You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by di...@apache.org on 2020/08/07 19:46:09 UTC
[airflow] branch v1-10-test updated: Init container as dict instead
of object
This is an automated email from the ASF dual-hosted git repository.
dimberman pushed a commit to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/v1-10-test by this push:
new 215c16f Init container as dict instead of object
215c16f is described below
commit 215c16f23b4a4ee652e8fe652f1c8b78a4a40aa8
Author: Daniel Imberman <da...@gmail.com>
AuthorDate: Fri Aug 7 12:45:20 2020 -0700
Init container as dict instead of object
---
airflow/kubernetes/pod_launcher.py | 8 +++++++-
tests/kubernetes/test_pod_launcher.py | 5 +----
tests/test_local_settings/test_local_settings.py | 20 ++++++++++++++++++++
3 files changed, 28 insertions(+), 5 deletions(-)
diff --git a/airflow/kubernetes/pod_launcher.py b/airflow/kubernetes/pod_launcher.py
index 39ed836..30cb26a 100644
--- a/airflow/kubernetes/pod_launcher.py
+++ b/airflow/kubernetes/pod_launcher.py
@@ -22,6 +22,7 @@ from datetime import datetime as dt
import tenacity
from kubernetes import watch, client
+from kubernetes.client.api_client import ApiClient
from kubernetes.client import models as k8s
from kubernetes.client.rest import ApiException
from kubernetes.stream import stream as kubernetes_stream
@@ -297,6 +298,11 @@ def _convert_to_airflow_pod(pod):
env_vars, secrets = _extract_env_vars_and_secrets(base_container.env)
volumes, vol_secrets = _extract_volumes_and_secrets(pod.spec.volumes, base_container.volume_mounts)
secrets.extend(vol_secrets)
+ api_client = ApiClient()
+ if pod.spec.init_containers is None:
+ init_containers = [],
+ else:
+ init_containers = [api_client.sanitize_for_serialization(i) for i in pod.spec.init_containers]
dummy_pod = Pod(
image=base_container.image,
envs=env_vars,
@@ -312,7 +318,7 @@ def _convert_to_airflow_pod(pod):
namespace=pod.metadata.namespace,
image_pull_policy=base_container.image_pull_policy or 'IfNotPresent',
tolerations=pod.spec.tolerations,
- init_containers=pod.spec.init_containers,
+ init_containers=init_containers,
image_pull_secrets=pod.spec.image_pull_secrets,
resources=base_container.resources,
service_account_name=pod.spec.service_account_name,
diff --git a/tests/kubernetes/test_pod_launcher.py b/tests/kubernetes/test_pod_launcher.py
index de7e147..64c24c6 100644
--- a/tests/kubernetes/test_pod_launcher.py
+++ b/tests/kubernetes/test_pod_launcher.py
@@ -261,10 +261,7 @@ class TestPodLauncherHelper(unittest.TestCase):
namespace="bar",
envs={},
init_containers=[
- k8s.V1Container(
- name="init-container",
- volume_mounts=[k8s.V1VolumeMount(mount_path="/tmp", name="init-secret")]
- )
+ {'name': 'init-container', 'volumeMounts': [{'mountPath': '/tmp', 'name': 'init-secret'}]}
],
cmds=["foo"],
image="myimage",
diff --git a/tests/test_local_settings/test_local_settings.py b/tests/test_local_settings/test_local_settings.py
index ece813d..7c4abf1 100644
--- a/tests/test_local_settings/test_local_settings.py
+++ b/tests/test_local_settings/test_local_settings.py
@@ -70,6 +70,13 @@ def pod_mutation_hook(pod):
"mountPath": "/opt/airflow/secrets/"
}
+ if pod.init_containers is not None:
+ for i in range(len(pod.init_containers)):
+ init_container = pod.init_containers[i]
+ init_container['securityContext'] = {"runAsGroup":50000,"runAsUser":50000}
+ if init_container['name'] == 'dag-sync':
+ init_container['securityContext'] = {"runAsGroup":40000,"runAsUser":40000}
+
pod.volumes.append(secret_volume)
pod.volume_mounts.append(secret_volume_mount)
@@ -247,11 +254,16 @@ class LocalSettingsTest(unittest.TestCase):
self.mock_kube_client = Mock()
self.pod_launcher = PodLauncher(kube_client=self.mock_kube_client)
+ init_container = k8s.V1Container(
+ name="init-container",
+ volume_mounts=[k8s.V1VolumeMount(mount_path="/tmp", name="init-secret")]
+ )
pod = pod_generator.PodGenerator(
image="foo",
name="bar",
namespace="baz",
image_pull_policy="Never",
+ init_containers=[init_container],
cmds=["foo"],
args=["/bin/sh", "-c", "touch /tmp/healthy"],
tolerations=[
@@ -286,6 +298,9 @@ class LocalSettingsTest(unittest.TestCase):
'name': 'foo',
'readOnly': True,
'subPath': '/'}]}],
+ 'initContainers': [{'name': 'init-container',
+ 'volumeMounts': [{'mountPath': '/tmp',
+ 'name': 'init-secret'}]}],
'hostNetwork': False,
'imagePullSecrets': [],
'tolerations': [{'effect': 'NoSchedule',
@@ -333,6 +348,11 @@ class LocalSettingsTest(unittest.TestCase):
]}],
'hostNetwork': False,
'imagePullSecrets': [],
+ 'initContainers': [{'name': 'init-container',
+ 'securityContext': {'runAsGroup': 50000,
+ 'runAsUser': 50000},
+ 'volumeMounts': [{'mountPath': '/tmp',
+ 'name': 'init-secret'}]}],
'tolerations': [{'effect': 'NoSchedule',
'key': 'static-pods',
'operator': 'Equal',