Closed MPParsley closed 11 months ago
Thanks for opening your first issue here! Be sure to follow the issue template! If you are willing to raise PR to address this issue please do so, no need to wait for approval.
As @jedcunningham mentioned in https://github.com/apache/airflow/pull/34601#issuecomment-1735705088:
It's intentional that PgBouncer, Redis, and StatsD don't use the Airflow security context. This is consistent with other aspects as well, e.g.
env
.
So using the workaround as fix.
Official Helm Chart version
1.10.0 (latest released)
Apache Airflow version
2.6.2
Kubernetes Version
1.25.11+1485cc9
Helm Chart configuration
uid: XXXXXX0000 gid: XXXXXX0000
Docker Image customizations
No response
What happened
An OpenShift Security Context Constraint (SCC) is triggered when installing the default helm chart. The statsd pod won't start and this error is thrown:
Some pods (e.g. statsd, redis) don't inherit the helm uid properly and it's not clear where the value 65534 comes from? I assume a securityContext may be missing for statsd to inherit the global.
As a workaround I added a custom override for these pods:
What you think should happen instead
The statsd pod should start properly.
How to reproduce
helm repo add apache-airflow https://airflow.apache.org/ helm install my-airflow apache-airflow/airflow --version 1.10.0 -f values.yml
values.yaml
Anything else
I'm on OpenShift
Are you willing to submit PR?
Code of Conduct