You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by GitBox <gi...@apache.org> on 2022/11/03 15:16:46 UTC

[GitHub] [solr-operator] pareekdevanshu opened a new issue, #489: Add support to set capabilities on Solr cloud container's security context

pareekdevanshu opened a new issue, #489:
URL: https://github.com/apache/solr-operator/issues/489

   Hi Team,
   Currently It is possible to set capabilities for `initContainers` and `sidecarContainers`, Eg:
   ```
   securityContext:
     capabilities:
       drop:
         - ALL
    ```
   But, there is no way to set capabilities on Solr cloud container's security context, can you please help in adding support for it?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

Re: [I] Add support to set capabilities on Solr cloud container's security context [solr-operator]

Posted by "AyzekTime (via GitHub)" <gi...@apache.org>.

AyzekTime commented on issue #489:
URL: https://github.com/apache/solr-operator/issues/489#issuecomment-2092685981

   Hi all! a new version was recently released (April 12, 2024, Apache Solr Operator™ v0.8.1 available, there is no solution to our problem) is there any news on our problem?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

Re: [I] Add support to set capabilities on Solr cloud container's security context [solr-operator]

Posted by "aaronsuns (via GitHub)" <gi...@apache.org>.

aaronsuns commented on issue #489:
URL: https://github.com/apache/solr-operator/issues/489#issuecomment-1875059878

   Any news on this one?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

Re: [I] Add support to set capabilities on Solr cloud container's security context [solr-operator]

Posted by "HoustonPutman (via GitHub)" <gi...@apache.org>.

HoustonPutman commented on issue #489:
URL: https://github.com/apache/solr-operator/issues/489#issuecomment-2021124458

   No news from me. I'm not running openshift, so I don't really know what needs to be done. If someone wants to start a PR, then I'm very happy to help usher it through.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr-operator] ollixy commented on issue #489: Add support to set capabilities on Solr cloud container's security context

Posted by "ollixy (via GitHub)" <gi...@apache.org>.

ollixy commented on issue #489:
URL: https://github.com/apache/solr-operator/issues/489#issuecomment-1571339904

   @mmoscher @HoustonPutman any news on this one? 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr-operator] ollixy commented on issue #489: Add support to set capabilities on Solr cloud container's security context

Posted by GitBox <gi...@apache.org>.

ollixy commented on issue #489:
URL: https://github.com/apache/solr-operator/issues/489#issuecomment-1319777609

   @HoustonPutman is support for setting capabilities on the pod security context confirmed to be added eventually (and if it is, is there already an indication on when)? Or is this only under consideration and might be not added at all?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

Re: [I] Add support to set capabilities on Solr cloud container's security context [solr-operator]

Posted by "janhoy (via GitHub)" <gi...@apache.org>.

janhoy commented on issue #489:
URL: https://github.com/apache/solr-operator/issues/489#issuecomment-2092905796

   > Hi all! a new version was recently released (April 12, 2024, Apache Solr Operator™ v0.8.1 available, there is no solution to our problem) is there any news on our problem?
   
   @ollixy , @pareekdevanshu, @mmoscher, @aaronsuns , @AyzekTime 
   This is an open source project, and we rely on contributions. If your day-job has a need for this and are willing to sponsor such a feature, then the best way forward is to arrange so that you can contribute a PR directly, and we'll help get it in to the next version.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

Re: [I] Add support to set capabilities on Solr cloud container's security context [solr-operator]

Posted by "bentastic27 (via GitHub)" <gi...@apache.org>.

bentastic27 commented on issue #489:
URL: https://github.com/apache/solr-operator/issues/489#issuecomment-2096660400

   I'm running into this issue on EKS.
   
   @janhoy / @HoustonPutman Are these extra capabilties/privs ever actually needed? If not, we can likely hardcode in the changes made in this comment:
   https://github.com/apache/solr-operator/issues/671#issuecomment-1875441585
   
   Here is an example of a values.yaml I'm trying to use for a Solr Cluster:
   
   ```
   securityContext: &securityContext
     allowPrivilegeEscalation: false
     capabilities:
       drop: ["ALL"]
     runAsNonRoot: true
     seccompProfile:
       type: RuntimeDefault
     allowPrivilegeEscalation: false
   
   podOptions:
     labels:
       sidecar.istio.io/inject: 'false'
     podSecurityContext:
       <<: *securityContext
   zk:
     provided:
       zookeeperPodPolicy:
         securityContext:
           <<: *securityContext
         labels:
           sidecar.istio.io/inject: 'false'
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr-operator] HoustonPutman commented on issue #489: Add support to set capabilities on Solr cloud container's security context

Posted by GitBox <gi...@apache.org>.

HoustonPutman commented on issue #489:
URL: https://github.com/apache/solr-operator/issues/489#issuecomment-1370090183

   Sounds good, I'm very happy to help once you get a start 🙂 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr-operator] mmoscher commented on issue #489: Add support to set capabilities on Solr cloud container's security context

Posted by GitBox <gi...@apache.org>.

mmoscher commented on issue #489:
URL: https://github.com/apache/solr-operator/issues/489#issuecomment-1367166254

   @ollixy you cannot set capabilities on the podSecurityContext, cf. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#podsecuritycontext-v1-core. What we need is a separate option to specify the securityContext of each container in the pod.
   
   @HoustonPutman +1 for this issue, since solr is incompatible when using sokme restricted PSS and enforcing these with keyverno (for example).
   
   I'll try to file an PR, but my knowledge about operators is quite limited.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org