diff --git a/chart/README.md b/chart/README.md index 92ddbd95ba5ab..0443c634b1240 100644 --- a/chart/README.md +++ b/chart/README.md @@ -126,6 +126,9 @@ The following tables lists the configurable parameters of the Airflow chart and | `labels` | Common labels to add to all objects defined in this chart | `{}` | | `privateRegistry.enabled` | Enable usage of a private registry for Airflow base image | `false` | | `privateRegistry.repository` | Repository where base image lives (eg: quay.io) | `~` | +| `ingress.enabled` | Enable Kubernetes Ingress support | `false` | +| `ingress.web.*` | Configs for the Ingress of the web Service | Please refer to `values.yaml` | +| `ingress.flower.*` | Configs for the Ingress of the flower Service | Please refer to `values.yaml` | | `networkPolicies.enabled` | Enable Network Policies to restrict traffic | `true` | | `airflowHome` | Location of airflow home directory | `/opt/airflow` | | `rbacEnabled` | Deploy pods with Kubernets RBAC enabled | `true` | diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt index 7eb9d84a1218f..9681c065a6a28 100644 --- a/chart/templates/NOTES.txt +++ b/chart/templates/NOTES.txt @@ -20,10 +20,18 @@ under the License. Your release is named {{ .Release.Name }}. +{{- if .Values.ingress.enabled }} +You can now access your dashboard(s) by following defined Ingress urls: + +Airflow dashboard: http{{ if .Values.ingress.web.tls.enabled }}s{{ end }}://{{ .Values.ingress.web.host }}{{ .Values.ingress.web.path }}/ +{{- if eq .Values.executor "CeleryExecutor" }} +Flower dashboard: http{{ if .Values.ingress.flower.tls.enabled }}s{{ end }}://{{ .Values.ingress.flower.host }}{{ .Values.ingress.flower.path }}/ +{{- end }} +{{- else }} You can now access your dashboard(s) by executing the following command(s) and visiting the corresponding port at localhost in your browser: Airflow dashboard: kubectl port-forward svc/{{ .Release.Name }}-webserver {{ .Values.ports.airflowUI }}:{{ .Values.ports.airflowUI }} --namespace {{ .Release.Namespace }} {{- if eq .Values.executor "CeleryExecutor"}} Flower dashboard: kubectl port-forward svc/{{ .Release.Name }}-flower {{ .Values.ports.flowerUI }}:{{ .Values.ports.flowerUI }} --namespace {{ .Release.Namespace }} - +{{- end }} {{- end }} diff --git a/chart/templates/flower/flower-ingress.yaml b/chart/templates/flower/flower-ingress.yaml new file mode 100644 index 0000000000000..536ca8b47eaa3 --- /dev/null +++ b/chart/templates/flower/flower-ingress.yaml @@ -0,0 +1,51 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +################################ +## Airflow Flower Ingress +################################# +{{- if and .Values.ingress.enabled (eq .Values.executor "CeleryExecutor") }} +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ .Release.Name }}-flower-ingress + labels: + tier: airflow + component: flower-ingress + release: {{ .Release.Name }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service }} + annotations: + {{- range $key, $value := .Values.ingress.flower.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- if .Values.ingress.flower.tls.enabled }} + tls: + - hosts: + - {{ .Values.ingress.flower.host }} + secretName: {{ .Values.ingress.flower.tls.secretName }} + {{- end }} + rules: + - http: + paths: + - path: {{ .Values.ingress.flower.path }} + backend: + serviceName: {{ .Release.Name }}-flower + servicePort: flower-ui + host: {{ .Values.ingress.flower.host }} +{{- end }} diff --git a/chart/templates/webserver/webserver-ingress.yaml b/chart/templates/webserver/webserver-ingress.yaml new file mode 100644 index 0000000000000..919ecc3145034 --- /dev/null +++ b/chart/templates/webserver/webserver-ingress.yaml @@ -0,0 +1,63 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +################################ +## Airflow Webserver Ingress +################################# +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ .Release.Name }}-airflow-ingress + labels: + tier: airflow + component: airflow-ingress + release: {{ .Release.Name }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: {{ .Release.Service }} + annotations: + {{ range $key, $value := .Values.ingress.web.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- if .Values.ingress.web.tls.enabled }} + tls: + - hosts: + - {{ .Values.ingress.web.host }} + secretName: {{ .Values.ingress.web.tls.secretName }} + {{- end }} + rules: + - http: + paths: + {{- range .Values.ingress.web.precedingPaths }} + - path: {{ .path }} + backend: + serviceName: {{ .serviceName }} + servicePort: {{ .servicePort }} + {{- end }} + - path: {{ .Values.ingress.web.path }} + backend: + serviceName: {{ .Release.Name }}-webserver + servicePort: airflow-ui + {{- range .Values.ingress.web.succeedingPaths }} + - path: {{ .path }} + backend: + serviceName: {{ .serviceName }} + servicePort: {{ .servicePort }} + {{- end }} + host: {{ .Values.ingress.web.host }} +{{- end }} diff --git a/chart/values.yaml b/chart/values.yaml index de3083909bc69..92fa4b9ed412c 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,6 +42,59 @@ tolerations: [] # Add common labels to all objects and pods defined in this chart. labels: {} +# Ingress configuration +ingress: + # Enable ingress resource + enabled: false + + # Configs for the Ingress of the web Service + web: + # Annotations for the web Ingress + annotations: {} + + # The path for the web Ingress + path: "" + + # The hostname for the web Ingress + host: "" + + # configs for web Ingress TLS + tls: + # Enable TLS termination for the web Ingress + enabled: false + # the name of a pre-created Secret containing a TLS private key and certificate + secretName: "" + + # HTTP paths to add to the web Ingress before the default path + precedingPaths: [] + + # Http paths to add to the web Ingress after the default path + succeedingPaths: [] + + # Configs for the Ingress of the flower Service + flower: + # Annotations for the flower Ingress + annotations: {} + + # The path for the flower Ingress + path: "" + + # The hostname for the flower Ingress + host: "" + + # configs for web Ingress TLS + tls: + # Enable TLS termination for the flower Ingress + enabled: false + # the name of a pre-created Secret containing a TLS private key and certificate + secretName: "" + + # HTTP paths to add to the flower Ingress before the default path + precedingPaths: [] + + # Http paths to add to the flower Ingress after the default path + succeedingPaths: [] + # Network policy configuration networkPolicies: # Enabled network policies