Support setting the security context and pod topology spread constraints for MinIO and Milvus components

[bcbrockway]

For security reasons, we use Kyverno's admission controller on our cluster to ensure that certain Linux capabilities are dropped and that containers run as non-root, along with other policies. While we can change the security contexts of the components using the Bitnami Helm charts (etcd, Kafka, etc.) we are unable to do this for MinIO and the Milvus components.

In addition, in order to improve resiliency, we would like to be able to set Pod Topology Spread Constraints for the same components.

This is a feature request to expose these through the Milvus CRD.

[haorenfsa]

In milvus-operator we can support this for Milvus components. By default milvus-operator uses minio chart in https://github.com/zilliztech/milvus-helm/tree/master/charts/minio. So we also need a patch for milvus-helm. Or does bitnami provide a helm chart for MinIO, too?

[bcbrockway]

does bitnami provide a helm chart for MinIO, too?

Looks like it: https://github.com/bitnami/charts/tree/main/bitnami/minio. Was there not a specific reason for using your own one?

[haorenfsa]

Hi @bcbrockway, I just talked a previous maintainer. There're some bug fixes added to this chart , that're not merged by bitnami at that time, so they decided to maintain a fork by themselves.

[bcbrockway]

Thanks @haorenfsa. Should I raise an issue there for the MinIO changes?

Also, FYI, I also added Pod Topology Spread Constraints as a request to this ticket since it's a very similar type of change for the same components.