Anyone could give me an example on passing some parameters as "runAsNonRoot" when creating a pod through KubernetesPodOperator?
I've tried to dig through the documentation but it is not clear.
You can pass a dictionary to the KubernetesPodOperator constructor with the following content:
security_context = {"runAsNonRoot": True}You can look up the keys and value datatypes that you can pass via this dict in class "V1SecurityContext" and the linked classes (/python3.6/site-packages/kubernetes/client/models/v1_security_context.py).
You can create pods through KubernetesPodOperator such as in python format. Here is the list of all parameters you can pass through KubernetesPodOperator.
I could not find a specific example on how to pass this "runAsNonRoot" parameters through KubernetesPodOperator. In YAML format, pod security parameters are defined as following:
spec:
containers:
# specification of the pod’s containers
# ...
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: trueAt current this does not appear to be supported in the operator. You can see that the KubePodOp has an init that makes a PodGenerator. It then adds all the volumes and mounts to it before generating. This does not at any point call the only method in which you could pass a SecurityContext add_init_containerwhose documentation appears to have been cut off mid sentence.