You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by ho...@apache.org on 2023/05/16 20:39:49 UTC
[solr-operator] branch main updated: Make solr-operator security context configurable. (#566)
This is an automated email from the ASF dual-hosted git repository.
houston pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr-operator.git
The following commit(s) were added to refs/heads/main by this push:
new 2024e51 Make solr-operator security context configurable. (#566)
2024e51 is described below
commit 2024e51d1fbd9d3f1b522c64ddd0f306f3aa3042
Author: uluzox <71...@users.noreply.github.com>
AuthorDate: Tue May 16 22:39:44 2023 +0200
Make solr-operator security context configurable. (#566)
Co-authored-by: Houston Putman <ho...@apache.org>
---
helm/solr-operator/Chart.yaml | 9 ++-------
helm/solr-operator/README.md | 1 +
helm/solr-operator/templates/deployment.yaml | 3 +--
helm/solr-operator/values.yaml | 3 +++
4 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/helm/solr-operator/Chart.yaml b/helm/solr-operator/Chart.yaml
index 043bd98..74efaa2 100644
--- a/helm/solr-operator/Chart.yaml
+++ b/helm/solr-operator/Chart.yaml
@@ -55,15 +55,10 @@ annotations:
# Allowed syntax is described at: https://artifacthub.io/docs/topics/annotations/helm/#example
artifacthub.io/changes: |
- kind: added
- description: Addition 1
- links:
- - name: Github Issue
- url: https://github.com/issue-url
- - kind: changed
- description: Change 2
+ description: Ability to customize the SecurityContext for the solr-operator pod
links:
- name: Github PR
- url: https://github.com/pr-url
+ url: https://github.com/apache/solr-operator/pull/566
artifacthub.io/images: |
- name: solr-operator
image: apache/solr-operator:v0.8.0-prerelease
diff --git a/helm/solr-operator/README.md b/helm/solr-operator/README.md
index a89b518..0b84d68 100644
--- a/helm/solr-operator/README.md
+++ b/helm/solr-operator/README.md
@@ -182,6 +182,7 @@ The command removes all the Kubernetes components associated with the chart and
| serviceAccount.name | string | `""` | If `serviceAccount.create` is set to `false`, the name of an existing serviceAccount in the target namespace **must** be provided to run the Solr Operator with. This serviceAccount with be given the operator's RBAC rules. |
| resources.limits | map[string]string | | Provide Resource limits for the Solr Operator container |
| resources.requests | map[string]string | | Provide Resource requests for the Solr Operator container |
+| securityContext | object | `allowPrivilegeEscalation: false, runAsNonRoot: true` | Provide security context for the Solr Operator container |
| labels | map[string]string | | Custom labels to add to the Solr Operator pod |
| annotations | map[string]string | | Custom annotations to add to the Solr Operator pod |
| nodeSelector | map[string]string | | Add a node selector for the Solr Operator pod, to specify where it can be scheduled |
diff --git a/helm/solr-operator/templates/deployment.yaml b/helm/solr-operator/templates/deployment.yaml
index 1ada40e..6dd905e 100644
--- a/helm/solr-operator/templates/deployment.yaml
+++ b/helm/solr-operator/templates/deployment.yaml
@@ -90,8 +90,7 @@ spec:
{{- end }}
securityContext:
- allowPrivilegeEscalation: false
- runAsNonRoot: true
+ {{- toYaml .Values.securityContext | nindent 10 }}
livenessProbe:
httpGet:
path: /healthz
diff --git a/helm/solr-operator/values.yaml b/helm/solr-operator/values.yaml
index 8eff44f..7ca09fc 100644
--- a/helm/solr-operator/values.yaml
+++ b/helm/solr-operator/values.yaml
@@ -67,6 +67,9 @@ serviceAccount:
# Various Pod Options to customize the runtime of the operator
resources: {}
+securityContext:
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
envVars: []
labels: {}
annotations: {}