-
-
Save janhoy/dfc24bb128bd5a44a114a10d266b9e56 to your computer and use it in GitHub Desktop.
Propagate availability zone from k8s label to solr sysprop
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Cluster role used for getting node label to inject into the POD | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: release-name-node-labels | |
rules: | |
- apiGroups: [""] | |
resources: ["nodes"] | |
verbs: ["get", "list"] | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: release-name-node-labels-binding | |
roleRef: | |
kind: ClusterRole | |
name: release-name-node-labels | |
apiGroup: rbac.authorization.k8s.io | |
subjects: | |
- kind: ServiceAccount | |
name: release-name-solr | |
namespace: default | |
--- | |
apiVersion: solr.apache.org/v1beta1 | |
kind: SolrCloud | |
metadata: | |
name: release-name | |
labels: | |
app.kubernetes.io/name: solr | |
app.kubernetes.io/instance: release-name | |
app.kubernetes.io/version: "9.3.0" | |
spec: | |
customSolrKubeOptions: | |
podOptions: | |
envVars: | |
- name: SOLR_INCLUDE | |
value: /path/to/solr/home/k8s/node.sh | |
podSecurityContext: | |
# Change fsGroup to allow the jq-curl-bash-alpine-edge image access to token, since it runs as 'nobody / 65534' | |
fsGroup: 65534 | |
runAsNonRoot: true | |
volumes: | |
# Volume for node properties that will hold the script for setting availability_zone property | |
- name: kube-node-info | |
defaultContainerMount: | |
mountPath: /path/to/solr/home/k8s | |
name: kube-node-info | |
source: | |
emptyDir: {} | |
initContainers: | |
# Fetch node's properties from k8s api and propagate it into sysprop availability_zone for affinity plugin to consume | |
- name: k8s-node-label-fetcher | |
image: "docker.io/vakaobr/jq-curl-bash-alpine-edge:20220811" | |
command: ["sh", "-c", "curl -s \"https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}/api/v1/nodes/${NODE_NAME}\" -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" --cacert '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt' | jq -r '.metadata.labels[\"topology.kubernetes.io/zone\"] | \"SOLR_OPTS=\\\"${SOLR_OPTS} -Davailability_zone=\" + . + \"\\\"\"' > /node-info/node.sh"] | |
volumeMounts: | |
- name: kube-node-info | |
mountPath: "/node-info" | |
env: | |
- name: NODE_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.nodeName | |
securityContext: | |
runAsNonRoot: true | |
runAsUser: 65534 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment