apache · computate · May 25, 2024
diff --git a/api/v1beta1/common_types.go b/api/v1beta1/common_types.go
@@ -122,6 +122,11 @@ type PodOptions struct {
 	// +optional
 	InitContainers []corev1.Container `json:"initContainers,omitempty"`
 
+	// Removes the fsGroup securityContext from
+	// the StatefulSet for compatibility with OpenShift.
+	// +optional
+	Openshift bool `json:"openshift,omitempty"`
+
 	// ImagePullSecrets to apply to the pod.
 	// These are for init/sidecarContainers in addition to the imagePullSecret defined for the
 	// solr image.

diff --git a/config/crd/bases/solr.apache.org_solrclouds.yaml b/config/crd/bases/solr.apache.org_solrclouds.yaml
@@ -4943,6 +4943,10 @@ spec:
                           type: string
                         description: Node Selector to be added for the StatefulSet.
                         type: object
+                      openshift:
+                        description: Removes the fsGroup securityContext from the
+                          StatefulSet for compatibility with OpenShift.
+                        type: boolean
                       podSecurityContext:
                         description: PodSecurityContext is the security context for
                           the pod.

diff --git a/config/crd/bases/solr.apache.org_solrprometheusexporters.yaml b/config/crd/bases/solr.apache.org_solrprometheusexporters.yaml
@@ -2955,6 +2955,10 @@ spec:
                           type: string
                         description: Node Selector to be added for the StatefulSet.
                         type: object
+                      openshift:
+                        description: Removes the fsGroup securityContext from the
+                          StatefulSet for compatibility with OpenShift.
+                        type: boolean
                       podSecurityContext:
                         description: PodSecurityContext is the security context for
                           the pod.

diff --git a/controllers/util/solr_util.go b/controllers/util/solr_util.go
@@ -543,19 +543,20 @@ func GenerateStatefulSet(solrCloud *solr.SolrCloud, solrCloudStatus *solr.SolrCl
 
 				Spec: corev1.PodSpec{
 					TerminationGracePeriodSeconds: &terminationGracePeriod,
-					SecurityContext: &corev1.PodSecurityContext{
-						FSGroup: &defaultFSGroup,
-					},
-					Volumes:        solrVolumes,
-					InitContainers: initContainers,
-					HostAliases:    hostAliases,
-					Containers:     containers,
-					ReadinessGates: podReadinessGates,
+					SecurityContext:               &corev1.PodSecurityContext{},
+					Volumes:                       solrVolumes,
+					InitContainers:                initContainers,
+					HostAliases:                   hostAliases,
+					Containers:                    containers,
+					ReadinessGates:                podReadinessGates,
 				},
 			},
 			VolumeClaimTemplates: pvcs,
 		},
 	}
+	if customPodOptions.Openshift != true {
+		stateful.Spec.Template.Spec.SecurityContext.FSGroup = &defaultFSGroup
+	}
 	if solrCloud.UsesHeadlessService() {
 		stateful.Spec.Template.Spec.Subdomain = solrCloud.HeadlessServiceName()
 	}
@@ -592,7 +593,7 @@ func GenerateStatefulSet(solrCloud *solr.SolrCloud, solrCloudStatus *solr.SolrCl
 
 		if customPodOptions.PodSecurityContext != nil {
 			stateful.Spec.Template.Spec.SecurityContext = customPodOptions.PodSecurityContext
-			if stateful.Spec.Template.Spec.SecurityContext.FSGroup == nil {
+			if stateful.Spec.Template.Spec.SecurityContext.FSGroup == nil && customPodOptions.Openshift != true {
 				stateful.Spec.Template.Spec.SecurityContext.FSGroup = &defaultFSGroup
 			}
 		}

diff --git a/helm/solr-operator/crds/crds.yaml b/helm/solr-operator/crds/crds.yaml
@@ -5192,6 +5192,10 @@ spec:
                           type: string
                         description: Node Selector to be added for the StatefulSet.
                         type: object
+                      openshift:
+                        description: Removes the fsGroup securityContext from the
+                          StatefulSet for compatibility with OpenShift.
+                        type: boolean
                       podSecurityContext:
                         description: PodSecurityContext is the security context for
                           the pod.
@@ -20022,6 +20026,10 @@ spec:
                           type: string
                         description: Node Selector to be added for the StatefulSet.
                         type: object
+                      openshift:
+                        description: Removes the fsGroup securityContext from the
+                          StatefulSet for compatibility with OpenShift.
+                        type: boolean
                       podSecurityContext:
                         description: PodSecurityContext is the security context for
                           the pod.