pgagnon commented on a change in pull request #4648: [AIRFLOW-3274] Add
run_as_user and fs_group options for Kubernetes
URL: https://github.com/apache/airflow/pull/4648#discussion_r262055668
##########
File path: airflow/contrib/kubernetes/worker_configuration.py
##########
@@ -232,6 +232,11 @@ def make_pod(self, namespace, worker_uuid, pod_id,
dag_id, task_id, execution_da
affinity = kube_executor_config.affinity or
self.kube_config.kube_affinity
tolerations = kube_executor_config.tolerations or
self.kube_config.kube_tolerations
+ security_context = {
+ 'run_as_user': self.kube_config.worker_run_as_user,
+ 'fs_group': self.kube_config.worker_fs_group,
Review comment:
Yes, it would not cause any issues as if a field is empty the api-server
ignores it.
Nevertheless I will refactor this block because this made me realize that
the condition on line 238 will not scale well if more security context options
are added in the future.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
