You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by GitBox <gi...@apache.org> on 2022/10/27 14:38:00 UTC

[GitHub] [solr-operator] janhoy opened a new issue, #484: Support Projected Volume in Solr Pod spec

janhoy opened a new issue, #484:
URL: https://github.com/apache/solr-operator/issues/484

   We can mount volumes on the Solr pod today, but only plain ones.
   
   Need support for [Projected Volumes](https://kubernetes.io/docs/concepts/storage/projected-volumes/), which would look like this in Helm speak:
   
   ```yaml
   solr:
     podOptions:
       volumes:
         # Map service account JWT token onto a volume
         - name: sa-token-vol
           defaultContainerMount:
             mountPath: /var/run/secrets/tokens
             name: sa-token-vol
           source:
             - serviceAccountToken:
                 path: sa-token
                 expirationSeconds: 86400
                 audience: myAudience
   ```
   
   This example will cause k8s to generate a Service Account token in `/var/run/secrets/tokens/sa-token` and rotate it automatically. Then Solr (or some plugin within Solr) can fetch the token from that file and use it to authenticate with other services within the cluster. We need this for a custom `AuditPlugin` which will post Audit Events to another service in the cluster, which requires ServiceAccount tokens.
   
   Today [AdditionalVolume](https://github.com/apache/solr-operator/blob/main/api/v1beta1/common_types.go#L204-L217) only accepts plain Volume mounts.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr-operator] janhoy closed issue #484: Support Projected Volume in Solr Pod spec

Posted by GitBox <gi...@apache.org>.

janhoy closed issue #484: Support Projected Volume in Solr Pod spec
URL: https://github.com/apache/solr-operator/issues/484


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr-operator] janhoy commented on issue #484: Support Projected Volume in Solr Pod spec

Posted by GitBox <gi...@apache.org>.

janhoy commented on issue #484:
URL: https://github.com/apache/solr-operator/issues/484#issuecomment-1298598915

   Turned out it is supported already, but with a slightly different yaml syntax:
   
   ```yaml
   solr:
     podOptions:
       volumes:
         # Map service account JWT token onto a volume
         - name: sa-token-vol
           defaultContainerMount:
             mountPath: /var/run/secrets/tokens
             name: sa-token-vol
           source:
             projected:
               sources:
                 - serviceAccountToken:
                     path: sa-token
                     expirationSeconds: 86400
                     audience: myAudience
   ```
   
   Closing


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr-operator] janhoy commented on issue #484: Support Projected Volume in Solr Pod spec

Posted by GitBox <gi...@apache.org>.

janhoy commented on issue #484:
URL: https://github.com/apache/solr-operator/issues/484#issuecomment-1298419826

   I'm not into the codebase or Go in general, but would like to attempt a PR if I get some assistance. I'll post a PR with my WIP progress soon.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org