solr-operator icon indicating copy to clipboard operation
solr-operator copied to clipboard

Published 20 hours ago verified publisher icon apache

Adding support for OpenShift securityContext

Open computate opened this issue 1 year ago • 1 comments

Adding an openshift: true boolean field to the operator to remove the default Solr fsGroup: 8983 securityContext used in Kubernetes.

apiVersion: solr.apache.org/v1beta1
kind: SolrCloud
spec:
  customSolrKubeOptions:
    podOptions:
      openshift: true

I have successfully tested these changes in OpenShift Local and confirmed that an empty securityContext allows the solrcloud pod run on OpenShift.

spec:
  template:
    spec:
      securityContext: {}

Fixes #466

computate avatar May 25 '24 04:05 computate

I feel like it might be better to automatically tell if a cluster is openshift or not, and behave accordingly: https://github.com/grafana/grafana-operator/blob/master/controllers/autodetect/main.go

We can still let users over-ride the default, but just automatically choose the correct default for openshift. Thoughts?

HoustonPutman avatar Sep 05 '24 20:09 HoustonPutman

Hey @computate - starting to follow up on some of these outstanding PRs - what do you think about Houston's suggestion above regarding auto-detection? Is that something you'd be willing to add in here?

gerlowskija avatar Dec 06 '24 15:12 gerlowskija

Thanks for following up @gerlowskija and @HoustonPutman , I am a big fan of Solr. I would love to see the Zookeeper and Solr Operator work better on OpenShift, because I have had problems with it and had to switch to using bitnami helm charts instead. I haven't considered a solution like if apiGroups[i].Name == "route.openshift.io" { before. I will keep this update in mind, since this operator is also golang. I may need to create other issues for other things, I think I was also mostly blocked with issues with the Zookeeper Operator.

computate avatar Dec 06 '24 15:12 computate

I would love to see the Zookeeper and Solr Operator work better on OpenShift, because I have had problems

Sorry to hear it! ZK Operator stuff we can't do as much about, but we'd love to have better support for OpenShift on the Solr side - if you remember what the other issues were, please let us know with a ticket. We're blind in some ways without that feedback!

gerlowskija avatar Dec 06 '24 16:12 gerlowskija

Thinking a bit more on the proposal here, I'm a little leery about adding an explicit openShift: true flag. One flag isn't all that bad, but there's a number of popular environments out there that might eventually want similar tweaking.

Auto-detection I feel much better about, since it needn't add to our CRD. Could we just do auto-detection to start, and revisit down the road if that ends up being insufficient?

gerlowskija avatar Dec 11 '24 18:12 gerlowskija