Feature: Support using content of kubeconfig to create KubernetesHook #39249
Conversation
luoyuliuyin
requested review from
jedcunningham and
hussein-awala
as code owners
boring-cyborg
bot
added
area:providers
provider:cncf-kubernetes
luoyuliuyin
force-pushed
the
main
branch
2 times, most recently
from
e4689de
to
920105f
Compare
| mock_kube_config_loader.assert_called_once() | ||
| mock_kube_config_merger.assert_called_once_with("fake-temp-file") | ||
| else: | ||
| mock_tempfile.is_called_once() |
There was a problem hiding this comment.
If there is no kubeconfig this function should be called?
The code under if and else blocks is the same..
There was a problem hiding this comment.
this function should be called.
When conn_id or kube_config exists, the content of kubeconfig file will be saved to the temporary file fake-temp-file, and then kube_config_loader will load fake-temp-file, otherwise kube_config_loader will load ~/.kube/config
I've fixed unittest and added comments.
It is indeed one-time for the airflow user, but it is continuous for the airflow owner. I now manage an airflow system, and there are many users. For me, configuring the user's kubeconfig is a continuous boring job. |
|
@amoghrajesh @hussein-awala @jedcunningham |
PR of
Use kubeconfig as one of the optional parameters for creating KubernetesHookcloses: #39227When we use
KubernetesPodOperator, we need to createKubernetesHookin order to connect to Kubernetes services. There are currently 3 supported methods for creatingKubernetesHook:1、environment variable method,
2、kubeconfig_path method,
3、db connection variable method.
However, these methods are all from the perspective of the airflow system owner. The airflow owner can change the variables of the airflow_worker, create and modify files in the airflow_worker, and operate the airflow_db. However, in many cases, the users of airflow are not The owner of airflow, The user does not have the authority to make changes to the airflow_worker, nor does it have read and write permissions to the db, nor should it see the data stored in the db by other users.
Therefore, it is best for users to manage their own data rather than hosting it on the airflow system, in this case, it is a relatively reasonable choice to add an optional parameter to receive the kubeconfig text.