Airflow KubernetesPodOperator: pass securityContext parameter

10/10/2018

Anyone could give me an example on passing some parameters as "runAsNonRoot" when creating a pod through KubernetesPodOperator?

I've tried to dig through the documentation but it is not clear.

-- FERNANDO SOUZA
airflow
google-kubernetes-engine

3 Answers

12/3/2019

You can pass a dictionary to the KubernetesPodOperator constructor with the following content:

security_context = {"runAsNonRoot": True}

You can look up the keys and value datatypes that you can pass via this dict in class "V1SecurityContext" and the linked classes (/python3.6/site-packages/kubernetes/client/models/v1_security_context.py).

-- mooov
Source: StackOverflow

10/25/2018

You can create pods through KubernetesPodOperator such as in python format. Here is the list of all parameters you can pass through KubernetesPodOperator.

I could not find a specific example on how to pass this "runAsNonRoot" parameters through KubernetesPodOperator. In YAML format, pod security parameters are defined as following:

spec:  
  containers:  
  # specification of the pod’s containers  
  # ...  
  securityContext:  
    readOnlyRootFilesystem: true  
    runAsNonRoot: true
-- Ariv
Source: StackOverflow

10/26/2018

At current this does not appear to be supported in the operator. You can see that the KubePodOp has an init that makes a PodGenerator. It then adds all the volumes and mounts to it before generating. This does not at any point call the only method in which you could pass a SecurityContext add_init_containerwhose documentation appears to have been cut off mid sentence.

-- dlamblin
Source: StackOverflow