I have a docker image that expects a mounted JSON credentials file on startup. The container is started through a command like:
docker run -v [CREDENTIALS_FILE]:/credentials.json image_name
This image lives on Google Container Registry and I'd like to start it in a Cloud Composer dag using the KubernetesPodOperator.
Is there a way mount a single file through the KubernetesPodOperator? Ideally, this file would be hosted at a Cloud Storage location. I read that there is a volume/volume_mount options but it seems like a heavy-lift to pass a single file through -- hoping there was another option I'm overlooking.
KubernetesPodOperator(namespace='default',
image="gcr.io/image_name,
name="start-container-image",
task_id="start-container-image",
volume=[?],
volume_mounts=[?],
dag=dag)
I figured this out using Patrick W's advice and passing a configMap through. I should likely update this to use a secret, but here's the implementation so far:
First I created the configMap: kubectl create configmap credentials-configmap --from-file=./credentials.json
Next, in my DAG I setup the volume options. Notice, I had to modify the mount_path into a sub-directory "/config/" because it errs out when mounting to "/".
volume_mount = VolumeMount('creds-volume',
mount_path='/config/',
sub_path=None,
read_only=False)
volume_config = {
'configMap': {
'name': 'creds-volume'
}
}
volume = Volume(name='creds-volume', configs=volume_config)
This is passed to the KuberenetesPodOperator:
KubernetesPodOperator(
volumes=[volume],
volume_mounts=[volume_mount],
...excluding other options for brevity
)
Finally, this is utilized by the container during a startup script like so: gcloud auth activate-service-account --key-file=/config/credentials.json
k8s allows you to either mount volumes (a configMap for static data would do and is not terribly heavy lifting). Otherwise, if you need to pull data from remote a remote storage that does not support backing a PV (such as GCS) you'll need to pull the data directly.
You might want to consider using an initContainer that will just be used to download the data from your remote storage and save it locally so your main application can run using the data locally.