diff --git a/.vib/airflow/runtime-parameters.yaml b/.vib/airflow/runtime-parameters.yaml index 1bc1c1eb482b6f..dbe3590d74859a 100644 --- a/.vib/airflow/runtime-parameters.yaml +++ b/.vib/airflow/runtime-parameters.yaml @@ -1,7 +1,13 @@ auth: password: ComplicatedPassword123!4 -loadExamples: true service: ports: http: 80 - type: LoadBalancer \ No newline at end of file + type: LoadBalancer +dags: + enabled: true + repositories: + - repository: https://github.com/apache/airflow + branch: main + name: examples + path: airflow/example_dags diff --git a/bitnami/airflow/Chart.lock b/bitnami/airflow/Chart.lock index ac58ad26838501..1f6112e7c4f6dd 100644 --- a/bitnami/airflow/Chart.lock +++ b/bitnami/airflow/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: redis repository: oci://registry-1.docker.io/bitnamicharts - version: 20.1.6 + version: 20.2.1 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 16.0.0 + version: 16.0.6 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.23.0 -digest: sha256:08d16e823fcad0d75020672d295161ccab54648f1b084b1388739a32d20aaa96 -generated: "2024-10-02T16:09:47.968172694+02:00" + version: 2.26.0 +digest: sha256:ce4621d257bedfe7984ca9448b81f6b800ceb44425ce8ef66ab2ecfe73ef3b9d +generated: "2024-10-29T09:15:19.820905+01:00" diff --git a/bitnami/airflow/Chart.yaml b/bitnami/airflow/Chart.yaml index ef0d6b3c8cbf57..8ac336e898d4ec 100644 --- a/bitnami/airflow/Chart.yaml +++ b/bitnami/airflow/Chart.yaml @@ -9,14 +9,6 @@ annotations: image: docker.io/bitnami/airflow:2.10.2-debian-12-r0 - name: airflow-exporter image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-12-r47 - - name: airflow-scheduler - image: docker.io/bitnami/airflow-scheduler:2.10.2-debian-12-r0 - - name: airflow-worker - image: docker.io/bitnami/airflow-worker:2.10.2-debian-12-r0 - - name: git - image: docker.io/bitnami/git:2.46.1-debian-12-r1 - - name: os-shell - image: docker.io/bitnami/os-shell:12-debian-12-r30 apiVersion: v2 appVersion: 2.10.2 dependencies: @@ -47,4 +39,4 @@ maintainers: name: airflow sources: - https://github.com/bitnami/charts/tree/main/bitnami/airflow -version: 20.0.0 +version: 21.0.0 diff --git a/bitnami/airflow/README.md b/bitnami/airflow/README.md index d967b93ccadea1..e435ebf7137346 100644 --- a/bitnami/airflow/README.md +++ b/bitnami/airflow/README.md @@ -26,30 +26,95 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment - Kubernetes 1.23+ - Helm 3.8.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/airflow +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The command deploys Apache Airflow on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` ## Configuration and installation details -### Resource requests and limits +### Executors -Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. +Airflow supports different [Executors](https://www.astronomer.io/docs/learn/airflow-executors-explained) and this Helm chart provides support for several of them. You can choose the executor you want to use by setting the `executor` parameter. -To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). +#### CeleryExecutor -### [Rolling VS Immutable tags](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html) +The Celery executor (default one) uses a message queue system (Redis® in this case) to coordinate tasks between pre-configured workers. -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. +#### KubernetesExecutor -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. +The Kubernetes executor creates a new worker pod for every task instance using the `pod_template.yaml` that you can find at [templates/config/configmap.yaml](https://github.com/bitnami/charts/blob/main/bitnami/airflow/templates/config/configmap.yaml). This template can be overwritten using `worker.podTemplate`. To enable `KubernetesExecutor` you can set the following parameters: + +```console +executor=KubernetesExecutor +rbac.create=true +serviceAccount.create=true +redis.enabled=false +``` + +> NOTE: Redis® is not needed to be deployed when using KubernetesExecutor so you can disable it using `redis.enabled=false`. + +### CeleryKubernetesExecutor + +The CeleryKubernetesExecutor (introduced in Airflow 2.0) is a combination of both the Celery and the Kubernetes executors. Tasks will be executed using Celery by default, but those tasks that require it can be executed in a Kubernetes pod using the 'kubernetes' queue. + +#### LocalExecutor + +The Local executor runs tasks by spawning processes in the Scheduler pods. To enable `LocalExecutor` set the following parameters. + +```console +executor=LocalExecutor +redis.enabled=false +``` + +### LocalKubernetesExecutor + +The LocalKubernetesExecutor (introduced in Airflow 2.3) is a combination of both the Local and the Kubernetes executors. Tasks will be executed in the scheduler by default, but those tasks that require it can be executed in a Kubernetes pod using the 'kubernetes' queue. + +#### SequentialExecutor + +This executor will only run one task instance at a time in the Scheduler pods. For production use case, please use other executors. To enable `SequentialExecutor` set the following parameters. + +```console +executor=SequentialExecutor +redis.enabled=false +``` + +### Scaling worker pods + +Sometime when using large workloads a fixed number of worker pods may make task to take a long time to be executed. This chart provide two ways for scaling worker pods. + +- If you are using `KubernetesExecutor` auto scaling pods would be done by the Scheduler without adding anything more. +- If you are using `SequentialExecutor` you would have to enable `worker.autoscaling` to do so, please, set the following parameters. It will use autoscaling by default configuration that you can change using `worker.autoscaling.replicas.*` and `worker.autoscaling.targets.*`. + +```console +worker.autoscaling.enabled=true +worker.resources.requests.cpu=200m +worker.resources.requests.memory=250Mi +``` ### Generate a Fernet key A Fernet key is required in order to encrypt password within connections. The Fernet key must be a base64-encoded 32-byte key. -Learn how to generate one [here](https://airflow.apache.org/docs/apache-airflow/stable/security/secrets/fernet.html#generating-fernet-key) +Learn how to generate one [here](https://airflow.apache.org/docs/apache-airflow/stable/security/secrets/fernet.html#generating-fernet-key). ### Generate a Secret key -Secret key used to run your flask app. It should be as random as possible. However, when running more than 1 instances of webserver, make sure all of them use the same secret_key otherwise one of them will error with "CSRF session token is missing". +Secret key used to run your Flask app. It should be as random as possible. + +> Note: when running multiple Web server instances, make sure all of them use the same secret key. Otherwise you may face the error "CSRF session token is missing". ### Load DAG files @@ -57,19 +122,24 @@ There are two different ways to load your custom DAG files into the Airflow char #### Option 1: Specify an existing config map -You can manually create a config map containing all your DAG files and then pass the name when deploying Airflow chart. For that, you can pass the option `dags.existingConfigmap`. +You can manually create a config map containing all your DAG files and then pass the name when deploying Airflow chart. For that, you can set the parameters below: + +```console +dags.enabled=true +dags.existingConfigmap=my-dags-configmap +``` #### Option 2: Get your DAG files from a git repository You can store all your DAG files on GitHub repositories and then clone to the Airflow pods with an initContainer. The repositories will be periodically updated using a sidecar container. In order to do that, you can deploy airflow with the following options: -> NOTE: When enabling git synchronization, an init container and sidecar container will be added for all the pods running airflow, this will allow scheduler, worker and web component to reach dags if it was needed. +> Note: When enabling git synchronization, an init container and sidecar container will be added for all the pods running airflow, this will allow scheduler, worker and web component to reach dags if it was needed. ```console -git.dags.enabled=true -git.dags.repositories[0].repository=https://github.com/USERNAME/REPOSITORY -git.dags.repositories[0].name=REPO-IDENTIFIER -git.dags.repositories[0].branch=master +dags.enabled=true +dags.repositories[0].repository=https://github.com/USERNAME/REPOSITORY +dags.repositories[0].name=REPO-IDENTIFIER +dags.repositories[0].branch=master ``` If you use a private repository from GitHub, a possible option to clone the files is using a [Personal Access Token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) and using it as part of the URL: `https://USERNAME:PERSONAL_ACCESS_TOKEN@github.com/USERNAME/REPOSITORY` @@ -78,15 +148,19 @@ If you use a private repository from GitHub, a possible option to clone the file You can load plugins into the chart by specifying a git repository containing the plugin files. The repository will be periodically updated using a sidecar container. In order to do that, you can deploy airflow with the following options: -> NOTE: When enabling git synchronization, an init container and sidecar container will be added for all the pods running airflow, this will allow scheduler, worker and web component to reach plugins if it was needed. +> Note: When enabling git synchronization, an init container and sidecar container will be added for all the pods running airflow, this will allow scheduler, worker and web component to reach plugins if it was needed. ```console -git.plugins.enabled=true -git.plugins.repositories[0].repository=https://github.com/teamclairvoyant/airflow-rest-api-plugin.git -git.plugins.repositories[0].branch=v1.0.9-branch -git.plugins.repositories[0].path=plugins +plugins.enabled=true +plugins.repositories[0].repository=https://github.com/teamclairvoyant/airflow-rest-api-plugin.git +plugins.repositories[0].branch=v1.0.9-branch +plugins.repositories[0].path=plugins ``` +### Install extra python packages + +This chart allows you to mount volumes using `extraVolumes` and `extraVolumeMounts` in every component (web, scheduler, worker). Mounting a `requirements.txt` using these options to `/bitnami/python/requirements.txt` will execute `pip install -r /bitnami/python/requirements.txt` on container start. + ### Existing Secrets You can use an existing secret to configure your Airflow auth, external Postgres, and external Redis® passwords: @@ -125,79 +199,75 @@ data: This is useful if you plan on using [Bitnami's sealed secrets](https://github.com/bitnami-labs/sealed-secrets) to manage your passwords. -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -### Install extra python packages - -This chart allows you to mount volumes using `extraVolumes` and `extraVolumeMounts` in all 3 airflow components (web, scheduler, worker). Mounting a requirements.txt using these options to `/bitnami/python/requirements.txt` will execute `pip install -r /bitnami/python/requirements.txt` on container start. +### Resource requests and limits -### Enabling network policies +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. -This chart allows you to set network policies that will rectrict the access to the deployed pods in the cluster. Basically, no other pods apart from Scheduler's pods may access Worker's pods and no other pods apart from Web's pods may access Worker's ones. To do so, set `networkPolicies.enabled=true`. +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). -### Executors +### [Rolling VS Immutable tags](https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html) -Airflow supports different executors runtimes and this chart provides support for the following ones. +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. -#### CeleryExecutor +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. -Celery executor is the default value for this chart with it you can scale out the number of workers. To point the `executor` parameter to `CeleryExecutor` you need to do something, you just install the chart with default parameters. +### Ingress -#### KubernetesExecutor +This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application. -The kubernetes executor is introduced in Apache Airflow 1.10.0. The Kubernetes executor will create a new pod for every task instance using the `pod_template.yaml` that you can find [templates/config/configmap.yaml](https://github.com/bitnami/charts/blob/main/bitnami/airflow/templates/config/configmap.yaml), otherwise you can override this template using `worker.podTemplate`. To enable `KubernetesExecutor` set the following parameters. +To enable Ingress integration, set `ingress.enabled` to `true`. -> NOTE: Redis® is not needed to be deployed when using KubernetesExecutor so you must disable it using `redis.enabled=false`. +The most common scenario is to have one host name mapped to the deployment. In this case, the `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. However, it is also possible to have more than one host. To facilitate this, the `ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts. -```console -executor=KubernetesExecutor -redis.enabled=false -rbac.create=true -serviceaccount.create=true -``` +> NOTE: For each host specified in the `ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers. -### CeleryKubernetesExecutor +Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists. -The CeleryKubernetesExecutor is introduced in Airflow 2.0 and is a combination of both the Celery and the Kubernetes executors. Tasks will be executed using Celery by default, but those tasks that require it can be executed in a Kubernetes pod using the 'kubernetes' queue. +[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). -#### LocalExecutor +### Sidecars -Local executor runs tasks by spawning processes in the Scheduler pods. To enable `LocalExecutor` set the following parameters. +If additional containers are needed in the same pod as Apache Airflow (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. -```console -executor=LocalExecutor -redis.enabled=false +```yaml +sidecars: +- name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 ``` -### LocalKubernetesExecutor - -The LocalKubernetesExecutor is introduced in Airflow 2.3 and is a combination of both the Local and the Kubernetes executors. Tasks will be executed in the scheduler by default, but those tasks that require it can be executed in a Kubernetes pod using the 'kubernetes' queue. +If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below: -#### SequentialExecutor +```yaml +service: + extraPorts: + - name: extraPort + port: 11311 + targetPort: 11311 +``` -This executor will only run one task instance at a time in the Scheduler pods. For production use case, please use other executors. To enable `SequentialExecutor` set the following parameters. +If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example: -```console -executor=SequentialExecutor -redis.enabled=false +```yaml +initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 ``` -### Scaling worker pods +Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). -Sometime when using large workloads a fixed number of worker pods may make task to take a long time to be executed. This chart provide two ways for scaling worker pods. +### Setting Pod's affinity -- If you are using `KubernetesExecutor` auto scaling pods would be done by the Scheduler without adding anything more. -- If you are using `SequentialExecutor` you would have to enable `worker.autoscaling` to do so, please, set the following parameters. It will use autoscaling by default configuration that you can change using `worker.autoscaling.replicas.*` and `worker.autoscaling.targets.*`. +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). -```console -worker.autoscaling.enabled=true -worker.resources.requests.cpu=200m -worker.resources.requests.memory=250Mi -``` +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. ## Persistence @@ -207,365 +277,374 @@ The Bitnami Airflow chart relies on the PostgreSQL chart persistence. This means ### Global parameters -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | -| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | -| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | +| `global.compatibility.omitEmptySeLinuxOptions` | If set to true, removes the seLinuxOptions from the securityContexts when it is set to an empty object | `false` | ### Common parameters -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | -| `extraDeploy` | Extra objects to deploy (evaluated as a template) | `[]` | -| `commonLabels` | Add labels to all the deployed resources | `{}` | -| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the the deployment(s)/statefulset(s) | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the the deployment(s)/statefulset(s) | `["infinity"]` | +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `nameOverride` | String to partially override common.names.name | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the chart release | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the chart release | `["infinity"]` | ### Airflow common parameters -| Name | Description | Value | -| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `auth.username` | Username to access web UI | `user` | -| `auth.password` | Password to access web UI | `""` | -| `auth.fernetKey` | Fernet key to secure connections | `""` | -| `auth.secretKey` | Secret key to run your flask app | `""` | -| `auth.existingSecret` | Name of an existing secret to use for Airflow credentials | `""` | -| `executor` | Airflow executor. Allowed values: `SequentialExecutor`, `LocalExecutor`, `CeleryExecutor`, `KubernetesExecutor`, `CeleryKubernetesExecutor` and `LocalKubernetesExecutor` | `CeleryExecutor` | -| `loadExamples` | Switch to load some Airflow examples | `false` | -| `configuration` | Specify content for Airflow config file (auto-generated based on other env. vars otherwise) | `""` | -| `existingConfigmap` | Name of an existing ConfigMap with the Airflow config file | `""` | -| `dags.existingConfigmap` | Name of an existing ConfigMap with all the DAGs files you want to load in Airflow | `""` | -| `dags.image.registry` | Init container load-dags image registry | `REGISTRY_NAME` | -| `dags.image.repository` | Init container load-dags image repository | `REPOSITORY_NAME/os-shell` | -| `dags.image.digest` | Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `dags.image.pullPolicy` | Init container load-dags image pull policy | `IfNotPresent` | -| `dags.image.pullSecrets` | Init container load-dags image pull secrets | `[]` | -| `extraEnvVars` | Add extra environment variables for all the Airflow pods | `[]` | -| `extraEnvVarsCM` | ConfigMap with extra environment variables for all the Airflow pods | `""` | -| `extraEnvVarsSecret` | Secret with extra environment variables for all the Airflow pods | `""` | -| `extraEnvVarsSecrets` | List of secrets with extra environment variables for all the Airflow pods | `[]` | -| `sidecars` | Add additional sidecar containers to all the Airflow pods | `[]` | -| `initContainers` | Add additional init containers to all the Airflow pods | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for all the Airflow pods | `[]` | -| `extraVolumes` | Optionally specify extra list of additional volumes for the all the Airflow pods | `[]` | +| Name | Description | Value | +| --------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| `image.registry` | Airflow image registry | `REGISTRY_NAME` | +| `image.repository` | Airflow image repository | `REPOSITORY_NAME/airflow` | +| `image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Airflow image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Airflow image pull secrets | `[]` | +| `image.debug` | Enable image debug mode | `false` | +| `auth.username` | Username to access web UI | `user` | +| `auth.password` | Password to access web UI | `""` | +| `auth.fernetKey` | Fernet key to secure connections | `""` | +| `auth.secretKey` | Secret key to run your flask app | `""` | +| `auth.existingSecret` | Name of an existing secret to use for Airflow credentials | `""` | +| `executor` | Airflow executor. Allowed values: `SequentialExecutor`, `LocalExecutor`, `CeleryExecutor`, `KubernetesExecutor`, `CeleryKubernetesExecutor` and `LocalKubernetesExecutor` | `CeleryExecutor` | +| `loadExamples` | Switch to load some Airflow examples | `false` | +| `configuration` | Specify content for Airflow config file (auto-generated based on other env. vars otherwise) | `""` | +| `existingConfigmap` | Name of an existing ConfigMap with the Airflow config file | `""` | +| `dags.enabled` | Enable loading DAGs from a ConfigMap or Git repositories | `false` | +| `dags.existingConfigmap` | Name of an existing ConfigMap with all the DAGs files you want to load in Airflow | `""` | +| `dags.repositories` | Array of repositories from which to download DAG files | `[]` | +| `plugins.enabled` | Enable loading plugins from Git repositories | `false` | +| `plugins.repositories` | Array of repositories from which to download plugins | `[]` | +| `defaultInitContainers.createDefaultConfig.containerSecurityContext.enabled` | Enabled "create-default-config" init-containers' Security Context | `true` | +| `defaultInitContainers.createDefaultConfig.containerSecurityContext.seLinuxOptions` | Set SELinux options in "create-default-config" init-containers | `{}` | +| `defaultInitContainers.createDefaultConfig.containerSecurityContext.runAsUser` | Set runAsUser in "create-default-config" init-containers' Security Context | `1001` | +| `defaultInitContainers.createDefaultConfig.containerSecurityContext.runAsGroup` | Set runAsUser in "create-default-config" init-containers' Security Context | `1001` | +| `defaultInitContainers.createDefaultConfig.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in "create-default-config" init-containers' Security Context | `true` | +| `defaultInitContainers.createDefaultConfig.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in "create-default-config" init-containers' Security Context | `true` | +| `defaultInitContainers.createDefaultConfig.containerSecurityContext.privileged` | Set privileged in "create-default-config" init-containers' Security Context | `false` | +| `defaultInitContainers.createDefaultConfig.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in "create-default-config" init-containers' Security Context | `false` | +| `defaultInitContainers.createDefaultConfig.containerSecurityContext.capabilities.add` | List of capabilities to be added in "create-default-config" init-containers | `[]` | +| `defaultInitContainers.createDefaultConfig.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in "create-default-config" init-containers | `["ALL"]` | +| `defaultInitContainers.createDefaultConfig.containerSecurityContext.seccompProfile.type` | Set seccomp profile in "create-default-config" init-containers | `RuntimeDefault` | +| `defaultInitContainers.createDefaultConfig.resourcesPreset` | Set Airflow "create-default-config" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultInitContainers.createDefaultConfig.resources is set (defaultInitContainers.createDefaultConfig.resources is recommended for production). | `nano` | +| `defaultInitContainers.createDefaultConfig.resources` | Set Airflow "create-default-config" init container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `defaultInitContainers.loadDAGsPlugins.command` | Override cmd | `[]` | +| `defaultInitContainers.loadDAGsPlugins.args` | Override args | `[]` | +| `defaultInitContainers.loadDAGsPlugins.extraVolumeMounts` | Add extra volume mounts | `[]` | +| `defaultInitContainers.loadDAGsPlugins.extraEnvVars` | Add extra environment variables | `[]` | +| `defaultInitContainers.loadDAGsPlugins.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | +| `defaultInitContainers.loadDAGsPlugins.extraEnvVarsSecret` | Secret with extra environment variables | `""` | +| `defaultInitContainers.loadDAGsPlugins.containerSecurityContext.enabled` | Enabled "load-dags-plugins" init-containers' Security Context | `true` | +| `defaultInitContainers.loadDAGsPlugins.containerSecurityContext.seLinuxOptions` | Set SELinux options in "load-dags-plugins" init-containers | `{}` | +| `defaultInitContainers.loadDAGsPlugins.containerSecurityContext.runAsUser` | Set runAsUser in "load-dags-plugins" init-containers' Security Context | `1001` | +| `defaultInitContainers.loadDAGsPlugins.containerSecurityContext.runAsGroup` | Set runAsUser in "load-dags-plugins" init-containers' Security Context | `1001` | +| `defaultInitContainers.loadDAGsPlugins.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in "load-dags-plugins" init-containers' Security Context | `true` | +| `defaultInitContainers.loadDAGsPlugins.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in "load-dags-plugins" init-containers' Security Context | `true` | +| `defaultInitContainers.loadDAGsPlugins.containerSecurityContext.privileged` | Set privileged in "load-dags-plugins" init-containers' Security Context | `false` | +| `defaultInitContainers.loadDAGsPlugins.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in "load-dags-plugins" init-containers' Security Context | `false` | +| `defaultInitContainers.loadDAGsPlugins.containerSecurityContext.capabilities.add` | List of capabilities to be added in "load-dags-plugins" init-containers | `[]` | +| `defaultInitContainers.loadDAGsPlugins.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in "load-dags-plugins" init-containers | `["ALL"]` | +| `defaultInitContainers.loadDAGsPlugins.containerSecurityContext.seccompProfile.type` | Set seccomp profile in "load-dags-plugins" init-containers | `RuntimeDefault` | +| `defaultInitContainers.loadDAGsPlugins.resourcesPreset` | Set Airflow "load-dags-plugins" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultInitContainers.loadDAGsPlugins.resources is set (defaultInitContainers.loadDAGsPlugins.resources is recommended for production). | `nano` | +| `defaultInitContainers.loadDAGsPlugins.resources` | Set Airflow "load-dags-plugins" init container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `defaultSidecars.syncDAGsPlugins.interval` | Interval in seconds to pull the git repository containing the DAGs and/or plugins | `60` | +| `defaultSidecars.syncDAGsPlugins.command` | Override cmd | `[]` | +| `defaultSidecars.syncDAGsPlugins.args` | Override args | `[]` | +| `defaultSidecars.syncDAGsPlugins.extraVolumeMounts` | Add extra volume mounts | `[]` | +| `defaultSidecars.syncDAGsPlugins.extraEnvVars` | Add extra environment variables | `[]` | +| `defaultSidecars.syncDAGsPlugins.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | +| `defaultSidecars.syncDAGsPlugins.extraEnvVarsSecret` | Secret with extra environment variables | `""` | +| `defaultSidecars.syncDAGsPlugins.containerSecurityContext.enabled` | Enabled "sync-dags-plugins" sidecars' Security Context | `true` | +| `defaultSidecars.syncDAGsPlugins.containerSecurityContext.seLinuxOptions` | Set SELinux options in "sync-dags-plugins" sidecars | `{}` | +| `defaultSidecars.syncDAGsPlugins.containerSecurityContext.runAsUser` | Set runAsUser in "sync-dags-plugins" sidecars' Security Context | `1001` | +| `defaultSidecars.syncDAGsPlugins.containerSecurityContext.runAsGroup` | Set runAsUser in "sync-dags-plugins" sidecars' Security Context | `1001` | +| `defaultSidecars.syncDAGsPlugins.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in "sync-dags-plugins" sidecars' Security Context | `true` | +| `defaultSidecars.syncDAGsPlugins.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in "sync-dags-plugins" sidecars' Security Context | `true` | +| `defaultSidecars.syncDAGsPlugins.containerSecurityContext.privileged` | Set privileged in "sync-dags-plugins" sidecars' Security Context | `false` | +| `defaultSidecars.syncDAGsPlugins.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in "sync-dags-plugins" sidecars' Security Context | `false` | +| `defaultSidecars.syncDAGsPlugins.containerSecurityContext.capabilities.add` | List of capabilities to be added in "sync-dags-plugins" sidecars | `[]` | +| `defaultSidecars.syncDAGsPlugins.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in "sync-dags-plugins" sidecars | `["ALL"]` | +| `defaultSidecars.syncDAGsPlugins.containerSecurityContext.seccompProfile.type` | Set seccomp profile in "sync-dags-plugins" sidecars | `RuntimeDefault` | +| `defaultSidecars.syncDAGsPlugins.resourcesPreset` | Set Airflow "sync-dags-plugins" sidecar resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultSidecars.syncDAGsPlugins.resources is set (defaultSidecars.syncDAGsPlugins.resources is recommended for production). | `nano` | +| `defaultSidecars.syncDAGsPlugins.resources` | Set Airflow "sync-dags-plugins" sidecar requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `extraEnvVars` | Add extra environment variables for all the Airflow pods | `[]` | +| `extraEnvVarsCM` | ConfigMap with extra environment variables for all the Airflow pods | `""` | +| `extraEnvVarsSecret` | Secret with extra environment variables for all the Airflow pods | `""` | +| `extraEnvVarsSecrets` | List of secrets with extra environment variables for all the Airflow pods | `[]` | +| `sidecars` | Add additional sidecar containers to all the Airflow pods | `[]` | +| `initContainers` | Add additional init containers to all the Airflow pods | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for all the Airflow pods | `[]` | +| `extraVolumes` | Optionally specify extra list of additional volumes for the all the Airflow pods | `[]` | ### Airflow web parameters -| Name | Description | Value | -| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | -| `web.image.registry` | Airflow image registry | `REGISTRY_NAME` | -| `web.image.repository` | Airflow image repository | `REPOSITORY_NAME/airflow` | -| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` | -| `web.image.pullSecrets` | Airflow image pull secrets | `[]` | -| `web.image.debug` | Enable image debug mode | `false` | -| `web.baseUrl` | URL used to access to Airflow web ui | `""` | -| `web.existingConfigmap` | Name of an existing config map containing the Airflow web config file | `""` | -| `web.command` | Override default container command (useful when using custom images) | `[]` | -| `web.args` | Override default container args (useful when using custom images) | `[]` | -| `web.extraEnvVars` | Array with extra environment variables to add Airflow web pods | `[]` | -| `web.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow web pods | `""` | -| `web.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow web pods | `""` | -| `web.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow web pods | `[]` | -| `web.containerPorts.http` | Airflow web HTTP container port | `8080` | -| `web.replicaCount` | Number of Airflow web replicas | `1` | -| `web.livenessProbe.enabled` | Enable livenessProbe on Airflow web containers | `true` | -| `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | -| `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `web.readinessProbe.enabled` | Enable readinessProbe on Airflow web containers | `true` | -| `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `web.startupProbe.enabled` | Enable startupProbe on Airflow web containers | `false` | -| `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | -| `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `web.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if web.resources is set (web.resources is recommended for production). | `medium` | -| `web.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` | -| `web.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `web.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `web.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` | -| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` | -| `web.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` | -| `web.containerSecurityContext.runAsGroup` | Set Airflow web containers' Security Context runAsGroup | `1001` | -| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` | -| `web.containerSecurityContext.privileged` | Set web container's Security Context privileged | `false` | -| `web.containerSecurityContext.allowPrivilegeEscalation` | Set web container's Security Context allowPrivilegeEscalation | `false` | -| `web.containerSecurityContext.readOnlyRootFilesystem` | Set web container's Security Context readOnlyRootFilesystem | `true` | -| `web.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `web.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` | -| `web.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `web.hostAliases` | Deployment pod host aliases | `[]` | -| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` | -| `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` | -| `web.affinity` | Affinity for Airflow web pods assignment (evaluated as a template) | `{}` | -| `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set. | `""` | -| `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set. | `[]` | -| `web.nodeSelector` | Node labels for Airflow web pods assignment | `{}` | -| `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `""` | -| `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | -| `web.tolerations` | Tolerations for Airflow web pods assignment | `[]` | -| `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `web.priorityClassName` | Priority Class Name | `""` | -| `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | -| `web.terminationGracePeriodSeconds` | Seconds Airflow web pod needs to terminate gracefully | `""` | -| `web.updateStrategy.type` | Airflow web deployment strategy type | `RollingUpdate` | -| `web.updateStrategy.rollingUpdate` | Airflow web deployment rolling update configuration parameters | `{}` | -| `web.sidecars` | Add additional sidecar containers to the Airflow web pods | `[]` | -| `web.initContainers` | Add additional init containers to the Airflow web pods | `[]` | -| `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow web pods | `[]` | -| `web.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow web pods | `[]` | -| `web.pdb.create` | Deploy a pdb object for the Airflow web pods | `true` | -| `web.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` | -| `web.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` | -| `web.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `web.networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `web.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `web.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `web.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `web.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `web.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| Name | Description | Value | +| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `web.baseUrl` | URL used to access to Airflow web ui | `""` | +| `web.existingConfigmap` | Name of an existing config map containing the Airflow web config file | `""` | +| `web.command` | Override default container command (useful when using custom images) | `[]` | +| `web.args` | Override default container args (useful when using custom images) | `[]` | +| `web.extraEnvVars` | Array with extra environment variables to add Airflow web pods | `[]` | +| `web.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow web pods | `""` | +| `web.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow web pods | `""` | +| `web.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow web pods | `[]` | +| `web.containerPorts.http` | Airflow web HTTP container port | `8080` | +| `web.replicaCount` | Number of Airflow web replicas | `1` | +| `web.livenessProbe.enabled` | Enable livenessProbe on Airflow web containers | `true` | +| `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | +| `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `web.readinessProbe.enabled` | Enable readinessProbe on Airflow web containers | `true` | +| `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `web.startupProbe.enabled` | Enable startupProbe on Airflow web containers | `false` | +| `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | +| `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `web.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if web.resources is set (web.resources is recommended for production). | `medium` | +| `web.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` | +| `web.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `web.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `web.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` | +| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` | +| `web.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` | +| `web.containerSecurityContext.runAsGroup` | Set Airflow web containers' Security Context runAsGroup | `1001` | +| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` | +| `web.containerSecurityContext.privileged` | Set web container's Security Context privileged | `false` | +| `web.containerSecurityContext.allowPrivilegeEscalation` | Set web container's Security Context allowPrivilegeEscalation | `false` | +| `web.containerSecurityContext.readOnlyRootFilesystem` | Set web container's Security Context readOnlyRootFilesystem | `true` | +| `web.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `web.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` | +| `web.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `web.hostAliases` | Deployment pod host aliases | `[]` | +| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` | +| `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` | +| `web.affinity` | Affinity for Airflow web pods assignment (evaluated as a template) | `{}` | +| `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set. | `""` | +| `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set. | `[]` | +| `web.nodeSelector` | Node labels for Airflow web pods assignment | `{}` | +| `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `""` | +| `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | +| `web.tolerations` | Tolerations for Airflow web pods assignment | `[]` | +| `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `web.priorityClassName` | Priority Class Name | `""` | +| `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `web.terminationGracePeriodSeconds` | Seconds Airflow web pod needs to terminate gracefully | `""` | +| `web.updateStrategy.type` | Airflow web deployment strategy type | `RollingUpdate` | +| `web.updateStrategy.rollingUpdate` | Airflow web deployment rolling update configuration parameters | `{}` | +| `web.sidecars` | Add additional sidecar containers to the Airflow web pods | `[]` | +| `web.initContainers` | Add additional init containers to the Airflow web pods | `[]` | +| `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow web pods | `[]` | +| `web.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow web pods | `[]` | +| `web.pdb.create` | Deploy a pdb object for the Airflow web pods | `true` | +| `web.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` | +| `web.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` | +| `web.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `web.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `web.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `web.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `web.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `web.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `web.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | ### Airflow scheduler parameters -| Name | Description | Value | -| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -| `scheduler.image.registry` | Airflow Scheduler image registry | `REGISTRY_NAME` | -| `scheduler.image.repository` | Airflow Scheduler image repository | `REPOSITORY_NAME/airflow-scheduler` | -| `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` | -| `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` | -| `scheduler.image.debug` | Enable image debug mode | `false` | -| `scheduler.replicaCount` | Number of scheduler replicas | `1` | -| `scheduler.command` | Override cmd | `[]` | -| `scheduler.args` | Override args | `[]` | -| `scheduler.extraEnvVars` | Add extra environment variables | `[]` | -| `scheduler.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `scheduler.extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `scheduler.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow scheduler pods | `[]` | -| `scheduler.livenessProbe.enabled` | Enable livenessProbe on Airflow scheduler containers | `true` | -| `scheduler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | -| `scheduler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `scheduler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `15` | -| `scheduler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `scheduler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `scheduler.readinessProbe.enabled` | Enable readinessProbe on Airflow scheduler containers | `true` | -| `scheduler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `scheduler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `scheduler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `15` | -| `scheduler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `scheduler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `scheduler.startupProbe.enabled` | Enable startupProbe on Airflow scheduler containers | `false` | -| `scheduler.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | -| `scheduler.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `scheduler.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `scheduler.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `scheduler.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `scheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `scheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `scheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `scheduler.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if scheduler.resources is set (scheduler.resources is recommended for production). | `small` | -| `scheduler.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `scheduler.podSecurityContext.enabled` | Enabled Airflow scheduler pods' Security Context | `true` | -| `scheduler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `scheduler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `scheduler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `scheduler.podSecurityContext.fsGroup` | Set Airflow scheduler pod's Security Context fsGroup | `1001` | -| `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` | -| `scheduler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` | -| `scheduler.containerSecurityContext.runAsGroup` | Set Airflow scheduler containers' Security Context runAsGroup | `1001` | -| `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` | -| `scheduler.containerSecurityContext.privileged` | Set scheduler container's Security Context privileged | `false` | -| `scheduler.containerSecurityContext.allowPrivilegeEscalation` | Set scheduler container's Security Context allowPrivilegeEscalation | `false` | -| `scheduler.containerSecurityContext.readOnlyRootFilesystem` | Set scheduler container's Security Context readOnlyRootFilesystem | `true` | -| `scheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `scheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` | -| `scheduler.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `scheduler.hostAliases` | Deployment pod host aliases | `[]` | -| `scheduler.podLabels` | Add extra labels to the Airflow scheduler pods | `{}` | -| `scheduler.podAnnotations` | Add extra annotations to the Airflow scheduler pods | `{}` | -| `scheduler.affinity` | Affinity for Airflow scheduler pods assignment (evaluated as a template) | `{}` | -| `scheduler.nodeAffinityPreset.key` | Node label key to match. Ignored if `scheduler.affinity` is set. | `""` | -| `scheduler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `scheduler.nodeAffinityPreset.values` | Node label values to match. Ignored if `scheduler.affinity` is set. | `[]` | -| `scheduler.nodeSelector` | Node labels for Airflow scheduler pods assignment | `{}` | -| `scheduler.podAffinityPreset` | Pod affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `""` | -| `scheduler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | -| `scheduler.tolerations` | Tolerations for Airflow scheduler pods assignment | `[]` | -| `scheduler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `scheduler.priorityClassName` | Priority Class Name | `""` | -| `scheduler.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | -| `scheduler.terminationGracePeriodSeconds` | Seconds Airflow scheduler pod needs to terminate gracefully | `""` | -| `scheduler.updateStrategy.type` | Airflow scheduler deployment strategy type | `RollingUpdate` | -| `scheduler.updateStrategy.rollingUpdate` | Airflow scheduler deployment rolling update configuration parameters | `{}` | -| `scheduler.sidecars` | Add additional sidecar containers to the Airflow scheduler pods | `[]` | -| `scheduler.initContainers` | Add additional init containers to the Airflow scheduler pods | `[]` | -| `scheduler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow scheduler pods | `[]` | -| `scheduler.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow scheduler pods | `[]` | -| `scheduler.pdb.create` | Deploy a pdb object for the Airflow scheduler pods | `true` | -| `scheduler.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `""` | -| `scheduler.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `""` | -| `scheduler.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `scheduler.networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `scheduler.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `scheduler.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `scheduler.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `scheduler.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `scheduler.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| Name | Description | Value | +| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `scheduler.replicaCount` | Number of scheduler replicas | `1` | +| `scheduler.command` | Override cmd | `[]` | +| `scheduler.args` | Override args | `[]` | +| `scheduler.extraEnvVars` | Add extra environment variables | `[]` | +| `scheduler.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | +| `scheduler.extraEnvVarsSecret` | Secret with extra environment variables | `""` | +| `scheduler.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow scheduler pods | `[]` | +| `scheduler.livenessProbe.enabled` | Enable livenessProbe on Airflow scheduler containers | `true` | +| `scheduler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | +| `scheduler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `scheduler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `15` | +| `scheduler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `scheduler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `scheduler.readinessProbe.enabled` | Enable readinessProbe on Airflow scheduler containers | `true` | +| `scheduler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `scheduler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `scheduler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `15` | +| `scheduler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `scheduler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `scheduler.startupProbe.enabled` | Enable startupProbe on Airflow scheduler containers | `false` | +| `scheduler.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | +| `scheduler.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `scheduler.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `scheduler.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `scheduler.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `scheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `scheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `scheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `scheduler.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if scheduler.resources is set (scheduler.resources is recommended for production). | `small` | +| `scheduler.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `scheduler.podSecurityContext.enabled` | Enabled Airflow scheduler pods' Security Context | `true` | +| `scheduler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `scheduler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `scheduler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `scheduler.podSecurityContext.fsGroup` | Set Airflow scheduler pod's Security Context fsGroup | `1001` | +| `scheduler.containerSecurityContext.enabled` | Enabled Airflow scheduler containers' Security Context | `true` | +| `scheduler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `scheduler.containerSecurityContext.runAsUser` | Set Airflow scheduler containers' Security Context runAsUser | `1001` | +| `scheduler.containerSecurityContext.runAsGroup` | Set Airflow scheduler containers' Security Context runAsGroup | `1001` | +| `scheduler.containerSecurityContext.runAsNonRoot` | Set Airflow scheduler containers' Security Context runAsNonRoot | `true` | +| `scheduler.containerSecurityContext.privileged` | Set scheduler container's Security Context privileged | `false` | +| `scheduler.containerSecurityContext.allowPrivilegeEscalation` | Set scheduler container's Security Context allowPrivilegeEscalation | `false` | +| `scheduler.containerSecurityContext.readOnlyRootFilesystem` | Set scheduler container's Security Context readOnlyRootFilesystem | `true` | +| `scheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `scheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `scheduler.lifecycleHooks` | for the Airflow scheduler container(s) to automate configuration before or after startup | `{}` | +| `scheduler.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `scheduler.hostAliases` | Deployment pod host aliases | `[]` | +| `scheduler.podLabels` | Add extra labels to the Airflow scheduler pods | `{}` | +| `scheduler.podAnnotations` | Add extra annotations to the Airflow scheduler pods | `{}` | +| `scheduler.affinity` | Affinity for Airflow scheduler pods assignment (evaluated as a template) | `{}` | +| `scheduler.nodeAffinityPreset.key` | Node label key to match. Ignored if `scheduler.affinity` is set. | `""` | +| `scheduler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `scheduler.nodeAffinityPreset.values` | Node label values to match. Ignored if `scheduler.affinity` is set. | `[]` | +| `scheduler.nodeSelector` | Node labels for Airflow scheduler pods assignment | `{}` | +| `scheduler.podAffinityPreset` | Pod affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `""` | +| `scheduler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | +| `scheduler.tolerations` | Tolerations for Airflow scheduler pods assignment | `[]` | +| `scheduler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `scheduler.priorityClassName` | Priority Class Name | `""` | +| `scheduler.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `scheduler.terminationGracePeriodSeconds` | Seconds Airflow scheduler pod needs to terminate gracefully | `""` | +| `scheduler.updateStrategy.type` | Airflow scheduler deployment strategy type | `RollingUpdate` | +| `scheduler.updateStrategy.rollingUpdate` | Airflow scheduler deployment rolling update configuration parameters | `{}` | +| `scheduler.sidecars` | Add additional sidecar containers to the Airflow scheduler pods | `[]` | +| `scheduler.initContainers` | Add additional init containers to the Airflow scheduler pods | `[]` | +| `scheduler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow scheduler pods | `[]` | +| `scheduler.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow scheduler pods | `[]` | +| `scheduler.pdb.create` | Deploy a pdb object for the Airflow scheduler pods | `true` | +| `scheduler.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `""` | +| `scheduler.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow scheduler replicas | `""` | +| `scheduler.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `scheduler.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `scheduler.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `scheduler.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `scheduler.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `scheduler.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `scheduler.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | ### Airflow worker parameters -| Name | Description | Value | -| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- | -| `worker.image.registry` | Airflow Worker image registry | `REGISTRY_NAME` | -| `worker.image.repository` | Airflow Worker image repository | `REPOSITORY_NAME/airflow-worker` | -| `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` | -| `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` | -| `worker.image.debug` | Enable image debug mode | `false` | -| `worker.command` | Override default container command (useful when using custom images) | `[]` | -| `worker.args` | Override default container args (useful when using custom images) | `[]` | -| `worker.extraEnvVars` | Array with extra environment variables to add Airflow worker pods | `[]` | -| `worker.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow worker pods | `""` | -| `worker.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow worker pods | `""` | -| `worker.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow worker pods | `[]` | -| `worker.containerPorts.http` | Airflow worker HTTP container port | `8793` | -| `worker.replicaCount` | Number of Airflow worker replicas | `1` | -| `worker.livenessProbe.enabled` | Enable livenessProbe on Airflow worker containers | `true` | -| `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | -| `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `worker.readinessProbe.enabled` | Enable readinessProbe on Airflow worker containers | `true` | -| `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `worker.startupProbe.enabled` | Enable startupProbe on Airflow worker containers | `false` | -| `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | -| `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `worker.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if worker.resources is set (worker.resources is recommended for production). | `large` | -| `worker.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `worker.podSecurityContext.enabled` | Enabled Airflow worker pods' Security Context | `true` | -| `worker.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `worker.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `worker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `worker.podSecurityContext.fsGroup` | Set Airflow worker pod's Security Context fsGroup | `1001` | -| `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` | -| `worker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | -| `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` | -| `worker.containerSecurityContext.runAsGroup` | Set Airflow worker containers' Security Context runAsGroup | `1001` | -| `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` | -| `worker.containerSecurityContext.privileged` | Set worker container's Security Context privileged | `false` | -| `worker.containerSecurityContext.allowPrivilegeEscalation` | Set worker container's Security Context allowPrivilegeEscalation | `false` | -| `worker.containerSecurityContext.readOnlyRootFilesystem` | Set worker container's Security Context readOnlyRootFilesystem | `true` | -| `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` | -| `worker.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `worker.hostAliases` | Deployment pod host aliases | `[]` | -| `worker.podLabels` | Add extra labels to the Airflow worker pods | `{}` | -| `worker.podAnnotations` | Add extra annotations to the Airflow worker pods | `{}` | -| `worker.affinity` | Affinity for Airflow worker pods assignment (evaluated as a template) | `{}` | -| `worker.nodeAffinityPreset.key` | Node label key to match. Ignored if `worker.affinity` is set. | `""` | -| `worker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `worker.nodeAffinityPreset.values` | Node label values to match. Ignored if `worker.affinity` is set. | `[]` | -| `worker.nodeSelector` | Node labels for Airflow worker pods assignment | `{}` | -| `worker.podAffinityPreset` | Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `""` | -| `worker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | -| `worker.tolerations` | Tolerations for Airflow worker pods assignment | `[]` | -| `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `worker.priorityClassName` | Priority Class Name | `""` | -| `worker.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | -| `worker.terminationGracePeriodSeconds` | Seconds Airflow worker pod needs to terminate gracefully | `""` | -| `worker.updateStrategy.type` | Airflow worker deployment strategy type | `RollingUpdate` | -| `worker.updateStrategy.rollingUpdate` | Airflow worker deployment rolling update configuration parameters | `{}` | -| `worker.sidecars` | Add additional sidecar containers to the Airflow worker pods | `[]` | -| `worker.initContainers` | Add additional init containers to the Airflow worker pods | `[]` | -| `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow worker pods | `[]` | -| `worker.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow worker pods | `[]` | -| `worker.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the Airflow worker statefulset | `[]` | -| `worker.podTemplate` | Template to replace the default one to be use when `executor=KubernetesExecutor` to create Airflow worker pods | `{}` | -| `worker.pdb.create` | Deploy a pdb object for the Airflow worker pods | `true` | -| `worker.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow worker replicas | `""` | -| `worker.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow worker replicas | `""` | -| `worker.autoscaling.enabled` | Whether enable horizontal pod autoscaler | `false` | -| `worker.autoscaling.minReplicas` | Configure a minimum amount of pods | `1` | -| `worker.autoscaling.maxReplicas` | Configure a maximum amount of pods | `3` | -| `worker.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `80` | -| `worker.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `80` | -| `worker.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `worker.networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `worker.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `worker.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `worker.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `worker.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `worker.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | - -### Airflow git sync parameters - -| Name | Description | Value | -| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `git.image.registry` | Git image registry | `REGISTRY_NAME` | -| `git.image.repository` | Git image repository | `REPOSITORY_NAME/git` | -| `git.image.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `git.image.pullPolicy` | Git image pull policy | `IfNotPresent` | -| `git.image.pullSecrets` | Git image pull secrets | `[]` | -| `git.dags.enabled` | Enable in order to download DAG files from git repositories. | `false` | -| `git.dags.repositories` | Array of repositories from which to download DAG files | `[]` | -| `git.plugins.enabled` | Enable in order to download Plugins files from git repositories. | `false` | -| `git.plugins.repositories` | Array of repositories from which to download DAG files | `[]` | -| `git.clone.command` | Override cmd | `[]` | -| `git.clone.args` | Override args | `[]` | -| `git.clone.extraVolumeMounts` | Add extra volume mounts | `[]` | -| `git.clone.extraEnvVars` | Add extra environment variables | `[]` | -| `git.clone.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `git.clone.extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `git.clone.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `git.clone.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if git.clone.resources is set (git.clone.resources is recommended for production). | `nano` | -| `git.sync.interval` | Interval in seconds to pull the git repository containing the plugins and/or DAG files | `60` | -| `git.sync.command` | Override cmd | `[]` | -| `git.sync.args` | Override args | `[]` | -| `git.sync.extraVolumeMounts` | Add extra volume mounts | `[]` | -| `git.sync.extraEnvVars` | Add extra environment variables | `[]` | -| `git.sync.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `git.sync.extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `git.sync.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if git.sync.resources is set (git.sync.resources is recommended for production). | `nano` | -| `git.sync.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| Name | Description | Value | +| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `worker.command` | Override default container command (useful when using custom images) | `[]` | +| `worker.args` | Override default container args (useful when using custom images) | `[]` | +| `worker.extraEnvVars` | Array with extra environment variables to add Airflow worker pods | `[]` | +| `worker.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow worker pods | `""` | +| `worker.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow worker pods | `""` | +| `worker.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow worker pods | `[]` | +| `worker.containerPorts.http` | Airflow worker HTTP container port | `8793` | +| `worker.replicaCount` | Number of Airflow worker replicas | `1` | +| `worker.livenessProbe.enabled` | Enable livenessProbe on Airflow worker containers | `true` | +| `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | +| `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `worker.readinessProbe.enabled` | Enable readinessProbe on Airflow worker containers | `true` | +| `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `worker.startupProbe.enabled` | Enable startupProbe on Airflow worker containers | `false` | +| `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | +| `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `worker.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if worker.resources is set (worker.resources is recommended for production). | `large` | +| `worker.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `worker.podSecurityContext.enabled` | Enabled Airflow worker pods' Security Context | `true` | +| `worker.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `worker.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `worker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `worker.podSecurityContext.fsGroup` | Set Airflow worker pod's Security Context fsGroup | `1001` | +| `worker.containerSecurityContext.enabled` | Enabled Airflow worker containers' Security Context | `true` | +| `worker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `worker.containerSecurityContext.runAsUser` | Set Airflow worker containers' Security Context runAsUser | `1001` | +| `worker.containerSecurityContext.runAsGroup` | Set Airflow worker containers' Security Context runAsGroup | `1001` | +| `worker.containerSecurityContext.runAsNonRoot` | Set Airflow worker containers' Security Context runAsNonRoot | `true` | +| `worker.containerSecurityContext.privileged` | Set worker container's Security Context privileged | `false` | +| `worker.containerSecurityContext.allowPrivilegeEscalation` | Set worker container's Security Context allowPrivilegeEscalation | `false` | +| `worker.containerSecurityContext.readOnlyRootFilesystem` | Set worker container's Security Context readOnlyRootFilesystem | `true` | +| `worker.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `worker.lifecycleHooks` | for the Airflow worker container(s) to automate configuration before or after startup | `{}` | +| `worker.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `worker.hostAliases` | Deployment pod host aliases | `[]` | +| `worker.podLabels` | Add extra labels to the Airflow worker pods | `{}` | +| `worker.podAnnotations` | Add extra annotations to the Airflow worker pods | `{}` | +| `worker.affinity` | Affinity for Airflow worker pods assignment (evaluated as a template) | `{}` | +| `worker.nodeAffinityPreset.key` | Node label key to match. Ignored if `worker.affinity` is set. | `""` | +| `worker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `worker.nodeAffinityPreset.values` | Node label values to match. Ignored if `worker.affinity` is set. | `[]` | +| `worker.nodeSelector` | Node labels for Airflow worker pods assignment | `{}` | +| `worker.podAffinityPreset` | Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `""` | +| `worker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | +| `worker.tolerations` | Tolerations for Airflow worker pods assignment | `[]` | +| `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `worker.priorityClassName` | Priority Class Name | `""` | +| `worker.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `worker.terminationGracePeriodSeconds` | Seconds Airflow worker pod needs to terminate gracefully | `""` | +| `worker.updateStrategy.type` | Airflow worker deployment strategy type | `RollingUpdate` | +| `worker.updateStrategy.rollingUpdate` | Airflow worker deployment rolling update configuration parameters | `{}` | +| `worker.sidecars` | Add additional sidecar containers to the Airflow worker pods | `[]` | +| `worker.initContainers` | Add additional init containers to the Airflow worker pods | `[]` | +| `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow worker pods | `[]` | +| `worker.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow worker pods | `[]` | +| `worker.extraVolumeClaimTemplates` | Optionally specify extra list of volumesClaimTemplates for the Airflow worker statefulset | `[]` | +| `worker.podTemplate` | Template to replace the default one to be use when `executor=KubernetesExecutor` to create Airflow worker pods | `{}` | +| `worker.pdb.create` | Deploy a pdb object for the Airflow worker pods | `true` | +| `worker.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow worker replicas | `""` | +| `worker.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow worker replicas | `""` | +| `worker.autoscaling.enabled` | Whether enable horizontal pod autoscaler | `false` | +| `worker.autoscaling.minReplicas` | Configure a minimum amount of pods | `1` | +| `worker.autoscaling.maxReplicas` | Configure a maximum amount of pods | `3` | +| `worker.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `80` | +| `worker.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `80` | +| `worker.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `worker.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `worker.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `worker.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `worker.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `worker.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `worker.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | ### Airflow ldap parameters @@ -761,6 +840,22 @@ Find more information about how to deal with common errors related to Bitnami's ## Upgrading +### To 21.0.0 + +This major version uses a single container image ([`bitnami/airflow`](https://github.com/bitnami/containers/tree/main/bitnami/airflow) by default) to run every Airflow component (Web server, Scheduler and Worker) so `bitnami/airflow-scheduler` and `bitnami/airflow-worker` images are no longer necessary. Also, operations to load custom DAGs and plugins via init containers also use this same image so `bitnami/git` and `bitnami/os-shell` are no longer necessary either. These changes implies several simplifications in the chart values: + +- New `image.*` parameters are introduced to configure the container image used to run the Airflow components. +- `web.image.*`, `scheduler.image.*` and `worker.image.*` parameters are removed. +- `dags.image.*` and `git.image.*` parameters are removed. + +Some other simplifications are introduced around adding custom DAGs and plugins: + +- `dags.*` and `git.dags.*` parameters are merged into a single `dags.*` parameter. +- `git.plugins.*` parameter are renamed to `plugins.*`. +- `git.clone.*` and `git.sync.` parameters are now available under `defaultInitContainers.loadDAGsPlugins.*` and `defaultSidecars.syncDAGsPlugins.*`, respectively. + +No upgrades issues are expected when upgrading from `20.x.x` if DAGs and plugins related parameters are properly adapted as described above. + ### To 20.0.0 This major updates the PostgreSQL subchart to its newest major, 16.0.0, which uses PostgreSQL 17.x. Follow the [official instructions](https://www.postgresql.org/docs/17/upgrading.html) to upgrade to 17.x. @@ -970,4 +1065,4 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file +limitations under the License. diff --git a/bitnami/airflow/files/dags/README.md b/bitnami/airflow/files/dags/README.md deleted file mode 100644 index d5808982bb6a73..00000000000000 --- a/bitnami/airflow/files/dags/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# How to use this folder - -You can copy here your DAGs files so they are mounted at "/opt/bitnami/airflow/dags" inside the docker image. diff --git a/bitnami/airflow/templates/NOTES.txt b/bitnami/airflow/templates/NOTES.txt index 5fa031d64af524..83a51bb3e41202 100644 --- a/bitnami/airflow/templates/NOTES.txt +++ b/bitnami/airflow/templates/NOTES.txt @@ -2,7 +2,7 @@ CHART NAME: {{ .Chart.Name }} CHART VERSION: {{ .Chart.Version }} APP VERSION: {{ .Chart.AppVersion }} -{{- $releaseNamespace := .Release.Namespace }} +{{- $releaseNamespace := include "common.names.namespace" . }} {{- $clusterDomain := .Values.clusterDomain }} {{- $fullname := include "common.names.fullname" . }} {{- $airflowSecretName := include "airflow.secretName" . }} @@ -123,6 +123,7 @@ To connect to Airflow from outside the cluster, perform the following steps: {{- end }} {{ include "airflow.validateValues" . }} -{{ include "airflow.checkRollingTags" . }} -{{- include "common.warnings.resources" (dict "sections" (list "git.clone" "git.sync" "metrics" "scheduler" "web" "worker") "context" $) }} -{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.dags.image .Values.web.image .Values.scheduler.image .Values.worker.image .Values.git.image .Values.metrics.image) "context" $) }} \ No newline at end of file +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- include "common.warnings.resources" (dict "sections" (list "scheduler" "web" "worker" "defaultSidecars.syncDAGsPlugins" "defaultInitContainers.loadDAGsPlugins" "metrics") "context" $) }} +{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.metrics.image) "context" $) }} diff --git a/bitnami/airflow/templates/_git_helpers.tpl b/bitnami/airflow/templates/_git_helpers.tpl deleted file mode 100644 index f5845b995620c5..00000000000000 --- a/bitnami/airflow/templates/_git_helpers.tpl +++ /dev/null @@ -1,208 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Returns the name that will identify the repository internally and it will be used to create folders or -volume names -*/}} -{{- define "airflow.git.repository.name" -}} - {{- $defaultName := regexFind "/.*$" .repository | replace "//" "" | replace "/" "-" | replace "." "-" -}} - {{- .name | default $defaultName | kebabcase -}} -{{- end -}} - -{{/* -Returns the volume mounts that will be used by git containers (clone and sync) -*/}} -{{- define "airflow.git.volumeMounts" -}} -{{- if .Values.git.dags.enabled }} -- name: empty-dir - mountPath: /dags - subPath: app-git-dags-dir -{{- end }} -{{- if .Values.git.plugins.enabled }} -- name: empty-dir - mountPath: /plugins - subPath: app-git-plugins-dir -{{- end }} -{{- end -}} - -{{/* -Returns the volume mounts that will be used by the main container -*/}} -{{- define "airflow.git.maincontainer.volumeMounts" -}} -{{- if .Values.git.dags.enabled }} - {{- range .Values.git.dags.repositories }} -- name: empty-dir - mountPath: /opt/bitnami/airflow/dags/git_{{ include "airflow.git.repository.name" . }} - {{- if .path }} - subPath: app-git-dags-dir/{{ include "airflow.git.repository.name" . }}/{{ .path }} - {{- else }} - subPath: app-git-dags-dir/{{ include "airflow.git.repository.name" . }} - {{- end }} - {{- end }} -{{- end }} -{{- if .Values.git.plugins.enabled }} - {{- range .Values.git.plugins.repositories }} -- name: empty-dir - mountPath: /opt/bitnami/airflow/plugins/git_{{ include "airflow.git.repository.name" . }} - {{- if .path }} - subPath: app-git-plugins-dir/{{ include "airflow.git.repository.name" . }}/{{ .path }} - {{- else }} - subPath: app-git-plugins-dir/{{ include "airflow.git.repository.name" . }} - {{- end }} - {{- end }} -{{- end }} -{{- end -}} - -{{/* -Returns the init container that will clone repositories files from a given list of git repositories -Usage: -{{ include "airflow.git.containers.clone" ( dict "securityContext" .Values.path.to.the.component.securityContext "context" $ ) }} -*/}} -{{- define "airflow.git.containers.clone" -}} -{{- if or .context.Values.git.dags.enabled .context.Values.git.plugins.enabled }} -- name: clone-repositories - image: {{ include "git.image" .context | quote }} - imagePullPolicy: {{ .context.Values.git.image.pullPolicy | quote }} -{{- if .securityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .securityContext "context" .context) | nindent 4 }} -{{- end }} -{{- if .context.Values.git.clone.resources }} - resources: {{- toYaml .context.Values.git.clone.resources | nindent 4 }} - {{- else if ne .context.Values.git.clone.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .context.Values.git.clone.resourcesPreset) | nindent 4 }} -{{- end }} -{{- if .context.Values.git.clone.command }} - command: {{- include "common.tplvalues.render" (dict "value" .context.Values.git.clone.command "context" .context) | nindent 4 }} -{{- else }} - command: - - /bin/bash -{{- end }} -{{- if .context.Values.git.clone.args }} - args: {{- include "common.tplvalues.render" (dict "value" .context.Values.git.clone.args "context" .context) | nindent 4 }} -{{- else }} - args: - - -ec - - | - . /opt/bitnami/scripts/libfs.sh - [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && . /opt/bitnami/scripts/git/entrypoint.sh - {{- if .context.Values.git.dags.enabled }} - {{- range .context.Values.git.dags.repositories }} - is_dir_empty "/dags/{{ include "airflow.git.repository.name" . }}" && git clone {{ .repository }} --branch {{ .branch }} /dags/{{ include "airflow.git.repository.name" . }} - {{- end }} - {{- end }} - {{- if .context.Values.git.plugins.enabled }} - {{- range .context.Values.git.plugins.repositories }} - is_dir_empty "/plugins/{{ include "airflow.git.repository.name" . }}" && git clone {{ .repository }} --branch {{ .branch }} /plugins/{{ include "airflow.git.repository.name" . }} - {{- end }} - {{- end }} -{{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /etc/ssh - subPath: etc-ssh-dir - - name: empty-dir - mountPath: /.ssh - subPath: ssh-dir - {{- include "airflow.git.volumeMounts" .context | trim | nindent 4 }} - {{- if .context.Values.git.clone.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .context.Values.git.clone.extraVolumeMounts "context" .context) | nindent 4 }} - {{- end }} -{{- if .context.Values.git.clone.extraEnvVars }} - env: {{- include "common.tplvalues.render" (dict "value" .context.Values.git.clone.extraEnvVars "context" .context) | nindent 4 }} -{{- end }} -{{- if or .context.Values.git.clone.extraEnvVarsCM .context.Values.git.clone.extraEnvVarsSecret }} - envFrom: - {{- if .context.Values.git.clone.extraEnvVarsCM }} - - configMapRef: - name: {{ .context.Values.git.clone.extraEnvVarsCM }} - {{- end }} - {{- if .context.Values.git.clone.extraEnvVarsSecret }} - - secretRef: - name: {{ .context.Values.git.clone.extraEnvVarsSecret }} - {{- end }} -{{- end }} -{{- end }} -{{- end -}} - -{{/* -Returns the container that will pull and sync repositories files from a given list of git repositories -Usage: -{{ include "airflow.git.containers.sync" ( dict "securityContext" .Values.path.to.the.component.securityContext "context" $ ) }} -*/}} -{{- define "airflow.git.containers.sync" -}} -{{- if or .context.Values.git.dags.enabled .context.Values.git.plugins.enabled }} -- name: sync-repositories - image: {{ include "git.image" .context | quote }} - imagePullPolicy: {{ .context.Values.git.image.pullPolicy | quote }} -{{- if .securityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .securityContext "context" .context) | nindent 4 }} -{{- end }} -{{- if .context.Values.git.sync.resources }} - resources: {{- toYaml .context.Values.git.sync.resources | nindent 4 }} - {{- else if ne .context.Values.git.sync.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .context.Values.git.sync.resourcesPreset) | nindent 4 }} -{{- end }} -{{- if .context.Values.git.sync.command }} - command: {{- include "common.tplvalues.render" (dict "value" .context.Values.git.sync.command "context" .context) | nindent 4 }} -{{- else }} - command: - - /bin/bash -{{- end }} -{{- if .context.Values.git.sync.args }} - args: {{- include "common.tplvalues.render" (dict "value" .context.Values.git.sync.args "context" .context) | nindent 4 }} -{{- else }} - args: - - -ec - - | - [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && . /opt/bitnami/scripts/git/entrypoint.sh - while true; do - {{- if .context.Values.git.dags.enabled }} - {{- range .context.Values.git.dags.repositories }} - cd /dags/{{ include "airflow.git.repository.name" . }} && git pull origin {{ .branch }} || true - {{- end }} - {{- end }} - {{- if .context.Values.git.plugins.enabled }} - {{- range .context.Values.git.plugins.repositories }} - cd /plugins/{{ include "airflow.git.repository.name" . }} && git pull origin {{ .branch }} || true - {{- end }} - {{- end }} - sleep {{ default "60" .context.Values.git.sync.interval }} - done -{{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /etc/ssh - subPath: etc-ssh-dir - - name: empty-dir - mountPath: /.ssh - subPath: ssh-dir - {{- include "airflow.git.volumeMounts" .context | trim | nindent 4 }} - {{- if .context.Values.git.sync.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .context.Values.git.sync.extraVolumeMounts "context" .context) | nindent 4 }} - {{- end }} -{{- if .context.Values.git.sync.extraEnvVars }} - env: {{- include "common.tplvalues.render" (dict "value" .context.Values.git.sync.extraEnvVars "context" .context) | nindent 4 }} -{{- end }} -{{- if or .context.Values.git.sync.extraEnvVarsCM .context.Values.git.sync.extraEnvVarsSecret }} - envFrom: - {{- if .context.Values.git.sync.extraEnvVarsCM }} - - configMapRef: - name: {{ .context.Values.git.sync.extraEnvVarsCM }} - {{- end }} - {{- if .context.Values.git.sync.extraEnvVarsSecret }} - - secretRef: - name: {{ .context.Values.git.sync.extraEnvVarsSecret }} - {{- end }} -{{- end }} -{{- end }} -{{- end -}} diff --git a/bitnami/airflow/templates/_helpers.tpl b/bitnami/airflow/templates/_helpers.tpl index 67e39d67bfc436..bf4910bbf248e7 100644 --- a/bitnami/airflow/templates/_helpers.tpl +++ b/bitnami/airflow/templates/_helpers.tpl @@ -4,92 +4,33 @@ SPDX-License-Identifier: APACHE-2.0 */}} {{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "airflow.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "airflow.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} {{/* -Full path to CA Cert file +Return the proper Airflow Web server fullname */}} -{{- define "airflow.ldapCAFilename" }} -{{- printf "%s/%s" .Values.ldap.tls.certificatesMountPath (coalesce .Values.ldap.tls.CAcertificateFilename .Values.ldap.tls.CAFilename ) }} +{{- define "airflow.web.fullname" -}} +{{- printf "%s-web" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* -Fully qualified app name for LDAP +Return the proper Airflow Scheduler fullname */}} -{{- define "airflow.ldap" -}} -{{- printf "%s-ldap" (include "common.names.fullname" .) -}} +{{- define "airflow.scheduler.fullname" -}} +{{- printf "%s-scheduler" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* -Return the LDAP credentials secret. -*/}} -{{- define "airflow.ldapSecretName" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option +Return the proper Airflow Worker fullname */}} -{{- if .Values.global }} - {{- if .Values.global.ldap }} - {{- if .Values.global.ldap.existingSecret }} - {{- printf "%s" .Values.global.ldap.existingSecret -}} - {{- else if .Values.ldap.existingSecret -}} - {{- printf "%s" .Values.ldap.existingSecret -}} - {{- else -}} - {{- printf "%s" (include "airflow.ldap" .) -}} - {{- end -}} - {{- else if .Values.ldap.existingSecret -}} - {{- printf "%s" .Values.ldap.existingSecret -}} - {{- else -}} - {{- printf "%s" (include "airflow.ldap" .) -}} - {{- end -}} -{{- else -}} - {{- if .Values.ldap.existingSecret -}} - {{- printf "%s" .Values.ldap.existingSecret -}} - {{- else -}} - {{- printf "%s" (include "airflow.ldap" .) -}} - {{- end -}} -{{- end -}} +{{- define "airflow.worker.fullname" -}} +{{- printf "%s-worker" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Return the proper Airflow image name */}} {{- define "airflow.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.web.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Airflow Scheduler image name -*/}} -{{- define "airflow.schedulerImage" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.scheduler.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Airflow Worker image name -*/}} -{{- define "airflow.workerImage" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.worker.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper git image name -*/}} -{{- define "git.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.git.image "global" .Values.global) -}} +{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} {{- end -}} {{/* @@ -99,18 +40,11 @@ Return the proper Airflow Metrics image name {{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} {{- end -}} -{{/* -Return the proper load Airflow DAGs image name -*/}} -{{- define "airflow.dags.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.dags.image "global" .Values.global) -}} -{{- end -}} - {{/* Return the proper Docker Image Registry Secret Names */}} {{- define "airflow.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.web.image .Values.scheduler.image .Values.worker.image .Values.git .Values.metrics.image) "global" .Values.global) -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image) "global" .Values.global) -}} {{- end -}} {{/* @@ -180,9 +114,9 @@ Get the secret name */}} {{- define "airflow.secretName" -}} {{- if .Values.auth.existingSecret -}} - {{- printf "%s" .Values.auth.existingSecret -}} + {{- print (tpl .Values.auth.existingSecret .) -}} {{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} + {{- print (include "common.names.fullname" .) -}} {{- end -}} {{- end -}} @@ -191,43 +125,21 @@ Get the configmap name */}} {{- define "airflow.configMapName" -}} {{- if .Values.existingConfigmap -}} - {{- printf "%s" (tpl .Values.existingConfigmap $) -}} + {{- print (tpl .Values.existingConfigmap .) -}} +{{- else -}} + {{- printf "%s-configuration" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the LDAP credentials secret. +*/}} +{{- define "airflow.ldapSecretName" -}} +{{- if .Values.ldap.existingSecret -}} + {{- print (tpl .Values.ldap.existingSecret .) -}} {{- else -}} - {{- printf "%s-configuration" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Load DAGs init-container -*/}} -{{- define "airflow.loadDAGsInitContainer" -}} -{{- $compDefinition := (get .context.Values .component) -}} -- name: load-dags - image: {{ include "airflow.dags.image" .context }} - imagePullPolicy: {{ .context.Values.dags.image.pullPolicy }} - {{- if $compDefinition.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $compDefinition.containerSecurityContext "context" .context) | nindent 4 }} - {{- end }} - command: - - /bin/bash - args: - - -ec - - | - cp /configmap/* /dags - {{- if $compDefinition.resources }} - resources: {{- toYaml $compDefinition.resources | nindent 4 }} - {{- else if ne $compDefinition.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" $compDefinition.resourcesPreset) | nindent 4 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: load-external-dag-files - mountPath: /configmap - - name: empty-dir - mountPath: /dags - subPath: app-external-dag-dir + {{- printf "%s-ldap" (include "common.names.fullname" .) -}} +{{- end -}} {{- end -}} {{/* @@ -396,7 +308,7 @@ Add environment variables to configure airflow common values - name: AIRFLOW_FORCE_OVERWRITE_CONF_FILE value: "yes" {{- end }} -{{- if .Values.web.image.debug }} +{{- if .Values.image.debug }} - name: BASH_DEBUG value: "1" - name: BITNAMI_DEBUG @@ -412,11 +324,11 @@ Add environment variables to configure airflow kubernetes executor - name: AIRFLOW__KUBERNETES__NAMESPACE value: {{ .Release.Namespace }} - name: AIRFLOW__KUBERNETES__WORKER_CONTAINER_REPOSITORY - value: {{ printf "%s/%s" .Values.worker.image.registry .Values.worker.image.repository }} + value: {{ printf "%s/%s" .Values.image.registry .Values.image.repository }} - name: AIRFLOW__KUBERNETES__WORKER_CONTAINER_TAG - value: {{ .Values.worker.image.tag }} + value: {{ .Values.image.tag }} - name: AIRFLOW__KUBERNETES__IMAGE_PULL_POLICY - value: {{ .Values.worker.image.pullPolicy }} + value: {{ .Values.image.pullPolicy }} - name: AIRFLOW__KUBERNETES__DAGS_IN_IMAGE value: "True" - name: AIRFLOW__KUBERNETES__DELETE_WORKER_PODS @@ -481,71 +393,70 @@ Compile all warnings into a single message, and call fail. {{- end -}} {{- end -}} -{{/* Validate values of Airflow - At least one repository details must be provided when "git.dags.enabled" is "true" */}} +{{/* +Validate values of Airflow - At least one repository details must be provided when "dags.enabled" is "true" +*/}} {{- define "airflow.validateValues.dags.repositories" -}} - {{- if and .Values.git.dags.enabled (empty .Values.git.dags.repositories) -}} -airflow: git.dags.repositories +{{- if and .Values.dags.enabled (empty .Values.dags.repositories) (empty .Values.dags.existingConfigmap) -}} +airflow: dags.repositories At least one repository must be provided when enabling downloading DAG files - from git repository (--set git.dags.repositories[0].repository="xxx" - --set git.dags.repositories[0].name="xxx" - --set git.dags.repositories[0].branch="name") - {{- end -}} + from git repositories (--set dags.repositories[0].repository="xxx" + --set dags.repositories[0].name="xxx" + --set dags.repositories[0].branch="name") +{{- end -}} {{- end -}} -{{/* Validate values of Airflow - "git.dags.repositories.repository", "git.dags.repositories.name", "git.dags.repositories.branch" must be provided when "git.dags.enabled" is "true" */}} +{{/* +Validate values of Airflow - "dags.repositories.repository", "dags.repositories.name", "dags.repositories.branch" must be provided when "dags.enabled" is "true" +*/}} {{- define "airflow.validateValues.dags.repository_details" -}} -{{- if .Values.git.dags.enabled -}} -{{- range $index, $repository_detail := .Values.git.dags.repositories }} +{{- if .Values.dags.enabled -}} +{{- range $index, $repository_detail := .Values.dags.repositories }} {{- if empty $repository_detail.repository -}} -airflow: git.dags.repositories[$index].repository +airflow: dags.repositories[$index].repository The repository must be provided when enabling downloading DAG files - from git repository (--set git.dags.repositories[$index].repository="xxx") + from git repository (--set dags.repositories[$index].repository="xxx") {{- end -}} {{- if empty $repository_detail.branch -}} -airflow: git.dags.repositories[$index].branch +airflow: dags.repositories[$index].branch The branch must be provided when enabling downloading DAG files - from git repository (--set git.dags.repositories[$index].branch="xxx") + from git repository (--set dags.repositories[$index].branch="xxx") {{- end -}} {{- end -}} {{- end -}} {{- end -}} -{{/* Validate values of Airflow - "git.plugins.repositories" must be provided when "git.plugins.enabled" is "true" */}} +{{/* +Validate values of Airflow - "plugins.repositories" must be provided when "plugins.enabled" is "true" +*/}} {{- define "airflow.validateValues.plugins.repositories" -}} - {{- if and .Values.git.plugins.enabled (empty .Values.git.plugins.repositories) -}} -airflow: git.plugins.repositories - At least one repository must be provided when enabling downloading DAG files - from git repository (--set git.plugins.repositories[0].repository="xxx" - --set git.plugins.repositories[0].name="xxx" - --set git.plugins.repositories[0].branch="name") - {{- end -}} +{{- if and .Values.plugins.enabled (empty .Values.plugins.repositories) -}} +airflow: plugins.repositories + At least one repository must be provided when enabling downloading plugins + from git repositories (--set plugins.repositories[0].repository="xxx" + --set plugins.repositories[0].name="xxx" + --set plugins.repositories[0].branch="name") +{{- end -}} {{- end -}} -{{/* Validate values of Airflow - "git.plugins.repositories.repository", "git.plugins.repositories.name", "git.plugins.repositories.branch" must be provided when "git.plugins.enabled" is "true" */}} +{{/* +Validate values of Airflow - "plugins.repositories.repository", "plugins.repositories.name", "plugins.repositories.branch" must be provided when "plugins.enabled" is "true" +*/}} {{- define "airflow.validateValues.plugins.repository_details" -}} -{{- if .Values.git.plugins.enabled -}} -{{- range $index, $repository_detail := .Values.git.plugins.repositories }} +{{- if .Values.plugins.enabled -}} +{{- range $index, $repository_detail := .Values.plugins.repositories }} {{- if empty $repository_detail.repository -}} -airflow: git.plugins.repositories[$index].repository +airflow: plugins.repositories[$index].repository The repository must be provided when enabling downloading DAG files - from git repository (--set git.plugins.repositories[$index].repository="xxx") + from git repository (--set plugins.repositories[$index].repository="xxx") {{- end -}} {{- if empty $repository_detail.branch -}} -airflow: git.plugins.repositories[$index].branch +airflow: plugins.repositories[$index].branch The branch must be provided when enabling downloading DAG files - from git repository (--set git.plugins.repositories[$index].branch="xxx") -{{- end -}} + from git repository (--set plugins.repositories[$index].branch="xxx") {{- end -}} {{- end -}} {{- end -}} - -{{/* Check if there are rolling tags in the images */}} -{{- define "airflow.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.web.image }} -{{- include "common.warnings.rollingTag" .Values.scheduler.image }} -{{- include "common.warnings.rollingTag" .Values.worker.image }} -{{- include "common.warnings.rollingTag" .Values.git.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} {{- end -}} {{/* @@ -554,9 +465,5 @@ This is a workaround and is subject to Airflow official resolution. Ref: https://github.com/bitnami/charts/pull/6096#issuecomment-856499047 */}} {{- define "airflow.worker.executor" -}} -{{- if eq .Values.executor "CeleryKubernetesExecutor" -}} -{{- printf "CeleryExecutor" -}} -{{- else -}} -{{- .Values.executor -}} -{{- end -}} +{{- print (ternary "CeleryExecutor" .Values.executor (eq .Values.executor "CeleryKubernetesExecutor")) -}} {{- end -}} diff --git a/bitnami/airflow/templates/_init_containers_sidecars.tpl b/bitnami/airflow/templates/_init_containers_sidecars.tpl new file mode 100644 index 00000000000000..c46fa687831730 --- /dev/null +++ b/bitnami/airflow/templates/_init_containers_sidecars.tpl @@ -0,0 +1,244 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Returns an init-container that copies the default configuration files so they are writable +*/}} +{{- define "airflow.defaultInitContainers.createDefaultConfig" -}} +- name: create-default-config + image: {{ include "airflow.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.defaultInitContainers.createDefaultConfig.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.defaultInitContainers.createDefaultConfig.containerSecurityContext "context" .) | nindent 4 }} + {{- end }} + {{- if .Values.defaultInitContainers.createDefaultConfig.resources }} + resources: {{- toYaml .Values.defaultInitContainers.createDefaultConfig.resources | nindent 4 }} + {{- else if ne .Values.defaultInitContainers.createDefaultConfig.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.defaultInitContainers.createDefaultConfig.resourcesPreset) | nindent 4 }} + {{- end }} + command: + - /bin/bash + args: + - -ec + - | + cp "$(find /opt/bitnami/airflow -name default_airflow.cfg)" /default-conf/airflow.cfg + cp "$(find /opt/bitnami/airflow -name default_webserver_config.py)" /default-conf/webserver_config.py + # HACK: When testing the connection it creates an empty airflow.db file at the + # application root + touch /default-conf/airflow.db + volumeMounts: + - name: empty-dir + mountPath: /default-conf + subPath: app-default-conf-dir +{{- end -}} + +{{/* +Returns the name that will identify the repository internally and it will be used to +create folders or volume names +*/}} +{{- define "airflow.dagsPlugins.repository.name" -}} + {{- $defaultName := regexFind "/.*$" .repository | replace "//" "" | replace "/" "-" | replace "." "-" -}} + {{- .name | default $defaultName | kebabcase -}} +{{- end -}} + +{{/* +Returns an init-container that loads DAGs and/or plugins from a ConfigMap or Git repositories +*/}} +{{- define "airflow.defaultInitContainers.loadDAGsPlugins" -}} +- name: load-dags-plugins + image: {{ include "airflow.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.defaultInitContainers.loadDAGsPlugins.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.defaultInitContainers.loadDAGsPlugins.containerSecurityContext "context" .) | nindent 4 }} + {{- end }} + {{- if .Values.defaultInitContainers.loadDAGsPlugins.resources }} + resources: {{- toYaml .Values.defaultInitContainers.loadDAGsPlugins.resources | nindent 4 }} + {{- else if ne .Values.defaultInitContainers.loadDAGsPlugins.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.defaultInitContainers.loadDAGsPlugins.resourcesPreset) | nindent 4 }} + {{- end }} + {{- if .Values.defaultInitContainers.loadDAGsPlugins.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.defaultInitContainers.loadDAGsPlugins.command "context" .) | nindent 4 }} + {{- else }} + command: ["/bin/bash"] + {{- end }} + {{- if .Values.defaultInitContainers.loadDAGsPlugins.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.defaultInitContainers.loadDAGsPlugins.args "context" .) | nindent 4 }} + {{- else }} + args: + - -ec + - | + . /opt/bitnami/scripts/libfs.sh + + {{- if .Values.dags.enabled }} + {{- range .Values.dags.repositories }} + is_dir_empty "/dags/{{ include "airflow.dagsPlugins.repository.name" . }}" && git clone {{ .repository }} --depth 1 --branch {{ .branch }} /dags/{{ include "airflow.dagsPlugins.repository.name" . }} + {{- end }} + {{- end }} + {{- if .Values.plugins.enabled }} + {{- range .Values.plugins.repositories }} + is_dir_empty "/plugins/{{ include "airflow.dagsPlugins.repository.name" . }}" && git clone {{ .repository }} --depth 1 --branch {{ .branch }} /plugins/{{ include "airflow.dagsPlugins.repository.name" . }} + {{- end }} + {{- end }} + {{- if not (empty .Values.dags.existingConfigmap) }} + cp /configmap/* /dags/external + {{- end }} + {{- end }} + {{- if .Values.defaultInitContainers.loadDAGsPlugins.extraEnvVars }} + env: {{- include "common.tplvalues.render" (dict "value" .Values.defaultInitContainers.loadDAGsPlugins.extraEnvVars "context" .) | nindent 4 }} + {{- end }} + {{- if or .Values.defaultInitContainers.loadDAGsPlugins.extraEnvVarsCM .Values.defaultInitContainers.loadDAGsPlugins.extraEnvVarsSecret }} + envFrom: + {{- if .Values.defaultInitContainers.loadDAGsPlugins.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.defaultInitContainers.loadDAGsPlugins.extraEnvVarsCM }} + {{- end }} + {{- if .Values.defaultInitContainers.loadDAGsPlugins.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.defaultInitContainers.loadDAGsPlugins.extraEnvVarsSecret }} + {{- end }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /etc/ssh + subPath: etc-ssh-dir + - name: empty-dir + mountPath: /.ssh + subPath: ssh-dir + {{- if not (empty .Values.dags.existingConfigmap) }} + - name: external-dags + mountPath: /configmap + {{- end }} + {{- if or (not (empty .Values.dags.existingConfigmap)) (not (empty .Values.dags.repositories)) }} + - name: empty-dir + mountPath: /dags + subPath: app-dags-dir + {{- end }} + {{- if not (empty .Values.plugins.repositories) }} + - name: empty-dir + mountPath: /plugins + subPath: app-plugins-dir + {{- end }} + {{- if .Values.defaultInitContainers.loadDAGsPlugins.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.defaultInitContainers.loadDAGsPlugins.extraVolumeMounts "context" $) | nindent 4 }} + {{- end }} +{{- end -}} + +{{/* +Returns a sidecar that syncs DAGs and/or plugins from Git repositories +*/}} +{{- define "airflow.defaultSidecars.syncDAGsPlugins" -}} +- name: sync-dags-plugins + image: {{ include "airflow.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.defaultSidecars.syncDAGsPlugins.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.defaultSidecars.syncDAGsPlugins.containerSecurityContext "context" .) | nindent 4 }} + {{- end }} + {{- if .Values.defaultSidecars.syncDAGsPlugins.resources }} + resources: {{- toYaml .Values.defaultSidecars.syncDAGsPlugins.resources | nindent 4 }} + {{- else if ne .Values.defaultSidecars.syncDAGsPlugins.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.defaultSidecars.syncDAGsPlugins.resourcesPreset) | nindent 4 }} + {{- end }} + {{- if .Values.defaultSidecars.syncDAGsPlugins.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.defaultSidecars.syncDAGsPlugins.command "context" .) | nindent 4 }} + {{- else }} + command: ["/bin/bash"] + {{- end }} + {{- if .Values.defaultSidecars.syncDAGsPlugins.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.defaultSidecars.syncDAGsPlugins.args "context" .) | nindent 4 }} + {{- else }} + args: + - -ec + - | + while true; do + {{- if .Values.dags.enabled }} + {{- range .Values.dags.repositories }} + cd /dags/{{ include "airflow.dagsPlugins.repository.name" . }} && git pull origin {{ .branch }} || true + ls -la /dags/{{ include "airflow.dagsPlugins.repository.name" . }} + {{- end }} + {{- end }} + {{- if .Values.plugins.enabled }} + {{- range .Values.plugins.repositories }} + cd /plugins/{{ include "airflow.dagsPlugins.repository.name" . }} && git pull origin {{ .branch }} || true + {{- end }} + {{- end }} + sleep {{ default "60" .Values.defaultSidecars.syncDAGsPlugins.interval }} + done + {{- end }} + {{- if .Values.defaultSidecars.syncDAGsPlugins.extraEnvVars }} + env: {{- include "common.tplvalues.render" (dict "value" .Values.defaultSidecars.syncDAGsPlugins.extraEnvVars "context" .) | nindent 4 }} + {{- end }} + {{- if or .Values.defaultSidecars.syncDAGsPlugins.extraEnvVarsCM .Values.defaultSidecars.syncDAGsPlugins.extraEnvVarsSecret }} + envFrom: + {{- if .Values.defaultSidecars.syncDAGsPlugins.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.defaultSidecars.syncDAGsPlugins.extraEnvVarsCM }} + {{- end }} + {{- if .Values.defaultSidecars.syncDAGsPlugins.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.defaultSidecars.syncDAGsPlugins.extraEnvVarsSecret }} + {{- end }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /etc/ssh + subPath: etc-ssh-dir + - name: empty-dir + mountPath: /.ssh + subPath: ssh-dir + {{- if not (empty .Values.dags.repositories) }} + - name: empty-dir + mountPath: /dags + subPath: app-dags-dir + {{- end }} + {{- if not (empty .Values.plugins.repositories) }} + - name: empty-dir + mountPath: /plugins + subPath: app-plugins-dir + {{- end }} + {{- if .Values.defaultSidecars.syncDAGsPlugins.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.defaultSidecars.syncDAGsPlugins.extraVolumeMounts "context" $) | nindent 4 }} + {{- end }} +{{- end -}} + +{{/* +Returns the volume mounts to use on Airflow containers to mount custom DAGs and plugins +*/}} +{{- define "airflow.dagsPlugins.volumeMounts" -}} +{{- if .Values.dags.enabled }} +{{- if not (empty .Values.dags.existingConfigmap) }} +- name: empty-dir + mountPath: /opt/bitnami/airflow/dags/external + subPath: app-dags-dir/external +{{- end }} +{{- range .Values.dags.repositories }} +- name: empty-dir + mountPath: /opt/bitnami/airflow/dags/git_{{ include "airflow.dagsPlugins.repository.name" . }} + {{- if .path }} + subPath: app-dags-dir/{{ include "airflow.dagsPlugins.repository.name" . }}/{{ .path }} + {{- else }} + subPath: app-dags-dir/{{ include "airflow.dagsPlugins.repository.name" . }} + {{- end }} +{{- end }} +{{- end }} +{{- if .Values.plugins.enabled }} +{{- range .Values.plugins.repositories }} +- name: empty-dir + mountPath: /opt/bitnami/airflow/plugins/git_{{ include "airflow.dagsPlugins.repository.name" . }} + {{- if .path }} + subPath: app-plugins-dir/{{ include "airflow.dagsPlugins.repository.name" . }}/{{ .path }} + {{- else }} + subPath: app-plugins-dir/{{ include "airflow.dagsPlugins.repository.name" . }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/bitnami/airflow/templates/config/configmap.yaml b/bitnami/airflow/templates/config/configmap.yaml index c4700a448aa963..d73ba0b8fde22d 100644 --- a/bitnami/airflow/templates/config/configmap.yaml +++ b/bitnami/airflow/templates/config/configmap.yaml @@ -9,7 +9,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "common.names.fullname" . }}-configuration - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} @@ -68,10 +68,10 @@ data: {{- if .Values.worker.podSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.worker.podSecurityContext "context" $) | nindent 8 }} {{- end }} - initContainers: {{- include "airflow.git.containers.clone" (dict "securityContext" .Values.worker.containerSecurityContext "context" $) | trim | nindent 8 }} + initContainers: - name: k8s-executor-init-config - image: {{ include "airflow.workerImage" . }} - imagePullPolicy: {{ .Values.worker.image.pullPolicy }} + image: {{ include "airflow.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.worker.containerSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.worker.containerSecurityContext "context" $) | nindent 12 }} {{- end }} @@ -80,17 +80,20 @@ data: args: - -ec - | - . /opt/bitnami/scripts/airflow-worker-env.sh - . /opt/bitnami/scripts/libairflowworker.sh + . /opt/bitnami/scripts/airflow-env.sh + . /opt/bitnami/scripts/libairflow.sh export AIRFLOW_CONF_FILE=/tmp/airflow.cfg - airflow_generate_config # Generate the config file + # Generate the config file + airflow_generate_config cp /tmp/airflow.cfg /k8s-executor-conf/airflow.cfg env: {{- include "airflow.configure.airflow.common" . | nindent 12 }} {{- include "airflow.configure.database" . | nindent 12 }} {{- include "airflow.configure.redis" . | nindent 12 }} {{- include "airflow.configure.airflow.kubernetesExecutor" . | nindent 12 }} + - name: AIRFLOW_COMPONENT_TYPE + value: "worker" - name: AIRFLOW_EXECUTOR value: {{ .Values.executor }} - name: AIRFLOW_WEBSERVER_HOST @@ -109,6 +112,9 @@ data: - name: empty-dir mountPath: /k8s-executor-conf subPath: app-k8s-executor-conf-dir + {{- if or .Values.dags.enabled .Values.plugins.enabled }} + {{- include "airflow.defaultInitContainers.loadDAGsPlugins" . | nindent 8 }} + {{- end }} {{- if .Values.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | trim | nindent 8 }} {{- end }} @@ -117,8 +123,8 @@ data: {{- end }} containers: - name: airflow-worker - image: {{ include "airflow.workerImage" . }} - imagePullPolicy: {{ .Values.worker.image.pullPolicy }} + image: {{ include "airflow.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.worker.containerSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.worker.containerSecurityContext "context" $) | nindent 12 }} {{- end }} @@ -133,11 +139,13 @@ data: args: {{- include "common.tplvalues.render" (dict "value" .Values.worker.args "context" $) | nindent 12 }} {{- end }} env: - - name: AIRFLOW__CORE__EXECUTOR - value: LocalExecutor {{- include "airflow.configure.airflow.common" . | nindent 12 }} {{- include "airflow.configure.database" . | nindent 12 }} {{- include "airflow.configure.redis" . | nindent 12 }} + - name: AIRFLOW_COMPONENT_TYPE + value: "worker" + - name: AIRFLOW__CORE__EXECUTOR + value: LocalExecutor - name: AIRFLOW_EXECUTOR value: {{ .Values.executor }} - name: AIRFLOW_WEBSERVER_HOST @@ -228,14 +236,6 @@ data: - name: empty-dir mountPath: /opt/bitnami/airflow/airflow.db subPath: app-default-conf-dir/airflow.db - {{- if .Files.Glob "files/dags/*.py" }} - - name: local-dag-files - mountPath: /opt/bitnami/airflow/dags/local - {{- end }} - {{- if .Values.dags.existingConfigmap }} - - name: external-dag-files - mountPath: /opt/bitnami/airflow/dags/external - {{- end }} {{- if or .Values.configuration .Values.existingConfigmap }} - name: custom-configuration-file mountPath: /opt/bitnami/airflow/airflow.cfg @@ -245,13 +245,18 @@ data: mountPath: /opt/bitnami/airflow/airflow.cfg subPath: app-k8s-executor-conf-dir/airflow.cfg {{- end }} + {{- if or .Values.dags.enabled .Values.plugins.enabled }} + {{- include "airflow.dagsPlugins.volumeMounts" . | nindent 12 }} + {{- end }} {{- if .Values.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} {{- if .Values.worker.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.worker.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} - {{- include "airflow.git.maincontainer.volumeMounts" . | trim | nindent 12 }} + {{- if or .Values.dags.enabled .Values.plugins.enabled }} + {{- include "airflow.defaultSidecars.syncDAGsPlugins" . | nindent 8 }} + {{- end }} {{- if .Values.sidecars }} {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | trim | nindent 8 }} {{- end }} @@ -261,10 +266,10 @@ data: volumes: - name: empty-dir emptyDir: {} - {{- if .Values.dags.existingConfigmap }} - - name: external-dag-files + {{- if and .Values.dags.enabled .Values.dags.existingConfigmap }} + - name: external-dags configMap: - name: {{ .Values.dags.existingConfigmap }} + name: {{ tpl .Values.dags.existingConfigmap $ }} {{- end }} {{- if or .Values.configuration .Values.existingConfigmap }} - name: custom-configuration-file diff --git a/bitnami/airflow/templates/config/secret-external-db.yaml b/bitnami/airflow/templates/config/secret-external-db.yaml index ad310a63e29e00..663c54e3cbe586 100644 --- a/bitnami/airflow/templates/config/secret-external-db.yaml +++ b/bitnami/airflow/templates/config/secret-external-db.yaml @@ -8,7 +8,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ printf "%s-externaldb" .Release.Name }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} diff --git a/bitnami/airflow/templates/config/secret-external-redis.yaml b/bitnami/airflow/templates/config/secret-external-redis.yaml index 2f5a451294c34d..9671590d0ee8f7 100644 --- a/bitnami/airflow/templates/config/secret-external-redis.yaml +++ b/bitnami/airflow/templates/config/secret-external-redis.yaml @@ -8,7 +8,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ printf "%s-%s" .Release.Name "externalredis" }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} diff --git a/bitnami/airflow/templates/config/secret-ldap.yaml b/bitnami/airflow/templates/config/secret-ldap.yaml index 2c4efbd2a92110..5ac667333556a1 100644 --- a/bitnami/airflow/templates/config/secret-ldap.yaml +++ b/bitnami/airflow/templates/config/secret-ldap.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: Secret metadata: - name: {{ include "airflow.ldap" . }} - namespace: {{ .Release.Namespace | quote }} + name: {{ printf "%s-ldap" (include "common.names.fullname" .) | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} @@ -16,4 +16,4 @@ metadata: type: Opaque data: bind-password: {{ .Values.ldap.bindpw | b64enc | quote }} -{{- end -}} +{{- end }} diff --git a/bitnami/airflow/templates/config/secret.yaml b/bitnami/airflow/templates/config/secret.yaml index cbb01e4039d5ea..092a12fddd5692 100644 --- a/bitnami/airflow/templates/config/secret.yaml +++ b/bitnami/airflow/templates/config/secret.yaml @@ -3,12 +3,12 @@ Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} -{{- if (not .Values.auth.existingSecret) -}} +{{- if not .Values.auth.existingSecret }} apiVersion: v1 kind: Secret metadata: name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} diff --git a/bitnami/airflow/templates/metrics/deployment.yaml b/bitnami/airflow/templates/metrics/deployment.yaml index 8dc33037d9d79b..0f9fda6666299b 100644 --- a/bitnami/airflow/templates/metrics/deployment.yaml +++ b/bitnami/airflow/templates/metrics/deployment.yaml @@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: name: {{ printf "%s-exporter" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.metrics.image "chart" .Chart ) ) }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} diff --git a/bitnami/airflow/templates/metrics/service.yaml b/bitnami/airflow/templates/metrics/service.yaml index 52f72de64afc6f..53b695e0774579 100644 --- a/bitnami/airflow/templates/metrics/service.yaml +++ b/bitnami/airflow/templates/metrics/service.yaml @@ -8,7 +8,7 @@ apiVersion: v1 kind: Service metadata: name: {{ printf "%s-exporter" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.metrics.image "chart" .Chart ) ) }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} diff --git a/bitnami/airflow/templates/metrics/servicemonitor.yaml b/bitnami/airflow/templates/metrics/servicemonitor.yaml index 65b6c43cc9f93f..210fc6f380c0d0 100644 --- a/bitnami/airflow/templates/metrics/servicemonitor.yaml +++ b/bitnami/airflow/templates/metrics/servicemonitor.yaml @@ -8,7 +8,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ printf "%s-exporter" (include "common.names.fullname" .) }} - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.metrics.image "chart" .Chart ) ) }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels $versionLabel ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} @@ -46,5 +46,5 @@ spec: {{- end }} namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "common.names.namespace" . | quote }} {{- end }} diff --git a/bitnami/airflow/templates/rbac/role.yaml b/bitnami/airflow/templates/rbac/role.yaml index 5ec9f8e1cb62cd..eae38bdcdf7920 100644 --- a/bitnami/airflow/templates/rbac/role.yaml +++ b/bitnami/airflow/templates/rbac/role.yaml @@ -3,12 +3,12 @@ Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} -{{- if .Values.rbac.create -}} +{{- if .Values.rbac.create }} apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: Role metadata: name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} @@ -41,5 +41,5 @@ rules: {{- if .Values.rbac.rules }} {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} {{- end }} -{{- end -}} +{{- end }} diff --git a/bitnami/airflow/templates/rbac/rolebinding.yaml b/bitnami/airflow/templates/rbac/rolebinding.yaml index 30de4c5a0a70f0..31e7501317be7c 100644 --- a/bitnami/airflow/templates/rbac/rolebinding.yaml +++ b/bitnami/airflow/templates/rbac/rolebinding.yaml @@ -3,12 +3,12 @@ Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} -{{- if .Values.rbac.create -}} +{{- if .Values.rbac.create }} apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: RoleBinding metadata: name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} @@ -20,5 +20,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "airflow.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} -{{- end -}} + namespace: {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/bitnami/airflow/templates/rbac/serviceaccount.yaml b/bitnami/airflow/templates/rbac/serviceaccount.yaml index a1fbf9f253e422..27348be01f1d29 100644 --- a/bitnami/airflow/templates/rbac/serviceaccount.yaml +++ b/bitnami/airflow/templates/rbac/serviceaccount.yaml @@ -3,16 +3,16 @@ Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} -{{- if .Values.serviceAccount.create -}} +{{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "airflow.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -{{- end -}} +{{- end }} diff --git a/bitnami/airflow/templates/scheduler/deployment.yaml b/bitnami/airflow/templates/scheduler/deployment.yaml index 7a387ef7c0428d..be46ab69c0ce1e 100644 --- a/bitnami/airflow/templates/scheduler/deployment.yaml +++ b/bitnami/airflow/templates/scheduler/deployment.yaml @@ -7,17 +7,15 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: - name: {{ printf "%s-scheduler" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.scheduler.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + name: {{ template "airflow.scheduler.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: scheduler {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | trim | nindent 4 }} {{- end }} spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.scheduler.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.scheduler.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: scheduler @@ -71,38 +69,9 @@ spec: securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.scheduler.podSecurityContext "context" $) | nindent 8 }} {{- end }} initContainers: - - name: create-default-config - image: {{ include "airflow.schedulerImage" . }} - imagePullPolicy: {{ .Values.scheduler.image.pullPolicy | quote }} - {{- if .Values.scheduler.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.scheduler.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - command: - - /bin/bash - args: - - -ec - - | - #!/bin/bash - - cp "$(find /opt/bitnami/airflow -name default_airflow.cfg)" /default-conf/airflow.cfg - # HACK: When testing the connection it creates an empty airflow.db file at the - # application root - touch /default-conf/airflow.db - {{- if .Values.scheduler.resources }} - resources: {{- toYaml .Values.scheduler.resources | nindent 12 }} - {{- else if ne .Values.scheduler.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.scheduler.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /default-conf - subPath: app-default-conf-dir - {{- include "airflow.git.containers.clone" (dict "securityContext" .Values.scheduler.containerSecurityContext "context" $) | trim | nindent 8 }} - {{- if .Values.dags.existingConfigmap }} - {{- include "airflow.loadDAGsInitContainer" (dict "component" "scheduler" "context" . ) | trim | nindent 8 }} + {{- include "airflow.defaultInitContainers.createDefaultConfig" . | nindent 8 }} + {{- if or .Values.dags.enabled .Values.plugins.enabled }} + {{- include "airflow.defaultInitContainers.loadDAGsPlugins" . | nindent 8 }} {{- end }} {{- if .Values.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | trim | nindent 8 }} @@ -111,10 +80,9 @@ spec: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.initContainers "context" $) | trim | nindent 8 }} {{- end }} containers: - {{- include "airflow.git.containers.sync" (dict "securityContext" .Values.scheduler.containerSecurityContext "context" $) | trim | nindent 8 }} - name: airflow-scheduler - image: {{ include "airflow.schedulerImage" . | quote }} - imagePullPolicy: {{ .Values.scheduler.image.pullPolicy | quote }} + image: {{ include "airflow.image" . | quote }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.scheduler.containerSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.scheduler.containerSecurityContext "context" $) | nindent 12 }} {{- end }} @@ -133,6 +101,8 @@ spec: {{- include "airflow.configure.database" . | nindent 12 }} {{- include "airflow.configure.redis" . | nindent 12 }} {{- include "airflow.configure.airflow.kubernetesExecutor" . | nindent 12 }} + - name: AIRFLOW_COMPONENT_TYPE + value: "scheduler" - name: AIRFLOW_EXECUTOR value: {{ .Values.executor }} - name: AIRFLOW_WEBSERVER_HOST @@ -235,15 +205,6 @@ spec: - name: empty-dir mountPath: /tmp subPath: tmp-dir - {{- if .Files.Glob "files/dags/*.py" }} - - name: local-dag-files - mountPath: /opt/bitnami/airflow/dags/local - {{- end }} - {{- if .Values.dags.existingConfigmap }} - - name: empty-dir - mountPath: /opt/bitnami/airflow/dags/external - subPath: app-external-dag-dir - {{- end }} {{- if or .Values.configuration .Values.existingConfigmap }} - name: custom-configuration-file mountPath: /opt/bitnami/airflow/airflow.cfg @@ -258,13 +219,18 @@ spec: mountPath: /opt/bitnami/airflow/pod_template.yaml subPath: pod_template.yaml {{- end }} + {{- if or .Values.dags.enabled .Values.plugins.enabled }} + {{- include "airflow.dagsPlugins.volumeMounts" . | nindent 12 }} + {{- end }} {{- if .Values.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} {{- if .Values.scheduler.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} - {{- include "airflow.git.maincontainer.volumeMounts" . | trim | nindent 12 }} + {{- if or .Values.dags.enabled .Values.plugins.enabled }} + {{- include "airflow.defaultSidecars.syncDAGsPlugins" . | nindent 8 }} + {{- end }} {{- if .Values.sidecars }} {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | trim | nindent 8 }} {{- end }} @@ -274,8 +240,8 @@ spec: volumes: - name: empty-dir emptyDir: {} - {{- if .Values.dags.existingConfigmap }} - - name: load-external-dag-files + {{- if and .Values.dags.enabled .Values.dags.existingConfigmap }} + - name: external-dags configMap: name: {{ tpl .Values.dags.existingConfigmap $ }} {{- end }} diff --git a/bitnami/airflow/templates/scheduler/networkpolicy.yaml b/bitnami/airflow/templates/scheduler/networkpolicy.yaml index 2ec7167adf3109..5db168a88306b3 100644 --- a/bitnami/airflow/templates/scheduler/networkpolicy.yaml +++ b/bitnami/airflow/templates/scheduler/networkpolicy.yaml @@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0 kind: NetworkPolicy apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} metadata: - name: {{ printf "%s-scheduler" (include "common.names.fullname" .) }} + name: {{ template "airflow.scheduler.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: scheduler diff --git a/bitnami/airflow/templates/scheduler/poddisruptionbudget.yaml b/bitnami/airflow/templates/scheduler/poddisruptionbudget.yaml index 58926d0df274e9..af9703d162ffb3 100644 --- a/bitnami/airflow/templates/scheduler/poddisruptionbudget.yaml +++ b/bitnami/airflow/templates/scheduler/poddisruptionbudget.yaml @@ -7,11 +7,9 @@ SPDX-License-Identifier: APACHE-2.0 kind: PodDisruptionBudget apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} metadata: - name: {{ printf "%s-scheduler" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.scheduler.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + name: {{ template "airflow.scheduler.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: scheduler spec: {{- if .Values.scheduler.pdb.minAvailable }} diff --git a/bitnami/airflow/templates/scheduler/service-headless.yaml b/bitnami/airflow/templates/scheduler/service-headless.yaml index 221225080d2194..a6d894158feb2c 100644 --- a/bitnami/airflow/templates/scheduler/service-headless.yaml +++ b/bitnami/airflow/templates/scheduler/service-headless.yaml @@ -7,11 +7,9 @@ SPDX-License-Identifier: APACHE-2.0 kind: Service apiVersion: v1 metadata: - name: {{ printf "%s-scheduler-hl" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.scheduler.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + name: {{ printf "%s-hl" (include "airflow.scheduler.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: scheduler {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} diff --git a/bitnami/airflow/templates/web/deployment.yaml b/bitnami/airflow/templates/web/deployment.yaml index 5da95631e98789..e01ec6a9f0cfb1 100644 --- a/bitnami/airflow/templates/web/deployment.yaml +++ b/bitnami/airflow/templates/web/deployment.yaml @@ -6,17 +6,15 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: - name: {{ printf "%s-web" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.web.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + name: {{ template "airflow.web.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: web {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} {{- end }} spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.web.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.web.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: web @@ -70,39 +68,9 @@ spec: securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.web.podSecurityContext "context" $) | nindent 8 }} {{- end }} initContainers: - - name: create-default-config - image: {{ include "airflow.image" . }} - imagePullPolicy: {{ .Values.web.image.pullPolicy | quote }} - {{- if .Values.web.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.web.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - command: - - /bin/bash - args: - - -ec - - | - #!/bin/bash - - cp "$(find /opt/bitnami/airflow -name default_airflow.cfg)" /default-conf/airflow.cfg - cp "$(find /opt/bitnami/airflow -name default_webserver_config.py)" /default-conf/webserver_config.py - # HACK: When testing the connection it creates an empty airflow.db file at the - # application root - touch /default-conf/airflow.db - {{- if .Values.web.resources }} - resources: {{- toYaml .Values.web.resources | nindent 12 }} - {{- else if ne .Values.web.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.web.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /default-conf - subPath: app-default-conf-dir - {{- include "airflow.git.containers.clone" (dict "securityContext" .Values.web.containerSecurityContext "context" $) | trim | nindent 8 }} - {{- if .Values.dags.existingConfigmap }} - {{- include "airflow.loadDAGsInitContainer" (dict "component" "web" "context" . ) | trim | nindent 8 }} + {{- include "airflow.defaultInitContainers.createDefaultConfig" . | nindent 8 }} + {{- if or .Values.dags.enabled .Values.plugins.enabled }} + {{- include "airflow.defaultInitContainers.loadDAGsPlugins" . | nindent 8 }} {{- end }} {{- if .Values.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | trim | nindent 8 }} @@ -111,10 +79,9 @@ spec: {{- include "common.tplvalues.render" (dict "value" .Values.web.initContainers "context" $) | trim | nindent 8 }} {{- end }} containers: - {{- include "airflow.git.containers.sync" (dict "securityContext" .Values.web.containerSecurityContext "context" $) | trim | nindent 8 }} - name: airflow-web image: {{ include "airflow.image" . }} - imagePullPolicy: {{ .Values.web.image.pullPolicy | quote }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.web.containerSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.web.containerSecurityContext "context" $) | nindent 12 }} {{- end }} @@ -180,7 +147,7 @@ spec: - name: AIRFLOW_LDAP_ALLOW_SELF_SIGNED value: {{ ternary "True" "False" .Values.ldap.tls.allowSelfSigned | quote }} - name: AIRFLOW_LDAP_TLS_CA_CERTIFICATE - value: {{ include "airflow.ldapCAFilename" . | quote }} + value: {{ printf "%s/%s" .Values.ldap.tls.certificatesMountPath .Values.ldap.tls.CAFilename | quote }} {{- end }} {{- end }} {{- if .Values.extraEnvVars }} @@ -279,15 +246,6 @@ spec: - name: empty-dir mountPath: /opt/bitnami/airflow/tmp subPath: app-tmp-dir - {{- if .Files.Glob "files/dags/*.py" }} - - name: local-dag-files - mountPath: /opt/bitnami/airflow/dags/local - {{- end }} - {{- if .Values.dags.existingConfigmap }} - - name: empty-dir - mountPath: /opt/bitnami/airflow/dags/external - subPath: app-external-dag-dir - {{- end }} {{- if or .Values.configuration .Values.existingConfigmap }} - name: custom-configuration-file mountPath: /opt/bitnami/airflow/airflow.cfg @@ -311,13 +269,18 @@ spec: mountPath: {{ .Values.ldap.tls.certificatesMountPath }} readOnly: true {{- end }} + {{- if or .Values.dags.enabled .Values.plugins.enabled }} + {{- include "airflow.dagsPlugins.volumeMounts" . | nindent 12 }} + {{- end }} {{- if .Values.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} {{- if .Values.web.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.web.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} - {{- include "airflow.git.maincontainer.volumeMounts" . | trim | nindent 12 }} + {{- if or .Values.dags.enabled .Values.plugins.enabled }} + {{- include "airflow.defaultSidecars.syncDAGsPlugins" . | nindent 8 }} + {{- end }} {{- if .Values.sidecars }} {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | trim | nindent 8 }} {{- end }} @@ -327,8 +290,8 @@ spec: volumes: - name: empty-dir emptyDir: {} - {{- if .Values.dags.existingConfigmap }} - - name: load-external-dag-files + {{- if and .Values.dags.enabled .Values.dags.existingConfigmap }} + - name: external-dags configMap: name: {{ tpl .Values.dags.existingConfigmap $ }} {{- end }} @@ -345,7 +308,7 @@ spec: {{- if .Values.ldap.tls.enabled }} - name: airflow-ldap-ca-certificate secret: - secretName: {{ required "A secret containing the LDAP CA certificate. It is required when SSL in enabled" (coalesce .Values.ldap.tls.CAcertificateSecret .Values.ldap.tls.certificatesSecret) }} + secretName: {{ required "A secret containing the LDAP CA certificate. It is required when SSL in enabled" .Values.ldap.tls.certificatesSecret }} defaultMode: 256 {{- end }} {{- if .Values.extraVolumes }} diff --git a/bitnami/airflow/templates/web/ingress.yaml b/bitnami/airflow/templates/web/ingress.yaml index eff523370d45a1..edf780b901082a 100644 --- a/bitnami/airflow/templates/web/ingress.yaml +++ b/bitnami/airflow/templates/web/ingress.yaml @@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if or .Values.ingress.annotations .Values.commonAnnotations }} {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }} diff --git a/bitnami/airflow/templates/web/networkpolicy.yaml b/bitnami/airflow/templates/web/networkpolicy.yaml index 219dd6d6ccdf1b..be46edd37514cc 100644 --- a/bitnami/airflow/templates/web/networkpolicy.yaml +++ b/bitnami/airflow/templates/web/networkpolicy.yaml @@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0 kind: NetworkPolicy apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} metadata: - name: {{ printf "%s-web" (include "common.names.fullname" .) }} + name: {{ template "airflow.web.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: web diff --git a/bitnami/airflow/templates/web/poddisruptionbudget.yaml b/bitnami/airflow/templates/web/poddisruptionbudget.yaml index f7ae9403cd5792..05084f2287de7c 100644 --- a/bitnami/airflow/templates/web/poddisruptionbudget.yaml +++ b/bitnami/airflow/templates/web/poddisruptionbudget.yaml @@ -7,11 +7,9 @@ SPDX-License-Identifier: APACHE-2.0 kind: PodDisruptionBudget apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} metadata: - name: {{ printf "%s-web" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.web.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + name: {{ template "airflow.web.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: web spec: {{- if .Values.web.pdb.minAvailable }} diff --git a/bitnami/airflow/templates/web/service.yaml b/bitnami/airflow/templates/web/service.yaml index caed4c27c0a802..ff0a7b5bf490f2 100644 --- a/bitnami/airflow/templates/web/service.yaml +++ b/bitnami/airflow/templates/web/service.yaml @@ -7,10 +7,8 @@ apiVersion: v1 kind: Service metadata: name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.web.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: web {{- if or .Values.service.annotations .Values.commonAnnotations }} {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }} diff --git a/bitnami/airflow/templates/web/tls-secrets.yaml b/bitnami/airflow/templates/web/tls-secrets.yaml index f64f90a71a7b87..cb0bbd8fe64ea2 100644 --- a/bitnami/airflow/templates/web/tls-secrets.yaml +++ b/bitnami/airflow/templates/web/tls-secrets.yaml @@ -30,7 +30,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} diff --git a/bitnami/airflow/templates/worker/horizontalpodautoscaler.yaml b/bitnami/airflow/templates/worker/horizontalpodautoscaler.yaml index 466f42a2fac25b..1a076f021c99a0 100644 --- a/bitnami/airflow/templates/worker/horizontalpodautoscaler.yaml +++ b/bitnami/airflow/templates/worker/horizontalpodautoscaler.yaml @@ -7,17 +7,15 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} kind: HorizontalPodAutoscaler metadata: - name: {{ printf "%s-worker" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.web.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + name: {{ template "airflow.worker.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: worker spec: scaleTargetRef: apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet - name: {{ printf "%s-worker" (include "common.names.fullname" .) }} + name: {{ template "airflow.worker.fullname" . }} minReplicas: {{ .Values.worker.autoscaling.minReplicas }} maxReplicas: {{ .Values.worker.autoscaling.maxReplicas }} metrics: diff --git a/bitnami/airflow/templates/worker/networkpolicy.yaml b/bitnami/airflow/templates/worker/networkpolicy.yaml index a356e395663e92..675926d38b4ef8 100644 --- a/bitnami/airflow/templates/worker/networkpolicy.yaml +++ b/bitnami/airflow/templates/worker/networkpolicy.yaml @@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0 kind: NetworkPolicy apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} metadata: - name: {{ printf "%s-worker" (include "common.names.fullname" .) }} + name: {{ template "airflow.worker.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: worker diff --git a/bitnami/airflow/templates/worker/poddisruptionbudget.yaml b/bitnami/airflow/templates/worker/poddisruptionbudget.yaml index 18b7376e9b04f8..63e0bdd00d04f4 100644 --- a/bitnami/airflow/templates/worker/poddisruptionbudget.yaml +++ b/bitnami/airflow/templates/worker/poddisruptionbudget.yaml @@ -7,11 +7,9 @@ SPDX-License-Identifier: APACHE-2.0 kind: PodDisruptionBudget apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} metadata: - name: {{ printf "%s-worker" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.web.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + name: {{ template "airflow.worker.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: worker spec: {{- if .Values.worker.pdb.minAvailable }} diff --git a/bitnami/airflow/templates/worker/service-headless.yaml b/bitnami/airflow/templates/worker/service-headless.yaml index f5b442ec8055da..2e3ed2bbbacf83 100644 --- a/bitnami/airflow/templates/worker/service-headless.yaml +++ b/bitnami/airflow/templates/worker/service-headless.yaml @@ -6,11 +6,9 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: Service metadata: - name: {{ printf "%s-worker-hl" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.web.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + name: {{ printf "%s-hl" (include "airflow.worker.fullname" .) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: worker {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} diff --git a/bitnami/airflow/templates/worker/statefulset.yaml b/bitnami/airflow/templates/worker/statefulset.yaml index a6edc6040d412b..d2ea8db97d44e8 100644 --- a/bitnami/airflow/templates/worker/statefulset.yaml +++ b/bitnami/airflow/templates/worker/statefulset.yaml @@ -7,11 +7,9 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet metadata: - name: {{ printf "%s-worker" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - {{- $versionLabel := dict "app.kubernetes.io/version" ( include "common.images.version" ( dict "imageRoot" .Values.web.image "chart" .Chart ) ) }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonLabels $versionLabel ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + name: {{ template "airflow.worker.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: worker {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} @@ -21,11 +19,11 @@ spec: podManagementPolicy: {{ .Values.worker.podManagementPolicy | quote }} {{- end }} replicas: {{ .Values.worker.replicaCount }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.worker.podLabels .Values.commonLabels $versionLabel ) "context" . ) }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.worker.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: worker - serviceName: {{ printf "%s-worker-hl" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + serviceName: {{ printf "%s-hl" (include "airflow.worker.fullname" .) | trunc 63 | trimSuffix "-" }} {{- if .Values.worker.updateStrategy }} updateStrategy: {{- toYaml .Values.worker.updateStrategy | nindent 4 }} {{- end }} @@ -75,39 +73,9 @@ spec: securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.worker.podSecurityContext "context" $) | nindent 8 }} {{- end }} initContainers: - - name: create-default-config - image: {{ include "airflow.workerImage" . }} - imagePullPolicy: {{ .Values.worker.image.pullPolicy | quote }} - {{- if .Values.worker.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.worker.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - command: - - /bin/bash - args: - - -ec - - | - #!/bin/bash - - cp "$(find /opt/bitnami/airflow -name default_airflow.cfg)" /default-conf/airflow.cfg - cp "$(find /opt/bitnami/airflow -name default_webserver_config.py)" /default-conf/webserver_config.py - # HACK: When testing the connection it creates an empty airflow.db file at the - # application root - touch /default-conf/airflow.db - {{- if .Values.worker.resources }} - resources: {{- toYaml .Values.worker.resources | nindent 12 }} - {{- else if ne .Values.worker.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.worker.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /default-conf - subPath: app-default-conf-dir - {{- include "airflow.git.containers.clone" (dict "securityContext" .Values.worker.containerSecurityContext "context" $) | trim | nindent 8 }} - {{- if .Values.dags.existingConfigmap }} - {{- include "airflow.loadDAGsInitContainer" (dict "component" "worker" "context" . ) | trim | nindent 8 }} + {{- include "airflow.defaultInitContainers.createDefaultConfig" . | nindent 8 }} + {{- if or .Values.dags.enabled .Values.plugins.enabled }} + {{- include "airflow.defaultInitContainers.loadDAGsPlugins" . | nindent 8 }} {{- end }} {{- if .Values.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | trim | nindent 8 }} @@ -116,10 +84,9 @@ spec: {{- include "common.tplvalues.render" (dict "value" .Values.worker.initContainers "context" $) | trim | nindent 8 }} {{- end }} containers: - {{- include "airflow.git.containers.sync" (dict "securityContext" .Values.worker.containerSecurityContext "context" $) | trim | nindent 8 }} - name: airflow-worker - image: {{ include "airflow.workerImage" . }} - imagePullPolicy: {{ .Values.worker.image.pullPolicy | quote }} + image: {{ include "airflow.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} {{- if .Values.worker.containerSecurityContext.enabled }} securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.worker.containerSecurityContext "context" $) | nindent 12 }} {{- end }} @@ -137,6 +104,8 @@ spec: {{- include "airflow.configure.airflow.common" . | nindent 12 }} {{- include "airflow.configure.database" . | nindent 12 }} {{- include "airflow.configure.redis" . | nindent 12 }} + - name: AIRFLOW_COMPONENT_TYPE + value: "worker" - name: AIRFLOW_EXECUTOR value: {{ include "airflow.worker.executor" . }} - name: AIRFLOW_WEBSERVER_HOST @@ -235,15 +204,6 @@ spec: - name: empty-dir mountPath: /opt/bitnami/airflow/tmp subPath: app-tmp-dir - {{- if .Files.Glob "files/dags/*.py" }} - - name: local-dag-files - mountPath: /opt/bitnami/airflow/dags/local - {{- end }} - {{- if .Values.dags.existingConfigmap }} - - name: empty-dir - mountPath: /opt/bitnami/airflow/dags/external - subPath: app-external-dag-dir - {{- end }} {{- if or .Values.configuration .Values.existingConfigmap }} - name: custom-configuration-file mountPath: /opt/bitnami/airflow/airflow.cfg @@ -256,13 +216,18 @@ spec: - name: empty-dir mountPath: /opt/bitnami/airflow/webserver_config.py subPath: app-default-conf-dir/webserver_config.py - {{- include "airflow.git.maincontainer.volumeMounts" . | trim | nindent 12 }} + {{- if or .Values.dags.enabled .Values.plugins.enabled }} + {{- include "airflow.dagsPlugins.volumeMounts" . | nindent 12 }} + {{- end }} {{- if .Values.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} {{- if .Values.worker.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.worker.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} + {{- if or .Values.dags.enabled .Values.plugins.enabled }} + {{- include "airflow.defaultSidecars.syncDAGsPlugins" . | nindent 8 }} + {{- end }} {{- if .Values.sidecars }} {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | trim | nindent 8 }} {{- end }} @@ -272,8 +237,8 @@ spec: volumes: - name: empty-dir emptyDir: {} - {{- if .Values.dags.existingConfigmap }} - - name: load-external-dag-files + {{- if and .Values.dags.enabled .Values.dags.existingConfigmap }} + - name: external-dags configMap: name: {{ tpl .Values.dags.existingConfigmap $ }} {{- end }} diff --git a/bitnami/airflow/values.yaml b/bitnami/airflow/values.yaml index 647d5920f766fe..34a31f706181c6 100644 --- a/bitnami/airflow/values.yaml +++ b/bitnami/airflow/values.yaml @@ -9,7 +9,6 @@ ## @param global.imageRegistry Global Docker image registry ## @param global.imagePullSecrets Global Docker registry secret names as an array ## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) -## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead ## global: imageRegistry: "" @@ -19,7 +18,6 @@ global: ## imagePullSecrets: [] defaultStorageClass: "" - storageClass: "" ## Compatibility adaptations for Kubernetes platforms ## compatibility: @@ -29,45 +27,81 @@ global: ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) ## adaptSecurityContext: auto + ## @param global.compatibility.omitEmptySeLinuxOptions If set to true, removes the seLinuxOptions from the securityContexts when it is set to an empty object + ## + omitEmptySeLinuxOptions: false + ## @section Common parameters ## @param kubeVersion Override Kubernetes version ## kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## @param nameOverride String to partially override common.names.name ## nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template +## @param fullnameOverride String to fully override common.names.fullname ## fullnameOverride: "" -## @param clusterDomain Kubernetes Cluster Domain -## -clusterDomain: cluster.local -## @param extraDeploy Extra objects to deploy (evaluated as a template) +## @param namespaceOverride String to fully override common.names.namespace ## -extraDeploy: [] -## @param commonLabels Add labels to all the deployed resources +namespaceOverride: "" +## @param commonLabels Labels to add to all deployed objects ## commonLabels: {} -## @param commonAnnotations Add annotations to all the deployed resources +## @param commonAnnotations Annotations to add to all deployed objects ## commonAnnotations: {} -## Enable diagnostic mode in the deployment(s)/statefulset(s) +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## Diagnostic mode +## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) +## @param diagnosticMode.command Command to override all containers in the chart release +## @param diagnosticMode.args Args to override all containers in the chart release ## diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## enabled: false - ## @param diagnosticMode.command Command to override all containers in the the deployment(s)/statefulset(s) - ## command: - sleep - ## @param diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset(s) - ## args: - infinity + ## @section Airflow common parameters +## Bitnami Airflow image version +## ref: https://hub.docker.com/r/bitnami/airflow/tags +## @param image.registry [default: REGISTRY_NAME] Airflow image registry +## @param image.repository [default: REPOSITORY_NAME/airflow] Airflow image repository +## @skip image.tag Airflow image tag (immutable tags are recommended) +## @param image.digest Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy Airflow image pull policy +## @param image.pullSecrets Airflow image pull secrets +## @param image.debug Enable image debug mode +image: + registry: docker.io + repository: juanariza131/airflow + tag: generic-np + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false + ## Authentication parameters ## ref: https://github.com/bitnami/containers/tree/main/bitnami/airflow#environment-variables ## @@ -111,36 +145,215 @@ configuration: "" ## @param existingConfigmap Name of an existing ConfigMap with the Airflow config file ## existingConfigmap: "" -## Load custom DAGs from a ConfigMap -## Note: an init container will be used to prepare the DAGs available in the ConfigMap to be consumed by Airflow containers +## Load custom DAGs files from a ConfigMap or Git repositories +## @param dags.enabled Enable loading DAGs from a ConfigMap or Git repositories +## @param dags.existingConfigmap Name of an existing ConfigMap with all the DAGs files you want to load in Airflow +## @param dags.repositories [array] Array of repositories from which to download DAG files ## dags: - ## @param dags.existingConfigmap Name of an existing ConfigMap with all the DAGs files you want to load in Airflow - ## + enabled: false existingConfigmap: "" - ## OS Shell + Utility image - ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ - ## @param dags.image.registry [default: REGISTRY_NAME] Init container load-dags image registry - ## @param dags.image.repository [default: REPOSITORY_NAME/os-shell] Init container load-dags image repository - ## @skip dags.image.tag Init container load-dags image tag (immutable tags are recommended) - ## @param dags.image.digest Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param dags.image.pullPolicy Init container load-dags image pull policy - ## @param dags.image.pullSecrets Init container load-dags image pull secrets + ## E.g: + ## repositories: + ## - repository: https://github.com/myuser/myrepo + ## branch: main + ## name: my-dags + ## path: / ## - image: - registry: docker.io - repository: bitnami/os-shell - tag: 12-debian-12-r30 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName + repositories: [] +## Load custom plugins from Git repositories +## @param plugins.enabled Enable loading plugins from Git repositories +## @param plugins.repositories [array] Array of repositories from which to download plugins +## +plugins: + enabled: false + ## E.g: + ## repositories: + ## - repository: https://github.com/myuser/myrepo + ## branch: main + ## name: my-plugins + ## path: / + ## + repositories: [] +## Default init Containers +## +defaultInitContainers: + ## Airflow "create-default-config" init container + ## Used to copy the default configuration files so they are writable + ## + createDefaultConfig: + ## Configure "create-default-config" init-container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param defaultInitContainers.createDefaultConfig.containerSecurityContext.enabled Enabled "create-default-config" init-containers' Security Context + ## @param defaultInitContainers.createDefaultConfig.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in "create-default-config" init-containers + ## @param defaultInitContainers.createDefaultConfig.containerSecurityContext.runAsUser Set runAsUser in "create-default-config" init-containers' Security Context + ## @param defaultInitContainers.createDefaultConfig.containerSecurityContext.runAsGroup Set runAsUser in "create-default-config" init-containers' Security Context + ## @param defaultInitContainers.createDefaultConfig.containerSecurityContext.runAsNonRoot Set runAsNonRoot in "create-default-config" init-containers' Security Context + ## @param defaultInitContainers.createDefaultConfig.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in "create-default-config" init-containers' Security Context + ## @param defaultInitContainers.createDefaultConfig.containerSecurityContext.privileged Set privileged in "create-default-config" init-containers' Security Context + ## @param defaultInitContainers.createDefaultConfig.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in "create-default-config" init-containers' Security Context + ## @param defaultInitContainers.createDefaultConfig.containerSecurityContext.capabilities.add List of capabilities to be added in "create-default-config" init-containers + ## @param defaultInitContainers.createDefaultConfig.containerSecurityContext.capabilities.drop List of capabilities to be dropped in "create-default-config" init-containers + ## @param defaultInitContainers.createDefaultConfig.containerSecurityContext.seccompProfile.type Set seccomp profile in "create-default-config" init-containers + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Airflow "create-default-config" init container resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param defaultInitContainers.createDefaultConfig.resourcesPreset Set Airflow "create-default-config" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultInitContainers.createDefaultConfig.resources is set (defaultInitContainers.createDefaultConfig.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## - pullSecrets: [] + resourcesPreset: "nano" + ## @param defaultInitContainers.createDefaultConfig.resources Set Airflow "create-default-config" init container requests and limits for different resources like CPU or memory (essential for production workloads) + ## E.g: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Airflow "load-dags-plugins" init container + ## Used to load DAGs and/or plugins from a ConfigMap or Git repositories + ## + loadDAGsPlugins: + ## @param defaultInitContainers.loadDAGsPlugins.command Override cmd + ## @param defaultInitContainers.loadDAGsPlugins.args Override args + ## @param defaultInitContainers.loadDAGsPlugins.extraVolumeMounts Add extra volume mounts + ## @param defaultInitContainers.loadDAGsPlugins.extraEnvVars Add extra environment variables + ## @param defaultInitContainers.loadDAGsPlugins.extraEnvVarsCM ConfigMap with extra environment variables + ## @param defaultInitContainers.loadDAGsPlugins.extraEnvVarsSecret Secret with extra environment variables + command: [] + args: [] + extraVolumeMounts: [] + extraEnvVars: [] + extraEnvVarsCM: "" + extraEnvVarsSecret: "" + ## Configure "load-dags-plugins" init-container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.enabled Enabled "load-dags-plugins" init-containers' Security Context + ## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in "load-dags-plugins" init-containers + ## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.runAsUser Set runAsUser in "load-dags-plugins" init-containers' Security Context + ## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.runAsGroup Set runAsUser in "load-dags-plugins" init-containers' Security Context + ## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.runAsNonRoot Set runAsNonRoot in "load-dags-plugins" init-containers' Security Context + ## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in "load-dags-plugins" init-containers' Security Context + ## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.privileged Set privileged in "load-dags-plugins" init-containers' Security Context + ## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in "load-dags-plugins" init-containers' Security Context + ## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.capabilities.add List of capabilities to be added in "load-dags-plugins" init-containers + ## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.capabilities.drop List of capabilities to be dropped in "load-dags-plugins" init-containers + ## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.seccompProfile.type Set seccomp profile in "load-dags-plugins" init-containers + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Airflow "load-dags-plugins" init container resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param defaultInitContainers.loadDAGsPlugins.resourcesPreset Set Airflow "load-dags-plugins" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultInitContainers.loadDAGsPlugins.resources is set (defaultInitContainers.loadDAGsPlugins.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param defaultInitContainers.loadDAGsPlugins.resources Set Airflow "load-dags-plugins" init container requests and limits for different resources like CPU or memory (essential for production workloads) + ## E.g: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} +## Default sidecars +## +defaultSidecars: + ## Airflow "sync-dags-plugins" sidecar + ## Used to sync DAGs and/or plugins from Git repositories + ## + syncDAGsPlugins: + ## @param defaultSidecars.syncDAGsPlugins.interval Interval in seconds to pull the git repository containing the DAGs and/or plugins + ## @param defaultSidecars.syncDAGsPlugins.command Override cmd + ## @param defaultSidecars.syncDAGsPlugins.args Override args + ## @param defaultSidecars.syncDAGsPlugins.extraVolumeMounts Add extra volume mounts + ## @param defaultSidecars.syncDAGsPlugins.extraEnvVars Add extra environment variables + ## @param defaultSidecars.syncDAGsPlugins.extraEnvVarsCM ConfigMap with extra environment variables + ## @param defaultSidecars.syncDAGsPlugins.extraEnvVarsSecret Secret with extra environment variables + interval: 60 + command: [] + args: [] + extraVolumeMounts: [] + extraEnvVars: [] + extraEnvVarsCM: "" + extraEnvVarsSecret: "" + ## Configure "sync-dags-plugins" sidecar Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.enabled Enabled "sync-dags-plugins" sidecars' Security Context + ## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in "sync-dags-plugins" sidecars + ## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.runAsUser Set runAsUser in "sync-dags-plugins" sidecars' Security Context + ## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.runAsGroup Set runAsUser in "sync-dags-plugins" sidecars' Security Context + ## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.runAsNonRoot Set runAsNonRoot in "sync-dags-plugins" sidecars' Security Context + ## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in "sync-dags-plugins" sidecars' Security Context + ## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.privileged Set privileged in "sync-dags-plugins" sidecars' Security Context + ## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in "sync-dags-plugins" sidecars' Security Context + ## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.capabilities.add List of capabilities to be added in "sync-dags-plugins" sidecars + ## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.capabilities.drop List of capabilities to be dropped in "sync-dags-plugins" sidecars + ## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.seccompProfile.type Set seccomp profile in "sync-dags-plugins" sidecars + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + add: [] + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Airflow "sync-dags-plugins" sidecar resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param defaultSidecars.syncDAGsPlugins.resourcesPreset Set Airflow "sync-dags-plugins" sidecar resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultSidecars.syncDAGsPlugins.resources is set (defaultSidecars.syncDAGsPlugins.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param defaultSidecars.syncDAGsPlugins.resources Set Airflow "sync-dags-plugins" sidecar requests and limits for different resources like CPU or memory (essential for production workloads) + ## E.g: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param extraEnvVars Add extra environment variables for all the Airflow pods ## extraEnvVars: [] @@ -181,38 +394,9 @@ extraVolumeMounts: [] ## @param extraVolumes Optionally specify extra list of additional volumes for the all the Airflow pods ## extraVolumes: [] + ## @section Airflow web parameters web: - ## Bitnami Airflow image version - ## ref: https://hub.docker.com/r/bitnami/airflow/tags/ - ## @param web.image.registry [default: REGISTRY_NAME] Airflow image registry - ## @param web.image.repository [default: REPOSITORY_NAME/airflow] Airflow image repository - ## @skip web.image.tag Airflow image tag (immutable tags are recommended) - ## @param web.image.digest Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param web.image.pullPolicy Airflow image pull policy - ## @param web.image.pullSecrets Airflow image pull secrets - ## @param web.image.debug Enable image debug mode - image: - registry: docker.io - repository: bitnami/airflow - tag: 2.10.2-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false ## @param web.baseUrl URL used to access to Airflow web ui ## baseUrl: "" @@ -527,37 +711,6 @@ web: ingressNSPodMatchLabels: {} ## @section Airflow scheduler parameters scheduler: - ## Bitnami Airflow Scheduler image version - ## ref: https://hub.docker.com/r/bitnami/airflow-scheduler/tags/ - ## @param scheduler.image.registry [default: REGISTRY_NAME] Airflow Scheduler image registry - ## @param scheduler.image.repository [default: REPOSITORY_NAME/airflow-scheduler] Airflow Scheduler image repository - ## @skip scheduler.image.tag Airflow Scheduler image tag (immutable tags are recommended) - ## @param scheduler.image.digest Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param scheduler.image.pullPolicy Airflow Scheduler image pull policy - ## @param scheduler.image.pullSecrets Airflow Scheduler image pull secrets - ## @param scheduler.image.debug Enable image debug mode - ## - image: - registry: docker.io - repository: bitnami/airflow-scheduler - tag: 2.10.2-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false ## @param scheduler.replicaCount Number of scheduler replicas ## replicaCount: 1 @@ -862,37 +1015,6 @@ scheduler: ingressNSPodMatchLabels: {} ## @section Airflow worker parameters worker: - ## Bitnami Airflow Worker image version - ## ref: https://hub.docker.com/r/bitnami/airflow-worker/tags/ - ## @param worker.image.registry [default: REGISTRY_NAME] Airflow Worker image registry - ## @param worker.image.repository [default: REPOSITORY_NAME/airflow-worker] Airflow Worker image repository - ## @skip worker.image.tag Airflow Worker image tag (immutable tags are recommended) - ## @param worker.image.digest Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param worker.image.pullPolicy Airflow Worker image pull policy - ## @param worker.image.pullSecrets Airflow Worker image pull secrets - ## @param worker.image.debug Enable image debug mode - ## - image: - registry: docker.io - repository: bitnami/airflow-worker - tag: 2.10.2-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false ## @param worker.command Override default container command (useful when using custom images) ## command: [] @@ -1219,155 +1341,13 @@ worker: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} -## @section Airflow git sync parameters -## Configure Git to pull dags and plugins -## -git: - ## Bitnami Git image version - ## ref: https://hub.docker.com/r/bitnami/git/tags/ - ## @param git.image.registry [default: REGISTRY_NAME] Git image registry - ## @param git.image.repository [default: REPOSITORY_NAME/git] Git image repository - ## @skip git.image.tag Git image tag (immutable tags are recommended) - ## @param git.image.digest Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param git.image.pullPolicy Git image pull policy - ## @param git.image.pullSecrets Git image pull secrets - ## - image: - registry: docker.io - repository: bitnami/git - tag: 2.46.1-debian-12-r1 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Get DAG files from git repositories - ## @param git.dags.enabled Enable in order to download DAG files from git repositories. - ## @param git.dags.repositories [array] Array of repositories from which to download DAG files - ## - dags: - enabled: false - ## Name for repositories can be anything unique and must follow same naming conventions as kubernetes. - ## Kubernetes resources can have names up to 253 characters long. The characters allowed in names are: - ## digits (0-9), lower case letters (a-z), -, and . - ## Example: - ## - repository: https://github.com/myuser/myrepo - ## branch: main - ## name: my-dags - ## path: / - ## - repositories: - - repository: "" - ## Branch from repository to checkout - ## - branch: "" - ## An unique identifier for repository, must be unique for each repository - ## - name: "" - ## Path to a folder in the repository containing the dags - ## - path: "" - ## Get Plugins files from git repositories. - ## @param git.plugins.enabled Enable in order to download Plugins files from git repositories. - ## @param git.plugins.repositories [array] Array of repositories from which to download DAG files - ## - plugins: - enabled: false - repositories: - - repository: "" - ## Branch from repository to checkout - ## - branch: "" - ## An unique identifier for repository, must be unique for each repository - ## - name: "" - ## Path to a folder in the repository containing the plugins - ## - path: "" - ## Properties for the Clone init container - ## @param git.clone.command Override cmd - ## @param git.clone.args Override args - ## @param git.clone.extraVolumeMounts Add extra volume mounts - ## @param git.clone.extraEnvVars Add extra environment variables - ## @param git.clone.extraEnvVarsCM ConfigMap with extra environment variables - ## @param git.clone.extraEnvVarsSecret Secret with extra environment variables - ## - clone: - command: [] - args: [] - extraVolumeMounts: [] - extraEnvVars: [] - extraEnvVarsCM: "" - extraEnvVarsSecret: "" - ## Clone init container resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param git.clone.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## @param git.clone.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if git.clone.resources is set (git.clone.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## Properties for the Sync sidecar container - ## @param git.sync.interval Interval in seconds to pull the git repository containing the plugins and/or DAG files - ## @param git.sync.command Override cmd - ## @param git.sync.args Override args - ## @param git.sync.extraVolumeMounts Add extra volume mounts - ## @param git.sync.extraEnvVars Add extra environment variables - ## @param git.sync.extraEnvVarsCM ConfigMap with extra environment variables - ## @param git.sync.extraEnvVarsSecret Secret with extra environment variables - ## - sync: - interval: 60 - command: [] - args: [] - extraVolumeMounts: [] - extraEnvVars: [] - extraEnvVarsCM: "" - extraEnvVarsSecret: "" - ## @param git.sync.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if git.sync.resources is set (git.sync.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param git.sync.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## Sync sidecar container resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## - resources: {} ## @section Airflow ldap parameters ## LDAP configuration ## @param ldap.enabled Enable LDAP authentication ## @param ldap.uri Server URI, eg. ldap://ldap_server:389 -## DEPRECATED ldap.base It will be removed in a future release, please use 'ldap.basedn' instead ## @param ldap.basedn Base of the search, eg. ou=example,o=org. -## DEPRECATED ldap.uidField It will be removed in a future release,, please use 'ldap.searchAttribute' instead ## @param ldap.searchAttribute if doing an indirect bind to ldap, this is the field that matches the username when searching for the account to bind to ## @param ldap.binddn DN of the account used to search in the LDAP server. ## @param ldap.bindpw Bind Password @@ -1390,10 +1370,8 @@ ldap: ## SSL/TLS parameters for LDAP ## @param ldap.tls.enabled Enabled TLS/SSL for LDAP, you must include the CA file. ## @param ldap.tls.allowSelfSigned Allow to use self signed certificates - ## DEPRECATED ldap.tls.CAcertificateSecret It will be removed in a future release, please use ldap.tls.certificatesSecret instead ## @param ldap.tls.certificatesSecret Name of the existing secret containing the certificate CA file that will be used by ldap client ## @param ldap.tls.certificatesMountPath Where LDAP certifcates are mounted. - ## DEPRECATED ldap.tls.CAcertificateFilename It will be removed in a future release, please use ldap.tls.CAFilename instead ## @param ldap.tls.CAFilename LDAP CA cert filename ## tls: