K
Q

How to pass mount a single file as volume to KubernetesPodOperator?

9/10/2019

I have a docker image that expects a mounted JSON credentials file on startup. The container is started through a command like:

docker run -v [CREDENTIALS_FILE]:/credentials.json image_name

This image lives on Google Container Registry and I'd like to start it in a Cloud Composer dag using the KubernetesPodOperator.

Is there a way mount a single file through the KubernetesPodOperator? Ideally, this file would be hosted at a Cloud Storage location. I read that there is a volume/volume_mount options but it seems like a heavy-lift to pass a single file through -- hoping there was another option I'm overlooking.

KubernetesPodOperator(namespace='default',
                      image="gcr.io/image_name,
                      name="start-container-image",
                      task_id="start-container-image",
                      volume=[?],
                      volume_mounts=[?],
                      dag=dag)
-- David Beaudway
airflow
google-cloud-composer
google-kubernetes-engine

Similar Questions

Configure an FQDN for ingress controller IP address on GKE
IdentityServer4 behind Nginx Ingress: External login via Azure AD is not working with Edge and Mobile browsers
Kubernetes Failed to Create PersistentVolumeClaim on AWS-EBS
Multiple Rewrites with nginx ingress annotations on Kubernetes?
How to use 2 different connection string for read and for writes in postgre with CQRS?
Kubernetes http health check not working as expected - 500 response is ignored

2 Answers

9/11/2019

I figured this out using Patrick W's advice and passing a configMap through. I should likely update this to use a secret, but here's the implementation so far:

First I created the configMap: kubectl create configmap credentials-configmap --from-file=./credentials.json

Next, in my DAG I setup the volume options. Notice, I had to modify the mount_path into a sub-directory "/config/" because it errs out when mounting to "/".

volume_mount = VolumeMount('creds-volume',
                            mount_path='/config/',
                            sub_path=None,
                            read_only=False)

volume_config = {
    'configMap': {
        'name': 'creds-volume'
    }
}

volume = Volume(name='creds-volume', configs=volume_config)

This is passed to the KuberenetesPodOperator:

KubernetesPodOperator(
volumes=[volume],
volume_mounts=[volume_mount],
...excluding other options for brevity
)

Finally, this is utilized by the container during a startup script like so: gcloud auth activate-service-account --key-file=/config/credentials.json

-- David Beaudway
Source: StackOverflow
9/11/2019

k8s allows you to either mount volumes (a configMap for static data would do and is not terribly heavy lifting). Otherwise, if you need to pull data from remote a remote storage that does not support backing a PV (such as GCS) you'll need to pull the data directly.

You might want to consider using an initContainer that will just be used to download the data from your remote storage and save it locally so your main application can run using the data locally.

-- Patrick W
Source: StackOverflow