You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/03/31 17:47:44 UTC

[GitHub] [airflow] jedcunningham opened a new pull request #22663: Add `securityContext` support to Redis

jedcunningham opened a new pull request #22663:
URL: https://github.com/apache/airflow/pull/22663


   This is an alternative to #22182.
   
   This allows users to set `securityContext` on the Redis pod.
   
   cc @pgvishnuram


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] github-actions[bot] commented on pull request #22663: Add `securityContext` support to Redis

Posted by GitBox <gi...@apache.org>.

github-actions[bot] commented on pull request #22663:
URL: https://github.com/apache/airflow/pull/22663#issuecomment-1085023056


   The PR most likely needs to run full matrix of tests because it modifies parts of the core of Airflow. However, committers might decide to merge it quickly and take the risk. If they don't merge it quickly - please rebase it to the latest main at your convenience, or amend the last commit of the PR, and push it with --force-with-lease.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] jedcunningham commented on a change in pull request #22663: Add `securityContext` support to Redis

Posted by GitBox <gi...@apache.org>.

jedcunningham commented on a change in pull request #22663:
URL: https://github.com/apache/airflow/pull/22663#discussion_r839874230



##########
File path: chart/values.yaml
##########
@@ -1297,6 +1297,13 @@ redis:
     # Annotations to add to worker kubernetes service account.
     annotations: {}
 
+  uid: 999

Review comment:
       Using 999 as the default does change the behavior as it runs as `redis` not `root`, but that worked for me even if the redis db was owned as `root`. If we want to be extra safe though, we might consider defaulting to 0 instead. Thoughts?

##########
File path: chart/values.yaml
##########
@@ -1297,6 +1297,13 @@ redis:
     # Annotations to add to worker kubernetes service account.
     annotations: {}
 
+  uid: 999

Review comment:
       Using `999` as the default does change the behavior as it runs as `redis` not `root`, but that worked for me even if the redis db was owned as `root`. If we want to be extra safe though, we might consider defaulting to 0 instead. Thoughts?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org