I would like to provide DAGs to all Kubernetes airflow pods (web, scheduler, workers) via a persistent volume,

kubectl create -f pv-claim.yaml

pv-claim.yaml containing:

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: airflow-pv-claim
  annotations:
    pv.beta.kubernetes.io/gid: "1000"
    pv.beta.kubernetes.io/uid: "1000"
spec:
  storageClassName: standard
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi

The deployment command is then:

helm install --namespace my_name --name "airflow" stable/airflow --values ~my_name/airflow/charts/airflow/values.yaml

In the chart stable/airflow, values.yaml also allows for specification of persistence:

persistence:
  enabled: true
  existingClaim: airflow-pv-claim
  accessMode: ReadWriteMany
  size: 1Gi

But if I do

kubectl exec -it airflow-worker-0 -- /bin/bash
touch dags/hello.txt

I get a permission denied error.

I have tried hacking the airflow chart to set up an initContainer to chown dags/:

command: ["sh", "-c", "chown -R 1000:1000 /dags"]

which is working for all but the workers (because they are created by flower?), as suggested at https://serverfault.com/a/907160/464205

I have also seen talk of fsGroup etc. - see e.g. Kubernetes NFS persistent volumes permission denied

I am trying to avoid editing the airflow charts (which seems to require hacks to at least two deployments-*.yaml files, plus one other), but perhaps this is unavoidable.

Punchline:

What is the easiest way to provision DAGs through a persistent volume to all airflow pods running on Kubernetes, with the correct permissions?

See also:

Persistent volume atached to k8s pod group

Kubernetes NFS persistent volumes permission denied [not clear to me how to integrate this with the airflow helm charts]

Kubernetes - setting custom permissions/file ownership per volume (and not per pod) [non-detailed, non-airflow-specific]