This is an automated email from the ASF dual-hosted git repository. potiuk pushed a commit to branch v1-10-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 1aafe87e011c9f4961cfa7e5913f43fee71cd2f8 Author: Qingping Hou <[email protected]> AuthorDate: Tue Oct 15 03:58:31 2019 -0700 [AIRFLOW-5641] Support running git sync container as root (#6312) (cherry picked from commit 133085eb47e04683ce3dca52b967aa41f8139613) --- airflow/executors/kubernetes_executor.py | 2 +- airflow/kubernetes/pod_generator.py | 1 - airflow/kubernetes/worker_configuration.py | 2 +- tests/executors/test_kubernetes_executor.py | 2 +- tests/kubernetes/test_worker_configuration.py | 15 +++++++++++++++ 5 files changed, 18 insertions(+), 4 deletions(-) diff --git a/airflow/executors/kubernetes_executor.py b/airflow/executors/kubernetes_executor.py index 74e504e..6ec2660 100644 --- a/airflow/executors/kubernetes_executor.py +++ b/airflow/executors/kubernetes_executor.py @@ -213,7 +213,7 @@ class KubeConfig: def _get_security_context_val(self, scontext): val = conf.get(self.kubernetes_section, scontext) if not val: - return 0 + return "" else: return int(val) diff --git a/airflow/kubernetes/pod_generator.py b/airflow/kubernetes/pod_generator.py index bf0cedf..dd0da30 100644 --- a/airflow/kubernetes/pod_generator.py +++ b/airflow/kubernetes/pod_generator.py @@ -475,7 +475,6 @@ class PodGenerator: """ dynamic_pod = PodGenerator( namespace=namespace, - image='', labels={ 'airflow-worker': worker_uuid, 'dag_id': dag_id, diff --git a/airflow/kubernetes/worker_configuration.py b/airflow/kubernetes/worker_configuration.py index 3464e81..820763b 100644 --- a/airflow/kubernetes/worker_configuration.py +++ b/airflow/kubernetes/worker_configuration.py @@ -163,7 +163,7 @@ class WorkerConfiguration(LoggingMixin): if self.kube_config.git_sync_run_as_user != "": init_containers.security_context = k8s.V1SecurityContext( - run_as_user=self.kube_config.git_sync_run_as_user or 65533 + run_as_user=self.kube_config.git_sync_run_as_user ) # git-sync user return [init_containers] diff --git a/tests/executors/test_kubernetes_executor.py b/tests/executors/test_kubernetes_executor.py index 2b3ed17..bf7bc56 100644 --- a/tests/executors/test_kubernetes_executor.py +++ b/tests/executors/test_kubernetes_executor.py @@ -133,7 +133,7 @@ class TestKubeConfig(unittest.TestCase): ('kubernetes', 'git_ssh_known_hosts_configmap_name'): 'airflow-configmap', ('kubernetes', 'git_ssh_key_secret_name'): 'airflow-secrets', ('kubernetes_annotations', "iam.com/role"): "role-arn", - ('kubernetes_annotations', "other/annotation"): "value" + ('kubernetes_annotations', "other/annotation"): "value" }) def test_kube_config_worker_annotations_properly_parsed(self): annotations = KubeConfig().kube_annotations diff --git a/tests/kubernetes/test_worker_configuration.py b/tests/kubernetes/test_worker_configuration.py index 74009a1..73b3f20 100644 --- a/tests/kubernetes/test_worker_configuration.py +++ b/tests/kubernetes/test_worker_configuration.py @@ -305,6 +305,21 @@ class TestKubernetesWorkerConfiguration(unittest.TestCase): self.assertIsNone(init_containers[0].security_context) + def test_init_environment_using_git_sync_run_as_user_root(self): + # Tests if git_syn_run_as_user is '0', securityContext is created with + # the right uid + + self.kube_config.dags_volume_claim = None + self.kube_config.dags_volume_host = None + self.kube_config.dags_in_image = None + self.kube_config.git_sync_run_as_user = 0 + + worker_config = WorkerConfiguration(self.kube_config) + init_containers = worker_config._get_init_containers() + self.assertTrue(init_containers) # check not empty + + self.assertEqual(0, init_containers[0].security_context.run_as_user) + def test_make_pod_run_as_user_0(self): # Tests the pod created with run-as-user 0 actually gets that in it's config self.kube_config.worker_run_as_user = 0
