Re: [PR] Allow users to configure Solr container's SecurityContext [solr-operator]
gerlowskija merged PR #743: URL: https://github.com/apache/solr-operator/pull/743 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
Re: [PR] Allow users to configure Solr container's SecurityContext [solr-operator]
HoustonPutman commented on code in PR #743: URL: https://github.com/apache/solr-operator/pull/743#discussion_r1909174239 ## controllers/solrcloud_controller_test.go: ## @@ -38,6 +39,11 @@ func newBoolPtr(value bool) *bool { return &newBool } +func newIntPtr(value int64) *int64 { Review Comment: You should be able to use `pointer.Int64(...)` for this. (The pointer library being "k8s.io/utils/pointer") ## controllers/solrcloud_controller_test.go: ## @@ -38,6 +39,11 @@ func newBoolPtr(value bool) *bool { return &newBool } +func newIntPtr(value int64) *int64 { Review Comment: I see the I probably added the methods above that do the same thing. So we can always go and remove them independently, but let's not add another one. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
[PR] Allow users to configure Solr container's SecurityContext [solr-operator]
gerlowskija opened a new pull request, #743: URL: https://github.com/apache/solr-operator/pull/743 An alternate approach to #489. #702 attempts to solve the same underlying issue by giving the Solr container in our STS template a hardcoded SecurityContext. But that effort is, at the time of writing, stalled out: partly due to questions about whether the hardcoded SecurityContext would be too restrictive for some usecases, and partly due to an inability to test in the relevant environments. This PR takes a different approach by leaving the securityContext unset by default, and instead giving interested users the ability to specify an arbitrary securityContext as a part of their SolrCloud (or as a 'solr' helm chart setting). A securityContext can be provided in the resource YAML at `.spec.customSolrKubeOptions.podOptions.containerSecurityContext` (or using the `podOptions.containerSecurityContext` variable in the helm chart). e.g. ``` apiVersion: solr.apache.org/v1beta1 kind: SolrCloud metadata: ... spec: solrImage: repository: solr customSolrKubeOptions: podOptions: containerSecurityContext: capabilities: drop: - ALL allowPrivilegeEscalation: false ... zookeeperRef: provided: chroot: "/" replicas: 3 maxUnavailableReplicas: 1 ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org