gerlowskija opened a new pull request, #743:
URL: https://github.com/apache/solr-operator/pull/743

   An alternate approach to #489.
   
   #702 attempts to solve the same underlying issue by giving the Solr 
container in our STS template a hardcoded SecurityContext.  But that effort is, 
at the time of writing, stalled out: partly due to questions about whether the 
hardcoded SecurityContext would be too restrictive for some usecases, and 
partly due to an inability to test in the relevant environments.
   
   This PR takes a different approach by leaving the securityContext unset by 
default, and instead giving interested users the ability to specify an 
arbitrary securityContext as a part of their SolrCloud (or as a 'solr' helm 
chart setting).  A securityContext can be provided in the resource YAML at 
`.spec.customSolrKubeOptions.podOptions.containerSecurityContext` (or using the 
`podOptions.containerSecurityContext` variable in the helm chart).
   
   e.g.
   
   ```
   apiVersion: solr.apache.org/v1beta1
   kind: SolrCloud
   metadata:
       ...
   spec:
     solrImage:
       repository: solr
     customSolrKubeOptions:
       podOptions:
         containerSecurityContext:
           capabilities:
             drop:
               - ALL
           allowPrivilegeEscalation: false
     ...
     zookeeperRef:
       provided:
         chroot: "/"
         replicas: 3
         maxUnavailableReplicas: 1
   ```
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to