# Licensed to the Apache Software Foundation (ASF) under one * # or more contributor license agreements. See the NOTICE file * # distributed with this work for additional information * # regarding copyright ownership. The ASF licenses this file * # to you under the Apache License, Version 2.0 (the * # "License"); you may not use this file except in compliance * # with the License. You may obtain a copy of the License at * # * # http://www.apache.org/licenses/LICENSE-2.0 * # * # Unless required by applicable law or agreed to in writing, * # software distributed under the License is distributed on an * # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * # KIND, either express or implied. See the License for the * # specific language governing permissions and limitations * # under the License. * # Note: The airflow image used in this example is obtained by * # building the image from the local docker subdirectory. * --- apiVersion: v1 kind: ServiceAccount metadata: name: airflow namespace: airflow --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: airflow name: airflow rules: - apiGroups: [""] # "" indicates the core API group resources: ["pods"] verbs: ["get", "list", "watch", "create", "update", "delete"] - apiGroups: ["batch", "extensions"] resources: ["jobs"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: airflow namespace: airflow subjects: - kind: ServiceAccount name: airflow # Name of the ServiceAccount namespace: airflow roleRef: kind: Role # This must be Role or ClusterRole name: airflow # This must match the name of the Role # or ClusterRole you wish to bind to apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: Deployment metadata: name: airflow namespace: airflow spec: replicas: 1 selector: matchLabels: name: airflow template: metadata: labels: name: airflow spec: serviceAccountName: airflow affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: lifecycle operator: NotIn values: - Ec2Spot initContainers: - name: "init" image: {{AIRFLOW_IMAGE}}:{{AIRFLOW_TAG}} imagePullPolicy: Always volumeMounts: - name: airflow-configmap mountPath: /root/airflow/airflow.cfg subPath: airflow.cfg - name: {{INIT_DAGS_VOLUME_NAME}} mountPath: /root/airflow/dags env: - name: SQL_ALCHEMY_CONN valueFrom: secretKeyRef: name: airflow-secrets key: sql_alchemy_conn command: - "bash" args: - "-cx" - "./tmp/airflow-test-env-init.sh {{INIT_GIT_SYNC}}" containers: - name: webserver image: {{AIRFLOW_IMAGE}}:{{AIRFLOW_TAG}} imagePullPolicy: Always ports: - name: webserver containerPort: 8080 args: ["webserver"] env: - name: AIRFLOW_KUBE_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: SQL_ALCHEMY_CONN valueFrom: secretKeyRef: name: airflow-secrets key: sql_alchemy_conn volumeMounts: - name: airflow-configmap mountPath: /root/airflow/airflow.cfg subPath: airflow.cfg - name: {{POD_AIRFLOW_VOLUME_NAME}} mountPath: /root/airflow/dags - name: {{POD_AIRFLOW_VOLUME_NAME}} mountPath: /root/airflow/logs - name: scheduler image: {{AIRFLOW_IMAGE}}:{{AIRFLOW_TAG}} imagePullPolicy: Always args: ["scheduler"] env: - name: AIRFLOW_KUBE_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: SQL_ALCHEMY_CONN valueFrom: secretKeyRef: name: airflow-secrets key: sql_alchemy_conn volumeMounts: - name: airflow-configmap mountPath: /root/airflow/airflow.cfg subPath: airflow.cfg - name: {{POD_AIRFLOW_VOLUME_NAME}} mountPath: /root/airflow/dags - name: {{POD_AIRFLOW_VOLUME_NAME}} mountPath: /root/airflow/logs volumes: - name: airflow-dags persistentVolumeClaim: claimName: airflow-efs-pvc - name: airflow-dags-fake emptyDir: {} - name: airflow-dags-git emptyDir: {} - name: airflow-configmap configMap: name: airflow-configmap --- apiVersion: v1 kind: Service metadata: name: airflow namespace: airflow spec: type: LoadBalancer ports: - port: 8080 selector: name: airflow