def test_make_pod_git_sync_ssh_without_known_hosts(self): # Tests the pod created with git-sync SSH authentication option is correct without known hosts self.kube_config.airflow_configmap = 'airflow-configmap' self.kube_config.git_ssh_key_secret_name = 'airflow-secrets' self.kube_config.dags_volume_claim = None self.kube_config.dags_volume_host = None self.kube_config.dags_in_image = None self.kube_config.worker_fs_group = None worker_config = WorkerConfiguration(self.kube_config) kube_executor_config = KubernetesExecutorConfig(annotations=[], volumes=[], volume_mounts=[]) pod = worker_config.make_pod("default", str(uuid.uuid4()), "test_pod_id", "test_dag_id", "test_task_id", str(datetime.utcnow()), 1, "bash -c 'ls /'", kube_executor_config) init_containers = worker_config._get_init_containers() git_ssh_key_file = next((x['value'] for x in init_containers[0]['env'] if x['name'] == 'GIT_SSH_KEY_FILE'), None) volume_mount_ssh_key = next( (x['mountPath'] for x in init_containers[0]['volumeMounts'] if x['name'] == worker_config.git_sync_ssh_secret_volume_name), None) self.assertTrue(git_ssh_key_file) self.assertTrue(volume_mount_ssh_key) self.assertEqual(65533, pod.security_context['fsGroup']) self.assertEqual( git_ssh_key_file, volume_mount_ssh_key, 'The location where the git ssh secret is mounted' ' needs to be the same as the GIT_SSH_KEY_FILE path')
def test_make_pod_git_sync_rev(self): # Tests the pod created with git_sync_credentials_secret will get into the init container self.kube_config.git_sync_rev = 'sampletag' self.kube_config.dags_volume_claim = None self.kube_config.dags_volume_host = None self.kube_config.dags_in_image = None self.kube_config.worker_fs_group = None self.kube_config.git_dags_folder_mount_point = 'dags' self.kube_config.git_sync_dest = 'repo' self.kube_config.git_subpath = 'path' worker_config = WorkerConfiguration(self.kube_config) kube_executor_config = KubernetesExecutorConfig(annotations=[], volumes=[], volume_mounts=[]) pod = worker_config.make_pod("default", str(uuid.uuid4()), "test_pod_id", "test_dag_id", "test_task_id", str(datetime.utcnow()), 1, "bash -c 'ls /'", kube_executor_config) rev_env = { 'name': 'GIT_SYNC_REV', 'value': self.kube_config.git_sync_rev } self.assertIn(rev_env, pod.init_containers[0]["env"], 'The git_sync_rev env did not get into the init container')
def test_make_pod_git_sync_ssh_without_known_hosts(self): # Tests the pod created with git-sync SSH authentication option is correct without known hosts self.kube_config.airflow_configmap = 'airflow-configmap' self.kube_config.git_ssh_key_secret_name = 'airflow-secrets' self.kube_config.dags_volume_claim = None self.kube_config.dags_volume_host = None self.kube_config.dags_in_image = None self.kube_config.worker_fs_group = None worker_config = WorkerConfiguration(self.kube_config) kube_executor_config = KubernetesExecutorConfig(annotations=[], volumes=[], volume_mounts=[]) pod = worker_config.make_pod("default", str(uuid.uuid4()), "test_pod_id", "test_dag_id", "test_task_id", str(datetime.utcnow()), 1, "bash -c 'ls /'", kube_executor_config) init_containers = worker_config._get_init_containers() git_ssh_key_file = next((x['value'] for x in init_containers[0]['env'] if x['name'] == 'GIT_SSH_KEY_FILE'), None) volume_mount_ssh_key = next((x['mountPath'] for x in init_containers[0]['volumeMounts'] if x['name'] == worker_config.git_sync_ssh_secret_volume_name), None) self.assertTrue(git_ssh_key_file) self.assertTrue(volume_mount_ssh_key) self.assertEqual(65533, pod.security_context['fsGroup']) self.assertEqual(git_ssh_key_file, volume_mount_ssh_key, 'The location where the git ssh secret is mounted' ' needs to be the same as the GIT_SSH_KEY_FILE path')
def test_set_airflow_local_settings_configmap(self): """ Test that airflow_local_settings.py can be set via configmap by checking volume & volume-mounts are set correctly. """ self.kube_config.airflow_home = '/usr/local/airflow' self.kube_config.airflow_configmap = 'airflow-configmap' self.kube_config.airflow_local_settings_configmap = 'airflow-configmap' self.kube_config.dags_folder = '/workers/path/to/dags' worker_config = WorkerConfiguration(self.kube_config) kube_executor_config = KubernetesExecutorConfig(annotations=[], volumes=[], volume_mounts=[]) pod = worker_config.make_pod("default", str(uuid.uuid4()), "test_pod_id", "test_dag_id", "test_task_id", str(datetime.utcnow()), 1, "bash -c 'ls /'", kube_executor_config) airflow_config_volume = [ volume for volume in pod.volumes if volume["name"] == 'airflow-config' ] # Test that volume_name is found self.assertEqual(1, len(airflow_config_volume)) # Test that config map exists self.assertEqual( {'configMap': {'name': 'airflow-configmap'}, 'name': 'airflow-config'}, airflow_config_volume[0] ) # Test that 2 Volume Mounts exists and has 2 different mount-paths # One for airflow.cfg # Second for airflow_local_settings.py volume_mounts = [ volume_mount for volume_mount in pod.volume_mounts if volume_mount['name'] == 'airflow-config' ] self.assertEqual(2, len(volume_mounts)) six.assertCountEqual( self, [ { 'mountPath': '/usr/local/airflow/airflow.cfg', 'name': 'airflow-config', 'readOnly': True, 'subPath': 'airflow.cfg', }, { 'mountPath': '/usr/local/airflow/config/airflow_local_settings.py', 'name': 'airflow-config', 'readOnly': True, 'subPath': 'airflow_local_settings.py', } ], volume_mounts )
def test_make_pod_git_sync_credentials_secret(self): # Tests the pod created with git_sync_credentials_secret will get into the init container self.kube_config.git_sync_credentials_secret = 'airflow-git-creds-secret' self.kube_config.dags_volume_claim = None self.kube_config.dags_volume_host = None self.kube_config.dags_in_image = None self.kube_config.worker_fs_group = None worker_config = WorkerConfiguration(self.kube_config) kube_executor_config = KubernetesExecutorConfig(annotations=[], volumes=[], volume_mounts=[]) pod = worker_config.make_pod("default", str(uuid.uuid4()), "test_pod_id", "test_dag_id", "test_task_id", str(datetime.utcnow()), 1, "bash -c 'ls /'", kube_executor_config) username_env = { 'name': 'GIT_SYNC_USERNAME', 'valueFrom': { 'secretKeyRef': { 'name': self.kube_config.git_sync_credentials_secret, 'key': 'GIT_SYNC_USERNAME' } } } password_env = { 'name': 'GIT_SYNC_PASSWORD', 'valueFrom': { 'secretKeyRef': { 'name': self.kube_config.git_sync_credentials_secret, 'key': 'GIT_SYNC_PASSWORD' } } } self.assertIn( username_env, pod.init_containers[0]["env"], 'The username env for git credentials did not get into the init container' ) self.assertIn( password_env, pod.init_containers[0]["env"], 'The password env for git credentials did not get into the init container' )
def test_make_pod_run_as_user_0(self): # Tests the pod created with run-as-user 0 actually gets that in it's config self.kube_config.worker_run_as_user = 0 self.kube_config.dags_volume_claim = None self.kube_config.dags_volume_host = None self.kube_config.dags_in_image = None self.kube_config.worker_fs_group = None worker_config = WorkerConfiguration(self.kube_config) kube_executor_config = KubernetesExecutorConfig(annotations=[], volumes=[], volume_mounts=[]) pod = worker_config.make_pod("default", str(uuid.uuid4()), "test_pod_id", "test_dag_id", "test_task_id", str(datetime.utcnow()), 1, "bash -c 'ls /'", kube_executor_config) self.assertEqual(0, pod.security_context['runAsUser'])
def test_make_pod_with_executor_config(self): worker_config = WorkerConfiguration(self.kube_config) kube_executor_config = KubernetesExecutorConfig( affinity=self.affinity_config, tolerations=self.tolerations_config, annotations=[], volumes=[], volume_mounts=[]) pod = worker_config.make_pod("default", str(uuid.uuid4()), "test_pod_id", "test_dag_id", "test_task_id", str(datetime.utcnow()), 1, "bash -c 'ls /'", kube_executor_config) self.assertTrue(pod.affinity['podAntiAffinity'] is not None) self.assertEqual( 'app', pod.affinity['podAntiAffinity'] ['requiredDuringSchedulingIgnoredDuringExecution'][0] ['labelSelector']['matchExpressions'][0]['key']) self.assertEqual(2, len(pod.tolerations)) self.assertEqual('prod', pod.tolerations[1]['key'])
def test_make_pod_assert_labels(self): # Tests the pod created has all the expected labels set self.kube_config.dags_folder = 'dags' worker_config = WorkerConfiguration(self.kube_config) kube_executor_config = KubernetesExecutorConfig(annotations=[], volumes=[], volume_mounts=[]) pod = worker_config.make_pod("default", "sample-uuid", "test_pod_id", "test_dag_id", "test_task_id", "2019-11-21 11:08:22.920875", 1, "bash -c 'ls /'", kube_executor_config) expected_labels = { 'airflow-worker': 'sample-uuid', 'airflow_version': airflow_version.replace('+', '-'), 'dag_id': 'test_dag_id', 'execution_date': '2019-11-21 11:08:22.920875', 'kubernetes_executor': 'True', 'my_label': 'label_id', 'task_id': 'test_task_id', 'try_number': '1' } self.assertEqual(pod.labels, expected_labels)
def test_make_pod_with_executor_config(self): worker_config = WorkerConfiguration(self.kube_config) kube_executor_config = KubernetesExecutorConfig(affinity=self.affinity_config, tolerations=self.tolerations_config, annotations=[], volumes=[], volume_mounts=[] ) pod = worker_config.make_pod("default", str(uuid.uuid4()), "test_pod_id", "test_dag_id", "test_task_id", str(datetime.utcnow()), "bash -c 'ls /'", kube_executor_config) self.assertTrue(pod.affinity['podAntiAffinity'] is not None) self.assertEqual('app', pod.affinity['podAntiAffinity'] ['requiredDuringSchedulingIgnoredDuringExecution'][0] ['labelSelector'] ['matchExpressions'][0] ['key']) self.assertEqual(2, len(pod.tolerations)) self.assertEqual('prod', pod.tolerations[1]['key'])
class AirflowKubernetesScheduler(LoggingMixin): def __init__(self, kube_config, task_queue, result_queue, kube_client, worker_uuid): self.log.debug("Creating Kubernetes executor") self.kube_config = kube_config self.task_queue = task_queue self.result_queue = result_queue self.namespace = self.kube_config.kube_namespace self.log.debug("Kubernetes using namespace %s", self.namespace) self.kube_client = kube_client self.launcher = PodLauncher(kube_client=self.kube_client) self.worker_configuration = WorkerConfiguration( kube_config=self.kube_config) self.watcher_queue = multiprocessing.Queue() self.worker_uuid = worker_uuid self.kube_watcher = self._make_kube_watcher() def _make_kube_watcher(self): resource_version = KubeResourceVersion.get_current_resource_version() watcher = KubernetesJobWatcher(self.namespace, self.watcher_queue, resource_version, self.worker_uuid) watcher.start() return watcher def _health_check_kube_watcher(self): if self.kube_watcher.is_alive(): pass else: self.log.error('Error while health checking kube watcher process. ' 'Process died for unknown reasons') self.kube_watcher = self._make_kube_watcher() def run_next(self, next_job): """ The run_next command will check the task_queue for any un-run jobs. It will then create a unique job-id, launch that job in the cluster, and store relevant info in the current_jobs map so we can track the job's status """ self.log.info('Kubernetes job is %s', str(next_job)) key, command, kube_executor_config = next_job dag_id, task_id, execution_date, try_number = key self.log.debug("Kubernetes running for command %s", command) self.log.debug("Kubernetes launching image %s", self.kube_config.kube_image) pod = self.worker_configuration.make_pod( namespace=self.namespace, worker_uuid=self.worker_uuid, pod_id=self._create_pod_id(dag_id, task_id), dag_id=self._make_safe_label_value(dag_id), task_id=self._make_safe_label_value(task_id), try_number=try_number, execution_date=self._datetime_to_label_safe_datestring( execution_date), airflow_command=command, kube_executor_config=kube_executor_config) # the watcher will monitor pods, so we do not block. self.launcher.run_pod_async(pod) self.log.debug("Kubernetes Job created!") def delete_pod(self, pod_id): if self.kube_config.delete_worker_pods: try: self.kube_client.delete_namespaced_pod( pod_id, self.namespace, body=client.V1DeleteOptions()) except ApiException as e: # If the pod is already deleted if e.status != 404: raise def sync(self): """ The sync function checks the status of all currently running kubernetes jobs. If a job is completed, it's status is placed in the result queue to be sent back to the scheduler. :return: """ self._health_check_kube_watcher() while not self.watcher_queue.empty(): self.process_watcher_task() def process_watcher_task(self): pod_id, state, labels, resource_version = self.watcher_queue.get() self.log.info( 'Attempting to finish pod; pod_id: %s; state: %s; labels: %s', pod_id, state, labels) key = self._labels_to_key(labels=labels) if key: self.log.debug('finishing job %s - %s (%s)', key, state, pod_id) self.result_queue.put((key, state, pod_id, resource_version)) @staticmethod def _strip_unsafe_kubernetes_special_chars(string): """ Kubernetes only supports lowercase alphanumeric characters and "-" and "." in the pod name However, there are special rules about how "-" and "." can be used so let's only keep alphanumeric chars see here for detail: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ :param string: The requested Pod name :return: ``str`` Pod name stripped of any unsafe characters """ return ''.join(ch.lower() for ind, ch in enumerate(string) if ch.isalnum()) @staticmethod def _make_safe_pod_id(safe_dag_id, safe_task_id, safe_uuid): r""" Kubernetes pod names must be <= 253 chars and must pass the following regex for validation "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" :param safe_dag_id: a dag_id with only alphanumeric characters :param safe_task_id: a task_id with only alphanumeric characters :param random_uuid: a uuid :return: ``str`` valid Pod name of appropriate length """ MAX_POD_ID_LEN = 253 safe_key = safe_dag_id + safe_task_id safe_pod_id = safe_key[:MAX_POD_ID_LEN - len(safe_uuid) - 1] + "-" + safe_uuid return safe_pod_id @staticmethod def _make_safe_label_value(string): """ Valid label values must be 63 characters or less and must be empty or begin and end with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. If the label value is then greater than 63 chars once made safe, or differs in any way from the original value sent to this function, then we need to truncate to 53chars, and append it with a unique hash. """ MAX_LABEL_LEN = 63 safe_label = re.sub(r'^[^a-z0-9A-Z]*|[^a-zA-Z0-9_\-\.]|[^a-z0-9A-Z]*$', '', string) if len(safe_label) > MAX_LABEL_LEN or string != safe_label: safe_hash = hashlib.md5(string.encode()).hexdigest()[:9] safe_label = safe_label[:MAX_LABEL_LEN - len(safe_hash) - 1] + "-" + safe_hash return safe_label @staticmethod def _create_pod_id(dag_id, task_id): safe_dag_id = AirflowKubernetesScheduler._strip_unsafe_kubernetes_special_chars( dag_id) safe_task_id = AirflowKubernetesScheduler._strip_unsafe_kubernetes_special_chars( task_id) safe_uuid = AirflowKubernetesScheduler._strip_unsafe_kubernetes_special_chars( uuid4().hex) return AirflowKubernetesScheduler._make_safe_pod_id( safe_dag_id, safe_task_id, safe_uuid) @staticmethod def _label_safe_datestring_to_datetime(string): """ Kubernetes doesn't permit ":" in labels. ISO datetime format uses ":" but not "_", let's replace ":" with "_" :param string: str :return: datetime.datetime object """ return parser.parse(string.replace('_plus_', '+').replace("_", ":")) @staticmethod def _datetime_to_label_safe_datestring(datetime_obj): """ Kubernetes doesn't like ":" in labels, since ISO datetime format uses ":" but not "_" let's replace ":" with "_" :param datetime_obj: datetime.datetime object :return: ISO-like string representing the datetime """ return datetime_obj.isoformat().replace(":", "_").replace('+', '_plus_') def _labels_to_key(self, labels): try_num = 1 try: try_num = int(labels.get('try_number', '1')) except ValueError: self.log.warn("could not get try_number as an int: %s", labels.get('try_number', '1')) try: dag_id = labels['dag_id'] task_id = labels['task_id'] ex_time = self._label_safe_datestring_to_datetime( labels['execution_date']) except Exception as e: self.log.warn( 'Error while retrieving labels; labels: %s; exception: %s', labels, e) return None with create_session() as session: tasks = (session.query(TaskInstance).filter_by( execution_date=ex_time).all()) self.log.info('Checking %s task instances.', len(tasks)) for task in tasks: if (self._make_safe_label_value(task.dag_id) == dag_id and self._make_safe_label_value(task.task_id) == task_id and task.execution_date == ex_time): self.log.info( 'Found matching task %s-%s (%s) with current state of %s', task.dag_id, task.task_id, task.execution_date, task.state) dag_id = task.dag_id task_id = task.task_id return (dag_id, task_id, ex_time, try_num) self.log.warn( 'Failed to find and match task details to a pod; labels: %s', labels) return None
class AirflowKubernetesScheduler(LoggingMixin): def __init__(self, kube_config, task_queue, result_queue, session, kube_client, worker_uuid): self.log.debug("Creating Kubernetes executor") self.kube_config = kube_config self.task_queue = task_queue self.result_queue = result_queue self.namespace = self.kube_config.kube_namespace self.log.debug("Kubernetes using namespace %s", self.namespace) self.kube_client = kube_client self.launcher = PodLauncher(kube_client=self.kube_client) self.worker_configuration = WorkerConfiguration(kube_config=self.kube_config) self.watcher_queue = multiprocessing.Queue() self._session = session self.worker_uuid = worker_uuid self.kube_watcher = self._make_kube_watcher() def _make_kube_watcher(self): resource_version = KubeResourceVersion.get_current_resource_version(self._session) watcher = KubernetesJobWatcher(self.namespace, self.watcher_queue, resource_version, self.worker_uuid) watcher.start() return watcher def _health_check_kube_watcher(self): if self.kube_watcher.is_alive(): pass else: self.log.error( 'Error while health checking kube watcher process. ' 'Process died for unknown reasons') self.kube_watcher = self._make_kube_watcher() def run_next(self, next_job): """ The run_next command will check the task_queue for any un-run jobs. It will then create a unique job-id, launch that job in the cluster, and store relevant info in the current_jobs map so we can track the job's status """ self.log.info('Kubernetes job is %s', str(next_job)) key, command, kube_executor_config = next_job dag_id, task_id, execution_date, try_number = key self.log.debug("Kubernetes running for command %s", command) self.log.debug("Kubernetes launching image %s", self.kube_config.kube_image) pod = self.worker_configuration.make_pod( namespace=self.namespace, worker_uuid=self.worker_uuid, pod_id=self._create_pod_id(dag_id, task_id), dag_id=dag_id, task_id=task_id, execution_date=self._datetime_to_label_safe_datestring(execution_date), airflow_command=command, kube_executor_config=kube_executor_config ) # the watcher will monitor pods, so we do not block. self.launcher.run_pod_async(pod) self.log.debug("Kubernetes Job created!") def delete_pod(self, pod_id): if self.kube_config.delete_worker_pods: try: self.kube_client.delete_namespaced_pod( pod_id, self.namespace, body=client.V1DeleteOptions()) except ApiException as e: # If the pod is already deleted if e.status != 404: raise def sync(self): """ The sync function checks the status of all currently running kubernetes jobs. If a job is completed, it's status is placed in the result queue to be sent back to the scheduler. :return: """ self._health_check_kube_watcher() while not self.watcher_queue.empty(): self.process_watcher_task() def process_watcher_task(self): pod_id, state, labels, resource_version = self.watcher_queue.get() self.log.info( 'Attempting to finish pod; pod_id: %s; state: %s; labels: %s', pod_id, state, labels ) key = self._labels_to_key(labels=labels) if key: self.log.debug('finishing job %s - %s (%s)', key, state, pod_id) self.result_queue.put((key, state, pod_id, resource_version)) @staticmethod def _strip_unsafe_kubernetes_special_chars(string): """ Kubernetes only supports lowercase alphanumeric characters and "-" and "." in the pod name However, there are special rules about how "-" and "." can be used so let's only keep alphanumeric chars see here for detail: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ :param string: The requested Pod name :return: ``str`` Pod name stripped of any unsafe characters """ return ''.join(ch.lower() for ind, ch in enumerate(string) if ch.isalnum()) @staticmethod def _make_safe_pod_id(safe_dag_id, safe_task_id, safe_uuid): """ Kubernetes pod names must be <= 253 chars and must pass the following regex for validation "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" :param safe_dag_id: a dag_id with only alphanumeric characters :param safe_task_id: a task_id with only alphanumeric characters :param random_uuid: a uuid :return: ``str`` valid Pod name of appropriate length """ MAX_POD_ID_LEN = 253 safe_key = safe_dag_id + safe_task_id safe_pod_id = safe_key[:MAX_POD_ID_LEN - len(safe_uuid) - 1] + "-" + safe_uuid return safe_pod_id @staticmethod def _create_pod_id(dag_id, task_id): safe_dag_id = AirflowKubernetesScheduler._strip_unsafe_kubernetes_special_chars( dag_id) safe_task_id = AirflowKubernetesScheduler._strip_unsafe_kubernetes_special_chars( task_id) safe_uuid = AirflowKubernetesScheduler._strip_unsafe_kubernetes_special_chars( uuid4().hex) return AirflowKubernetesScheduler._make_safe_pod_id(safe_dag_id, safe_task_id, safe_uuid) @staticmethod def _label_safe_datestring_to_datetime(string): """ Kubernetes doesn't permit ":" in labels. ISO datetime format uses ":" but not "_", let's replace ":" with "_" :param string: str :return: datetime.datetime object """ return parser.parse(string.replace('_plus_', '+').replace("_", ":")) @staticmethod def _datetime_to_label_safe_datestring(datetime_obj): """ Kubernetes doesn't like ":" in labels, since ISO datetime format uses ":" but not "_" let's replace ":" with "_" :param datetime_obj: datetime.datetime object :return: ISO-like string representing the datetime """ return datetime_obj.isoformat().replace(":", "_").replace('+', '_plus_') def _labels_to_key(self, labels): try: return ( labels['dag_id'], labels['task_id'], self._label_safe_datestring_to_datetime(labels['execution_date']), labels['try_number']) except Exception as e: self.log.warn( 'Error while converting labels to key; labels: %s; exception: %s', labels, e ) return None
class AirflowKubernetesScheduler(LoggingMixin): def __init__(self, kube_config, task_queue, result_queue, session, kube_client, worker_uuid): self.log.debug("Creating Kubernetes executor") self.kube_config = kube_config self.task_queue = task_queue self.result_queue = result_queue self.namespace = self.kube_config.kube_namespace self.log.debug("Kubernetes using namespace %s", self.namespace) self.kube_client = kube_client self.launcher = PodLauncher(kube_client=self.kube_client) self.worker_configuration = WorkerConfiguration(kube_config=self.kube_config) self.watcher_queue = multiprocessing.Queue() self._session = session self.worker_uuid = worker_uuid self.kube_watcher = self._make_kube_watcher() def _make_kube_watcher(self): resource_version = KubeResourceVersion.get_current_resource_version(self._session) watcher = KubernetesJobWatcher(self.namespace, self.watcher_queue, resource_version, self.worker_uuid) watcher.start() return watcher def _health_check_kube_watcher(self): if self.kube_watcher.is_alive(): pass else: self.log.error( 'Error while health checking kube watcher process. ' 'Process died for unknown reasons') self.kube_watcher = self._make_kube_watcher() def run_next(self, next_job): """ The run_next command will check the task_queue for any un-run jobs. It will then create a unique job-id, launch that job in the cluster, and store relevant info in the current_jobs map so we can track the job's status """ self.log.info('Kubernetes job is %s', str(next_job)) key, command, kube_executor_config = next_job dag_id, task_id, execution_date = key self.log.debug("Kubernetes running for command %s", command) self.log.debug("Kubernetes launching image %s", self.kube_config.kube_image) pod = self.worker_configuration.make_pod( namespace=self.namespace, worker_uuid=self.worker_uuid, pod_id=self._create_pod_id(dag_id, task_id), dag_id=dag_id, task_id=task_id, execution_date=self._datetime_to_label_safe_datestring(execution_date), airflow_command=command, kube_executor_config=kube_executor_config ) # the watcher will monitor pods, so we do not block. self.launcher.run_pod_async(pod) self.log.debug("Kubernetes Job created!") def delete_pod(self, pod_id): if self.kube_config.delete_worker_pods: try: self.kube_client.delete_namespaced_pod( pod_id, self.namespace, body=client.V1DeleteOptions()) except ApiException as e: # If the pod is already deleted if e.status != 404: raise def sync(self): """ The sync function checks the status of all currently running kubernetes jobs. If a job is completed, it's status is placed in the result queue to be sent back to the scheduler. :return: """ self._health_check_kube_watcher() while not self.watcher_queue.empty(): self.process_watcher_task() def process_watcher_task(self): pod_id, state, labels, resource_version = self.watcher_queue.get() self.log.info( 'Attempting to finish pod; pod_id: %s; state: %s; labels: %s', pod_id, state, labels ) key = self._labels_to_key(labels=labels) if key: self.log.debug('finishing job %s - %s (%s)', key, state, pod_id) self.result_queue.put((key, state, pod_id, resource_version)) @staticmethod def _strip_unsafe_kubernetes_special_chars(string): """ Kubernetes only supports lowercase alphanumeric characters and "-" and "." in the pod name However, there are special rules about how "-" and "." can be used so let's only keep alphanumeric chars see here for detail: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ :param string: The requested Pod name :return: ``str`` Pod name stripped of any unsafe characters """ return ''.join(ch.lower() for ind, ch in enumerate(string) if ch.isalnum()) @staticmethod def _make_safe_pod_id(safe_dag_id, safe_task_id, safe_uuid): """ Kubernetes pod names must be <= 253 chars and must pass the following regex for validation "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" :param safe_dag_id: a dag_id with only alphanumeric characters :param safe_task_id: a task_id with only alphanumeric characters :param random_uuid: a uuid :return: ``str`` valid Pod name of appropriate length """ MAX_POD_ID_LEN = 253 safe_key = safe_dag_id + safe_task_id safe_pod_id = safe_key[:MAX_POD_ID_LEN - len(safe_uuid) - 1] + "-" + safe_uuid return safe_pod_id @staticmethod def _create_pod_id(dag_id, task_id): safe_dag_id = AirflowKubernetesScheduler._strip_unsafe_kubernetes_special_chars( dag_id) safe_task_id = AirflowKubernetesScheduler._strip_unsafe_kubernetes_special_chars( task_id) safe_uuid = AirflowKubernetesScheduler._strip_unsafe_kubernetes_special_chars( uuid4().hex) return AirflowKubernetesScheduler._make_safe_pod_id(safe_dag_id, safe_task_id, safe_uuid) @staticmethod def _label_safe_datestring_to_datetime(string): """ Kubernetes doesn't permit ":" in labels. ISO datetime format uses ":" but not "_", let's replace ":" with "_" :param string: str :return: datetime.datetime object """ return parser.parse(string.replace('_plus_', '+').replace("_", ":")) @staticmethod def _datetime_to_label_safe_datestring(datetime_obj): """ Kubernetes doesn't like ":" in labels, since ISO datetime format uses ":" but not "_" let's replace ":" with "_" :param datetime_obj: datetime.datetime object :return: ISO-like string representing the datetime """ return datetime_obj.isoformat().replace(":", "_").replace('+', '_plus_') def _labels_to_key(self, labels): try: return ( labels['dag_id'], labels['task_id'], self._label_safe_datestring_to_datetime(labels['execution_date'])) except Exception as e: self.log.warn( 'Error while converting labels to key; labels: %s; exception: %s', labels, e ) return None
class AirflowKubernetesScheduler(LoggingMixin): def __init__(self, kube_config, task_queue, result_queue, kube_client, worker_uuid): self.log.debug("Creating Kubernetes executor") self.kube_config = kube_config self.task_queue = task_queue self.result_queue = result_queue self.namespace = self.kube_config.kube_namespace self.log.debug("Kubernetes using namespace %s", self.namespace) self.kube_client = kube_client self.launcher = PodLauncher(kube_client=self.kube_client) self.worker_configuration = WorkerConfiguration(kube_config=self.kube_config) self.watcher_queue = SynchronizedQueue() self.worker_uuid = worker_uuid self.kube_watcher = self._make_kube_watcher() def _make_kube_watcher(self): resource_version = KubeResourceVersion.get_current_resource_version() watcher = KubernetesJobWatcher(self.namespace, self.watcher_queue, resource_version, self.worker_uuid) watcher.start() return watcher def _health_check_kube_watcher(self): if self.kube_watcher.is_alive(): pass else: self.log.error( 'Error while health checking kube watcher process. ' 'Process died for unknown reasons') self.kube_watcher = self._make_kube_watcher() def run_next(self, next_job): """ The run_next command will check the task_queue for any un-run jobs. It will then create a unique job-id, launch that job in the cluster, and store relevant info in the current_jobs map so we can track the job's status """ self.log.info('Kubernetes job is %s', str(next_job)) key, command, kube_executor_config = next_job dag_id, task_id, execution_date, try_number = key self.log.debug("Kubernetes running for command %s", command) self.log.debug("Kubernetes launching image %s", self.kube_config.kube_image) pod = self.worker_configuration.make_pod( namespace=self.namespace, worker_uuid=self.worker_uuid, pod_id=self._create_pod_id(dag_id, task_id), dag_id=self._make_safe_label_value(dag_id), task_id=self._make_safe_label_value(task_id), try_number=try_number, execution_date=self._datetime_to_label_safe_datestring(execution_date), airflow_command=command, kube_executor_config=kube_executor_config ) # the watcher will monitor pods, so we do not block. self.launcher.run_pod_async(pod) self.log.debug("Kubernetes Job created!") def delete_pod(self, pod_id): if self.kube_config.delete_worker_pods: try: self.kube_client.delete_namespaced_pod( pod_id, self.namespace, body=client.V1DeleteOptions()) except ApiException as e: # If the pod is already deleted if e.status != 404: raise def sync(self): """ The sync function checks the status of all currently running kubernetes jobs. If a job is completed, it's status is placed in the result queue to be sent back to the scheduler. :return: """ self._health_check_kube_watcher() while not self.watcher_queue.empty(): self.process_watcher_task() def process_watcher_task(self): pod_id, state, labels, resource_version = self.watcher_queue.get() self.log.info( 'Attempting to finish pod; pod_id: %s; state: %s; labels: %s', pod_id, state, labels ) key = self._labels_to_key(labels=labels) if key: self.log.debug('finishing job %s - %s (%s)', key, state, pod_id) self.result_queue.put((key, state, pod_id, resource_version)) @staticmethod def _strip_unsafe_kubernetes_special_chars(string): """ Kubernetes only supports lowercase alphanumeric characters and "-" and "." in the pod name However, there are special rules about how "-" and "." can be used so let's only keep alphanumeric chars see here for detail: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ :param string: The requested Pod name :return: ``str`` Pod name stripped of any unsafe characters """ return ''.join(ch.lower() for ind, ch in enumerate(string) if ch.isalnum()) @staticmethod def _make_safe_pod_id(safe_dag_id, safe_task_id, safe_uuid): r""" Kubernetes pod names must be <= 253 chars and must pass the following regex for validation "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" :param safe_dag_id: a dag_id with only alphanumeric characters :param safe_task_id: a task_id with only alphanumeric characters :param random_uuid: a uuid :return: ``str`` valid Pod name of appropriate length """ MAX_POD_ID_LEN = 253 safe_key = safe_dag_id + safe_task_id safe_pod_id = safe_key[:MAX_POD_ID_LEN - len(safe_uuid) - 1] + "-" + safe_uuid return safe_pod_id @staticmethod def _make_safe_label_value(string): """ Valid label values must be 63 characters or less and must be empty or begin and end with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. If the label value is then greater than 63 chars once made safe, or differs in any way from the original value sent to this function, then we need to truncate to 53chars, and append it with a unique hash. """ MAX_LABEL_LEN = 63 safe_label = re.sub(r'^[^a-z0-9A-Z]*|[^a-zA-Z0-9_\-\.]|[^a-z0-9A-Z]*$', '', string) if len(safe_label) > MAX_LABEL_LEN or string != safe_label: safe_hash = hashlib.md5(string.encode()).hexdigest()[:9] safe_label = safe_label[:MAX_LABEL_LEN - len(safe_hash) - 1] + "-" + safe_hash return safe_label @staticmethod def _create_pod_id(dag_id, task_id): safe_dag_id = AirflowKubernetesScheduler._strip_unsafe_kubernetes_special_chars( dag_id) safe_task_id = AirflowKubernetesScheduler._strip_unsafe_kubernetes_special_chars( task_id) safe_uuid = AirflowKubernetesScheduler._strip_unsafe_kubernetes_special_chars( uuid4().hex) return AirflowKubernetesScheduler._make_safe_pod_id(safe_dag_id, safe_task_id, safe_uuid) @staticmethod def _label_safe_datestring_to_datetime(string): """ Kubernetes doesn't permit ":" in labels. ISO datetime format uses ":" but not "_", let's replace ":" with "_" :param string: str :return: datetime.datetime object """ return parser.parse(string.replace('_plus_', '+').replace("_", ":")) @staticmethod def _datetime_to_label_safe_datestring(datetime_obj): """ Kubernetes doesn't like ":" in labels, since ISO datetime format uses ":" but not "_" let's replace ":" with "_" :param datetime_obj: datetime.datetime object :return: ISO-like string representing the datetime """ return datetime_obj.isoformat().replace(":", "_").replace('+', '_plus_') def _labels_to_key(self, labels): try_num = 1 try: try_num = int(labels.get('try_number', '1')) except ValueError: self.log.warn("could not get try_number as an int: %s", labels.get('try_number', '1')) try: dag_id = labels['dag_id'] task_id = labels['task_id'] ex_time = self._label_safe_datestring_to_datetime(labels['execution_date']) except Exception as e: self.log.warn( 'Error while retrieving labels; labels: %s; exception: %s', labels, e ) return None with create_session() as session: tasks = ( session .query(TaskInstance) .filter_by(execution_date=ex_time).all() ) self.log.info( 'Checking %s task instances.', len(tasks) ) for task in tasks: if ( self._make_safe_label_value(task.dag_id) == dag_id and self._make_safe_label_value(task.task_id) == task_id and task.execution_date == ex_time ): self.log.info( 'Found matching task %s-%s (%s) with current state of %s', task.dag_id, task.task_id, task.execution_date, task.state ) dag_id = task.dag_id task_id = task.task_id return (dag_id, task_id, ex_time, try_num) self.log.warn( 'Failed to find and match task details to a pod; labels: %s', labels ) return None