9eb430566b
The 'airflow-worker' and 'airflow-logrotate' containers do not need to run as privileged containers to perform their jobs. Shipyard deploy_site action was used to test the 'airflow-worker' as a deploy_site invokes 'airflow-worker'. When performing deploy_site action, all steps succeeded and the 'airflow-worker' shows no errors when 'airflow-worker' is non-privileged. When 'airflow-logrotate' runs as non-privileged, the 'airflow-logrotate' container still logs correctly and is able to delete/rotate logs without problems. Note: Making airflow-worker run with non-privileged containers means that these containers will use the docker-default apparmor profile by default. Change-Id: I26eda3eb8b7a36e67c2e7b593326f1d063600fc3 |
||
---|---|---|
.. | ||
bin | ||
tests | ||
configmap-airflow-bin.yaml | ||
configmap-airflow-etc.yaml | ||
configmap-shipyard-bin.yaml | ||
configmap-shipyard-etc.yaml | ||
deployment-airflow-flower.yaml | ||
deployment-airflow-scheduler.yaml | ||
deployment-airflow-web.yaml | ||
deployment-shipyard.yaml | ||
ingress-airflow-api.yaml | ||
ingress-shipyard-api.yaml | ||
job-airflow-db-init.yaml | ||
job-airflow-db-sync.yaml | ||
job-ks-endpoints.yaml | ||
job-ks-service.yaml | ||
job-ks-user.yaml | ||
job-shipyard-db-init.yaml | ||
job-shipyard-db-sync.yaml | ||
secret-airflow-db.yaml | ||
secret-ingress-tls.yaml | ||
secret-keystone-env.yaml | ||
secret-shipyard-db.yaml | ||
service-airflow-flower.yaml | ||
service-airflow-ingress.yaml | ||
service-airflow-web.yaml | ||
service-airflow-worker.yaml | ||
service-discovery-airflow-worker.yaml | ||
service-shipyard-ingress.yaml | ||
service-shipyard.yaml | ||
statefulset-airflow-worker.yaml |