This is an automated email from the ASF dual-hosted git repository.
houston pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr-operator.git
The following commit(s) were added to refs/heads/main by this push:
new 2024e51 Make solr-operator security context configurable. (#566)
2024e51 is described below
commit 2024e51d1fbd9d3f1b522c64ddd0f306f3aa3042
Author: uluzox <[email protected]>
AuthorDate: Tue May 16 22:39:44 2023 +0200
Make solr-operator security context configurable. (#566)
Co-authored-by: Houston Putman <[email protected]>
---
helm/solr-operator/Chart.yaml | 9 ++-------
helm/solr-operator/README.md | 1 +
helm/solr-operator/templates/deployment.yaml | 3 +--
helm/solr-operator/values.yaml | 3 +++
4 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/helm/solr-operator/Chart.yaml b/helm/solr-operator/Chart.yaml
index 043bd98..74efaa2 100644
--- a/helm/solr-operator/Chart.yaml
+++ b/helm/solr-operator/Chart.yaml
@@ -55,15 +55,10 @@ annotations:
# Allowed syntax is described at:
https://artifacthub.io/docs/topics/annotations/helm/#example
artifacthub.io/changes: |
- kind: added
- description: Addition 1
- links:
- - name: Github Issue
- url: https://github.com/issue-url
- - kind: changed
- description: Change 2
+ description: Ability to customize the SecurityContext for the
solr-operator pod
links:
- name: Github PR
- url: https://github.com/pr-url
+ url: https://github.com/apache/solr-operator/pull/566
artifacthub.io/images: |
- name: solr-operator
image: apache/solr-operator:v0.8.0-prerelease
diff --git a/helm/solr-operator/README.md b/helm/solr-operator/README.md
index a89b518..0b84d68 100644
--- a/helm/solr-operator/README.md
+++ b/helm/solr-operator/README.md
@@ -182,6 +182,7 @@ The command removes all the Kubernetes components
associated with the chart and
| serviceAccount.name | string | `""` | If `serviceAccount.create` is set to
`false`, the name of an existing serviceAccount in the target namespace
**must** be provided to run the Solr Operator with. This serviceAccount with be
given the operator's RBAC rules. |
| resources.limits | map[string]string | | Provide Resource limits for the
Solr Operator container |
| resources.requests | map[string]string | | Provide Resource requests for
the Solr Operator container |
+| securityContext | object | `allowPrivilegeEscalation: false, runAsNonRoot:
true` | Provide security context for the Solr Operator container |
| labels | map[string]string | | Custom labels to add to the Solr Operator
pod |
| annotations | map[string]string | | Custom annotations to add to the Solr
Operator pod |
| nodeSelector | map[string]string | | Add a node selector for the Solr
Operator pod, to specify where it can be scheduled |
diff --git a/helm/solr-operator/templates/deployment.yaml
b/helm/solr-operator/templates/deployment.yaml
index 1ada40e..6dd905e 100644
--- a/helm/solr-operator/templates/deployment.yaml
+++ b/helm/solr-operator/templates/deployment.yaml
@@ -90,8 +90,7 @@ spec:
{{- end }}
securityContext:
- allowPrivilegeEscalation: false
- runAsNonRoot: true
+ {{- toYaml .Values.securityContext | nindent 10 }}
livenessProbe:
httpGet:
path: /healthz
diff --git a/helm/solr-operator/values.yaml b/helm/solr-operator/values.yaml
index 8eff44f..7ca09fc 100644
--- a/helm/solr-operator/values.yaml
+++ b/helm/solr-operator/values.yaml
@@ -67,6 +67,9 @@ serviceAccount:
# Various Pod Options to customize the runtime of the operator
resources: {}
+securityContext:
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
envVars: []
labels: {}
annotations: {}
