You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/11/18 15:05:13 UTC
[GitHub] [airflow] tomasgatial opened a new issue #19681: Can't launch Redis container on a cluster enforcing MustRunAsNonRoot policy
tomasgatial opened a new issue #19681:
URL: https://github.com/apache/airflow/issues/19681
### Official Helm Chart version
1.3.0 (latest released)
### Apache Airflow version
2.2.2 (latest released)
### Kubernetes Version
1.20
### Helm Chart configuration
default
### Docker Image customisations
None
### What happened
Unable create Redis containers when using cluster wide`PodSecurityPolicy` `MustRunAsNonRoot`.
### What you expected to happen
Default Redis runtime should be non-root to run out-of-box on clusters that enforce these security policies.
References:
https://github.com/helm/charts/blob/master/stable/redis/values.yaml#L183
https://github.com/helm/charts/blob/master/stable/redis/templates/redis-master-statefulset.yaml#L74
### How to reproduce
enable cluster wide`PodSecurityPolicy` `MustRunAsNonRoot` and install the chart with default values.
### Anything else
It is possible to work around using externalRedis.
### Are you willing to submit PR?
- [ ] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] potiuk commented on issue #19681: Can't launch Redis container on a cluster enforcing MustRunAsNonRoot policy
Posted by GitBox <gi...@apache.org>.
potiuk commented on issue #19681:
URL: https://github.com/apache/airflow/issues/19681#issuecomment-973017833
Would you like to provide a fix for it @tomasgatial ? That does not seem complex - just setting runAsUser on the redis container in the helm chart and testing it. Nice way to join the > 1800 contributors to Airfllow and pay back for the free software you use.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] boring-cyborg[bot] commented on issue #19681: Can't launch Redis container on a cluster enforcing MustRunAsNonRoot policy
Posted by GitBox <gi...@apache.org>.
boring-cyborg[bot] commented on issue #19681:
URL: https://github.com/apache/airflow/issues/19681#issuecomment-972949655
Thanks for opening your first issue here! Be sure to follow the issue template!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] tomasgatial commented on issue #19681: Can't launch Redis container on a cluster enforcing MustRunAsNonRoot policy
Posted by GitBox <gi...@apache.org>.
tomasgatial commented on issue #19681:
URL: https://github.com/apache/airflow/issues/19681#issuecomment-973158960
Sure, here comes. @potiuk thanks for encouragement!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org