janhoy opened a new issue, #484: URL: https://github.com/apache/solr-operator/issues/484
We can mount volumes on the Solr pod today, but only plain ones. Need support for [Projected Volumes](https://kubernetes.io/docs/concepts/storage/projected-volumes/), which would look like this in Helm speak: ```yaml solr: podOptions: volumes: # Map service account JWT token onto a volume - name: sa-token-vol defaultContainerMount: mountPath: /var/run/secrets/tokens name: sa-token-vol source: - serviceAccountToken: path: sa-token expirationSeconds: 86400 audience: myAudience ``` This example will cause k8s to generate a Service Account token in `/var/run/secrets/tokens/sa-token` and rotate it automatically. Then Solr (or some plugin within Solr) can fetch the token from that file and use it to authenticate with other services within the cluster. We need this for a custom `AuditPlugin` which will post Audit Events to another service in the cluster, which requires ServiceAccount tokens. Today [AdditionalVolume](https://github.com/apache/solr-operator/blob/main/api/v1beta1/common_types.go#L204-L217) only accepts plain Volume mounts. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
