Adding support for OpenShift securityContext #706
Conversation
|
I feel like it might be better to automatically tell if a cluster is openshift or not, and behave accordingly: https://github.com/grafana/grafana-operator/blob/master/controllers/autodetect/main.go We can still let users over-ride the default, but just automatically choose the correct default for openshift. Thoughts? |
|
Hey @computate - starting to follow up on some of these outstanding PRs - what do you think about Houston's suggestion above regarding auto-detection? Is that something you'd be willing to add in here? |
|
Thanks for following up @gerlowskija and @HoustonPutman , I am a big fan of Solr. I would love to see the Zookeeper and Solr Operator work better on OpenShift, because I have had problems with it and had to switch to using bitnami helm charts instead. I haven't considered a solution like |
Sorry to hear it! ZK Operator stuff we can't do as much about, but we'd love to have better support for OpenShift on the Solr side - if you remember what the other issues were, please let us know with a ticket. We're blind in some ways without that feedback! |
|
Thinking a bit more on the proposal here, I'm a little leery about adding an explicit Auto-detection I feel much better about, since it needn't add to our CRD. Could we just do auto-detection to start, and revisit down the road if that ends up being insufficient? |
computate
force-pushed
the
openshift
branch
6 times, most recently
from
a08cbc1 to
fe0ec20
Compare
Adding autodetection of solr-operator running on an OpenShift cluster to remove the default Solr fsGroup, and have an empty securityContext on OpenShift. Fixes apache#466
computate
force-pushed
the
openshift
branch
from
fe0ec20 to
6884fd7
Compare
|
Hi @gerlowskija and @HoustonPutman , I have now updated my branch to support the grafana-operator way of autodection of solr-operator running on OpenShift! If you would like to try this out, try my documentation for running OpenShift Local on your own computer with Windows 11 Pro, or Linux: https://smaq.computate.org/en-us/view/article/install-openshift-local-on-your-computer Then install -d ~/.local/src/computate-gitops/
git clone https://github.com/computate-org/computate-gitops.git \
~/.local/src/computate-gitops/
cd ~/.local/src/computate-gitops/
oc apply -k openshift-local/gitops/base/Then wait for the GitOps operator to become ready. You will be able to log into ArgoCD with your OpenShift Local kubeadmin credentials: https://openshift-gitops-server-openshift-gitops.apps-crc.testing/ oc -n openshift-operators wait pod -l control-plane=gitops-operator \
--for=condition=Ready --timeout=5m
oc -n openshift-gitops wait pod \
-l app.kubernetes.io/name=openshift-gitops-application-controller \
--for=condition=Ready --timeout=5mThen deploy the zookeeper operator with GitOps: oc apply -k openshift-local/zookeeper-operator/applications/
oc apply -k openshift-local/zookeeper/applications/Then deploy the solr operator with GitOps: oc apply -k openshift-local/solr-operator/applications/
oc apply -k openshift-local/solr/applications/You should be able to find a SolrCloud running in the You will also find a log in the solr-operator pod: |
|
I have temporarily pointed my spec:
project: default
source:
repoURL: https://github.com/computate/solr-operator.git
targetRevision: openshift
path: helm/solr-operator
helm:
parameters:
- name: zookeeper-operator.install
value: 'false'
- name: zookeeper-operator.use
value: 'false'
- name: image.repository
value: 'quay.io/computate/solr-operator'
- name: image.tag
value: 'openshift' |
3 participants
Adding autodetection of solr-operator running on an OpenShift cluster to remove the default Solr fsGroup, and have an empty securityContext on OpenShift. Regular Kubernetes deployments have the same securityContext as before with fsGroup.
I have successfully tested these changes in OpenShift Local and confirmed that an empty securityContext allows the solrcloud pod run on OpenShift.
Fixes #466