You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by di...@apache.org on 2020/06/25 20:50:17 UTC
[airflow] branch v1-10-test updated (ff96b8e -> 13be816)
This is an automated email from the ASF dual-hosted git repository.
dimberman pushed a change to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git.
omit ff96b8e [AIRFLOW-5641] Support running git sync container as root (#6312)
new 13be816 [AIRFLOW-5641] Support running git sync container as root (#6312)
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (ff96b8e)
\
N -- N -- N refs/heads/v1-10-test (13be816)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
airflow/kubernetes/pod_generator.py | 1 -
1 file changed, 1 deletion(-)
[airflow] 01/01: [AIRFLOW-5641] Support running git sync container
as root (#6312)
Posted by di...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
dimberman pushed a commit to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 13be81618d6f0821b43534364bec60205c137ff5
Author: Qingping Hou <qp...@scribd.com>
AuthorDate: Tue Oct 15 03:58:31 2019 -0700
[AIRFLOW-5641] Support running git sync container as root (#6312)
(cherry picked from commit 133085eb47e04683ce3dca52b967aa41f8139613)
---
airflow/executors/kubernetes_executor.py | 2 +-
airflow/kubernetes/pod_generator.py | 1 -
airflow/kubernetes/worker_configuration.py | 2 +-
tests/executors/test_kubernetes_executor.py | 2 +-
tests/kubernetes/test_worker_configuration.py | 15 +++++++++++++++
5 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/airflow/executors/kubernetes_executor.py b/airflow/executors/kubernetes_executor.py
index 74e504e..6ec2660 100644
--- a/airflow/executors/kubernetes_executor.py
+++ b/airflow/executors/kubernetes_executor.py
@@ -213,7 +213,7 @@ class KubeConfig:
def _get_security_context_val(self, scontext):
val = conf.get(self.kubernetes_section, scontext)
if not val:
- return 0
+ return ""
else:
return int(val)
diff --git a/airflow/kubernetes/pod_generator.py b/airflow/kubernetes/pod_generator.py
index bf0cedf..dd0da30 100644
--- a/airflow/kubernetes/pod_generator.py
+++ b/airflow/kubernetes/pod_generator.py
@@ -475,7 +475,6 @@ class PodGenerator:
"""
dynamic_pod = PodGenerator(
namespace=namespace,
- image='',
labels={
'airflow-worker': worker_uuid,
'dag_id': dag_id,
diff --git a/airflow/kubernetes/worker_configuration.py b/airflow/kubernetes/worker_configuration.py
index 3464e81..820763b 100644
--- a/airflow/kubernetes/worker_configuration.py
+++ b/airflow/kubernetes/worker_configuration.py
@@ -163,7 +163,7 @@ class WorkerConfiguration(LoggingMixin):
if self.kube_config.git_sync_run_as_user != "":
init_containers.security_context = k8s.V1SecurityContext(
- run_as_user=self.kube_config.git_sync_run_as_user or 65533
+ run_as_user=self.kube_config.git_sync_run_as_user
) # git-sync user
return [init_containers]
diff --git a/tests/executors/test_kubernetes_executor.py b/tests/executors/test_kubernetes_executor.py
index 2b3ed17..bf7bc56 100644
--- a/tests/executors/test_kubernetes_executor.py
+++ b/tests/executors/test_kubernetes_executor.py
@@ -133,7 +133,7 @@ class TestKubeConfig(unittest.TestCase):
('kubernetes', 'git_ssh_known_hosts_configmap_name'): 'airflow-configmap',
('kubernetes', 'git_ssh_key_secret_name'): 'airflow-secrets',
('kubernetes_annotations', "iam.com/role"): "role-arn",
- ('kubernetes_annotations', "other/annotation"): "value"
+ ('kubernetes_annotations', "other/annotation"): "value"
})
def test_kube_config_worker_annotations_properly_parsed(self):
annotations = KubeConfig().kube_annotations
diff --git a/tests/kubernetes/test_worker_configuration.py b/tests/kubernetes/test_worker_configuration.py
index 74009a1..73b3f20 100644
--- a/tests/kubernetes/test_worker_configuration.py
+++ b/tests/kubernetes/test_worker_configuration.py
@@ -305,6 +305,21 @@ class TestKubernetesWorkerConfiguration(unittest.TestCase):
self.assertIsNone(init_containers[0].security_context)
+ def test_init_environment_using_git_sync_run_as_user_root(self):
+ # Tests if git_syn_run_as_user is '0', securityContext is created with
+ # the right uid
+
+ self.kube_config.dags_volume_claim = None
+ self.kube_config.dags_volume_host = None
+ self.kube_config.dags_in_image = None
+ self.kube_config.git_sync_run_as_user = 0
+
+ worker_config = WorkerConfiguration(self.kube_config)
+ init_containers = worker_config._get_init_containers()
+ self.assertTrue(init_containers) # check not empty
+
+ self.assertEqual(0, init_containers[0].security_context.run_as_user)
+
def test_make_pod_run_as_user_0(self):
# Tests the pod created with run-as-user 0 actually gets that in it's config
self.kube_config.worker_run_as_user = 0