search

apache / solr-operator

Official Kubernetes operator for Apache Solr
https://solr.apache.org/operator
Apache License 2.0
243 stars 112 forks source link

Solrcloud pods not starting with custom security.json #594

Open rekhasinghcali opened 11 months ago

rekhasinghcali commented 11 months ago

Hello Team,

My solrcloud pods not starting if i defined my user secret (with basic auth credentials) and security.json supplied as secret

provided them as below in values.yaml.

if i don't provide the bootstarpSecurity options, then solr cloud pods starting.

please help me on this issue

Note: i have created usersecret and securityjson secret prior to help installation

order of installation:

solr-operator create secrets solr-cloud

image

HoustonPutman commented 11 months ago

Are your pods starting and failing the liveness/readiness checks, or are they not being created?

If its the former, then the issue is likely your probesRequireAuth: false option. Have you setup your security.json so that it actually does not require the liveness and readiness endpoint admin/info/system to have auth? If there's an error there, the probes will fail.

If its the latter, then it's an issue with your secret. (I think this is the case). You are using the same secret (securityjson) for both your bootstrapSecurityJson secret and your basicAuthSecret secret. This is an issue, because the basicAuthSecret needs to be a Basic Authentication Secret which only accepts a username and password. The bootstrapSecurityJson secret is supposed to have the security.json field, which requires it to be a Generic Secret. In short, these need to be two separate secrets.

You can find more information in the documentation: https://apache.github.io/solr-operator/docs/solr-cloud/solr-cloud-crd.html#custom-securityjson-secret

mlanner commented 9 months ago

Hi @rekhasinghcali and @HoustonPutman,

I've got a similar issue and I've tried a variety of things to make it work. I started out with just a plain Basic Auth implementation, like:

solrOptions:
  security:
    authenticationType: Basic
    basicAuthSecret: solr-basic-auth

And that worked ... for a bit. Then suddenly it broke. I don't know what I did right, wrong or changed to make it break. In any case, I've been trying to use/understand the bootstrapSecurityJson method, as in some ways I think it would be a better path for me. However, I don't fully understand how it's supposed to work. I assume the name could be the same as above, i.e. solr-basic-auth? Then, what about the key? Is it always supposed to say security.json? And if so, what does it reference? A file that gets generated in the ZK cluster? How does it work?

I've tried to understand the documentation (on page linked above), but I'm lost ... as you can probably tell. Perhaps after I understand this better I can try to contribute with some docs that makes it easier to understand.

Thanks in advance.