Bug #115836 Optional `initContainers` and `securityContext` fields for enhanced security
Submitted: 14 Aug 13:40 Modified: 14 Aug 13:46
Reporter: Pierrick Joseph Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Operator Severity:S4 (Feature request)
Version:9.0.1-2.2.1 OS:Any
Assigned to: CPU Architecture:Any

[14 Aug 13:40] Pierrick Joseph
Description:
On a cluster with certain CSI like ceph-csi, init containers (https://github.com/mysql/mysql-operator/blob/trunk/mysqloperator/controller/innodbcluster/...) doing the `chown` are not useful. 

Moreover, doing so in a cluster with hardened security rules requires to change the namespace's security context to be more permissive, which is far from ideal.

How to repeat:
Just put a restrictive security context in a namespace and deploy mysql-innodbcluster in that namespace.

Suggested fix:
Making the `initContainers` field optional and allowing the user to change the the `securityContext` field (https://github.com/mysql/mysql-operator/blob/trunk/mysqloperator/controller/innodbcluster/...) should be sufficient to solve this issue.
[14 Aug 13:46] MySQL Verification Team
Hello Pierrick Joseph,

Thank you for the feature request!

regards,
Umesh