Dee*_*mal 8 kubernetes airflow kubernetes-python-client apache-airflow-xcom
当我在 Airflow 1.10 版中使用KubernetesPodOperator运行docker 镜像时
一旦 pod 成功完成任务,airflow 会尝试通过 k8s 流客户端连接到 pod 来获取 xcom 值。
以下是我遇到的错误:
[2018-12-18 05:29:02,209] {{models.py:1760}} ERROR - (0)
Reason: Handshake status 403 Forbidden
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/kubernetes/stream/ws_client.py", line 249, in websocket_call
client = WSClient(configuration, get_websocket_url(url), headers)
File "/usr/local/lib/python3.6/site-packages/kubernetes/stream/ws_client.py", line 72, in __init__
self.sock.connect(url, header=header)
File "/usr/local/lib/python3.6/site-packages/websocket/_core.py", line 223, in connect
self.handshake_response = handshake(self.sock, *addrs, **options)
File "/usr/local/lib/python3.6/site-packages/websocket/_handshake.py", line 79, in handshake
status, resp = _get_resp_headers(sock)
File "/usr/local/lib/python3.6/site-packages/websocket/_handshake.py", line 152, in _get_resp_headers
raise WebSocketBadStatusException("Handshake status %d %s", status, status_message)
websocket._exceptions.WebSocketBadStatusException: Handshake status 403 Forbidden
我为此使用 K8s 服务帐户
DAG 配置
xcom=真,
get_logs=真,
in_cluster=true
小智 7
所以我们也遇到了这个问题,我们不得不修改我们的 rbac 规则,特别是我们必须添加带有动词“create”和“get”的资源“pods/exec”
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: airflow-runner
rules:
- apiGroups: [""]
resources: ["deployments", "pods", "pods/log", "pods/exec", "persistentvolumeclaims"]
verbs: ["*"]
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["singleuser-image-credentials"]
verbs: ["read","list","watch","create","get"]
| 归档时间: |
|
| 查看次数: |
1685 次 |
| 最近记录: |