Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Apache Airflow Multi Tenant

Tags:

airflow

airflow-scheduler

I'm attempting to work out how Airflow might work in a multi-tenant environment. Specifically the requirements should look something like this:

  1. Two teams, TeamA and TeamB, are using a single Airflow instance.
  2. Team's A and B each have their own service user account: serviceUserA and ServiceUserB which they should run their jobs under.
  3. For security reasons, Team A should not be able to create jobs that run under ServiceUserB and vice versa.

At this point it's not clear to me whether requirement 3. can be met with Airflow, short of giving each team a separate Airflow instance. Is there any way in which this can be achieved?

like image 718
d80tb7 Avatar asked Sep 10 '17 10:09

d80tb7

People also ask

Does Airflow support multi tenancy?

Airflow has traditionally been single-tenant product. Mutliple instances could be bound together to provide a multi-tenant implementation and when using a modern infrastructure - Kubernetes - you could even reuse resources between those - but it was not a true “multi-tenant” solution.

What is multi-tenant mode?

Multitenancy is a reference to the mode of operation of software where multiple independent instances of one or multiple applications operate in a shared environment. The instances (tenants) are logically isolated, but physically integrated.

What is multi-tenant deployment?

In a multitenant deployment, information about the Business Central application is stored in a separate application database. Your customers' data is stored in separate business databases, each of which is a tenant in your deployment.

Can we use Airflow for streaming?

Airflow can stream full 4K HDR HEVC files to Chromecast Ultra, Built-in, Apple TV 4K and AirPlay 2 enabled TVs.

2 Answers

It depends what you mean with Airflow Instance.

You could spin up 2 groups of Airflow services (webserver, scheduler, worker) through systemctl, each of them relying on a different airflow.cfg.

In the airflow.cfg you would then separate the 2 groups.

like image 106
AlessioG Avatar answered Oct 22 '22 22:10

AlessioG

Until Airflow Version 1.9.0:

The reason the user is still able to access all the dags is that it is a superuser by default. Unless you use LDAP for authentication, all the users created are superusers and Airflow have no other roles.

However, if you use LDAP, you can have superuser and dataprofiler roles.

This should change in upcoming versions of Airflow.

As the documentation states here: You can use webserver:filter_by_owner only if you are using LDAP authentication. So to achieve multi-tenancy, you can use LDAP and give superuser permissions to only admins and have either user or data_profiler role for other users.

like image 23
kaxil Avatar answered Oct 22 '22 21:10

kaxil
Sign in to Comment

Related questions

Airflow - long running task in SubDag marked as failed after an hour
Customize task resources on Airflow using MesosExecutor
Airflow - Broken DAG - Timeout
Airflow Custom Metrics and/or Result Object with custom fields
Airflow: Dynamic SubDag creation
Triggering Databricks job from Airflow without starting new cluster
Importing airflow variables in a json file using the command line
Airflow running python files fails due to python: can't open file
No module named unusual_prefix_*
Get all Airflow Leaf Nodes/Tasks
Force Airflow's backfill command to run sequentially
Airflow custom jinja2 filters

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!