Open pareekdevanshu opened 1 year ago
@HoustonPutman is support for setting capabilities on customSolrKubeOptions.podOptions.podSecurityContext
confirmed to be added eventually (and if it is, is there already an indication on when)? Or is this only under consideration and might be not added at all?
@ollixy you cannot set capabilities on the podSecurityContext, cf. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#podsecuritycontext-v1-core. What we need is a separate option to specify the securityContext of each container in the pod.
@HoustonPutman +1 for this issue, since solr is incompatible when using sokme restricted PSS and enforcing these with keyverno (for example).
I'll try to file an PR, but my knowledge about operators is quite limited.
Sounds good, I'm very happy to help once you get a start 🙂
@mmoscher @HoustonPutman any news on this one?
Any news on this one?
No news from me. I'm not running openshift, so I don't really know what needs to be done. If someone wants to start a PR, then I'm very happy to help usher it through.
Hi all! a new version was recently released (April 12, 2024, Apache Solr Operatorâ„¢ v0.8.1 available, there is no solution to our problem) is there any news on our problem?
Hi all! a new version was recently released (April 12, 2024, Apache Solr Operatorâ„¢ v0.8.1 available, there is no solution to our problem) is there any news on our problem?
@ollixy , @pareekdevanshu, @mmoscher, @aaronsuns , @AyzekTime This is an open source project, and we rely on contributions. If your day-job has a need for this and are willing to sponsor such a feature, then the best way forward is to arrange so that you can contribute a PR directly, and we'll help get it in to the next version.
I'm running into this issue on EKS.
@janhoy / @HoustonPutman Are these extra capabilties/privs ever actually needed? If not, we can likely hardcode in the changes made in this comment: https://github.com/apache/solr-operator/issues/671#issuecomment-1875441585
Here is an example of a values.yaml I'm trying to use for a Solr Cluster:
securityContext: &securityContext
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
allowPrivilegeEscalation: false
podOptions:
labels:
sidecar.istio.io/inject: 'false'
podSecurityContext:
<<: *securityContext
zk:
provided:
zookeeperPodPolicy:
securityContext:
<<: *securityContext
labels:
sidecar.istio.io/inject: 'false'
Hi Team, Currently It is possible to set capabilities for
initContainers
andsidecarContainers
, Eg:But, there is no way to set capabilities on Solr cloud container's security context, can you please help in adding support for it?