AXington opened a new issue #12563:
URL: https://github.com/apache/airflow/issues/12563
<!--
Welcome to Apache Airflow! For a smooth issue process, try to answer the
following questions.
Don't worry if they're not all applicable; just try to include what you can
:-)
If you need to include code snippets or logs, please put them in fenced code
blocks. If they're super-long, please use the details tag like
<details><summary>super-long log</summary> lots of stuff </details>
Please delete these comment blocks before submitting the issue.
-->
<!--
IMPORTANT!!!
PLEASE CHECK "SIMILAR TO X EXISTING ISSUES" OPTION IF VISIBLE
NEXT TO "SUBMIT NEW ISSUE" BUTTON!!!
PLEASE CHECK IF THIS ISSUE HAS BEEN REPORTED PREVIOUSLY USING SEARCH!!!
Please complete the next sections or the issue will be closed.
These questions are the first thing we need to know to understand the
context.
-->
**Apache Airflow version**: 1.10.12
**Kubernetes version (if you are using kubernetes)** (use `kubectl
version`): 1.17.XX (EKS)
**Environment**:
- **Cloud provider or hardware configuration**: AWS + EKS + Container
Other useful info:
Using Airflow with Kubernetes Executor as stated in title.
Have been using a custom container for quite a while and cannot switch to
official container at the moment because of the work involved with doing so.
**What happened**:
After upgrading to 1.10.12 we get this error message when a task pod
```kubectl -n airflow logs -f
hourlyjobv11keyerrortierstriggerdagandviewlogtoseefullstacktrace-a4883c55bd4247f38a895ee95200dda8
Traceback (most recent call last):
File "/usr/local/bin/airflow", line 25, in <module>
from airflow.configuration import conf
File "/usr/local/lib/python3.7/site-packages/airflow/__init__.py", line
31, in <module>
from airflow.utils.log.logging_mixin import LoggingMixin
File "/usr/local/lib/python3.7/site-packages/airflow/utils/__init__.py",
line 24, in <module>
from .decorators import apply_defaults as _apply_defaults
File "/usr/local/lib/python3.7/site-packages/airflow/utils/decorators.py",
line 36, in <module>
from airflow import settings
File "/usr/local/lib/python3.7/site-packages/airflow/settings.py", line
37, in <module>
from airflow.configuration import conf, AIRFLOW_HOME, WEBSERVER_CONFIG
# NOQA F401
File "/usr/local/lib/python3.7/site-packages/airflow/configuration.py",
line 712, in <module>
with open(TEST_CONFIG_FILE, 'w') as f:
PermissionError: [Errno 13] Permission denied:
'/usr/local/airflow/unittests.cfg'```
This is because now Airflow is injecting code to run as user ID 50000 in the
`securityContext` section of the pod yaml. Our airflow user is 1000. Same with
fsGroup. This causes the above error, which also highlights that airflow
creates a unittest.cfg every time it loads config, which really shouldn't be
happening in production code.
**What you expected to happen**:
Not to have to force a user ID change and/or the above to happen at all,
and/or it to run as always... and/or any important thing like airflow
defaulting to use a new UID to be documented in breaking changes.
Not to have airflow writing to the FS of a container anyways so I can set
the container FS to be RO as is considered best practice (both not writing to a
container FS and setting the FS to be RO)
**How to reproduce it**:
Run an airflow container with either a read-only FS or where the airflow
user isn't 50000
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
