Add example of mounting secret as a volume in Google Composer. (#3379)

irvifa · Takashi Matsuo · web-flow · commit 39dff484f72d · 2020-04-28T19:57:38.000-07:00
Co-authored-by: Takashi Matsuo &lt;tmatsuo@google.com&gt;
diff --git a/composer/workflows/kubernetes_pod_operator.py b/composer/workflows/kubernetes_pod_operator.py
@@ -38,6 +38,14 @@
     secret='airflow-secrets',
     # Key of a secret stored in this Secret object
     key='sql_alchemy_conn')
+secret_volume = secret.Secret(
+    'volume',
+    # Path where we mount the secret as volume
+    '/var/secrets/google',
+    # Name of Kubernetes Secret
+    'service-account',
+    # Key in the form of service account file name
+    'service-account.json')
 # [END composer_kubernetespodoperator_secretobject]
 
 YESTERDAY = datetime.datetime.now() - datetime.timedelta(days=1)
@@ -118,10 +126,12 @@
         startup_timeout_seconds=300,
         # The secrets to pass to Pod, the Pod will fail to create if the
         # secrets you specify in a Secret object do not exist in Kubernetes.
-        secrets=[secret_env],
+        secrets=[secret_env, secret_volume],
         # env_vars allows you to specify environment variables for your
         # container to use. env_vars is templated.
-        env_vars={'EXAMPLE_VAR': '/example/value'})
+        env_vars={
+            'EXAMPLE_VAR': '/example/value',
+            'GOOGLE_APPLICATION_CREDENTIALS': '/var/secrets/google/service-account.json'})
     # [END composer_kubernetespodoperator_secretconfig]
     # [START composer_kubernetespodaffinity]
     kubernetes_affinity_ex = kubernetes_pod_operator.KubernetesPodOperator(
