Jon Davies created AIRFLOW-2740:
-----------------------------------
Summary: Kubernetes RBAC policy required
Key: AIRFLOW-2740
URL: https://issues.apache.org/jira/browse/AIRFLOW-2740
Project: Apache Airflow
Issue Type: Bug
Reporter: Jon Davies
The Airflow Executor needs to ship with an example policy, something like:
{code}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: production-airflow
name: pod-reader
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["pods"]
verbs: ["create", "delete", "get", "watch", "list"]
---
# This role binding allows "default" to read pods in the "testing-airflow"
namespace.
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-pods
subjects:
- kind: ServiceAccount
name: default # Name is case sensitive
roleRef:
kind: Role #this must be Role or ClusterRole
name: pod-reader # this must match the name of the Role or ClusterRole you
wish to bind to
apiGroup: rbac.authorization.k8s.io
{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
