Accessing Kubernetes Secret from Airflow KubernetesPodOperator Unicorn Meta Zoo #1: Why another podcast? Announcing the arrival of Valued Associate #679: Cesar Manara Data science time! April 2019 and salary with experience The Ask Question Wizard is Live!What's the difference between Apache's Mesos and Google's KubernetesKubernetes Pod fails with CrashLoopBackOffHow to protect k8s secrets using rbac?Kubernetes - Jenkins integrationHow to validate airflow DAG with customer operator?How to force jinja templating on airflow variable?Jenkins Kubernetes plugin failing to provision jnlp-slave podsPrivate images with Airflow KubernetesPodOperatorRetrieve Kubernetes' Secret from Google Composer (Airflow)Airflow no module named 'kubernetes'

'Var' does not name a type!

Could moose/elk survive in the Amazon forest?

What is /etc/mtab in Linux?

Is Bran literally the world's memory?

Protagonist's race is hidden - should I reveal it?

How to count in linear time worst-case?

I preordered a game on my Xbox while on the home screen of my friend's account. Which of us owns the game?

Are all CP/M-80 implementations binary compatible?

What's parked in Mil Moscow helicopter plant?

How long after the last departure shall the airport stay open for an emergency return?

How to keep bees out of canned beverages?

Is a 5 watt UHF/VHF handheld considered QRP?

How can I make a line end at the edge of an irregular shape?

Mistake in years of experience in resume?

Implementing 3DES algorithm in Java: is my code secure?

What is the ongoing value of the Kanban board to the developers as opposed to management

Does the set of sets which are elements of every set exist?

Suing a Police Officer Instead of the Police Department

Is Electric Central Heating worth it if using Solar Panels?

Married in secret, can marital status in passport be changed at a later date?

Split coins into combinations of different denominations

How do I check if a string is entirely made of the same substring?

What is the best argument for maximum parsimony method in phylogenetic tree construction?

Co-worker works way more than he should



Accessing Kubernetes Secret from Airflow KubernetesPodOperator



Unicorn Meta Zoo #1: Why another podcast?
Announcing the arrival of Valued Associate #679: Cesar Manara
Data science time! April 2019 and salary with experience
The Ask Question Wizard is Live!What's the difference between Apache's Mesos and Google's KubernetesKubernetes Pod fails with CrashLoopBackOffHow to protect k8s secrets using rbac?Kubernetes - Jenkins integrationHow to validate airflow DAG with customer operator?How to force jinja templating on airflow variable?Jenkins Kubernetes plugin failing to provision jnlp-slave podsPrivate images with Airflow KubernetesPodOperatorRetrieve Kubernetes' Secret from Google Composer (Airflow)Airflow no module named 'kubernetes'



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








0















I'm setting up an Airflow environment on Google Cloud Composer for testing. I've added some secrets to my namespace, and they show up fine:



$ kubectl describe secrets/eric-env-vars
Name: eric-env-vars
Namespace: eric-dev
Labels: <none>
Annotations: <none>

Type: Opaque

Data
====
VERSION_NUMBER: 6 bytes


I've referenced this secret in my DAG definition file (leaving out some code for brevity):



env_var_secret = Secret(
 deploy_type='env',
 deploy_target='VERSION_NUMBER',
 secret='eric-env-vars',
 key='VERSION_NUMBER',
)

dag = DAG('env_test', schedule_interval=None, start_date=start_date)

operator = KubernetesPodOperator(
 name='k8s-env-var-test',
 task_id='k8s-env-var-test',
 dag=dag,
 image='ubuntu:16.04',
 cmds=['bash', '-cx'],
 arguments=['env'],
 config_file=os.environ['KUBECONFIG'],
 namespace='eric-dev',
 secrets=[env_var_secret],
)


But when I run this DAG, the VERSION_NUMBER env var isn't printed out. It doesn't look like it's being properly linked to the pod either (apologies for imprecise language, I am new to both Kubernetes and Airflow). This is from the Airflow task log of the pod creation response (also formatted for brevity/readability):



'env': [

 'name': 'VERSION_NUMBER',
 'value': None,
 'value_from': 
 'config_map_key_ref': None,
 'field_ref': None,
 'resource_field_ref': None,
 'secret_key_ref': 
 'key': 'VERSION_NUMBER',
 'name': 'eric-env-vars',
 'optional': None
 
 
]


I'm assuming that we're somehow calling the constructor for the Secret wrong, but I am not entirely sure. Guidance appreciated!






kubernetes airflow google-cloud-composer







share|improve this question
























  • Does the value you expect in VERSION_NUMBER at least make its way into BASE_IMAGE_VERSION?

    – hexacyanide
    Mar 22 at 16:04











  • @hexacyanide Yes, this is same variable, I just made an error in my editing of the logs and operators. Fixing that now.

    – Eric Fulmer
    Mar 22 at 16:05

















0















I'm setting up an Airflow environment on Google Cloud Composer for testing. I've added some secrets to my namespace, and they show up fine:



$ kubectl describe secrets/eric-env-vars
Name: eric-env-vars
Namespace: eric-dev
Labels: <none>
Annotations: <none>

Type: Opaque

Data
====
VERSION_NUMBER: 6 bytes


I've referenced this secret in my DAG definition file (leaving out some code for brevity):



env_var_secret = Secret(
 deploy_type='env',
 deploy_target='VERSION_NUMBER',
 secret='eric-env-vars',
 key='VERSION_NUMBER',
)

dag = DAG('env_test', schedule_interval=None, start_date=start_date)

operator = KubernetesPodOperator(
 name='k8s-env-var-test',
 task_id='k8s-env-var-test',
 dag=dag,
 image='ubuntu:16.04',
 cmds=['bash', '-cx'],
 arguments=['env'],
 config_file=os.environ['KUBECONFIG'],
 namespace='eric-dev',
 secrets=[env_var_secret],
)


But when I run this DAG, the VERSION_NUMBER env var isn't printed out. It doesn't look like it's being properly linked to the pod either (apologies for imprecise language, I am new to both Kubernetes and Airflow). This is from the Airflow task log of the pod creation response (also formatted for brevity/readability):



'env': [

 'name': 'VERSION_NUMBER',
 'value': None,
 'value_from': 
 'config_map_key_ref': None,
 'field_ref': None,
 'resource_field_ref': None,
 'secret_key_ref': 
 'key': 'VERSION_NUMBER',
 'name': 'eric-env-vars',
 'optional': None
 
 
]


I'm assuming that we're somehow calling the constructor for the Secret wrong, but I am not entirely sure. Guidance appreciated!






kubernetes airflow google-cloud-composer







share|improve this question
























  • Does the value you expect in VERSION_NUMBER at least make its way into BASE_IMAGE_VERSION?

    – hexacyanide
    Mar 22 at 16:04











  • @hexacyanide Yes, this is same variable, I just made an error in my editing of the logs and operators. Fixing that now.

    – Eric Fulmer
    Mar 22 at 16:05













0












0








0








I'm setting up an Airflow environment on Google Cloud Composer for testing. I've added some secrets to my namespace, and they show up fine:



$ kubectl describe secrets/eric-env-vars
Name: eric-env-vars
Namespace: eric-dev
Labels: <none>
Annotations: <none>

Type: Opaque

Data
====
VERSION_NUMBER: 6 bytes


I've referenced this secret in my DAG definition file (leaving out some code for brevity):



env_var_secret = Secret(
 deploy_type='env',
 deploy_target='VERSION_NUMBER',
 secret='eric-env-vars',
 key='VERSION_NUMBER',
)

dag = DAG('env_test', schedule_interval=None, start_date=start_date)

operator = KubernetesPodOperator(
 name='k8s-env-var-test',
 task_id='k8s-env-var-test',
 dag=dag,
 image='ubuntu:16.04',
 cmds=['bash', '-cx'],
 arguments=['env'],
 config_file=os.environ['KUBECONFIG'],
 namespace='eric-dev',
 secrets=[env_var_secret],
)


But when I run this DAG, the VERSION_NUMBER env var isn't printed out. It doesn't look like it's being properly linked to the pod either (apologies for imprecise language, I am new to both Kubernetes and Airflow). This is from the Airflow task log of the pod creation response (also formatted for brevity/readability):



'env': [

 'name': 'VERSION_NUMBER',
 'value': None,
 'value_from': 
 'config_map_key_ref': None,
 'field_ref': None,
 'resource_field_ref': None,
 'secret_key_ref': 
 'key': 'VERSION_NUMBER',
 'name': 'eric-env-vars',
 'optional': None
 
 
]


I'm assuming that we're somehow calling the constructor for the Secret wrong, but I am not entirely sure. Guidance appreciated!






kubernetes airflow google-cloud-composer







share|improve this question
















I'm setting up an Airflow environment on Google Cloud Composer for testing. I've added some secrets to my namespace, and they show up fine:



$ kubectl describe secrets/eric-env-vars
Name: eric-env-vars
Namespace: eric-dev
Labels: <none>
Annotations: <none>

Type: Opaque

Data
====
VERSION_NUMBER: 6 bytes


I've referenced this secret in my DAG definition file (leaving out some code for brevity):



env_var_secret = Secret(
 deploy_type='env',
 deploy_target='VERSION_NUMBER',
 secret='eric-env-vars',
 key='VERSION_NUMBER',
)

dag = DAG('env_test', schedule_interval=None, start_date=start_date)

operator = KubernetesPodOperator(
 name='k8s-env-var-test',
 task_id='k8s-env-var-test',
 dag=dag,
 image='ubuntu:16.04',
 cmds=['bash', '-cx'],
 arguments=['env'],
 config_file=os.environ['KUBECONFIG'],
 namespace='eric-dev',
 secrets=[env_var_secret],
)


But when I run this DAG, the VERSION_NUMBER env var isn't printed out. It doesn't look like it's being properly linked to the pod either (apologies for imprecise language, I am new to both Kubernetes and Airflow). This is from the Airflow task log of the pod creation response (also formatted for brevity/readability):



'env': [

 'name': 'VERSION_NUMBER',
 'value': None,
 'value_from': 
 'config_map_key_ref': None,
 'field_ref': None,
 'resource_field_ref': None,
 'secret_key_ref': 
 'key': 'VERSION_NUMBER',
 'name': 'eric-env-vars',
 'optional': None
 
 
]


I'm assuming that we're somehow calling the constructor for the Secret wrong, but I am not entirely sure. Guidance appreciated!






kubernetes airflow google-cloud-composer




kubernetes airflow google-cloud-composer






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 22 at 16:06







Eric Fulmer

















asked Mar 22 at 15:41









Eric FulmerEric Fulmer

3991315




3991315












  • Does the value you expect in VERSION_NUMBER at least make its way into BASE_IMAGE_VERSION?

    – hexacyanide
    Mar 22 at 16:04











  • @hexacyanide Yes, this is same variable, I just made an error in my editing of the logs and operators. Fixing that now.

    – Eric Fulmer
    Mar 22 at 16:05

















  • Does the value you expect in VERSION_NUMBER at least make its way into BASE_IMAGE_VERSION?

    – hexacyanide
    Mar 22 at 16:04











  • @hexacyanide Yes, this is same variable, I just made an error in my editing of the logs and operators. Fixing that now.

    – Eric Fulmer
    Mar 22 at 16:05
















Does the value you expect in VERSION_NUMBER at least make its way into BASE_IMAGE_VERSION?

– hexacyanide
Mar 22 at 16:04





Does the value you expect in VERSION_NUMBER at least make its way into BASE_IMAGE_VERSION?

– hexacyanide
Mar 22 at 16:04













@hexacyanide Yes, this is same variable, I just made an error in my editing of the logs and operators. Fixing that now.

– Eric Fulmer
Mar 22 at 16:05





@hexacyanide Yes, this is same variable, I just made an error in my editing of the logs and operators. Fixing that now.

– Eric Fulmer
Mar 22 at 16:05












1 Answer
1






active

oldest

votes


















1














Turns out this was a misunderstanding of the logs!



When providing an environment variable to a Kubernetes pod via a Secret, that value key in the API response is None because the value comes from the secret_key_ref.






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function ()
    StackExchange.using("externalEditor", function ()
    StackExchange.using("snippets", function ()
    StackExchange.snippets.init();
    );
    );
    , "code-snippets");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "1"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55303229%2faccessing-kubernetes-secret-from-airflow-kubernetespodoperator%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    Turns out this was a misunderstanding of the logs!



    When providing an environment variable to a Kubernetes pod via a Secret, that value key in the API response is None because the value comes from the secret_key_ref.






    share|improve this answer



























      1














      Turns out this was a misunderstanding of the logs!



      When providing an environment variable to a Kubernetes pod via a Secret, that value key in the API response is None because the value comes from the secret_key_ref.






      share|improve this answer

























        1












        1








        1







        Turns out this was a misunderstanding of the logs!



        When providing an environment variable to a Kubernetes pod via a Secret, that value key in the API response is None because the value comes from the secret_key_ref.






        share|improve this answer













        Turns out this was a misunderstanding of the logs!



        When providing an environment variable to a Kubernetes pod via a Secret, that value key in the API response is None because the value comes from the secret_key_ref.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Mar 22 at 16:54









        Eric FulmerEric Fulmer

        3991315




        3991315





























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55303229%2faccessing-kubernetes-secret-from-airflow-kubernetespodoperator%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            SQL error code 1064 with creating Laravel foreign keysForeign key constraints: When to use ON UPDATE and ON DELETEDropping column with foreign key Laravel error: General error: 1025 Error on renameLaravel SQL Can't create tableLaravel Migration foreign key errorLaravel php artisan migrate:refresh giving a syntax errorSQLSTATE[42S01]: Base table or view already exists or Base table or view already exists: 1050 Tableerror in migrating laravel file to xampp serverSyntax error or access violation: 1064:syntax to use near 'unsigned not null, modelName varchar(191) not null, title varchar(191) not nLaravel cannot create new table field in mysqlLaravel 5.7:Last migration creates table but is not registered in the migration table

            Image
            Does a multiclassed wizard start with a spellbook? Minimizing medical costs with HSA Boss has banned cycling to work because he thinks it's unsafe Is there a typical layout to blocking installed for backing in new construction framing? In the Seventh Seal why does Death let the chess game happen? Why has Novell never written its own boot loader? Should I warn my boss I might take sick leave Why is the saxophone not common in classical repertoire? Is it possible to spoof an IP address to an exact number? Motorcyle Chain needs to be cleaned every time you lube it? Bypass with wrong cvv of debit card and getting OTP Do we have a much compact and generalized version of erase–remove idiom? how can i make this execution plan more efficient? Why did moving the mouse cursor cause Windows 95 to run more quickly? What's the big deal about the Nazgûl losing their horses? Has chattel slavery ever been used as a criminal punishment in the USA since the passag...
            Read more

            용인 삼성생명 블루밍스 목차 통계 역대 감독 선수단 응원단 경기장 같이 보기 외부 링크 둘러보기 메뉴samsungblueminx.comeh선수 명단용인 삼성생명 블루밍스용인 삼성생명 블루밍스ehsamsungblueminx.comeheheheh

            Image
            수원 삼성생명 비추미광주 신세계 쿨캣수원 삼성생명 비추미안산 신한은행 에스버드안산 신한은행 에스버드안산 신한은행 에스버드춘천 우리은행 한새춘천 우리은행 한새춘천 우리은행 한새춘천 우리은행 한새아산 우리은행 위비아산 우리은행 위비청주 KB 스타즈 한국 여자 농구 연맹 팀1977년 설립...
            Read more

            155 수학 과학 기타 둘러보기 메뉴eh추가해eh문서를 완성해

            Image
            0123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369...
            Read more