[I] Run solr-operator and solr helm chart on openshift get error "would violate PodSecurity "restricted:v1.24"" [solr-operator]

[via GitHub]

aaronsuns opened a new issue, #671:
URL: https://github.com/apache/solr-operator/issues/671

   When try to run solr-operator and solr helm chart on openshift get the 
following error regarding podSecurity,  the question is where to change that 
podSecurity?
   ``` 
   2024-01-02T09:23:51Z INFO    Setting default settings for SolrCloud  
{"controller": "solrcloud", "controllerGroup": "solr.apache.org", 
"controllerKind": "SolrCloud", "SolrCloud": 
{"name":"solr","namespace":"vizone-dev"}, "namespace": "vizone-dev", "name": 
"solr", "reconcileID": "30cc6979-4cbf-404b-99c9-d4b955569eba"}
   2024-01-02T09:23:51Z INFO    Creating Zookeeer Cluster       {"controller": 
"solrcloud", "controllerGroup": "solr.apache.org", "controllerKind": 
"SolrCloud", "SolrCloud": {"name":"solr","namespace":"vizone-dev"}, 
"namespace": "vizone-dev", "name": "solr", "reconcileID": 
"3f8781bc-dd1d-4693-a07d-3432d18b5941", "zookeeperCluster": 
"solr-solrcloud-zookeeper"}
   2024-01-02T09:23:51Z INFO    Creating Common Service {"controller": 
"solrcloud", "controllerGroup": "solr.apache.org", "controllerKind": 
"SolrCloud", "SolrCloud": {"name":"solr","namespace":"vizone-dev"}, 
"namespace": "vizone-dev", "name": "solr", "reconcileID": 
"3f8781bc-dd1d-4693-a07d-3432d18b5941", "service": "solr-solrcloud-common"}
   2024-01-02T09:23:51Z INFO    Creating Headless Service       {"controller": 
"solrcloud", "controllerGroup": "solr.apache.org", "controllerKind": 
"SolrCloud", "SolrCloud": {"name":"solr","namespace":"vizone-dev"}, 
"namespace": "vizone-dev", "name": "solr", "reconcileID": 
"3f8781bc-dd1d-4693-a07d-3432d18b5941", "service": "solr-solrcloud-headless"}
   2024-01-02T09:23:51Z INFO    Creating ConfigMap      {"controller": 
"solrcloud", "controllerGroup": "solr.apache.org", "controllerKind": 
"SolrCloud", "SolrCloud": {"name":"solr","namespace":"vizone-dev"}, 
"namespace": "vizone-dev", "name": "solr", "reconcileID": 
"3f8781bc-dd1d-4693-a07d-3432d18b5941", "configMap": "solr-solrcloud-configmap"}
   2024-01-02T09:23:51Z INFO    Creating StatefulSet    {"controller": 
"solrcloud", "controllerGroup": "solr.apache.org", "controllerKind": 
"SolrCloud", "SolrCloud": {"name":"solr","namespace":"vizone-dev"}, 
"namespace": "vizone-dev", "name": "solr", "reconcileID": 
"3f8781bc-dd1d-4693-a07d-3432d18b5941", "statefulSet": "solr-solrcloud"}
   2024-01-02T09:23:51Z INFO    KubeAPIWarningLogger    would violate 
PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (containers 
"cp-solr-xml", "solrcloud-node" must set 
securityContext.allowPrivilegeEscalation=false), unrestricted capabilities 
(containers "cp-solr-xml", "solrcloud-node" must set 
securityContext.capabilities.drop=["ALL"])
   
   ``` 
   
   Tried to change the security context via solr helm values.yaml like this :
   ``` 
   podOptions:
     podSecurityContext:
   #     allowPrivilegeEscalation: false
   #     capabilities:
   #       drop:
   #         - ALL
       runAsNonRoot: true
       seccompProfile:
         type: RuntimeDefault
   ``` 
   
   But could not set allowPrivilegeEscalation and capabilities there.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org