Hey Chris, I think the answer depends on what you mean by "multi-tenancy". I think you mean one team writing DAGs for multiple clients and those tasks can't collide. If so, the easiest way to have isolated workers is with KubernetesExecutor. No shared tmp!
If instead you mean multiple teams sharing an instance (what I consider multi-tenancy), it's a totally different situation, and in most cases having separate instances is the right call if you require "security". Remember, DAGs are arbitrary python and you can do all sorts of interesting things in them. Do you need isolation for accidental collisions, or do you need to protect tenant-a from possibly-bad-actor-tenant-b? More reading on Airflow multi-tenancy: https://cwiki.apache.org/confluence/display/AIRFLOW/AIP-1%3A+Improve+Airflow+Security https://lists.apache.org/[email protected]:lte=1y:multi-tenancy Jed
