potiuk
commented
3 months ago Sure. Marked it as good-first-issue and you are free to contribute it, otherwise it will have to wait for someone to volunteer, pick it up and contribute.
Open pykenny opened 3 months ago
potiuk
commented
3 months ago Sure. Marked it as good-first-issue and you are free to contribute it, otherwise it will have to wait for someone to volunteer, pick it up and contribute.
topherinternational
commented
1 month ago @pykenny A good start might be the k8s permissions in the Helm chart, e.g. https://github.com/apache/airflow/blob/providers-cncf-kubernetes/8.3.4/chart/templates/rbac/pod-launcher-role.yaml (and others in that directory).
It's not exactly the k8s operators, but it should be a similar perms profile as what is needed to launch a task pod from the k8s executor.
What do you see as an issue?
In
cncf-kubernetesprovider's operator section, it describes how each operator work, but does not mention what type of access privileges are required to run these operators.Same kind of details may be needed for the two types of Kubernetes executors as well.
Solving the problem
Provide privileges on Kubernetes resource required for each operator.
For instance, in 3rd-party
airflow_kubernetes_job_operatorpackage, it lists out all the privileges needed to gain full functionality of their operator in readme, written in RBAC format:Anything else
No response
Are you willing to submit PR?
Code of Conduct