DjVinnii commented on issue #49276: URL: https://github.com/apache/airflow/issues/49276#issuecomment-2806027806
> Regardless of the triage, you may find the way to configure described in [#10605](https://github.com/apache/airflow/issues/10605) useful to work around your problem: I tried the proposed solution/workaround by adding the code below. Unfortunately, the Security Context is not injected. ```python SIDECAR_CONTAINER = k8s.V1Container( ... security_context=k8s.V1SecurityContext( allow_privilege_escalation=False, read_only_root_filesystem=True, seccomp_profile=k8s.V1SeccompProfile( type="RuntimeDefault" ), ), ) ``` The complete `airflow_local_settings.py` looks like this: ```python from kubernetes.client import models as k8s class PodDefaults: """Static defaults for Pods.""" XCOM_MOUNT_PATH = "/airflow/xcom" SIDECAR_CONTAINER_NAME = "airflow-xcom-sidecar" XCOM_CMD = 'trap "exit 0" INT; while true; do sleep 1; done;' VOLUME_MOUNT = k8s.V1VolumeMount(name="xcom", mount_path=XCOM_MOUNT_PATH) VOLUME = k8s.V1Volume(name="xcom", empty_dir=k8s.V1EmptyDirVolumeSource()) SIDECAR_CONTAINER = k8s.V1Container( name=SIDECAR_CONTAINER_NAME, command=["sh", "-c", XCOM_CMD], image="alpine", volume_mounts=[VOLUME_MOUNT], resources=k8s.V1ResourceRequirements( requests={ "cpu": "1m", "memory": "10Mi", }, ), security_context = k8s.V1SecurityContext( allow_privilege_escalation=False, read_only_root_filesystem=True, seccomp_profile=k8s.V1SeccompProfile( type="RuntimeDefault" ), ), ) ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
