Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding support for OpenShift securityContext #706

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Adding support for OpenShift securityContext #706

wants to merge 1 commit into from

Conversation

computate
Copy link

@computate computate commented May 25, 2024
edited
Loading

Adding an openshift: true boolean field to the operator to remove the default Solr fsGroup: 8983 securityContext used in Kubernetes.

apiVersion: solr.apache.org/v1beta1
kind: SolrCloud
spec:
  customSolrKubeOptions:
    podOptions:
      openshift: true

I have successfully tested these changes in OpenShift Local and confirmed that an empty securityContext allows the solrcloud pod run on OpenShift.

spec:
  template:
    spec:
      securityContext: {}

Fixes #466

@computate
Adding support for OpenShift securityContext
c37cc18 
Adding an openshift boolean field to the operator to remove the default
Solr fsGroup in Kubernetes.

Fixes apache#466
@HoustonPutman
Copy link
Contributor

I feel like it might be better to automatically tell if a cluster is openshift or not, and behave accordingly: https://github.com/grafana/grafana-operator/blob/master/controllers/autodetect/main.go

We can still let users over-ride the default, but just automatically choose the correct default for openshift. Thoughts?

@gerlowskija
Copy link
Contributor

Hey @computate - starting to follow up on some of these outstanding PRs - what do you think about Houston's suggestion above regarding auto-detection? Is that something you'd be willing to add in here?

@computate
Copy link
Author

Thanks for following up @gerlowskija and @HoustonPutman , I am a big fan of Solr. I would love to see the Zookeeper and Solr Operator work better on OpenShift, because I have had problems with it and had to switch to using bitnami helm charts instead. I haven't considered a solution like if apiGroups[i].Name == "route.openshift.io" { before. I will keep this update in mind, since this operator is also golang. I may need to create other issues for other things, I think I was also mostly blocked with issues with the Zookeeper Operator.

@gerlowskija
Copy link
Contributor

I would love to see the Zookeeper and Solr Operator work better on OpenShift, because I have had problems

Sorry to hear it! ZK Operator stuff we can't do as much about, but we'd love to have better support for OpenShift on the Solr side - if you remember what the other issues were, please let us know with a ticket. We're blind in some ways without that feedback!

@gerlowskija
Copy link
Contributor

Thinking a bit more on the proposal here, I'm a little leery about adding an explicit openShift: true flag. One flag isn't all that bad, but there's a number of popular environments out there that might eventually want similar tweaking.

Auto-detection I feel much better about, since it needn't add to our CRD. Could we just do auto-detection to start, and revisit down the road if that ends up being insufficient?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SOLR StatefulSet gets a broken securityContext by default
3 participants
@computate @HoustonPutman @gerlowskija