security context root for modifing opensearch filesystem dependency

[FaGru3n]

Hi BPDM-Team,

found an opensearch dependency in our helm chart that is a against our rule with https://eclipse-tractusx.github.io/docs/release/trg-4/trg-4-03

After a little Chat and research with our System Team Member this should be clarified till the next release.

Problem: runAsUser: 0

bpdm/charts/bpdm/values.yaml

Lines 53 to 73 in 700af9a

	extraInitContainers:
	- name: sysctl
	image: docker.io/bitnami/bitnami-shell:10-debian-10-r199
	imagePullPolicy: "IfNotPresent"
	command:
	- /bin/bash
	- -ec
	- |
	CURRENT=`sysctl -n vm.max_map_count`;
	DESIRED="262144";
	if [ "$DESIRED" -gt "$CURRENT" ]; then
	sysctl -w vm.max_map_count=262144;
	fi;
	CURRENT=`sysctl -n fs.file-max`;
	DESIRED="65536";
	if [ "$DESIRED" -gt "$CURRENT" ]; then
	sysctl -w fs.file-max=65536;
	fi;
	securityContext:
	runAsUser: 0
	privileged: true

And guess there are also some opensearch values you can play arround with
https://github.com/opensearch-project/helm-charts/blob/main/charts/opensearch/values.yaml

But also other users seems to have the problem:
opensearch-project/helm-charts#369
opensearch-project/helm-charts#480

Bitnami approach:
https://github.com/bitnami/charts/blob/2ba572d7ec51d5ff9ecd47f5748aab308aef693e/bitnami/elasticsearch/templates/data-statefulset.yaml#L72

Clear announcement that we have to discuss this and you as a bpdm-team have to push the topic.

[FaGru3n]

@Siegfriedk FYI

[Siegfriedk]

I unassigned myself as i expect a collegue/team member of bpdm to drive this.

General speaking: if this is a dependency were you do not expect someome else to use an external setup or managed, it become a component of your product and need to be able to run as non root.

It should also not be hard to fix it

[nicoprow]

We recently decided to not longer use Opensearch for our future BPDM solutions and are currently in the process of removing it from our applications and Helm Charts. Therefore, no problems for future releases 👍

[Siegfriedk]

@nicoprow out of curiosity: what did you use it for and how are you replacing it?

[nicoprow]

@nicoprow out of curiosity: what did you use it for and how are you replacing it?

In the past we had a functionality to search business partners by different text fields such as names, descriptions such like that. At that time it seemed that the requirements would lead to more complex search functionality over the business partners. However, we never actually experienced that demand and with a drastic data model change the existing search functionality was also scaled back.
Because of this, we decided that a normal database fuzzy search will currently suffice for the business partner search. We have already intorduced a fairly simple database search as an alternative to Opensearch and therefore, we are able to remove the whole Opensearch component soon.