python icon indicating copy to clipboard operation
python copied to clipboard
verified publisher icon kubernetes-client

In Airflow KubernetesPodOperator, V1WindowsSecurityContextOptions is not working

Open daru1027 opened this issue 3 years ago • 2 comments

What happened (please include outputs or screenshots): In Airflow KubernetesPodOperator, host_process of V1WindowsSecurityContextOptions is not reflected. What you expected to happen: I want host_process to be reflected from none to true. How to reproduce it (as minimally and precisely as possible):

#Airflow DAG
security_context = k8s.V1PodSecurityContext(
    fs_group=1000,
    windows_options=k8s.V1WindowsSecurityContextOptions(
        host_process=True
    )
)

...

with DAG(
    dag_id='example_kubernetes_operator',
    schedule_interval=None,
    start_date=datetime(2021, 1, 1),
) as dag:
    k = KubernetesPodOperator(
        namespace='trino',
        image=My_Image,
        labels={"foo": "bar"},
        name="airflow-test-pod",
        task_id="task",
        is_delete_operator_pod=False,
        tolerations=tolerations,
        security_context=security_context
    )

#Airflow log
'security_context': {'fs_group': 1000,
                               'fs_group_change_policy': None,
                               'run_as_group': None,
                               'run_as_non_root': None,
                               'run_as_user': None,
                               'se_linux_options': None,
                               'seccomp_profile': None,
                               'supplemental_groups': None,
                               'sysctls': None,
                               'windows_options': {'gmsa_credential_spec': None,
                                                   'gmsa_credential_spec_name': None,
                                                   'host_process': None,
                                                   'run_as_user_name': None}},

Anything else we need to know?:

Environment:

  • Kubernetes version (kubectl version):
  • OS (e.g., MacOS 10.13.6): AWS EKS version 1.19
  • Python version (python --version) Airflow Pod python version: 3.7.13
  • Python client version (pip list | grep kubernetes) apache-airflow-providers-cncf-kubernetes 4.1.0 kubernetes 23.6.0

daru1027 avatar Sep 02 '22 03:09 daru1027

/assign @yliaog

roycaihw avatar Sep 12 '22 16:09 roycaihw

it seems to be an issue with KubernetesPodOperator in airflow, not necessarily with this python client library. could you please file a bug with airflow?

yliaog avatar Sep 12 '22 17:09 yliaog

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Dec 11 '22 17:12 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Jan 10 '23 18:01 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-triage-robot avatar Feb 09 '23 18:02 k8s-triage-robot

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Feb 09 '23 18:02 k8s-ci-robot