Skip to content

Add configurable automountServiceAccountToken for the KubernetesPodOperator #50223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
eladkal merged 3 commits into from
May 11, 2025
Merged

Add configurable automountServiceAccountToken for the KubernetesPodOperator #50223

eladkal merged 3 commits into from
May 11, 2025

Conversation

@DjVinnii
Copy link
Contributor

@DjVinnii DjVinnii commented May 5, 2025

The KubernetesPodOperator did not allow for overriding the automountServiceAccount token field when creating pods. By default this will mount the API token for the Service Account, which might be prohibited by for example OPA policies. This PR allows the override of this setting, but still keeping the default behavior.

^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named {pr_number}.significant.rst or {issue_number}.significant.rst, in airflow-core/newsfragments.

@boring-cyborg boring-cyborg bot added area:providers provider:cncf-kubernetes Kubernetes (k8s) provider related issues labels May 5, 2025
@eladkal eladkal force-pushed the KPO-configurable-automountServiceAccountToken branch from 2e72080 to 2c721c4 Compare May 11, 2025 06:03
@eladkal eladkal requested a review from romsharon98 May 11, 2025 06:03
@eladkal
Copy link
Contributor

eladkal commented May 11, 2025

@DjVinnii can you fix the failing tests?

@DjVinnii
Copy link
Contributor Author

DjVinnii commented May 11, 2025

@DjVinnii can you fix the failing tests?

Sure, looking at it!

@eladkal eladkal merged commit 40216ef into apache:main May 11, 2025
76 checks passed
@DjVinnii DjVinnii deleted the KPO-configurable-automountServiceAccountToken branch May 12, 2025 18:22
This was referenced May 14, 2025
Closed
Closed
sanederchik pushed a commit to sanederchik/airflow that referenced this pull request Jun 7, 2025
@DjVinnii @eladkal @sanederchik
Add configurable automountServiceAccountToken for the KubernetesPodOp…
e25e2fe 
…erator (apache#50223)

* Add configurable automountServiceAccountToken

* fix spell check

* Update Kubernetes Tests with automountServiceAccountToken

---------

Co-authored-by: Elad Kalif <45845474+eladkal@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@romsharon98 romsharon98 romsharon98 approved these changes

@eladkal eladkal eladkal approved these changes

@jedcunningham jedcunningham Awaiting requested review from jedcunningham jedcunningham is a code owner

@hussein-awala hussein-awala Awaiting requested review from hussein-awala hussein-awala is a code owner

@potiuk potiuk Awaiting requested review from potiuk potiuk is a code owner

@ashb ashb Awaiting requested review from ashb ashb is a code owner

@gopidesupavan gopidesupavan Awaiting requested review from gopidesupavan gopidesupavan is a code owner

@jason810496 jason810496 Awaiting requested review from jason810496 jason810496 is a code owner

Assignees

No one assigned

Labels

area:providers provider:cncf-kubernetes Kubernetes (k8s) provider related issues

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@DjVinnii @eladkal @romsharon98