apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: name: {{ printf "%s-web" (include "common.names.fullname" .) }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: web {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} {{- end }} spec: selector: matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} app.kubernetes.io/component: web replicas: {{ .Values.web.replicaCount }} {{- if .Values.web.updateStrategy }} strategy: {{- toYaml .Values.web.updateStrategy | nindent 4 }} {{- end }} template: metadata: labels: {{- include "common.labels.standard" . | nindent 8 }} app.kubernetes.io/component: web {{- if .Values.web.podLabels }} {{- include "common.tplvalues.render" (dict "value" .Values.web.podLabels "context" $) | nindent 8 }} {{- end }} annotations: checksum/configmap: {{ include (print $.Template.BasePath "/config/configmap.yaml") . | sha256sum }} {{- if .Values.web.podAnnotations }} {{- include "common.tplvalues.render" (dict "value" .Values.web.podAnnotations "context" $) | nindent 8 }} {{- end }} spec: {{- include "airflow.imagePullSecrets" . | nindent 6 }} {{- if .Values.web.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.web.hostAliases "context" $) | nindent 8 }} {{- end }} {{- if .Values.web.affinity }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.web.affinity "context" $) | nindent 8 }} {{- else }} affinity: podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.web.podAffinityPreset "component" "web" "context" $) | nindent 10 }} podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.web.podAntiAffinityPreset "component" "web" "context" $) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.web.nodeAffinityPreset.type "key" .Values.web.nodeAffinityPreset.key "values" .Values.web.nodeAffinityPreset.values) | nindent 10 }} {{- end }} {{- if .Values.web.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.web.nodeSelector "context" $) | nindent 8 }} {{- end }} {{- if .Values.web.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.web.terminationGracePeriodSeconds }} {{- end }} {{- if .Values.web.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.web.tolerations "context" $) | nindent 8 }} {{- end }} {{- if .Values.web.topologySpreadConstraints }} topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.web.topologySpreadConstraints "context" .) | nindent 8 }} {{- end }} {{- if .Values.web.priorityClassName }} priorityClassName: {{ .Values.web.priorityClassName | quote }} {{- end }} {{- if .Values.web.schedulerName }} schedulerName: {{ .Values.web.schedulerName }} {{- end }} serviceAccountName: {{ include "airflow.serviceAccountName" . }} {{- if .Values.web.podSecurityContext.enabled }} securityContext: {{- omit .Values.web.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} initContainers: {{- include "airflow.git.containers.clone" (dict "securityContext" .Values.web.containerSecurityContext "context" $) | trim | nindent 8 }} {{- if .Values.dags.existingConfigmap }} {{- include "airflow.loadDAGsInitContainer" (dict "component" "web" "context" . ) | trim | nindent 8 }} {{- end }} {{- if .Values.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | trim | nindent 8 }} {{- end }} {{- if .Values.web.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.web.initContainers "context" $) | trim | nindent 8 }} {{- end }} containers: {{- include "airflow.git.containers.sync" (dict "securityContext" .Values.web.containerSecurityContext "context" $) | trim | nindent 8 }} - name: airflow-web image: {{ include "airflow.image" . }} imagePullPolicy: {{ .Values.web.image.pullPolicy | quote }} {{- if .Values.web.containerSecurityContext.enabled }} securityContext: {{- omit .Values.web.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} {{- if .Values.diagnosticMode.enabled }} command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} {{- else if .Values.web.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.web.command "context" $) | nindent 12 }} {{- end }} {{- if .Values.diagnosticMode.enabled }} args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} {{- else if .Values.web.args }} args: {{- include "common.tplvalues.render" (dict "value" .Values.web.args "context" $) | nindent 12 }} {{- end }} env: {{- include "airflow.configure.airflow.common" . | nindent 12 }} {{- include "airflow.configure.database" . | nindent 12 }} {{- include "airflow.configure.redis" . | nindent 12 }} {{- include "airflow.configure.airflow.kubernetesExecutor" . | nindent 12 }} - name: AIRFLOW_EXECUTOR value: {{ .Values.executor }} - name: AIRFLOW_WEBSERVER_HOST value: '0.0.0.0' - name: AIRFLOW_WEBSERVER_PORT_NUMBER value: {{ .Values.web.containerPorts.http | quote }} - name: AIRFLOW_USERNAME value: {{ .Values.auth.username }} - name: AIRFLOW_PASSWORD valueFrom: secretKeyRef: name: {{ include "airflow.secretName" . }} key: airflow-password {{- if include "airflow.baseUrl" . }} - name: AIRFLOW_BASE_URL value: {{ include "airflow.baseUrl" . | quote }} {{- end }} - name: AIRFLOW_LDAP_ENABLE value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} {{- if .Values.ldap.enabled }} - name: AIRFLOW_LDAP_URI value: {{ .Values.ldap.uri | quote }} - name: AIRFLOW_LDAP_SEARCH value: {{ coalesce .Values.ldap.base .Values.ldap.basedn | quote }} - name: AIRFLOW_LDAP_UID_FIELD value: {{ coalesce .Values.ldap.uidField .Values.ldap.searchAttribute | quote }} - name: AIRFLOW_LDAP_BIND_USER value: {{ .Values.ldap.binddn | quote }} - name: AIRFLOW_LDAP_BIND_PASSWORD valueFrom: secretKeyRef: name: {{ include "airflow.ldapSecretName" . }} key: bind-password - name: AIRFLOW_LDAP_USER_REGISTRATION value: {{ .Values.ldap.userRegistration | quote }} - name: AIRFLOW_LDAP_USER_REGISTRATION_ROLE value: {{ .Values.ldap.userRegistrationRole | quote }} - name: AIRFLOW_LDAP_ROLES_MAPPING value: {{ .Values.ldap.rolesMapping | quote }} - name: AIRFLOW_LDAP_ROLES_SYNC_AT_LOGIN value: {{ .Values.ldap.rolesSyncAtLogin | quote }} - name: AIRFLOW_LDAP_USE_TLS value: {{ ternary "True" "False" .Values.ldap.tls.enabled | quote }} {{- if .Values.ldap.tls.enabled }} - name: AIRFLOW_LDAP_ALLOW_SELF_SIGNED value: {{ ternary "True" "False" .Values.ldap.tls.allowSelfSigned | quote }} - name: AIRFLOW_LDAP_TLS_CA_CERTIFICATE value: {{ include "airflow.ldapCAFilename" . | quote }} {{- end }} {{- end }} {{- if .Values.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} {{- end }} {{- if .Values.web.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.web.extraEnvVars "context" $) | nindent 12 }} {{- end }} {{- if or .Values.web.extraEnvVarsCM .Values.web.extraEnvVarsSecret .Values.web.extraEnvVarsSecrets .Values.extraEnvVarsCM .Values.extraEnvVarsSecret .Values.extraEnvVarsSecrets }} envFrom: {{- if .Values.extraEnvVarsCM }} - configMapRef: name: {{ .Values.extraEnvVarsCM }} {{- end }} {{- if .Values.extraEnvVarsSecret }} - secretRef: name: {{ .Values.extraEnvVarsSecret }} {{- end }} {{- if .Values.web.extraEnvVarsCM }} - configMapRef: name: {{ .Values.web.extraEnvVarsCM }} {{- end }} {{- if .Values.web.extraEnvVarsSecret }} - secretRef: name: {{ .Values.web.extraEnvVarsSecret }} {{- end }} {{- if .Values.extraEnvVarsSecrets }} {{- range .Values.extraEnvVarsSecrets }} - secretRef: name: {{ . }} {{- end }} {{- end }} {{- if .Values.web.extraEnvVarsSecrets }} {{- range .Values.web.extraEnvVarsSecrets }} - secretRef: name: {{ . }} {{- end }} {{- end }} {{- end }} ports: - name: http containerPort: {{ .Values.web.containerPorts.http }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.web.customStartupProbe }} startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.web.customStartupProbe "context" $) | nindent 12 }} {{- else if .Values.web.startupProbe.enabled }} startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.web.startupProbe "enabled") "context" $) | nindent 12 }} tcpSocket: port: http {{- end }} {{- if .Values.web.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.web.customLivenessProbe "context" $) | nindent 12 }} {{- else if .Values.web.livenessProbe.enabled }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.web.livenessProbe "enabled") "context" $) | nindent 12 }} {{- if include "airflow.baseUrl" . }} tcpSocket: port: http {{- else }} httpGet: path: /health port: http {{- end }} {{- end }} {{- if .Values.web.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.web.customReadinessProbe "context" $) | nindent 12 }} {{- else if .Values.web.readinessProbe.enabled }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.web.readinessProbe "enabled") "context" $) | nindent 12 }} {{- if include "airflow.baseUrl" . }} tcpSocket: port: http {{- else }} httpGet: path: /health port: http {{- end }} {{- end }} {{- end }} {{- if .Values.web.lifecycleHooks }} lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.web.lifecycleHooks "context" $) | nindent 12 }} {{- end }} {{- if .Values.web.resources }} resources: {{- toYaml .Values.web.resources | nindent 12 }} {{- end }} volumeMounts: {{- if .Files.Glob "files/dags/*.py" }} - name: local-dag-files mountPath: /opt/bitnami/airflow/dags/local {{- end }} {{- if .Values.dags.existingConfigmap }} - name: external-dag-files mountPath: /opt/bitnami/airflow/dags/external {{- end }} {{- if or .Values.configuration .Values.existingConfigmap }} - name: custom-configuration-file mountPath: /opt/bitnami/airflow/airflow.cfg subPath: airflow.cfg {{- end }} {{- if .Values.web.existingConfigmap }} - name: custom-webserver-configuration-file mountPath: /opt/bitnami/airflow/webserver_config.py subPath: webserver_config.py {{- end }} {{- if .Values.ldap.tls.enabled }} - name: airflow-ldap-ca-certificate mountPath: {{ .Values.ldap.tls.certificatesMountPath }} readOnly: true {{- end }} {{- if .Values.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} {{- if .Values.web.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.web.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} {{- include "airflow.git.maincontainer.volumeMounts" . | trim | nindent 12 }} {{- if .Values.sidecars }} {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | trim | nindent 8 }} {{- end }} {{- if .Values.web.sidecars }} {{- include "common.tplvalues.render" (dict "value" .Values.web.sidecars "context" $) | trim | nindent 8 }} {{- end }} volumes: {{- if .Values.dags.existingConfigmap }} - name: load-external-dag-files configMap: name: {{ tpl .Values.dags.existingConfigmap $ }} - name: external-dag-files emptyDir: {} {{- end }} {{- if or .Values.configuration .Values.existingConfigmap }} - name: custom-configuration-file configMap: name: {{ include "airflow.configMapName" . }} {{- end }} {{- if .Values.web.existingConfigmap }} - name: custom-webserver-configuration-file configMap: name: {{ tpl .Values.web.existingConfigmap $ }} {{- end }} {{- if .Values.ldap.tls.enabled }} - name: airflow-ldap-ca-certificate secret: secretName: {{ required "A secret containing the LDAP CA certificate. It is required when SSL in enabled" (coalesce .Values.ldap.tls.CAcertificateSecret .Values.ldap.tls.certificatesSecret) }} defaultMode: 256 {{- end }} {{- if .Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} {{- if .Values.web.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.web.extraVolumes "context" $) | nindent 8 }} {{- end }} {{- include "airflow.git.volumes" . | trim | nindent 8 }}