gerlowskija opened a new pull request, #743:
URL: https://github.com/apache/solr-operator/pull/743
An alternate approach to #489.
#702 attempts to solve the same underlying issue by giving the Solr
container in our STS template a hardcoded SecurityContext. But that effort is,
at the time of writing, stalled out: partly due to questions about whether the
hardcoded SecurityContext would be too restrictive for some usecases, and
partly due to an inability to test in the relevant environments.
This PR takes a different approach by leaving the securityContext unset by
default, and instead giving interested users the ability to specify an
arbitrary securityContext as a part of their SolrCloud (or as a 'solr' helm
chart setting). A securityContext can be provided in the resource YAML at
`.spec.customSolrKubeOptions.podOptions.containerSecurityContext` (or using the
`podOptions.containerSecurityContext` variable in the helm chart).
e.g.
```
apiVersion: solr.apache.org/v1beta1
kind: SolrCloud
metadata:
...
spec:
solrImage:
repository: solr
customSolrKubeOptions:
podOptions:
containerSecurityContext:
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
...
zookeeperRef:
provided:
chroot: "/"
replicas: 3
maxUnavailableReplicas: 1
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
