search

apache / solr-operator

Official Kubernetes operator for Apache Solr
https://solr.apache.org/operator
Apache License 2.0
246 stars 111 forks source link

Run init container cp-solr-xml as nonRoot #582

Open janhoy opened 1 year ago

janhoy commented 1 year ago

Today we use busybox image with root user to run the cp-solr-xml init. This prevents runAsNonRoot: true to be set on the Solr pod. Either find a variant of busybox with non-root user, or explicitly specify runAsUser: 65534 on the init container. Busybox image has a nobody user available ootb that I think we could use:

# docker run --rm busybox cat /etc/passwd
root:x:0:0:root:/root:/bin/sh
daemon:x:1:1:daemon:/usr/sbin:/bin/false
bin:x:2:2:bin:/bin:/bin/false
sys:x:3:3:sys:/dev:/bin/false
sync:x:4:100:sync:/bin:/bin/sync
mail:x:8:8:mail:/var/spool/mail:/bin/false
www-data:x:33:33:www-data:/var/www:/bin/false
operator:x:37:37:Operator:/var:/bin/false
nobody:x:65534:65534:nobody:/home:/bin/false