-
Notifications
You must be signed in to change notification settings - Fork 16.5k
Closed
Labels
Description
Official Helm Chart version
1.10.0 (latest released)
Apache Airflow version
2.7.1
Kubernetes Version
1.26.7
Helm Chart configuration
No response
Docker Image customizations
No response
What happened
When enabling dagProcessor.logGroomerSidecar, our OPA gatekeeper flags the dag-processor-log-groomer container with the appropriate non-root permissions. There is no way to set the securityContexts for this sidecar as it is not even enabled.
What you think should happen instead
The securityContexts setting for the dag-processor-log-groomer container should be configurable.
How to reproduce
In the Helm values, set dagProcessor.logGroomerSidecar to true.
Anything else
This problem occurs when there are OPA policies in place pertaining to strict securityContexts settings.
Are you willing to submit PR?
- Yes I am willing to submit a PR!
Code of Conduct
- I agree to follow this project's Code of Conduct
Reactions are currently unavailable