-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathairflow.tf
62 lines (53 loc) · 1.72 KB
/
airflow.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
resource "kubernetes_namespace" "airflow" {
metadata {
name = "airflow"
}
}
resource "helm_release" "airflow" {
# ArtifactHUB: https://artifacthub.io/packages/helm/apache-airflow/airflow
namespace = kubernetes_namespace.airflow.metadata.0.name
name = "airflow"
repository = "https://airflow.apache.org"
chart = "airflow"
version = "1.6.0"
# DB Migration job does not run when "waiting". See https://github.com/apache/airflow/issues/15340 for more information.
wait = false
values = [
<<EOT
images:
airflow:
repository: ${local.docker_registry}:5000/kind-data-platform-airflow
tag: latest
pullPolicy: Always
config:
api:
auth_backend: airflow.api.auth.backend.basic_auth
secrets:
backend: airflow.providers.amazon.aws.secrets.secrets_manager.SecretsManagerBackend
backend_kwargs: '{"connections_prefix": "airflow/connections", "variables_prefix": "airflow/variables", "endpoint_url": "http://localstack.localstack.svc.cluster.local:4566"}'
webserverSecretKeySecretName: ${kubernetes_secret.airflow_webserver.metadata.0.name}
airflowPodAnnotations.prometheus.io/path: "/metrics"
airflowPodAnnotations.prometheus.io/port: 8080
airflowPodAnnotations.prometheus.io/scrape: true
env:
- name: AWS_DEFAULT_REGION
value: us-east-1
- name: AWS_ACCESS_KEY_ID
value: mock_access_key
- name: AWS_SECRET_ACCESS_KEY
value: mock_secret_key
EOT
]
}
resource "random_password" "airflow_webserver_secret_key" {
length = 16
}
resource "kubernetes_secret" "airflow_webserver" {
metadata {
namespace = kubernetes_namespace.airflow.metadata.0.name
name = "airflow-webserver"
}
data = {
"webserver-secret-key" = random_password.airflow_webserver_secret_key.result
}
}