

workers.kerberosInitContainer.resources

Resources on workers kerberos init container

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

workers.kerberosSidecar.enabled

Enable Kerberos sidecar for the worker.

False

workers.kerberosSidecar.resources

Resources on workers kerberos sidecar

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

workers.labels

Labels to add to the worker objects and pods.

{}

workers.livenessProbe.enabled

Enable liveness probe for celery workers.

True

workers.livenessProbe.failureThreshold

Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1.

5

workers.livenessProbe.initialDelaySeconds

Number of seconds after the container has started before liveness probes are initiated.

10

workers.livenessProbe.periodSeconds

How often (in seconds) to perform the probe. Minimum value is 1.

60

workers.livenessProbe.timeoutSeconds

Number of seconds after which the probe times out. Minimum value is 1 seconds.

20

workers.nodeSelector

Select certain nodes for worker pods.

{}

workers.persistence.annotations

Annotations to add to worker volumes.

{}

workers.persistence.enabled

Enable persistent volumes.

True

workers.persistence.fixPermissions

Execute init container to chown log directory. This is currently only needed in kind, due to usage of local-path provisioner.

False

workers.persistence.size

Volume size for worker StatefulSet.

100Gi

workers.persistence.storageClassName

If using a custom StorageClass, pass name ref to all StatefulSets here.

~

workers.podAnnotations

Annotations to add to the worker pods.

{}

workers.podManagementPolicy

Specifies the policy for managing pods within the worker. Only applicable to StatefulSet.

~

workers.priorityClassName

Specify priority for worker pods.

~

workers.replicas

Number of Airflow Celery workers in StatefulSet.

1

workers.resources

Resources on workers

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

workers.runtimeClassName

Specify runtime for worker pods.

~

workers.safeToEvict

This setting tells Kubernetes that it’s ok to evict when it wants to scale a node down.

False

workers.securityContext

Security context for the worker pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

workers.serviceAccount.annotations

Annotations to add to the worker Kubernetes ServiceAccount.

{}

workers.serviceAccount.automountServiceAccountToken

Specifies if ServiceAccount’s API credentials should be mounted onto Pods

True

workers.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

workers.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

workers.strategy

Specifies the strategy used to replace old Pods by new ones when deployed as a Deployment.

{'rollingUpdate': {'maxSurge': '100%', 'maxUnavailable': '50%'}}

workers.terminationGracePeriodSeconds

Grace period for tasks to finish after SIGTERM is sent from Kubernetes.

600

workers.tolerations

Specify Tolerations for worker pods.

[]

workers.topologySpreadConstraints

Specify topology spread constraints for worker pods.

[]

workers.updateStrategy

Specifies the strategy used to replace old Pods by new ones when deployed as a StatefulSet.

~

workers.volumeClaimTemplates

Specify additional volume claim template for workers.

[]

Examples:

volumeClaimTemplates:
- accessModes:
  - ReadWriteOnce
  name: data-volume-1
  resources:
    requests:
      storage: 10Gi
  storageClassName: storage-class-1
volumeClaimTemplates:
- accessModes:
  - ReadWriteOnce
  name: data-volume-2
  resources:
    requests:
      storage: 20Gi
  storageClassName: storage-class-2

workers.waitForMigrations.enabled

Enable wait-for-airflow-migrations init container.

True

workers.waitForMigrations.env

Add additional env vars to wait-for-airflow-migrations init container.

[]

Triggerer

Parameter

Description

Default

triggerer.affinity

Specify scheduling constraints for triggerer pods.

See values.yaml

triggerer.annotations

Annotations to add to the triggerer deployment

{}

triggerer.args

Args to use when running the Airflow triggerer (templated).

['bash', '-c', 'exec airflow triggerer']

triggerer.command

Command to use when running the Airflow triggerer (templated).

~

triggerer.enabled

Enable triggerer

True

triggerer.env

Add additional env vars to triggerer.

[]

triggerer.extraContainers

Launch additional containers into triggerer (templated).

[]

triggerer.extraInitContainers

Add additional init containers into triggerer (templated).

[]

triggerer.extraVolumeMounts

Mount additional volumes into triggerer.

[]

triggerer.extraVolumes

Mount additional volumes into triggerer.

[]

triggerer.hostAliases

HostAliases for the triggerer pod.

[]

Examples:

hostAliases:
- hostnames:
  - foo.local
  ip: 127.0.0.1
hostAliases:
- hostnames:
  - foo.remote
  ip: 10.1.2.3

triggerer.keda.advanced

Advanced KEDA configuration.

{}

triggerer.keda.advanced.horizontalPodAutoscalerConfig

HorizontalPodAutoscalerConfig specifies horizontal scale config.

{}

triggerer.keda.advanced.horizontalPodAutoscalerConfig.behavior

HorizontalPodAutoscalerBehavior configures the scaling behavior of the target.

{}

triggerer.keda.cooldownPeriod

How many seconds KEDA will wait before scaling to zero.

30

triggerer.keda.enabled

Allow KEDA autoscaling.

False

triggerer.keda.maxReplicaCount

Maximum number of triggerers created by KEDA.

10

triggerer.keda.minReplicaCount

Minimum number of triggerers created by KEDA.

0

triggerer.keda.namespaceLabels

Labels used in matchLabels for namespace in the PgBouncer NetworkPolicy.

{}

triggerer.keda.pollingInterval

How often KEDA polls the airflow DB to report new scale requests to the HPA.

5

triggerer.keda.query

Query to use for KEDA autoscaling. Must return a single integer.

SELECT ceil(COUNT(*)::decimal / {{ .Values.config.triggerer.default_capacity }}) FROM trigger

triggerer.keda.usePgbouncer

Whether to use PGBouncer to connect to the database or not when it is enabled. This configuration will be ignored if PGBouncer is not enabled.

False

triggerer.labels

Labels to add to the triggerer objects and pods.

{}

triggerer.livenessProbe.failureThreshold

Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1.

5

triggerer.livenessProbe.initialDelaySeconds

Number of seconds after the container has started before liveness probes are initiated.

10

triggerer.livenessProbe.periodSeconds

How often (in seconds) to perform the probe. Minimum value is 1.

60

triggerer.livenessProbe.timeoutSeconds

Number of seconds after which the probe times out. Minimum value is 1 seconds.

20

triggerer.nodeSelector

Select certain nodes for triggerer pods.

{}

triggerer.persistence.annotations

Annotations to add to triggerer volumes.

{}

triggerer.persistence.enabled

Enable persistent volumes.

True

triggerer.persistence.fixPermissions

Execute init container to chown log directory. This is currently only needed in kind, due to usage of local-path provisioner.

False

triggerer.persistence.size

Volume size for triggerer StatefulSet.

100Gi

triggerer.persistence.storageClassName

If using a custom StorageClass, pass name ref to all StatefulSets here.

~

triggerer.podAnnotations

Annotations to add to the triggerer pods.

{}

triggerer.priorityClassName

Specify priority for triggerer pods.

~

triggerer.replicas

Number of triggerers to run.

1

triggerer.resources

Resources for triggerer pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

triggerer.safeToEvict

This setting tells Kubernetes that its ok to evict when it wants to scale a node down.

True

triggerer.securityContext

Security context for the triggerer pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

triggerer.serviceAccount.annotations

Annotations to add to the triggerer Kubernetes ServiceAccount.

{}

triggerer.serviceAccount.automountServiceAccountToken

Specifies if ServiceAccount’s API credentials should be mounted onto Pods

True

triggerer.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

triggerer.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

triggerer.strategy

Specifies the strategy used to replace old Pods by new ones when deployed as a Deployment.

{'rollingUpdate': {'maxSurge': '100%', 'maxUnavailable': '50%'}}

triggerer.terminationGracePeriodSeconds

Grace period for tasks to finish after SIGTERM is sent from Kubernetes.

60

triggerer.tolerations

Specify Tolerations for triggerer pods.

[]

triggerer.topologySpreadConstraints

Specify topology spread constraints for triggerer pods.

[]

triggerer.updateStrategy

Specifies the strategy used to replace old Pods by new ones when deployed as a StatefulSet.

~

triggerer.waitForMigrations.enabled

Enable wait-for-airflow-migrations init container.

True

triggerer.waitForMigrations.env

Add additional env vars to wait-for-airflow-migrations init container.

[]

DagProcessor

Parameter

Description

Default

dagProcessor.affinity

Specify scheduling constraints for dag processor pods.

See values.yaml

dagProcessor.annotations

Annotations to add to the dag processor deployment

{}

dagProcessor.args

Args to use when running the Airflow dag processor (templated).

['bash', '-c', 'exec airflow dag-processor']

dagProcessor.command

Command to use when running the Airflow dag processor (templated).

~

dagProcessor.enabled

Enable standalone dag processor (requires Airflow 2.3.0+).

False

dagProcessor.env

Add additional env vars to dag processor.

[]

dagProcessor.extraContainers

Launch additional containers into dag processor (templated).

[]

dagProcessor.extraInitContainers

Add additional init containers into dag processor (templated).

[]

dagProcessor.extraVolumeMounts

Mount additional volumes into dag processor.

[]

dagProcessor.extraVolumes

Mount additional volumes into dag processor.

[]

dagProcessor.livenessProbe.failureThreshold

Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1.

5

dagProcessor.livenessProbe.initialDelaySeconds

Number of seconds after the container has started before liveness probes are initiated.

10

dagProcessor.livenessProbe.periodSeconds

How often (in seconds) to perform the probe. Minimum value is 1.

60

dagProcessor.livenessProbe.timeoutSeconds

Number of seconds after which the probe times out. Minimum value is 1 seconds.

20

dagProcessor.nodeSelector

Select certain nodes for dag processor pods.

{}

dagProcessor.podAnnotations

Annotations to add to the dag processor pods.

{}

dagProcessor.priorityClassName

Specify priority for dag processor pods.

~

dagProcessor.replicas

Number of dag processors to run.

1

dagProcessor.resources

Resources for dag processor pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

dagProcessor.safeToEvict

This setting tells Kubernetes that its ok to evict when it wants to scale a node down.

True

dagProcessor.securityContext

Security context for the dag processor pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

dagProcessor.serviceAccount.annotations

Annotations to add to the dag processor Kubernetes ServiceAccount.

{}

dagProcessor.serviceAccount.automountServiceAccountToken

Specifies if ServiceAccount’s API credentials should be mounted onto Pods

True

dagProcessor.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

dagProcessor.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

dagProcessor.strategy

Specifies the strategy used to replace old Pods by new ones when deployed as a Deployment.

{'rollingUpdate': {'maxSurge': '100%', 'maxUnavailable': '50%'}}

dagProcessor.terminationGracePeriodSeconds

Grace period for tasks to finish after SIGTERM is sent from Kubernetes.

60

dagProcessor.tolerations

Specify Tolerations for dag processor pods.

[]

dagProcessor.topologySpreadConstraints

Specify topology spread constraints for dag processor pods.

[]

dagProcessor.waitForMigrations.enabled

Enable wait-for-airflow-migrations init container.

True

dagProcessor.waitForMigrations.env

Add additional env vars to wait-for-airflow-migrations init container.

[]

Flower

Parameter

Description

Default

flower.affinity

Specify scheduling constraints for Flower pods.

{}

flower.annotations

Annotations to add to the flower deployment

{}

flower.args

Args to use when running flower (templated).

['bash', '-c', 'exec \\\nairflow {{ semverCompare ">=2.0.0" .Values.airflowVersion | ternary "celery flower" "flower" }}']

flower.command

Command to use when running flower (templated).

~

flower.enabled

Enable Flower.

False

flower.env

Add additional env vars to flower.

[]

flower.extraContainers

Launch additional containers into the flower pods.

[]

flower.extraNetworkPolicies

Additional NetworkPolicies as needed (Deprecated - renamed to flower.networkPolicy.ingress.from).

[]

flower.extraVolumeMounts

Mount additional volumes into the flower pods.

[]

flower.extraVolumes

Mount additional volumes into the flower pods.

[]

flower.labels

Labels to add to the flower objects and pods.

{}

flower.livenessProbe.failureThreshold

Flower Liveness probe failure threshold.

10

flower.livenessProbe.initialDelaySeconds

Flower Liveness probe initial delay.

10

flower.livenessProbe.periodSeconds

Flower Liveness probe period seconds.

5

flower.livenessProbe.timeoutSeconds

Flower Liveness probe timeout seconds.

5

flower.networkPolicy.ingress.from

Peers for flower NetworkPolicyingress.

[]

flower.networkPolicy.ingress.ports

Ports for flower NetworkPolicyingress (if from is set).

[{'port': '{{ .Values.ports.flowerUI }}'}]

Examples:

ports:
- port: 5565

flower.nodeSelector

Select certain nodes for Flower pods.

{}

flower.password

Password use to access Flower.

~

flower.podAnnotations

Annotations to add to the Flower pods.

{}

flower.priorityClassName

Specify priority for Flower pods.

~

flower.readinessProbe.failureThreshold

Flower Readiness probe failure threshold.

10

flower.readinessProbe.initialDelaySeconds

Flower Readiness probe initial delay.

10

flower.readinessProbe.periodSeconds

Flower Readiness probe period seconds.

5

flower.readinessProbe.timeoutSeconds

Flower Readiness probe timeout seconds.

5

flower.resources

Resources for Flower pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

flower.secretName

A secret containing the user and password pair.

~

flower.securityContext

Security context for the flower pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

flower.service.annotations

Annotations for the flower Service.

{}

flower.service.loadBalancerIP

Flower Service loadBalancerIP.

~

flower.service.loadBalancerSourceRanges

Flower Service loadBalancerSourceRanges.

[]

Examples:

loadBalancerSourceRanges:
- 10.123.0.0/16

flower.service.ports

Ports for the flower Service.

[{'name': 'flower-ui', 'port': '{{ .Values.ports.flowerUI }}'}]

Examples:

ports:
- name: flower-ui
  port: 8080
  targetPort: flower-ui

flower.service.type

Flower Service type.

ClusterIP

flower.serviceAccount.annotations

Annotations to add to the worker Kubernetes ServiceAccount.

{}

flower.serviceAccount.automountServiceAccountToken

Specifies if ServiceAccount’s API credentials should be mounted onto Pods

True

flower.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

flower.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

flower.tolerations

Specify Tolerations for Flower pods.

[]

flower.topologySpreadConstraints

Specify topology spread constraints for Flower pods.

[]

flower.username

Username use to access Flower.

~

Redis

Parameter

Description

Default

data.brokerUrl

Direct url to the redis broker (when using an external redis instance) (can only be set during install, not upgrade).

~

data.brokerUrlSecretName

Redis broker URL secret.

~

redis.affinity

Specify scheduling constraints for Redis pods.

{}

redis.annotations

Annotations for the redis.

{}

redis.emptyDirConfig

Configuration for redis empty dir volume.

~

redis.enabled

Enable the Redis provisioned by the chart (you can also use an external Redis instance with data.brokerUrl or data.brokerUrlSecretName).

True

redis.nodeSelector

Select certain nodes for Redis pods.

{}

redis.password

If password is set, create secret with it, else generate a new one on install (can only be set during install, not upgrade).

~

redis.passwordSecretName

Redis password secret.

~

redis.persistence.annotations

Annotations to add to redis volumes.

{}

redis.persistence.enabled

Enable persistent volumes.

True

redis.persistence.existingClaim

The name of an existing PVC to use.

~

redis.persistence.size

Volume size for Redis StatefulSet.

1Gi

redis.persistence.storageClassName

If using a custom StorageClass, pass name ref to all StatefulSets here.

~

redis.podAnnotations

Annotations to add to the redis pods.

{}

redis.priorityClassName

Specify priority for redis pods.

~

redis.resources

Resources for the Redis pods

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

redis.safeToEvict

This setting tells Kubernetes that its ok to evict when it wants to scale a node down.

True

redis.securityContext

Security context for the cleanup job pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

redis.service.clusterIP

If using ClusterIP service type, custom IP address can be specified.

~

redis.service.nodePort

If using NodePort service type, custom node port can be specified.

~

redis.service.type

Service type.

ClusterIP

redis.serviceAccount.annotations

Annotations to add to the worker Kubernetes ServiceAccount.

{}

redis.serviceAccount.automountServiceAccountToken

Specifies if ServiceAccount’s API credentials should be mounted onto Pods

True

redis.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

redis.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

redis.terminationGracePeriodSeconds

Grace period for Redis to exit after SIGTERM is sent from Kubernetes.

600

redis.tolerations

Specify Tolerations for Redis pods.

[]

redis.topologySpreadConstraints

Specify topology spread constraints for Redis pods.

[]

redis.uid

Redis run as user parameter.

0

StatsD

Parameter

Description

Default

statsd.affinity

Specify scheduling constraints for StatsD pods.

{}

statsd.annotations

Annotations to add to the StatsD deployment.

{}

statsd.args

Args to use when running statsd-exporter (templated).

['--statsd.mapping-config=/etc/statsd-exporter/mappings.yml']

statsd.configMapAnnotations

Extra annotations to apply to the statsd configmap.

{}

statsd.enabled

Enable StatsD.

True

statsd.env

Add additional env vars to statsd container.

[]

statsd.extraMappings

Additional mappings for StatsD exporter.If set, will merge default mapping and extra mappings, default mapping has higher priority. So, if you want to change some default mapping, please use overrideMappings

[]

statsd.extraNetworkPolicies

Additional NetworkPolicies as needed.

[]

statsd.nodeSelector

Select certain nodes for StatsD pods.

{}

statsd.overrideMappings

Override mappings for StatsD exporter.If set, will ignore setting item in default and extraMappings. So, If you use it, ensure all mapping item contains in it.

[]

statsd.podAnnotations

Annotations to add to the StatsD pods.

{}

statsd.priorityClassName

Specify priority for StatsD pods.

~

statsd.resources

Resources for StatsD pods.

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

statsd.securityContext

Security context for the StatsD pod (deprecated, use securityContexts instead).

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

statsd.service.extraAnnotations

Extra annotations for the StatsD Service.

{}

statsd.serviceAccount.annotations

Annotations to add to the StatsD Kubernetes ServiceAccount.

{}

statsd.serviceAccount.automountServiceAccountToken

Specifies if ServiceAccount’s API credentials should be mounted onto Pods

True

statsd.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

statsd.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

statsd.terminationGracePeriodSeconds

Grace period for statsd to finish after SIGTERM is sent from Kubernetes.

30

statsd.tolerations

Specify Tolerations for StatsD pods.

[]

statsd.topologySpreadConstraints

Specify topology spread constraints for StatsD pods.

[]

statsd.uid

StatsD run as user parameter.

65534

Jobs

Parameter

Description

Default

cleanup.affinity

Specify scheduling constraints for cleanup pods.

{}

cleanup.args

Args to use when running the cleanup cronjob (templated).

['bash', '-c', 'exec airflow kubernetes cleanup-pods --namespace={{ .Release.Namespace }}']

cleanup.command

Command to use when running the cleanup cronjob (templated).

~

cleanup.enabled

Enable cleanup.

False

cleanup.env

Add additional env vars to cleanup.

[]

cleanup.jobAnnotations

Annotations to add to the cleanup cronjob.

{}

cleanup.labels

labels to add to cleanup pods.

{}

cleanup.nodeSelector

Select certain nodes for cleanup pods.

{}

cleanup.podAnnotations

Annotations to add to cleanup pods.

{}

cleanup.priorityClassName

Specify priority for cleanup pods.

~

cleanup.resources

Resources for or cleanup pods

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

cleanup.schedule

Cleanup schedule (templated).

*/15 * * * *

cleanup.securityContext

Security context for the cleanup job pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

cleanup.serviceAccount.annotations

Annotations to add to the cleanup CronJob Kubernetes ServiceAccount.

{}

cleanup.serviceAccount.automountServiceAccountToken

Specifies if ServiceAccount’s API credentials should be mounted onto Pods

True

cleanup.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

cleanup.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

cleanup.tolerations

Specify Tolerations for cleanup pods.

[]

cleanup.topologySpreadConstraints

Specify topology spread constraints for cleanup pods.

[]

createUserJob.affinity

Specify scheduling constraints for the create user job pod.

{}

createUserJob.annotations

Annotations to add to the create user job pod.

{}

createUserJob.applyCustomEnv

Specify if you want additional configured env vars applied to this job

True

createUserJob.args

Args to use when running create user job (templated).

['bash', '-c', 'exec \\\nairflow {{ semverCompare ">=2.0.0" .Values.airflowVersion | ternary "users create" "create_user" }} "$@"', '--', '-r', '{{ .Values.webserver.defaultUser.role }}', '-u', '{{ .Values.webserver.defaultUser.username }}', '-e', '{{ .Values.webserver.defaultUser.email }}', '-f', '{{ .Values.webserver.defaultUser.firstName }}', '-l', '{{ .Values.webserver.defaultUser.lastName }}', '-p', '{{ .Values.webserver.defaultUser.password }}']

createUserJob.command

Command to use when running create user job (templated).

~

createUserJob.env

Add additional env vars to the create user job pod.

[]

createUserJob.extraContainers

Launch additional containers for the create user job pod

[]

createUserJob.extraInitContainers

Add additional init containers into create user job pod (templated).

[]

createUserJob.extraVolumeMounts

Mount additional volumes into create user job

[]

createUserJob.extraVolumes

Mount additional volumes into create user job

[]

createUserJob.jobAnnotations

Annotations to add to the create user job job.

{}

createUserJob.labels

Labels to add to the create user job objects and pods.

{}

createUserJob.nodeSelector

Select certain nodes for the create user job pod.

{}

createUserJob.priorityClassName

Specify priority for the create user job pod.

~

createUserJob.resources

Resources for the create user job pod

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

createUserJob.securityContext

Security context for the create user job pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

createUserJob.serviceAccount.annotations

Annotations to add to the create user job Kubernetes ServiceAccount.

{}

createUserJob.serviceAccount.automountServiceAccountToken

Specifies if ServiceAccount’s API credentials should be mounted onto Pods

True

createUserJob.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

createUserJob.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

createUserJob.tolerations

Specify Tolerations for the create user job pod.

[]

createUserJob.topologySpreadConstraints

Specify topology spread constraints for the create user job pod.

[]

createUserJob.ttlSecondsAfterFinished

Limit the lifetime of the job object after it finished execution

300

createUserJob.useHelmHooks

Specify if you want to use the default Helm Hook annotations

True

migrateDatabaseJob.affinity

Specify scheduling constraints for the migrate database job pod.

{}

migrateDatabaseJob.annotations

Annotations to add to the migrate database job pod.

{}

migrateDatabaseJob.applyCustomEnv

Specify if you want additional configured env vars applied to this job

True

migrateDatabaseJob.args

Args to use when running migrate database job (templated).

['bash', '-c', 'exec \\\nairflow {{ semverCompare ">=2.7.0" .Values.airflowVersion | ternary "db migrate" (semverCompare ">=2.0.0" .Values.airflowVersion | ternary "db upgrade" "upgradedb") }}']

migrateDatabaseJob.command

Command to use when running migrate database job (templated).

~

migrateDatabaseJob.enabled

Enable migrate database job.

True

migrateDatabaseJob.env

Add additional env vars to migrate database job.

[]

migrateDatabaseJob.extraContainers

Launch additional containers for the migrate database job pod

[]

migrateDatabaseJob.extraInitContainers

Add additional init containers into migrate database job (templated).

[]

migrateDatabaseJob.extraVolumeMounts

Mount additional volumes into migrate database job

[]

migrateDatabaseJob.extraVolumes

Mount additional volumes into migrate database job

[]

migrateDatabaseJob.jobAnnotations

Annotations to add to the migrate database job.

{}

migrateDatabaseJob.labels

Labels to add to the migrate database job objects and pods.

{}

migrateDatabaseJob.nodeSelector

Select certain nodes for the migrate database job pod.

{}

migrateDatabaseJob.priorityClassName

Specify priority for the migrate database job pod.

~

migrateDatabaseJob.resources

Resources for the migrate database job pod

{}

Examples:

resources:
  limits:
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

migrateDatabaseJob.securityContext

Security context for the migrate database job pod (deprecated, use securityContexts instead). If not set, the values from securityContext will be used.

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

migrateDatabaseJob.serviceAccount.annotations

Annotations to add to the migrate database job Kubernetes ServiceAccount.

{}

migrateDatabaseJob.serviceAccount.automountServiceAccountToken

Specifies if ServiceAccount’s API credentials should be mounted onto Pods

True

migrateDatabaseJob.serviceAccount.create

Specifies whether a ServiceAccount should be created.

True

migrateDatabaseJob.serviceAccount.name

The name of the ServiceAccount to use. If not set and create is true, a name is generated using the release name.

~

migrateDatabaseJob.tolerations

Specify Tolerations for the migrate database job pod.

[]

migrateDatabaseJob.topologySpreadConstraints

Specify topology spread constraints for migrate database job pod.

[]

migrateDatabaseJob.ttlSecondsAfterFinished

Limit the lifetime of the job object after it finished execution

300

migrateDatabaseJob.useHelmHooks

Specify if you want to use the default Helm Hook annotations

True

Kubernetes

Parameter

Description

Default

affinity

Specify scheduling constraints for all pods.

{}

airflowConfigAnnotations

Extra annotations to apply to the main Airflow configmap.

{}

airflowPodAnnotations

Extra annotations to apply to all Airflow pods.

{}

apiServer.containerLifecycleHooks

Container Lifecycle Hooks definition for the API server. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

apiServer.securityContexts.container

Container security context definition for the API server.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

apiServer.securityContexts.pod

Pod security context definition for the API server.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

apiServer.topologySpreadConstraints

Specify topology spread constraints for API server pods.

[]

apiServer.waitForMigrations.securityContexts.container

Container security context definition for the wait for migrations.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

cleanup.containerLifecycleHooks

Container Lifecycle Hooks definition for the cleanup. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

cleanup.securityContexts.container

Container security context definition for the cleanup.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

cleanup.securityContexts.pod

Pod security context definition for the cleanup.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

containerLifecycleHooks

Default Container Lifecycle Hooks definition. The values in this parameter will be used when containerLifecycleHooks is not defined for specific containers.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

createUserJob.containerLifecycleHooks

Container Lifecycle Hooks definition for the create user job. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

createUserJob.securityContexts.container

Container security context definition for the create user job.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

createUserJob.securityContexts.pod

Pod security context definition for the create user job.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

dagProcessor.containerLifecycleHooks

Container Lifecycle Hooks definition for the dag processor. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

dagProcessor.securityContexts.container

Container security context definition for the dag processor.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

dagProcessor.securityContexts.pod

Pod security context definition for the dag processor.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

dagProcessor.waitForMigrations.securityContexts.container

Container security context definition for the wait for migrations.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

dags.gitSync.containerLifecycleHooks

Container Lifecycle Hooks definition for the git sync sidecar. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

dags.gitSync.securityContexts.container

Container security context definition for the git sync sidecar.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

extraConfigMaps

Extra ConfigMaps that will be managed by the chart.

{}

Examples:

extraConfigMaps:
  '{{ .Release.Name }}-airflow-variables':
    data: |-
      AIRFLOW_VAR_HELLO_MESSAGE: 'Hi!'
      AIRFLOW_VAR_KUBERNETES_NAMESPACE: '{{ .Release.Namespace }}'

extraSecrets

Extra secrets that will be managed by the chart.

{}

Examples:

extraSecrets:
  '{{ .Release.Name }}-airflow-connections':
    data: |-
      AIRFLOW_CONN_GCP: 'base64_encoded_gcp_conn_string'
      AIRFLOW_CONN_AWS: 'base64_encoded_aws_conn_string'
    stringData: 'AIRFLOW_CONN_OTHER: ''other_conn'''

flower.containerLifecycleHooks

Container Lifecycle Hooks definition for the network policy. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

flower.securityContexts.container

Container security context definition for the network policy.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

flower.securityContexts.pod

Pod security context definition for the network policy.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

labels

Add common labels to all objects and pods defined in this chart.

{}

limits

Define default/max/min values for pods and containers in namespace.

[]

migrateDatabaseJob.containerLifecycleHooks

Container Lifecycle Hooks definition for the migrate database job. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

migrateDatabaseJob.securityContexts.container

Container security context definition for the migrate database job.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

migrateDatabaseJob.securityContexts.pod

Pod security context definition for the migrate database job.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

networkPolicies.enabled

Enabled network policies.

False

nodeSelector

Select certain nodes for all pods.

{}

pgbouncer.containerLifecycleHooks

Container Lifecycle Hooks definition for the PgBouncer. If not set, the values from global containerLifecycleHooks will be used.

{'preStop': {'exec': {'command': ['/bin/sh', '-c', 'killall -INT pgbouncer && sleep 120']}}}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

pgbouncer.metricsExporterSidecar.containerLifecycleHooks

Container Lifecycle Hooks definition for the metrics exporter sidecar. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

pgbouncer.metricsExporterSidecar.securityContexts.container

Container security context definition for the metrics exporter sidecar.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

pgbouncer.securityContexts.container

Container security context definition for the PgBouncer.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

pgbouncer.securityContexts.pod

Pod security context definition for the PgBouncer.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 65534

priorityClasses

Priority Classes created by helm charts

[]

Examples:

priorityClasses:
- name: class1
  preemptionPolicy: PreemptLowerPriority
  value: 10000
priorityClasses:
- name: class2
  preemptionPolicy: Never
  value: 100000

quotas

Define any ResourceQuotas for namespace.

{}

rbac.create

Specifies whether RBAC resources should be created.

True

rbac.createSCCRoleBinding

Specifies whether SCC RoleBinding resource should be created (refer to Production Guide).

False

redis.containerLifecycleHooks

Container Lifecycle Hooks definition for the redis. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

redis.securityContexts.container

Container security context definition for the redis.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

redis.securityContexts.pod

Pod security context definition for the redis.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 999

registry.connection

Credentials to connect to a private registry, these will get Base64 encoded and stored in a secret (will get passed to imagePullSecrets).

{}

Examples:

connection:
  email: '...'
  host: '...'
  pass: '...'
  user: '...'

registry.connection.email

Email Address

""

registry.connection.host

Registry Server URL (e.g. https://index.docker.io/v1/ for DockerHub)

""

registry.connection.pass

Password

""

registry.connection.user

Username

""

registry.secretName

Name of the Kubernetes secret containing Base64 encoded credentials to connect to a private registry (will get passed to imagePullSecrets).

~

scheduler.containerLifecycleHooks

Container Lifecycle Hooks definition for the scheduler. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

scheduler.securityContexts.container

Container security context definition for the scheduler.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

scheduler.securityContexts.pod

Pod security context definition for the scheduler.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

scheduler.waitForMigrations.securityContexts.container

Container security context definition for the wait for migrations.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

securityContext

Default pod security context definition (deprecated, use securityContexts instead). The values in this parameter will be used when securityContext is not defined for specific Pods

{}

Examples:

securityContext:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

securityContexts.container

Default container security context definition. The values in this parameter will be used when securityContexts is not defined for specific containers

{}

Examples:

container:
  allowPrivilegeEscalation: false

securityContexts.pod

Default pod security context definition. The values in this parameter will be used when securityContexts is not defined for specific Pods.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

statsd.containerLifecycleHooks

Container Lifecycle Hooks definition for the statsd. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

statsd.securityContexts.container

Container security context definition for the statsd.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

statsd.securityContexts.pod

Pod security context definition for the statsd.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

tolerations

Specify Tolerations for all pods.

[]

topologySpreadConstraints

Specify topology spread constraints for all pods.

[]

triggerer.containerLifecycleHooks

Container Lifecycle Hooks definition for the triggerer. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

triggerer.securityContexts.container

Container security context definition for the triggerer.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

triggerer.securityContexts.pod

Pod security context definition for the triggerer.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

triggerer.waitForMigrations.securityContexts.container

Container security context definition for the wait for migrations.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

webserver.containerLifecycleHooks

Container Lifecycle Hooks definition for the webserver. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

webserver.securityContexts.container

Container security context definition for the webserver.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

webserver.securityContexts.pod

Pod security context definition for the webserver.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

webserver.topologySpreadConstraints

Specify topology spread constraints for webserver pods.

[]

webserver.waitForMigrations.securityContexts.container

Container security context definition for the wait for migrations.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

workers.containerLifecycleHooks

Container Lifecycle Hooks definition for the worker. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

workers.kerberosInitContainer.containerLifecycleHooks

Container Lifecycle Hooks definition for the kerberos init container. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

workers.kerberosInitContainer.securityContexts.container

Container security context definition for the kerberos init container.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

workers.kerberosSidecar.containerLifecycleHooks

Container Lifecycle Hooks definition for the kerberos sidecar. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

workers.kerberosSidecar.securityContexts.container

Container security context definition for the kerberos sidecar.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

workers.persistence.containerLifecycleHooks

Container Lifecycle Hooks definition for the persistence. If not set, the values from global containerLifecycleHooks will be used.

{}

Examples:

containerLifecycleHooks:
  postStart:
    exec:
      command:
      - /bin/sh
      - -c
      - echo postStart handler > /usr/share/message
  preStop:
    exec:
      command:
      - /bin/sh
      - -c
      - echo preStop handler > /usr/share/message

workers.persistence.securityContexts.container

Container security context definition for the persistence.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

workers.securityContexts.container

Container security context definition for the workers.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

workers.securityContexts.pod

Pod security context definition for the workers.

{}

Examples:

pod:
  fsGroup: 0
  runAsGroup: 0
  runAsUser: 50000

workers.waitForMigrations.securityContexts.container

Container security context definition for the wait for migrations.

{}

Examples:

container:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

Ingress

Parameter

Description

Default

ingress.enabled

Enable all ingress resources (deprecated - use ingress.web.enabled and ingress.flower.enabled).

~

ingress.flower.annotations

Annotations for the flower Ingress.

{}

ingress.flower.enabled

Enable flower ingress resource.

False

ingress.flower.host

The hostname for the flower Ingress. (Deprecated - renamed to ingress.flower.hosts)

""

ingress.flower.hosts

The hostnames or hosts configuration for the flower Ingress.

[]

ingress.flower.ingressClassName

The Ingress Class for the flower Ingress.

""

ingress.flower.path

The path for the flower Ingress.

/

ingress.flower.pathType

The pathType for the flower Ingress (required for Kubernetes 1.19 and above).

ImplementationSpecific

ingress.flower.tls.enabled

Enable TLS termination for the flower Ingress.

False

ingress.flower.tls.secretName

The name of a pre-created Secret containing a TLS private key and certificate.

""

ingress.pgbouncer.annotations

Annotations for the PgBouncer Ingress.

{}

ingress.pgbouncer.enabled

Enable PgBouncer ingress resource.

False

ingress.pgbouncer.host

The hostname for the PgBouncer Ingress. (Deprecated - renamed to ingress.pgbouncer.hosts)

""

ingress.pgbouncer.hosts

The hostnames or hosts configuration for the PgBouncer Ingress.

[]

ingress.pgbouncer.ingressClassName

The Ingress Class for the PgBouncer Ingress.

""

ingress.pgbouncer.path

The path for the PgBouncer Ingress.

/metrics

ingress.pgbouncer.pathType

The pathType for the PgBouncer Ingress (required for Kubernetes 1.19 and above).

ImplementationSpecific

ingress.statsd.annotations

Annotations for the statsd Ingress.

{}

ingress.statsd.enabled

Enable statsd ingress resource.

False

ingress.statsd.host

The hostname for the statsd Ingress. (Deprecated - renamed to ingress.statsd.hosts)

""

ingress.statsd.hosts

The hostnames or hosts configuration for the statsd Ingress.

[]

ingress.statsd.ingressClassName

The Ingress Class for the statsd Ingress.

""

ingress.statsd.path

The path for the statsd Ingress.

/metrics

ingress.statsd.pathType

The pathType for the statsd Ingress (required for Kubernetes 1.19 and above).

ImplementationSpecific

ingress.web.annotations

Annotations for the web Ingress.

{}

ingress.web.enabled

Enable web ingress resource.

False

ingress.web.host

The hostname for the web Ingress. (Deprecated - renamed to ingress.web.hosts)

""

ingress.web.hosts

The hostnames or hosts configuration for the web Ingress.

[]

ingress.web.ingressClassName

The Ingress Class for the web Ingress.

""

ingress.web.path

The path for the web Ingress.

/

ingress.web.pathType

The pathType for the web Ingress (required for Kubernetes 1.19 and above).

ImplementationSpecific

ingress.web.precedingPaths

HTTP paths to add to the web Ingress before the default path.

[]

ingress.web.succeedingPaths

HTTP paths to add to the web Ingress after the default path.

[]

ingress.web.tls.enabled

Enable TLS termination for the web Ingress.

False

ingress.web.tls.secretName

The name of a pre-created Secret containing a TLS private key and certificate.

""

Kerberos

Parameter

Description

Default

kerberos.ccacheFileName

Name for kerberos credentials cache file.

cache

kerberos.ccacheMountPath

Path to mount shared volume for kerberos credentials cache.

/var/kerberos-ccache

kerberos.config

Contents of krb5.conf.

See values.yaml

kerberos.configPath

Path to mount krb5.conf kerberos configuration file.

/etc/krb5.conf

kerberos.enabled

Enable kerberos.

False

kerberos.keytabBase64Content

Kerberos keytab base64 encoded content.

~

kerberos.keytabPath

Path to mount the keytab for refreshing credentials in the kerberos sidecar.

/etc/airflow.keytab

kerberos.principal

Principal to use when refreshing kerberos credentials.

airflow@FOO.COM

kerberos.reinitFrequency

How often (in seconds) airflow kerberos will reinitialize the credentials cache.

3600

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

helm install my-release apache-airflow/airflow \
  --set executor=CeleryExecutor \
  --set enablePodLaunching=false .

Was this entry helpful?