aneesh-joseph-1 opened a new issue #8682: URL: https://github.com/apache/airflow/issues/8682
If I use the KubernetesExecutor and do not set a `fs_group` in `airflow.cfg` I would expect that the the `fs_group` is not set in the `securityContext` while creating the pod..It is also expected that the `fs_group` is set to 65533 if git sync with ssh is being used and `fs_group` is not explicitly set.. The actual behaviour is different If `fs_group` is not set, it gets defaulted to 0 - https://github.com/apache/airflow/blob/17f0eb15ba1d2766eb673e1c846f3d278207cd0a/airflow/contrib/executors/kubernetes_executor.py#L298), which breaks on clusters which have Pod Security policies in place to block fs_group of 0. Since this gets defaulted to 0, the logic to use 65533 never comes into play - https://github.com/apache/airflow/blob/1.10.10/airflow/contrib/kubernetes/worker_configuration.py#L239 ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
