gerlowskija opened a new pull request, #743: URL: https://github.com/apache/solr-operator/pull/743
An alternate approach to #489. #702 attempts to solve the same underlying issue by giving the Solr container in our STS template a hardcoded SecurityContext. But that effort is, at the time of writing, stalled out: partly due to questions about whether the hardcoded SecurityContext would be too restrictive for some usecases, and partly due to an inability to test in the relevant environments. This PR takes a different approach by leaving the securityContext unset by default, and instead giving interested users the ability to specify an arbitrary securityContext as a part of their SolrCloud (or as a 'solr' helm chart setting). A securityContext can be provided in the resource YAML at `.spec.customSolrKubeOptions.podOptions.containerSecurityContext` (or using the `podOptions.containerSecurityContext` variable in the helm chart). e.g. ``` apiVersion: solr.apache.org/v1beta1 kind: SolrCloud metadata: ... spec: solrImage: repository: solr customSolrKubeOptions: podOptions: containerSecurityContext: capabilities: drop: - ALL allowPrivilegeEscalation: false ... zookeeperRef: provided: chroot: "/" replicas: 3 maxUnavailableReplicas: 1 ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org