Open janhoy opened 8 months ago
Alternatively, should perhaps the spec for cp-solr-xml
init container be configurable as one yaml dict instead of two? Still defaults in code, but end users could perhaps override more properties of the container in a more familiar and transparent way. Example:
spec:
cpSolrXmlInitContainer:
image:
registry: public.ecr.aws
repository: my-company/busybox
tag: 1.37.0-custom
imagePullSecret: foo
securityContext:
runAsUser: 1000
runAsGroup: 1000
PS: By splitting image into registy, repository and tag, it is easier for downstream users to customize just the registry part.
Draft PR, only code, not docs, no helm support.
The
busybox
official image runs as root incp-solr-xml
init-container, and there is no way to configure it otherwise, other than point to a different image that has been manipulated as non-root.By adding a
SecurityContext
for the init container defaulting to thenobody
user and settingrunAsNonRoot: true
, we have a good default. By also making thesecurityContext
configurable, we allow for people to switch to a different image with other UID etc. Example:Fixes #582