[ https://issues.apache.org/jira/browse/AIRFLOW-4156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16801161#comment-16801161 ]
Ash Berlin-Taylor commented on AIRFLOW-4156: -------------------------------------------- Some overlap with AIRFLOW-3274 (though it sounds like this is more general) > KubernetesPodOperator does not support set security context > ----------------------------------------------------------- > > Key: AIRFLOW-4156 > URL: https://issues.apache.org/jira/browse/AIRFLOW-4156 > Project: Apache Airflow > Issue Type: Improvement > Components: kubernetes > Affects Versions: 1.10.2 > Environment: kubernetes > Reporter: Magnus Runesson > Priority: Major > > Good praxis running containers is to not run them as root nor run with a > writable root-filesystem. To be able to restrict this on pods launched by the > KubernetesPodOperator one must be able to set [security > context|https://kubernetes.io/docs/tasks/configure-pod-container/security-context/]. > Many hardened Kubernetes clusters require this to be set. > WIP patch, currently missing tests: > https://github.com/mrunesson/airflow/tree/feat-k8s-security-context -- This message was sent by Atlassian JIRA (v7.6.3#76005)