Merge pull request #33 from tum-gis/fix/solr-security-context

Fix solr security context

CHANGELOG.md

@@ -356,7 +356,7 @@ is displayed when navigating to the _Datasets_ view of CKAN.
 
 ### Known issues
 
-[Unreleased]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-2.0.0...HEAD
+[Unreleased]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-2.0.1...HEAD
 
 [sddi-ckan-3.0.0-beta1]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-2.0.0...sddi-ckan-3.0.0-beta1
 [sddi-ckan-2.0.0]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.2...sddi-ckan-2.0.0

charts/sddi-ckan/charts/solr/Chart.yaml

@@ -8,7 +8,7 @@ sources:
   - https://github.com/ckan/ckan-solr
   - https://github.com/ckan/ckanext-spatial
 
-version: 0.3.2
+version: 0.4.0
 appVersion: "2.9-solr8-spatial"
 
 maintainers:

charts/sddi-ckan/charts/solr/README.md

@@ -1,6 +1,6 @@
 # solr
 
-![Version: 0.3.2](https://img.shields.io/badge/Version-0.3.2-informational?style=flat-square) ![AppVersion: 2.9-solr8-spatial](https://img.shields.io/badge/AppVersion-2.9--solr8--spatial-informational?style=flat-square)
+![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![AppVersion: 2.9-solr8-spatial](https://img.shields.io/badge/AppVersion-2.9--solr8--spatial-informational?style=flat-square)
 
 A Helm chart for Solr pre-configured for CKAN  and ckanext-spatial.
 
@@ -25,11 +25,13 @@ A Helm chart for Solr pre-configured for CKAN  and ckanext-spatial.
 | affinity | object | `{}` | [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) |
 | component | string | `"index"` | Role of Solr in this chart |
 | enabled | bool | `true` | Enable/disable Solr |
+| extraInitContainers | list | `[]` | Sets additional [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). The initContainers specified here, are appended to the ones specified in `initContainers`. |
 | fullnameOverride | string | `"solr"` | Override fullname |
 | image.pullPolicy | string | `"IfNotPresent"` | [Image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) |
 | image.repository | string | `"ckan/ckan-solr"` | [Image repository](https://kubernetes.io/docs/concepts/containers/images/) |
 | image.tag | string | `""` | Overrides the image tag whose default is the chart `appVersion`. |
 | imagePullSecrets | list | `[]` | [Image pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) |
+| initContainers | list | See `values.yml` for the list of default initContainers. | Sets [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). Set to `[]` to disable the default initContainers. Set to any list of initContainer definitions to overwrite the default initContainers. Use `extraInitContainers` to extend the default initContainers. |
 | loadBalancer.enabled | bool | `false` | Enable/disable a LoadBalancer service for external Database access |
 | nameOverride | string | `""` | Override name |
 | nodeSelector | object | `{}` | [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) |

charts/sddi-ckan/charts/solr/templates/solr-statefulset.yml

@@ -37,6 +37,15 @@ spec:
           persistentVolumeClaim:
             claimName: {{ include "solr.fullname" . }}
 
+      initContainers:
+      {{- if .Values.initContainers }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.initContainers  "context" $ ) | nindent 8 }}
+      {{- end }}
+
+      {{- if .Values.extraInitContainers }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.extraInitContainers  "context" $ ) | nindent 8 }}
+      {{- end }}
+
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
@@ -52,19 +61,6 @@ spec:
             - name: data
               mountPath: /var/solr/data
 
-          # livenessProbe:
-          #   periodSeconds: 10
-          #   timeoutSeconds: 2
-          #   exec:
-          #     command: [ sh, -c, "pg_isready -U $POSTGRES_USER -d $POSTGRES_DB" ]
-
-          # readinessProbe:
-          #   initialDelaySeconds: 15
-          #   periodSeconds: 10
-          #   timeoutSeconds: 2
-          #   exec:
-          #     command: [ sh, -c, "pg_isready -U $POSTGRES_USER -d $POSTGRES_DB" ]
-
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}

charts/sddi-ckan/charts/solr/values.yaml

@@ -34,9 +34,6 @@ serviceAccount:
 
 # -- [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
 podSecurityContext: {}
-  # runAsUser: 8983
-  # runAsGroup: 8983
-  # fsGroup: 8983
 
 # -- [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
 securityContext: {}
@@ -70,6 +67,25 @@ persistence:
   annotations:
   # helm.sh/resource-policy: keep
 
+# initContainers --------------------------------------------------------------
+# -- Sets [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).
+# Set to `[]` to disable the default initContainers.
+# Set to any list of initContainer definitions to overwrite the default initContainers.
+# Use `extraInitContainers` to extend the default initContainers.
+# @default -- See `values.yml` for the list of default initContainers.
+initContainers:
+  - name: init-data
+    image: busybox:latest
+    command:
+      ["sh", "-c", "chown -Rv 8983:8983 /var/solr/data"]
+    volumeMounts:
+      - name: data
+        mountPath: "/var/solr/data"
+
+# -- Sets additional [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).
+# The initContainers specified here, are appended to the ones specified in `initContainers`.
+extraInitContainers: []
+
 # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
 resources: {}
 # -- [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/)