Helm chart configuration reference
This reference describes configuration values for the Remote Execution Agent Helm chart. For complete configuration options, see the values.yaml file downloaded from the Astro UI.
Required configuration values
The following values must be configured before installing the Helm chart:
Agent authentication
agentToken / agentTokenSecretName / agentTokenFile
You must specify exactly one of these to provide the agent token generated in the Astro UI.
- agentToken: Token value as plain text in
values.yaml(not recommended for production) - agentTokenSecretName: Name of existing Kubernetes secret containing the token
- agentTokenFile: Path to file containing the token (agent reads at runtime)
See Agent token configuration for detailed instructions.
Image registry access
imagePullSecretName / imagePullSecretData
You must specify exactly one of these to allow agents to pull images from the registry.
- imagePullSecretName: Name of existing Kubernetes secret with Docker credentials
- imagePullSecretData: Docker config JSON as string (Helm creates secret named
image-pull-secret)
See Image pull secret configuration for detailed instructions.
Kubernetes namespace
namespace
Kubernetes namespace where the agent will be deployed.
- If
createNamespace: true, Helm creates the namespace - If
createNamespace: false, namespace must exist before installation
If using agentTokenSecretName and imagePullSecretName, set createNamespace: false and create the namespace manually with secrets already present.
See Install in restricted Kubernetes namespace for restricted namespace configuration.
Resource name prefix
resourceNamePrefix
Name prefix for all Kubernetes resources (Deployments, ConfigMaps, Secrets) created by the Helm chart.
Secrets backend
secretBackend
Airflow secrets backend class for accessing connections and variables. Required for agent operation.
Supported backends:
airflow.providers.amazon.aws.secrets.secrets_manager.SecretsManagerBackendairflow.providers.microsoft.azure.secrets.key_vault.AzureKeyVaultBackendairflow.providers.google.cloud.secrets.secret_manager.CloudSecretManagerBackendairflow.providers.hashicorp.secrets.vault.VaultBackendairflow.secrets.local_filesystem.LocalFilesystemBackend(not recommended for production)
See Configure secrets backend for detailed configuration instructions.
XCom backend
xcomBackend
Airflow XCom backend class for passing data between tasks. Required for agent operation.
Typically set to: airflow.providers.common.io.xcom.backend.XComObjectStorageBackend
See Configure XCom backend for detailed configuration instructions.
DAG bundles
dagBundleConfigList
JSON string defining how agents access dag code. Required for running dags.
See Configure DAG sources for detailed configuration instructions.
Common environment variables
commonEnv
Environment variables applied to all agent components (worker, DAG processor, triggerer). Used to configure secrets backend parameters, XCom paths, logging settings, and other Airflow configuration.
Example:
Optional configuration
Logging sidecar
loggingSidecar
Optional sidecar for exporting task logs to external platforms or viewing logs in the Airflow UI before task completion.
See Configure logging sidecar for configuration instructions.
OpenLineage
openLineage
Optional configuration for data lineage collection.
See Configure OpenLineage for configuration instructions.
Sentinel monitoring
sentinel
Optional monitoring sidecar (agent version 1.2.0+).
See Enable Sentinel monitoring for configuration instructions.
Cloud provider annotations
annotations and labels
Kubernetes annotations and labels to configure Pods to run using a specific IAM role (AWS), workload identity (GCP) or managed identity (Azure).
Helm commands
After the Remote Execution Agent is installed, any updates to the agent use the helm upgrade command.
