pgagnon commented on a change in pull request #4648: [AIRFLOW-3274] Add
run_as_user and fs_group options for Kubernetes
URL: https://github.com/apache/airflow/pull/4648#discussion_r263226398
##########
File path: airflow/contrib/kubernetes/worker_configuration.py
##########
@@ -169,12 +169,15 @@ def _get_image_pull_secrets(self):
def _get_security_context(self):
"""Defines the security context"""
+ security_context = {
+ 'run_as_user': self.kube_config.worker_run_as_user,
+ 'fs_group': self.kube_config.worker_fs_group,
+ }
+
if self.kube_config.git_ssh_key_secret_name:
- return {
- 'fsGroup': 65533 # to make SSH key readable
- }
- else:
- return None
+ security_context['fs_group'] = 65533 # to make SSH key readable
Review comment:
I have addressed this comment by defaulting `fs_group` to `65533` if
`git_ssh_key_secret_name` is present and `worker_fs_group` is not explicitely
set to another value.
Also adding your suggestion to the config file template.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
