问题
Anyone could give me an example on passing some parameters as "runAsNonRoot" when creating a pod through KubernetesPodOperator?
I've tried to dig through the documentation but it is not clear.
回答1:
At current this does not appear to be supported in the operator.
You can see that the KubePodOp has an init that makes a PodGenerator. It then adds all the volumes and mounts to it before generating. This does not at any point call the only method in which you could pass a SecurityContext add_init_containerwhose documentation appears to have been cut off mid sentence.
回答2:
You can create pods through KubernetesPodOperator such as in python format. Here is the list of all parameters you can pass through KubernetesPodOperator.
I could not find a specific example on how to pass this "runAsNonRoot" parameters through KubernetesPodOperator. In YAML format, pod security parameters are defined as following:
spec:
containers:
# specification of the pod’s containers
# ...
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
回答3:
You can pass a dictionary to the KubernetesPodOperator constructor with the following content:
security_context = {"runAsNonRoot": True}
You can look up the keys and value datatypes that you can pass via this dict in class "V1SecurityContext" and the linked classes (/python3.6/site-packages/kubernetes/client/models/v1_security_context.py).
来源:https://stackoverflow.com/questions/52742455/airflow-kubernetespodoperator-pass-securitycontext-parameter