I mean "one team writing DAGs for multiple clients, and those tasks can't collide". We don't require actual security from malicious users, we just need some safety rails to prevent accidents.
On Fri, Jan 14, 2022 at 1:31 PM Jed Cunningham <[email protected]> wrote: > Hey Chris, > > I think the answer depends on what you mean by "multi-tenancy". I think > you mean one team writing DAGs for multiple clients and those tasks can't > collide. If so, the easiest way to have isolated workers is with > KubernetesExecutor. No shared tmp! > > If instead you mean multiple teams sharing an instance (what I consider > multi-tenancy), it's a totally different situation, and in most cases > having separate instances is the right call if you require "security". > > Remember, DAGs are arbitrary python and you can do all sorts of > interesting things in them. Do you need isolation for accidental > collisions, or do you need to protect tenant-a from > possibly-bad-actor-tenant-b? > > More reading on Airflow multi-tenancy: > > https://cwiki.apache.org/confluence/display/AIRFLOW/AIP-1%3A+Improve+Airflow+Security > https://lists.apache.org/[email protected]:lte=1y:multi-tenancy > > Jed >
