堆栈内存溢出
  简体   繁体   English

Airflow 连接单个 DAG

[英]Airflow connection for a single DAG

 原文  2022-08-19 12:39:33       google-cloud-platform/ airflow/ google-cloud-composer

问题描述

I am creating a connection with a Google Service Account in my Google Cloud Composer that privilegies a DAG for a specific use case with deals with sensitive data, the point is that I want that connection to be exclusive for a certain DAG and no other could see or use it.我正在我的 Google Cloud Composer 中创建与 Google 服务帐户的连接,该连接为处理敏感数据的特定用例授予 DAG 特权,关键是我希望该连接专供某个 DAG 使用,其他人看不到或使用它。

Is there a way of doing it?有没有办法做到这一点?

2 个解决方案

解决方案1
 0  2022-08-19 15:26:56

Currently this is not possible in airflow, and even you cannot implement that using a custom backend secret or another solution, where the connection is not a context variable, and it's accessible from anywhere in airflow not only from a run context.目前这在 airflow 中是不可能的,即使您无法使用自定义后端密钥或其他解决方案来实现它,其中连接不是上下文变量,并且不仅可以从运行上下文中从 airflow 中的任何位置访问它。

解决方案2
 0  2022-08-19 21:59:04

Infortunately the service account given to Cloud Composer in the creation of cluster, is for all DAGs of this cluster.幸运的是,在创建集群时为 Cloud Composer 提供的服务帐户适用于该集群的所有 DAG。

It can be too much, but maybe you can create another Cloud Composer cluster 2 (GKE autopilot), with the minimum sizing for machines, containing this DAG that treats sensitive data.它可能太多了,但也许您可以创建另一个 Cloud Composer 集群 2(GKE 自动驾驶仪),具有最小的机器大小,包含处理敏感数据的 DAG。 Then you can give a SA with the needed privileges to this cluster.然后,您可以向该集群授予具有所需权限的 SA。

The disadvantage of this solution is you will have a higher cost, because you have a second cluster.此解决方案的缺点是您将拥有更高的成本,因为您有第二个集群。 It will increases the cost even if the machine sizes are low.即使机器尺寸很小,也会增加成本。 It is worth noting that Composer 2 with GKE autopilot is cheaper that classical GKE cluster.值得注意的是,带有 GKE 自动驾驶仪的 Composer 2 比经典的 GKE 集群更便宜。

Maybe another solution, if the rework is not too important, you can rewrite only your DAG treating sensitive data to Cloud Workflow.也许另一种解决方案,如果返工不是太重要,您可以只将处理敏感数据的 DAG 重写到 Cloud Workflow。 Cloud Workflow is serverless and you can give it a dedicated service account. Cloud Workflow 是无服务器的,您可以为其提供专用服务帐户。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 安排一个 Airflow DAG 带参数运行 - Schedule an Airflow DAG for running with parameters 谷歌 Airflow UI 似乎缺少 DAG - DAG seems to be missing from google Airflow UI 不使用 BigQueryOperators 与 DAG 外部的 BigQuery 交互的 Airflow - Airflow to interact with BigQuery outside of the DAG not using BigQueryOperators Airflow CLI:如何在 Airflow 1.10.12 中获取 dag 任务的状态? - Airflow CLI: How to get status of dag tasks in Airflow 1.10.12? 在 MWAA 中获取 Airflow Dag 并发运行 - Get Airflow Dag Concurrent Runs in MWAA Airflow DAG 找不到要在 s3 上上传的本地文件 - Airflow DAG can't find local file to upload on s3 有效地为 airflow 中的 DAG 中的所有任务设置 task_concurrency - Efficiently set task_concurrency for all tasks in a DAG in airflow 如何在apache airflow DAG中运行独立requirements.txt文件 - How to run independent requirements.txt file in apache airflow DAG Composer/Airflow - 在运行 DAG/管道时添加依赖项? - Composer/Airflow - Adding a dependency while running a DAG/pipeline? 如何让 airflow dag 等待 VM 在执行下一个任务之前完成其工作 - how to make airflow dag wait VM to finishes its job before doing the next task
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM