Anyone could give me an example on passing some parameters as "runAsNonRoot" when creating a pod through KubernetesPodOperator?
I've tried to dig through the documentation but it is not clear.
You can pass a dictionary to the KubernetesPodOperator constructor with the following content:
security_context = {"runAsNonRoot": True}
You can look up the keys and value datatypes that you can pass via this dict in class "V1SecurityContext" and the linked classes (/python3.6/site-packages/kubernetes/client/models/v1_security_context.py).
You can create pods through KubernetesPodOperator such as in python format. Here is the list of all parameters you can pass through KubernetesPodOperator.
I could not find a specific example on how to pass this "runAsNonRoot" parameters through KubernetesPodOperator. In YAML format, pod security parameters are defined as following:
spec:
containers:
# specification of the pod’s containers
# ...
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
At current this does not appear to be supported in the operator. You can see that the KubePodOp
has an init that makes a PodGenerator
. It then adds all the volumes and mounts to it before generating. This does not at any point call the only method in which you could pass a SecurityContext
add_init_container
whose documentation appears to have been cut off mid sentence.