chart/RELEASE_NOTES.rst
.. Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
.. http://www.apache.org/licenses/LICENSE-2.0
.. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
.. contents:: Apache Airflow Helm Chart Releases :local: :depth: 1
Run helm repo update before upgrading the chart to the latest version.
.. towncrier release notes start
Significant Changes ^^^^^^^^^^^^^^^^^^^
Support for old versions of Apache Airflow <2.11 has been dropped (#61018) """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
Minimum supported version of Apache Airflow is now 2.11.0. If you want to deploy an old version of Apache Airflow, please use the last released version of the chart 1.19.0.
workers specific sections have been moved to workers.celery / workers.kubernetes sections
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
Please update your configuration accordingly:
workers.command command is now deprecated in favor of workers.celery.command/workers.kubernetes.command (#60067).workers.securityContexts command is now deprecated in favor of workers.celery.securityContexts/workers.kubernetes.securityContexts (#60396).workers.containerLifecycleHooks command is now deprecated in favor of workers.celery.containerLifecycleHooks/workers.kubernetes.containerLifecycleHooks (#61369).workers.kerberosSidecar section is now deprecated in favor of workers.celery.kerberosSidecar/workers.kubernetes.kerberosSidecar (#61881).workers.kerberosInitContainer section is now deprecated in favor of workers.celery.kerberosInitContainer/workers.kubernetes.kerberosInitContainer (#60751).workers.terminationGracePeriodSeconds command is now deprecated in favor of workers.celery.terminationGracePeriodSeconds/workers.kubernetes.terminationGracePeriodSeconds (#61892).workers.nodeSelector command is now deprecated in favor of workers.celery.nodeSelector/workers.kubernetes.nodeSelector (#61957).workers.podDisruptionBudget section is now deprecated in favor of workers.celery.podDisruptionBudget. Please update your configuration accordingly. (#61414)workers.keda section is now deprecated in favor of workers.celery.keda. Please update your configuration accordingly. (#61820)workers.resources section is now deprecated in favor of workers.celery.resources and workers.kubernetes.resources. Please update your configuration accordingly. (#61890)The previous configuration options are still working, but are deprecated and will be removed in a future version.
As Git-Sync is not service-type object, the readiness probe will be removed. (#62334) """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
To enable feature behaviour set dags.gitSync.recommendedProbeSetting to true. Section itself will be removed in future release as to not break setups during upgrades.
As Git-Sync has dedicated liveness service, the liveness probe behaviour will be changed. To enable feature behaviour set dags.gitSync.recommendedProbeSetting to true.
Please update your configuration accordingly.
Automatic env variables removed from container_extra_envs and custom_airflow_environment (#60750)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The automatic prefix addition for Kubernetes Executor environment variables and secrets has been removed from both the container_extra_envs and custom_airflow_environment helper functions.
What changed:
Previously, when you added environment variables to component-specific configurations (e.g., .Values.scheduler.env), the chart automatically created an additional environment variable (to specified in the env section) with the AIRFLOW__KUBERNETES_ENVIRONMENT_VARIABLES__ prefix for Kubernetes Executor worker pods. After this change, only the variable specified in env section will be created.
Furthermore, for values specified under .Values.secret section, the AIRFLOW__KUBERNETES_SECRETS__ prefix is no longer automatically added. Secrets are now passed as-is via secretKeyRef without the prefixed copy for worker pods.
Why this change:
client_secret information. Previously, due to prefix, it was recognized as internal Airflow configuration leading to unintended exposure in Airflow UI (under Admin -> Configuration), even when AIRFLOW__API__EXPOSE_CONFIG is set to non-sensitive-only.Migration Required:
If you need to pass environment variables specifically to Kubernetes Executor worker pods, use one of the following approaches:
Option 1: Use .Values.env
.. code-block:: yaml
env:
- name: my_var
value: "my_value"
Environment variables specified under .Values.env are now passed as-is without the automatic prefix (same behaviour as component-specific env).
Option 2: Use .Values.config.kubernetes_environment_variables
.. code-block:: yaml
config:
kubernetes_environment_variables:
my_var: "my_value"
Default Airflow image is updated to 3.1.8 (#63392)
""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 3.1.8, previously it was 3.1.7.
Features ^^^^^^^^
podAnnotations and airflowPodAnnotations values (#63019)Improvements ^^^^^^^^^^^^
KUBERNETES_ENVIRONMENT_VARIABLES and KUBERNETES_SECRETS prefixes from chart helpers (#60750)workers.celery.nodeSelector & workers.kubernetes.nodeSelector (#61957)workers.celery.terminationGracePeriodSeconds & workers.kubernetes.terminationGracePeriodSeconds (#61892)workers.celery.resources & workers.kubernetes.resources (#61890)workers.celery.keda section (#61820)workers.celery.podDisruptionBudget (#61414)workers.celery.containerLifecycleHooks & workers.kubernetes.containerLifecycleHooks (#61369)livenessProbe & deprecate readinessProbe & add startupProbe (#62334)securityContext values (#62729)apiServer, statsd, and pgbouncer (#62490)securityContexts and containerLifecycleHook (#60677)Bug Fixes ^^^^^^^^^
spec.replicas when HPA is enabled (#63187)workers.celery.kerberosSidecar & workers.kubernetes.kerberosSidecar sections (#61881)tpl rendering for TLS hosts in ingress templates #62358 (#62548)webserver.defaultUser.enabled=false not honored (#62143)Doc only changes ^^^^^^^^^^^^^^^^
Misc ^^^^
*.iml to .gitignore in all distributions (#63636)Significant Changes ^^^^^^^^^^^^^^^^^^^
StatsD metrics aggregation now supports configurable TTL-enabled LRU cache to prevent memory growth in long-running daemons (#60933) """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The Helm Chart now includes new configuration options for StatsD aggregation management:
statsd.cache.type - Enable TTL-enabled lru cache or random cache for metrics aggregation (default: lru)statsd.cache.size - Maximum number of metrics to cache (default: 1000)statsd.cache.ttl - Time-to-live for cached metrics in seconds (0s is TTL disabled) (default: 0s)This feature addresses uncontrolled memory growth in StatsD daemons by automatically cleaning up stale or unused metric entries. When enabled, the cache uses both LRU (Least Recently Used) eviction and TTL (Time To Live) expiration to manage memory usage effectively.
To maintain backward compatibility, the default behaviour remains unchanged. Users experiencing memory growth issues with StatsD can enable this feature by setting statsd.cache.ttl to value higher than 0 in their Helm values.
Support for Multiple Celery Worker Sets in the Helm Chart (#58547) """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
This change introduces support for advanced Celery Workers topologies to Apache Airflow Helm Chart, enabling more flexible resource allocation and precise autoscaling configurations.
Flexible Worker Topologies: The new workers.celery.enableDefault flag allows users to configure a deployment consisting only of specialized worker sets defined in workers.celery.sets section.
Multi-Queue Autoscaling Support: Updates the KEDA ScaledObject generation to support comma-separated queue lists. By using the SQL IN (...) clause, we ensure that KEDA scales worker sets based on the precise aggregate workload of all their assigned queues.
Granular Configuration Overrides: This change allows for overwrite of any currently available workers configuration per worker set. For example, a user can enable KEDA globally, but explicitly disable it for a specific worker set that requires a static number of replicas.
Options to create a default user have been moved under the createUserJob section
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
Please update your configuration accordingly:
webserver.defaultUser section is now deprecated in favor of createUserJob (#59767)The previous configuration options are still working but are deprecated and will be removed in a future version.
Note that the previous documentation described also the option apiServer.defaultUser, which was never implemented in the chart. The only supported option is now createUserJob. Using apiServer.defaultUser will raise an error.
Celery specific config options have been moved under the celery section in workers
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
Please update your configuration accordingly:
workers.replicas command is now deprecated in favor of workers.celery.replicas (#59730)workers.revisionHistoryLimit command is now deprecated in favor of workers.celery.revisionHistoryLimit (#60056)workers.args command is now deprecated in favor of workers.celery.args (#60163)workers.livenessProbe section is now deprecated in favor of workers.celery.livenessProbe (#60186)workers.updateStrategy section is now deprecated in favor of workers.celery.updateStrategy (#60351)workers.strategy section is now deprecated in favor of workers.celery.strategy (#60354)workers.podManagementPolicy section is now deprecated in favor of workers.celery.podManagementPolicy (#60359)workers.persistence section is now deprecated in favor of workers.celery.persistence (#60238)The previous configuration options are still working but are deprecated and will be removed in a future version.
Manual Service Account Token Volume configuration for pod-launching executors (#59156) """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
Added support for manual Service Account Token Volume configuration when using pod-launching executors
(CeleryExecutor, CeleryKubernetesExecutor, KubernetesExecutor, LocalKubernetesExecutor).
This implements defense-in-depth security with both ServiceAccount and Pod-level controls, providing
compatibility with security policies like Kyverno and enabling container-specific privilege assignment
following the Principle of Least Privilege.
Add imagePullSecrets option (#58094)
""""""""""""""""""""""""""""""""""""""""
Add .Values.imagePullSecrets as the new mechanism for configuring registry credentials,
deprecating both .Values.registry.secretName and the automatic creation of the <RELEASE_NAME>-registry secret from .Values.registry.connection.
Default Airflow image is updated to 3.1.7 (#61447)
""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 3.1.7, previously it was 3.0.2.
Default git-sync image is updated to 4.4.2 (#54085)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default git-sync image that is used with the Chart is now 4.4.2, previously it was 4.3.0.
New Features ^^^^^^^^^^^^
PodDisruptionBudget for Dag Processor (#60294)PodDisruptionBudget for Triggerer and Workers (#59068)HorizontalPodAutoscaler (HPA) for API Server (#52392)KubernetesJobOperator (#52024)CronJob to clean old records in the database (#58155)Improvements ^^^^^^^^^^^^
workers.celery.kerberosInitContainer & workers.kubernetes.kerberosInitContainer (#60751, #60427)workers.celery.securityContexts & workers.kubernetes.securityContexts (#60396)workers.celery.podManagementPolicy field (#60359)workers.celery.strategy field (#60354)workers.celery.updateStrategy field (#60351)workers.celery.persistence section (#60238)workers.celery.livenessProbe section (#60186)workers.celery.args field (#60163)workers.celery.command & workers.kubernetes.command (#60067)volumeClaimTemplates when logs.persistence.enabled is true (#60118)workers.celery.revisionHistoryLimit field (#60056)persistentVolumeClaimRetentionPolicy support (#59955)workers.celery.replicas field (#59730)airflow_ti_running metrics by scheduled, queued and deferred (#58819)createUserJob (#56057)securityContext field (#58663)registry.secretNames and registry.connections options (#58094)restartPolicy for batch jobs in chart (#54354)schedulerName on worker/tasks pods (#53983)PodDisruptionBudget config properties (#58864)revisionHistoryLimit to be set to 0 (#60340)subPath for logs volume mount (#52350)pod-log-reader-role to pod-launcher-role (#56872)Bug Fixes ^^^^^^^^^
kedaNetworkPolicySelector from helpers (#61564)bitnamilegacy/postgresql image (#61156)workers.celery breaking change (#61049)extraInitContainers (#60812)securityContext.containers/ingress.apiServer in values.schema.json (#60575)containerLifecycleHooks field (#60239)defaultUser from API Server in values.schema.json (#59762)defaultUser handling in createUserJob (#59767)git_sync_ssh_key_volume (#59418)dags.gitSync.enabled=true and dags.persistence.enabled=true (#59123)airflow.fullname on kubernetes objects (#52953)Doc only changes ^^^^^^^^^^^^^^^^
Significant Changes ^^^^^^^^^^^^^^^^^^^
No significant changes.
Improvements ^^^^^^^^^^^^
apiServer.env (#51191)valuesFrom in gitSync.env (#50228)Bug Fixes ^^^^^^^^^
api-server instead of webserver in NOTES.txt for Airflow 3.0+ (#52194)merged to render airflow.cfg and include computed defaults (#51828)[api] secret_key for Airflow 3.0+ instead of [webserver] secret_key (#52269)fernetkey and add test of its value (#52977)Doc only changes ^^^^^^^^^^^^^^^^
Significant Changes ^^^^^^^^^^^^^^^^^^^
Default Airflow image is updated to 3.0.2 (#51594)
""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 3.0.2, previously it was 2.10.5.
New Features ^^^^^^^^^^^^
Improvements ^^^^^^^^^^^^
Bug Fixes ^^^^^^^^^
pod-launcher-rolebinding template (#49219)webserver_config.py file to api-server (#50108)enable_proxy_fix default for Airflow 3 (#50056)workers.kerberosInitContainer configuration in values (#51405)Doc only changes ^^^^^^^^^^^^^^^^
Misc ^^^^
3.0.2 (#51594)and operator (#51114)Significant Changes ^^^^^^^^^^^^^^^^^^^
Default git-sync image is updated to 4.3.0 (#41411)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default git-sync image that is used with the Chart is now 4.3.0, previously it was 4.1.0.
Default Airflow image is updated to 2.10.5 (#46624)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 2.10.5, previously it was 2.9.3.
Default PgBouncer image is updated to 1.23.1 (#47416)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default PgBouncer image that is used with the chart is now airflow-pgbouncer-2025.03.05-1.23.1, previously it was airflow-pgbouncer-2024.01.19-1.21.0.
Default PgBouncer Exporter image is updated to v0.18.0 (#47416)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default PgBouncer Exporter image that is used with the chart is now airflow-pgbouncer-exporter-2025.03.05-0.18.0, previously it was airflow-pgbouncer-exporter-2024.06.18-0.17.0.
Default StatsD exporter image is updated to v0.28.0 (#43393)
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default StatsD exporter image that is used with the chart is now v0.28.0, previously it was v0.26.1.
New Features ^^^^^^^^^^^^
hostAliases support in Triggerer (#41725)podManagementPolicy in worker (#42673)startupProbe to flower deployment (#45012)Improvements ^^^^^^^^^^^^
ti.running metric export (#47773)startupProbe initialDelaySeconds (#47094)worker.extraPorts to expose additional ports to worker container (#46679)Bug Fixes ^^^^^^^^^
AIRFLOW__CELERY__BROKER_URL_CMD when passwordSecretName is true (#40270)volumeClaimTemplates missing apiVersion and kind (#41771)volumeClaimTemplate for scheduler in local and persistent mode (#42946)envSourceContainerName in KEDA ScaledObject (#44963)Doc only changes ^^^^^^^^^^^^^^^^
extraInitContainers is supported for jobs (#41674)reinitFrequency (#45343)workers.safeToEvict default value (#44852)storageClassName can be templated (#45176)airflowLocalSettings value description (#47855)Misc ^^^^
default_capacity to capacity (#48032)1.23.1 and PgBouncer exporter to 0.18.0 (#47416)fastapi-api command to api-server (#47076)quay.io/prometheus/statsd-exporter from v0.26.1 to v0.28.0 (#43393)Significant Changes ^^^^^^^^^^^^^^^^^^^
Default Airflow image is updated to 2.9.3 (#40816)
""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 2.9.3, previously it was 2.9.2.
Default PgBouncer Exporter image has been updated (#40318) """"""""""""""""""""""""""""""""""""""""""""""""""""""""""
The PgBouncer Exporter image has been updated to airflow-pgbouncer-exporter-2024.06.18-0.17.0, which addresses CVE-2024-24786.
New Features ^^^^^^^^^^^^
dags.gitSync.sshKey, which allows the git-sync private key to be configured in the values file directly (#39936)extraEnvFrom to git-sync containers (#39031)Improvements ^^^^^^^^^^^^
UIAlert to production guide when a dynamic webserver secret is used now opens in a new tab (#40635)extraConfigMaps and extraSecrets (#40294)Bug Fixes ^^^^^^^^^
safeToEvict annotations (#40554)triggerer.keda.usePgbouncer to values.yaml (#40614)// character using mysql backend (#40401)Doc only changes ^^^^^^^^^^^^^^^^
Misc ^^^^
airflow-pgbouncer-exporter-2024.06.18-0.17.0 (#40318)startupProbe timing comment (#40412)Significant Changes ^^^^^^^^^^^^^^^^^^^
ClusterRole and ClusterRoleBinding names have been updated to be unique (#37197)
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
ClusterRoles and ClusterRoleBindings created when multiNamespaceMode is enabled have been renamed to ensure unique names:
{{ include "airflow.fullname" . }}-pod-launcher-role has been renamed to {{ .Release.Namespace }}-{{ include "airflow.fullname" . }}-pod-launcher-role{{ include "airflow.fullname" . }}-pod-launcher-rolebinding has been renamed to {{ .Release.Namespace }}-{{ include "airflow.fullname" . }}-pod-launcher-rolebinding{{ include "airflow.fullname" . }}-pod-log-reader-role has been renamed to {{ .Release.Namespace }}-{{ include "airflow.fullname" . }}-pod-log-reader-role{{ include "airflow.fullname" . }}-pod-log-reader-rolebinding has been renamed to {{ .Release.Namespace }}-{{ include "airflow.fullname" . }}-pod-log-reader-rolebinding{{ include "airflow.fullname" . }}-scc-rolebinding has been renamed to {{ .Release.Namespace }}-{{ include "airflow.fullname" . }}-scc-rolebindingworkers.safeToEvict default changed to False (#40229)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default for workers.safeToEvict now defaults to False. This is a safer default
as it prevents the nodes workers are running on from being scaled down by the
K8s Cluster Autoscaler <https://kubernetes.io/docs/concepts/cluster-administration/cluster-autoscaling/#cluster-autoscaler>_.
If you would like to retain the previous behavior, you can set this config to True.
Default Airflow image is updated to 2.9.2 (#40160)
""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 2.9.2, previously it was 2.8.3.
Default StatsD image is updated to v0.26.1 (#38416)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default StatsD image that is used with the Chart is now v0.26.1, previously it was v0.26.0.
New Features ^^^^^^^^^^^^
Improvements ^^^^^^^^^^^^
valueFrom in env config of components (#40135)extraContainers and extraInitContainers (#38507)workers.command for KubernetesExecutor (#39132)priorityClassName to Jobs (#39133)Bug Fixes ^^^^^^^^^
workers.safeToEvict default to False (#40229)Doc only changes ^^^^^^^^^^^^^^^^
extraContainers and extraInitContainers that are templated (#40033)brokerUrlSecretName (#39115)Misc ^^^^
Significant Changes ^^^^^^^^^^^^^^^^^^^
Default Airflow image is updated to 2.8.3 (#38036)
""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 2.8.3, previously it was 2.8.2.
Bug Fixes ^^^^^^^^^
.Values.airflowPodAnnotations (#37917)multiNamespace releases with the same name (#37197)Misc ^^^^
Significant Changes ^^^^^^^^^^^^^^^^^^^
Default Airflow image is updated to 2.8.2 (#37704)
""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 2.8.2, previously it was 2.8.1.
New Features ^^^^^^^^^^^^
Improvements ^^^^^^^^^^^^
Bug Fixes ^^^^^^^^^
AIRFLOW_HOME env var to log groomer sidecar (#37588). path when preparing reproducible packages (#37402)Misc ^^^^
Significant Changes ^^^^^^^^^^^^^^^^^^^
The helm chart is now using a newer version of bitnami/postgresql dependency (#34817)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The version of bitnami/postgresql subchart upgraded from 12.10.0 to 13.2.24.
The version of PostgreSQL binaries upgraded from 11 to 16.1.0.
The change requires existing bitnami/postgresql subchart users to perform manual major version upgrade using pg_dumpall or pg_upgrade.
As a reminder, it is recommended to set up an external database <https://airflow.apache.org/docs/helm-chart/stable/production-guide.html#database>_ in production.
Default Airflow image is updated to 2.8.1 (#36907)
""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 2.8.1, previously it was 2.7.1.
Default PgBouncer and PgBouncer Exporter images have been updated (#36898) """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The PgBouncer and PgBouncer Exporter images are based on newer software/os.
pgbouncer: 1.21.0 based on alpine 3.14 (airflow-pgbouncer-2024.01.19-1.21.0)pgbouncer-exporter: 0.16.0 based on alpine 3.19 (apache/airflow:airflow-pgbouncer-exporter-2024.01.19-0.16.0)Default StatsD image is updated to v0.26.0 (#37187)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default StatsD image that is used with the Chart is now v0.26.0, previously it was v0.22.8.
Default Redis image is updated to 7-bookworm (#37187)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Redis image that is used with the Chart is now 7-bookworm, previously it was 7-bullseye.
New Features ^^^^^^^^^^^^
Improvements ^^^^^^^^^^^^
securityContexts in dag processors log groomer sidecar (#34499)securityContexts in dag processors wait-for-migrations container (#35593)storageClassName (#35581)volumeClaimTemplate for worker (#34986)priorityClassName on Redis pods (#34879)emptyDir config (#34837)Bug Fixes ^^^^^^^^^
AIRFLOW_HOME env var with airflowHome value (#34839)safeToEvict properly (#35130)useStandardNaming (#34825)usePgbouncer is false (#34741)useStandardNaming (#34787)Doc only changes ^^^^^^^^^^^^^^^^
Misc ^^^^
bitnami/postgresql subchart to 13.2.24 (#36156)pgbouncer and pgbouncer-exporter images with newer versions (#36898)statsd and redis chart images (#37187)Significant Changes ^^^^^^^^^^^^^^^^^^^
Support naming customization on helm chart resources, some resources may be renamed during upgrade (#31066) """""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
This is a new opt-in switch useStandardNaming, for backwards compatibility, to leverage the standard naming convention, which allows full use of fullnameOverride and nameOverride in all resources.
The following resources will be renamed using default of useStandardNaming=false when upgrading to 1.11.0 or a higher version.
{release}-airflow-config to {release}-config{release}-airflow-metadata to {release}-metadata{release}-airflow-result-backend to {release}-result-backend{release}-airflow-ingress to {release}-ingressFor existing installations, all your resources will be recreated with a new name and Helm will delete the previous resources.
This won't delete existing PVCs for logs used by StatefulSet/Deployments, but it will recreate them with brand new PVCs. If you do want to preserve logs history you'll need to manually copy the data of these volumes into the new volumes after deployment. Depending on what storage backend/class you're using this procedure may vary. If you don't mind starting with fresh logs/redis volumes, you can just delete the old PVCs that will be names, for example:
.. code-block:: bash
kubectl delete pvc -n airflow logs-gta-triggerer-0
kubectl delete pvc -n airflow logs-gta-worker-0
kubectl delete pvc -n airflow redis-db-gta-redis-0
If you do not change useStandardNaming or fullnameOverride after upgrade, you can proceed as usual and no unexpected behaviours will be presented.
bitnami/postgresql subchart updated to 12.10.0 (#33747)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The PostgreSQL subchart that is used with the Chart is now 12.10.0, previously it was 12.1.9.
Default git-sync image is updated to 3.6.9 (#33748)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default git-sync image that is used with the Chart is now 3.6.9, previously it was 3.6.3.
Default Airflow image is updated to 2.7.1 (#34186)
""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 2.7.1, previously it was 2.6.2.
New Features ^^^^^^^^^^^^
startupProbe to scheduler and webserver (#33107)automountServiceAccountToken (#32808)runtimeClassName (#31868)Improvements ^^^^^^^^^^^^
containerSecurityContext for cleanup job (#34351)waitformigration containers extraVolumeMounts (#32100)Bug Fixes ^^^^^^^^^
airflow db migrate command to database migration job (#34178)workers.terminationGracePeriodSeconds into KubeExecutor pod template (#33514)--local and --job-type args (#32426)Doc only changes ^^^^^^^^^^^^^^^^
Misc ^^^^
common.tplvalues.render with tpl in ingress template files (#33384)or function in template files (#34415)Significant Changes ^^^^^^^^^^^^^^^^^^^
Default Airflow image is updated to 2.6.2 (#31979)
""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 2.6.2, previously it was 2.5.3.
New Features ^^^^^^^^^^^^
Improvements ^^^^^^^^^^^^
executor and config.core.executor match (#30693)minAvailable property for PodDisruptionBudget (#30603)volumeMounts to dag processor waitForMigrations (#30990)Bug Fixes ^^^^^^^^^
waitForMigrations for workers (#31625)priorityClassName to K8S worker pod template (#31328)Misc ^^^^
apiVersion and kind order in chart templates (#31850)Significant Changes ^^^^^^^^^^^^^^^^^^^
Default PgBouncer and PgBouncer Exporter images have been updated (#29919) """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The PgBouncer and PgBouncer Exporter images are based on newer software/os. They are also multi-platform AMD/ARM images:
pgbouncer: 1.16.1 based on alpine 3.14 (airflow-pgbouncer-2023.02.24-1.16.1)pgbouncer-exporter: 0.14.0 based on alpine 3.17 (apache/airflow:airflow-pgbouncer-exporter-2023.02.21-0.14.0)Default Airflow image is updated to 2.5.3 (#30411)
""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 2.5.3, previously it was 2.5.1.
New Features ^^^^^^^^^^^^
hostAliases for Airflow webserver and scheduler (#30051)ttlSecondsAfterFinished on migrateDatabaseJob and createUserJob (#29314)Improvements ^^^^^^^^^^^^
Bug Fixes ^^^^^^^^^
config.kubernetes_executor to values (#29818)kerberos.keytab to worker when enabled (#29526)bitnami/postgresql default username and password (#29478)postgresql.nameOverride is used (#29214)Doc only changes ^^^^^^^^^^^^^^^^
Misc ^^^^
airflow_dags_mount formatting (#29296)webserver.service.ports formatting (#29297)Significant Changes ^^^^^^^^^^^^^^^^^^^
bitnami/postgresql subchart updated to 12.1.9 (#29071)
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The version of postgresql installed is still version 11.
If you are upgrading an existing helm release with the built-in postgres database, you will either need to delete your release and reinstall fresh, or manually delete these 2 objects:
.. code-block::
kubectl delete secret {RELEASE_NAME}-postgresql
kubectl delete statefulset {RELEASE_NAME}-postgresql
As a reminder, it is recommended to set up an external database <https://airflow.apache.org/docs/helm-chart/stable/production-guide.html#database>_ in production.
This version of the chart uses different variable names for setting usernames and passwords in the postgres database.
postgresql.auth.enablePostgresUser is used to determine if the "postgres" admin account will be created.postgresql.auth.postgresPassword sets the password for the "postgres" user.postgresql.auth.username and postrgesql.auth.password are used to set credentials for a non-admin account if desired.postgresql.postgresqlUsername and postgresql.postresqlPassword, which were used in the previous version of the chart, are no longer used.Users will need to make those changes in their values files if they are changing the Postgres configuration.
Previously the subchart version was 10.5.3.
Default dags.gitSync.wait reduced to 5 seconds (#27625)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default for dags.gitSync.wait has been reduced from 60 seconds to 5 seconds to reduce the likelihood of DAGs
becoming inconsistent between Airflow components. This will, however, increase traffic to the remote git repository.
Default Airflow image is updated to 2.5.1 (#29074)
""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 2.5.1, previously it was 2.4.1.
Default git-sync image is updated to 3.6.3 (#27848)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default git-sync image that is used with the Chart is now 3.6.3, previously it was 3.4.0.
Default redis image is updated to 7-bullseye (#27443)
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default redis image that is used with the Chart is now 7-bullseye, previously it was 6-bullseye.
New Features ^^^^^^^^^^^^
Improvements ^^^^^^^^^^^^
webserverConfigConfigMapName (#27419)Bug Fixes ^^^^^^^^^
extraVolumeMounts to sidecars too (#27420)Doc only changes ^^^^^^^^^^^^^^^^
Misc ^^^^
bitnami/postgresql subchart to 12.1.9 (#29071)Significant Changes ^^^^^^^^^^^^^^^^^^^
Default Airflow image is updated to 2.4.1 (#26485)
""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 2.4.1, previously it was 2.3.2.
New Features ^^^^^^^^^^^^
overrideMappings in Helm chart values (#26598)podAnnotations to StatsD deployment template (#25732)revisionHistoryLimit to all deployments (#25059)podAnnotations to Redis StatefulSet (#23708)Improvements ^^^^^^^^^^^^
flower_url_prefix in Helm chart values (#26415)sql_alchemy_conn for celery result backend when result_backend is not set (#24496)Bug Fixes ^^^^^^^^^
imagePullPolicy (#26423)sshKeySecret if dag persistence is enabled (#22913)jobs check command (#24480)--local flag for liveness probes in Airflow 2.5+ (#24999)Doc only changes ^^^^^^^^^^^^^^^^
ssh:// prefix from git repo value (#26632)defaultAirflowRepository comment (#26428)result_backend, dag processor, and helm uninstall (#24929)Misc ^^^^
Significant Changes ^^^^^^^^^^^^^^^^^^^
Default Airflow image is updated to 2.3.0 (#23386)
""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 2.3.0, previously it was 2.2.4.
ingress.enabled is deprecated
"""""""""""""""""""""""""""""""""
Instead of having a single flag to control ingress resources for both the webserver and flower, there
are now separate flags to control them individually, ingress.web.enabled and ingress.flower.enabled.
ingress.enabled is now deprecated, but will still continue to control them both.
Flower disabled by default """"""""""""""""""""""""""
Flower is no longer enabled by default when using CeleryExecutor. If you'd like to deploy it, set
flower.enabled to true in your values file.
New Features ^^^^^^^^^^^^
annotations on volumeClaimTemplates (#23433)topologySpreadConstraints to Helm Chart (#22712)securityContext config for Redis to Helm chart (#22182)annotations on Helm DAG PVC (#22261)subPath for DAGs volume mount (#22323)auth_type in auth_file in PgBouncer Helm configuration (#21999)extraVolumeMounts to Flower (#22414)PodDisruptionBudget (#21735)Improvements ^^^^^^^^^^^^
Doc only changes ^^^^^^^^^^^^^^^^
resultBackendSecretName warning in Helm production docs (#23307)Misc ^^^^
2.3.0 (#23386)Significant changes ^^^^^^^^^^^^^^^^^^^
Default Airflow image is updated to 2.2.4
"""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 2.2.4, previously it was 2.2.3.
Removed config.api
""""""""""""""""""""""
This section configured the authentication backend for the Airflow API but used the same values as the Airflow default setting, which made it unnecessary to declare the same again.
New Features ^^^^^^^^^^^^
priorityClassName (#20794)envFrom to the Flower deployment (#21401)Improvements ^^^^^^^^^^^^
Bug Fixes ^^^^^^^^^
airflow.cfg in wait-for-airflow-migrations containers (#20609)Doc only changes ^^^^^^^^^^^^^^^^
Misc ^^^^
2.2.4 as default Airflow version (#21745)Significant changes ^^^^^^^^^^^^^^^^^^^
Default Airflow image is updated to 2.2.3
"""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 2.2.3, previously it was 2.2.1.
ingress.web.hosts and ingress.flower.hosts parameters data type has changed and ingress.web.tls and ingress.flower.tls have moved
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
ingress.web.hosts and ingress.flower.hosts have had their types have been changed from an array of strings to an array of objects. ingress.web.tls and ingress.flower.tls can now be specified per host in ingress.web.hosts and ingress.flower.hosts respectively.
The old parameter names will continue to work, however support for them will be removed in a future release so please update your values file.
Fixed precedence of nodeSelector, affinity and tolerations params
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
nodeSelector, affinity and tolerations params precedence has been fixed on all components. Now component-specific params
(e.g. webserver.affinity) takes precedence over the global param (e.g. affinity).
Default KubernetesExecutor worker affinity removed
""""""""""""""""""""""""""""""""""""""""""""""""""""""
Previously a default affinity was added to KubernetesExecutor workers to spread the workers out across nodes. This default affinity is no
longer set because, in general, there is no reason to spread task-specific workers across nodes.
Changes in webserver and flower NetworkPolicy default ports
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The defaults for webserver.networkPolicy.ingress.ports and flower.networkPolicy.ingress.ports moved away from using named ports to numerical ports to avoid issues with OpenShift.
Increase default livenessProbe timeoutSeconds for scheduler and triggerer
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The default timeout for the scheduler and triggerer livenessProbe has been increased from 10 seconds to 20 seconds.
New Features ^^^^^^^^^^^^
type to extra secrets param (#20599)scheme (#20564)securityContext (#18249)sslmode (#19749)migration-wait-timeout (#20069)Improvements ^^^^^^^^^^^^
livenessProbe timeout (#20698)pod_template_file defaults (#19690)check-migrations command for Airflow>=2 (#19676)Bug Fixes ^^^^^^^^^
affinity, nodeSelector, and tolerations (#20641)Doc only changes ^^^^^^^^^^^^^^^^
helm dependency update step to chart INSTALL (#20702)multiNamespaceMode docs to also cover KPO (#19879)Misc ^^^^
2.2.3 as default Airflow version (#20450)Significant changes ^^^^^^^^^^^^^^^^^^^
Default Airflow image is updated to 2.2.1
"""""""""""""""""""""""""""""""""""""""""""""
The default Airflow image that is used with the Chart is now 2.2.1 (which is Python 3.7), previously it was 2.1.4 (which is Python 3.6).
The triggerer component requires Python 3.7. If you require Python 3.6 and Airflow 2.2.0 or later, use a 3.6 based image and set triggerer.enabled=False in your values.
Resources made configurable for airflow-run-airflow-migrations job
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
Now it's possible to set resources requests and limits for migration job through migrateDatabaseJob.resources value.
New Features ^^^^^^^^^^^^
cleanup and createuser jobs (#19263)Improvements ^^^^^^^^^^^^
Bug Fixes ^^^^^^^^^
Doc only changes ^^^^^^^^^^^^^^^^
extraEnvFrom examples (#19144)Misc ^^^^
2.2.1 (#19326)Significant Changes ^^^^^^^^^^^^^^^^^^^
ingress.web.host and ingress.flower.host parameters have been renamed and data type changed
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
ingress.web.host and ingress.flower.host parameters have been renamed to ingress.web.hosts and ingress.flower.hosts, respectively. Their types have been changed from a string to an array of strings.
The old parameter names will continue to work, however support for them will be removed in a future release so please update your values file.
Default Airflow version is updated to 2.1.4
"""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow version that is installed with the Chart is now 2.1.4, previously it was 2.1.2.
Removed ingress.flower.precedingPaths and ingress.flower.succeedingPaths parameters
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
ingress.flower.precedingPaths and ingress.flower.succeedingPaths parameters have been removed as they had previously had no effect on rendered YAML output.
Change of default path on Ingress
"""""""""""""""""""""""""""""""""""""
With the move to support the stable Kubernetes Ingress API the default path has been changed from being unset to /. For most Ingress controllers this should not change the behavior of the resulting Ingress resource.
New Features ^^^^^^^^^^^^
extraContainers for migrateDatabaseJob (#18379)loadBalancerSourceRanges in webserver and flower services (#17666)extraContainers in k8s workers (#17562)Improvements ^^^^^^^^^^^^
podTemplate to be templated (#17560)Bug Fixes ^^^^^^^^^
labels on Triggerer (#18299)uid 0 (#17688)Doc only changes ^^^^^^^^^^^^^^^^
loadBalancerSourceRanges using code-block (#17763)Misc ^^^^
2.1.4 (#18354)Significant Changes ^^^^^^^^^^^^^^^^^^^
Run helm repo update before upgrading the chart to the latest version.
Default Airflow version is updated to 2.1.2
"""""""""""""""""""""""""""""""""""""""""""""""
The default Airflow version that is installed with the Chart is now 2.1.2, previously it was 2.0.2.
Helm 2 no longer supported """"""""""""""""""""""""""
This chart has dropped support for Helm 2 as it has been deprecated <https://helm.sh/blog/helm-v2-deprecation-timeline/>__ and no longer receiving security updates since November 2020.
webserver.extraNetworkPolicies and flower.extraNetworkPolicies parameters have been renamed
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
webserver.extraNetworkPolicies and flower.extraNetworkPolicies have been renamed to webserver.networkPolicy.ingress.from and flower.networkPolicy.ingress.from, respectively. Their values and behavior are the same.
The old parameter names will continue to work, however support for them will be removed in a future release so please update your values file.
Removed dags.gitSync.root, dags.gitSync.dest, and dags.gitSync.excludeWebserver parameters
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The dags.gitSync.root and dags.gitSync.dest parameters did not provide any useful behaviors to chart users so they have been removed.
If you have them set in your values file you can safely remove them.
The dags.gitSync.excludeWebserver parameter was mistakenly included in the charts values.schema.json. If you have it set in your values file,
you can safely remove it.
nodeSelector, affinity and tolerations on migrateDatabaseJob and createUserJob jobs
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
The migrateDatabaseJob and createUserJob jobs were incorrectly using the webserver's nodeSelector, affinity
and tolerations (if set). Each job is now configured separately.
New Features ^^^^^^^^^^^^
krb5.conf with CeleryExecutor (#16822)extraContainers and extraVolumes in flower (#16515)minReplicaCount to the KEDA worker-kedaautoscaler.yaml (#16262)pgbouncer (#16120)extraInitContainers to scheduler/webserver/workers (#16098)airflowLocalSettings and webserver.webserverConfig (#16074)strategy/updateStrategy on scheduler (#16069)loadBalancerIP and annotations for both Flower and Webserver (#15972)Improvements ^^^^^^^^^^^^
2.1.2 (#17013)2.1.1 for Helm Chart (#16785)KubernetesExecutor (#16784)podAntiAffinity for scheduler, webserver, and workers (#16315)2.1.0 (#16273)git-sync: root and dest params (#15955)knownHosts (#15950)Bug Fixes ^^^^^^^^^
gitsync init container (#16339)KubernetesExecutor to CeleryExecutor (#16242)webserver.base_url to be templated (#16126)PgBouncer exporter sidecar (#16099)dags.gitSync.excludeWebserver from chart values.schema.json (#16070)gitsync Clean Up for KubernetesExecutor (#15925)gitsync (#15953)Doc only changes ^^^^^^^^^^^^^^^^
multiNamespaceMode (#17147)podTemplate (#16859)pod_template_file.yaml (#16632)scheduler.livenessprobe.periodSeconds (#16486)extrasecrets example (#16305)README.md files (#16244)Misc ^^^^
appVersion to 2.1.0 in Chart.yaml (#16337)main (#16149)1.1.0-rc1 (#16124)