diff --git a/helm/solr/README.md b/helm/solr/README.md index 5aa45a94..6d114f7c 100644 --- a/helm/solr/README.md +++ b/helm/solr/README.md @@ -290,6 +290,7 @@ When using the helm chart, omit `customSolrKubeOptions.` | podOptions.initContainers | []object | | An optional list of additional initContainers to run before the Solr container starts | | podOptions.envVars | []object | | List of additional environment variables for the Solr container | | podOptions.podSecurityContext | object | | Security context for the Solr pod | +| podOptions.containerSecurityContext | object | | Security context for the Solr container in each pod | | podOptions.terminationGracePeriodSeconds | int | | Optional amount of time to wait for Solr to stop on its own, before manually killing it | | podOptions.livenessProbe | object | | Custom liveness probe for the Solr container | | podOptions.readinessProbe | object | | Custom readiness probe for the Solr container | diff --git a/helm/solr/templates/_custom_option_helpers.tpl b/helm/solr/templates/_custom_option_helpers.tpl index d2b9b586..4ea01db7 100644 --- a/helm/solr/templates/_custom_option_helpers.tpl +++ b/helm/solr/templates/_custom_option_helpers.tpl @@ -59,6 +59,10 @@ nodeSelector: podSecurityContext: {{- toYaml .Values.podOptions.podSecurityContext | nindent 2 }} {{ end }} +{{- if .Values.podOptions.containerSecurityContext -}} +containerSecurityContext: + {{- toYaml .Values.podOptions.containerSecurityContext | nindent 2 }} +{{ end }} {{- if (or .Values.podOptions.imagePullSecrets .Values.global.imagePullSecrets) -}} imagePullSecrets: {{- toYaml (append .Values.podOptions.imagePullSecrets .Values.global.imagePullSecrets) | nindent 2 }} diff --git a/helm/solr/values.yaml b/helm/solr/values.yaml index 216944d5..298f8265 100644 --- a/helm/solr/values.yaml +++ b/helm/solr/values.yaml @@ -295,6 +295,7 @@ podOptions: priorityClassName: "" envVars: [] podSecurityContext: {} + containerSecurityContext: {} terminationGracePeriodSeconds: null # Set Solr service account individually instead of the global "serviceAccount.name"