From 0f7f3d69633dd2e5b2255daf2178c123ad9515b0 Mon Sep 17 00:00:00 2001 From: Varun Vora Date: Fri, 5 Feb 2021 00:31:46 +0530 Subject: [PATCH] Fix DAGs mount path in Kubernetes worker pod when gitSync is enabled (#13826) * Update pod-template-file.kubernetes-helm-yaml * Fix ssh-key access issue This change allows dags.gitSync.containerName to read ssh-key from file system. Similar to this https://github.com/varunvora/airflow/blob/ce0e6280d2ea39838e9f0617625cd07a757c3461/chart/templates/scheduler/scheduler-deployment.yaml#L92 It solves https://github.com/apache/airflow/issues/13680 issue for private repositories. Co-authored-by: Denis Krivenko <36439732+dnskr@users.noreply.github.com> GitOrigin-RevId: 5f74219e6d400c4eae9134f6015c72430d6d549f --- chart/files/pod-template-file.kubernetes-helm-yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/chart/files/pod-template-file.kubernetes-helm-yaml b/chart/files/pod-template-file.kubernetes-helm-yaml index b29aa3a02b2..0a01e0a9613 100644 --- a/chart/files/pod-template-file.kubernetes-helm-yaml +++ b/chart/files/pod-template-file.kubernetes-helm-yaml @@ -61,13 +61,16 @@ spec: name: git-sync-ssh-key subPath: ssh {{- end }} -{{- if or .Values.dags.gitSync.enabled .Values.dags.persistence.enabled }} +{{- if .Values.dags.persistence.enabled }} - mountPath: {{ include "airflow_dags_mount_path" . }} name: dags readOnly: true +{{- end }} {{- if .Values.dags.gitSync.enabled }} + - mountPath: {{ include "airflow_dags" . }} + name: dags + readOnly: true subPath: {{.Values.dags.gitSync.dest }}/{{ .Values.dags.gitSync.subPath }} -{{- end }} {{- end }} hostNetwork: false {{- if or .Values.registry.secretName .Values.registry.connection }} @@ -77,6 +80,7 @@ spec: restartPolicy: Never securityContext: runAsUser: {{ .Values.uid }} + fsGroup: {{ .Values.gid }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 4 }} affinity: {{ toYaml .Values.affinity | nindent 4 }} tolerations: {{ toYaml .Values.tolerations | nindent 4 }}