Enable Read-Only Root File System

Table of Contents

Solr
Zookeeper
Kafka
ML Model Service
Argo
Seldon Core Operator
Argo Common Workflows
Question Answering
Classification
All-in-one values.yaml example
All-in-one values.yaml with optional services example
Supported services

This topic describes how to configure a read-only root file system for a Fusion deployment. Read-only mode safeguards your file system against unauthorized changes, such as by malicious software or other attacks. Enabling this feature entails configuring the readOnlyRootFilesystem attribute in the Fusion Helm chart.

This feature is only available in Fusion 5.9.9 and later versions of Fusion 5.9.

Beginning with Fusion 5.9.10, all of Fusion’s services are designed to work with a read-only root file system, but some external services may require write access to the file system. In that case, you can configure a read-only root file system and mount a separate writable file system for these services.

The examples below show how to configure a read-only root file system for various Fusion services.

Solr

fusion:
  solr:
    containerSecurityContext:
      readOnlyRootFilesystem: true

With optional services:

fusion:
  solr:
    exporter:
      enabled: true
      securityContext:
        readOnlyRootFilesystem: true
    containerSecurityContext:
      readOnlyRootFilesystem: true

Zookeeper

fusion:
  zookeeper:
    containerSecurityContext:
      readOnlyRootFilesystem: true

With optional services:

fusion:
  zookeeper:
    containerSecurityContext:
      readOnlyRootFilesystem: true
    exporters:
      jmx:
        enabled: true
      zookeeper:
        enabled: true
    jobs:
      chroots:
        enabled: true
        config:
          create:
            - /root-read-only

Kafka

fusion:
  kafka:
    containerSecurityContext:
      readOnlyRootFilesystem: true

With optional services:

fusion:
  kafka:
    containerSecurityContext:
      readOnlyRootFilesystem: true
    volumePermissions:
      enabled: true
      containerSecurityContext:
        readOnlyRootFilesystem: true
    metrics:
      kafka:
        containerSecurityContext:
          readOnlyRootFilesystem: true
          enabled: true
      jmx:
        enabled: true
        containerSecurityContext:
          enabled: true
          readOnlyRootFilesystem: true
    externalAccess:
      enabled: true
      autoDiscovery:
        enabled: true
        containerSecurityContext:
          enabled: true
          readOnlyRootFilesystem: true
    provisioning:
      enabled: true
      topics:
      - name: test
        partitions: 1
        replicationFactor: 1
        ## https://kafka.apache.org/documentation/#topicconfigs
        config:
          max.message.bytes: 64000
          flush.messages: 1
      containerSecurityContext:
        readOnlyRootFilesystem: true
        enabled: true

ML Model Service

fusion:
  ml-model-service:
    ambassador:
      containerSecurityContext:
        readOnlyRootFilesystem: true
    milvus:
      mysql:
        containerSecurityContext:
          readOnlyRootFilesystem: true
      securityContext:
        readOnlyRootFilesystem: true
With optional services:
fusion:
  ml-model-service:
    ambassador:
      containerSecurityContext:
        readOnlyRootFilesystem: true
      prometheusExporter:
        enabled: true
        securityContext:
          readOnlyRootFilesystem: true
    milvus:
      mysql:
        metrics:
          enabled: true
          securityContext:
            readOnlyRootFilesystem: true
        containerSecurityContext:
          readOnlyRootFilesystem: true
      cluster:
        enabled: false
      mishards:
        securityContext:
          readOnlyRootFilesystem: true
      admin:
        enabled: true
        securityContext:
          readOnlyRootFilesystem: true
      securityContext:
        readOnlyRootFilesystem: true

Argo

fusion:
  argo:
    minio:
      containerSecurityContext:
        readOnlyRootFilesystem: true
      extraVolumes:
        - name: config-dir
          emptyDir: {}
        - name: certs-dir
          emptyDir: {}
      extraVolumeMounts:
        - name: config-dir
          mountPath: /.minio
        - name: certs-dir
          mountPath: /etc/minio/certs
    server:
      securityContext:
        readOnlyRootFilesystem: true
    controller:
      securityContext:
        readOnlyRootFilesystem: true
    mainContainer:
      securityContext:
        readOnlyRootFilesystem: true
    executor:
      securityContext:
        readOnlyRootFilesystem: true

Seldon Core Operator

fusion:
  seldon-core-operator:
    containersSecurityContext:
      readOnlyRootFilesystem: true

Argo Common Workflows

fusion:
  argo-common-workflows:
    containerSecurityContext:
      readOnlyRootFilesystem: true

Question Answering

fusion:
  question-answering:
    containersSecurityContext:
      readOnlyRootFilesystem: true

Classification

fusion:
  classification:
    containersSecurityContext:
      readOnlyRootFilesystem: true

All-in-one values.yaml example

fusion:
  solr:
    containerSecurityContext:
      readOnlyRootFilesystem: true
  solr-managed:
    containerSecurityContext:
      readOnlyRootFilesystem: true
  zookeeper:
    containerSecurityContext:
      readOnlyRootFilesystem: true
  kafka:
    containerSecurityContext:
      readOnlyRootFilesystem: true
  ml-model-service:
    ambassador:
      containerSecurityContext:
        readOnlyRootFilesystem: true
    milvus:
      mysql:
        containerSecurityContext:
          readOnlyRootFilesystem: true
      securityContext:
        readOnlyRootFilesystem: true
  argo:
    minio:
      containerSecurityContext:
        readOnlyRootFilesystem: true
      extraVolumes:
        - name: config-dir
          emptyDir: {}
        - name: certs-dir
          emptyDir: {}
      extraVolumeMounts:
        - name: config-dir
          mountPath: /.minio
        - name: certs-dir
          mountPath: /etc/minio/certs
    server:
      securityContext:
        readOnlyRootFilesystem: true
    controller:
      securityContext:
        readOnlyRootFilesystem: true
    mainContainer:
      securityContext:
        readOnlyRootFilesystem: true
    executor:
      securityContext:
        readOnlyRootFilesystem: true
  seldon-core-operator:
    containersSecurityContext:
      readOnlyRootFilesystem: true
  argo-common-workflows:
    containerSecurityContext:
      readOnlyRootFilesystem: true
  question-answering:
    containersSecurityContext:
      readOnlyRootFilesystem: true
  classification:
    containersSecurityContext:
      readOnlyRootFilesystem: true

All-in-one values.yaml with optional services example

fusion:
  argo:
    minio:
      persistence:
        enabled: false
      containerSecurityContext:
        readOnlyRootFilesystem: true
      extraVolumes:
        - name: config-dir
          emptyDir: {}
        - name: certs-dir
          emptyDir: {}
      extraVolumeMounts:
        - name: config-dir
          mountPath: /.minio
        - name: certs-dir
          mountPath: /etc/minio/certs
    server:
      securityContext:
        readOnlyRootFilesystem: true
    controller:
      securityContext:
        readOnlyRootFilesystem: true
    mainContainer:
      securityContext:
        readOnlyRootFilesystem: true
    executor:
      securityContext:
        readOnlyRootFilesystem: true
  solr:
    exporter:
      enabled: true
      securityContext:
        readOnlyRootFilesystem: true
    containerSecurityContext:
      readOnlyRootFilesystem: true
    # tls:
    #   enabled: true
  solr-managed:
    exporter:
      enabled: true
      securityContext:
        readOnlyRootFilesystem: true
    enableExternalFiles: true
    enabledStorage:
    - gcs
    processRaw:
      image:
        repository: fusion-dev-docker.ci-artifactory.lucidworks.com
      cloudRoot: gs://lw-managed-fusion-data/tmp
      gcs:
        secret: gcs-key
        secretFieldName: key.json
      securityContext:
        readOnlyRootFilesystem: true
    containerSecurityContext:
      readOnlyRootFilesystem: true
    # tls:
    #   enabled: true
  zookeeper:
    containerSecurityContext:
      readOnlyRootFilesystem: true
    exporters:
      jmx:
        enabled: true
      zookeeper:
        enabled: true
    jobs:
      chroots:
        # enabled: true
        config:
          create:
            - /root-read-only
  kafka:
    containerSecurityContext:
      readOnlyRootFilesystem: true
    volumePermissions:
      enabled: true
      image:
        repository: "fusion-dev-docker.ci-artifactory.lucidworks.com/os-shell"
      containerSecurityContext:
        readOnlyRootFilesystem: true
    metrics:
      kafka:
        containerSecurityContext:
          readOnlyRootFilesystem: true
          enabled: true
      jmx:
        enabled: true
        containerSecurityContext:
          enabled: true
          readOnlyRootFilesystem: true
    externalAccess:
      enabled: true
      autoDiscovery:
        enabled: true
        containerSecurityContext:
          enabled: true
          readOnlyRootFilesystem: true
    provisioning:
      enabled: true
      topics:
      - name: test
        partitions: 1
        replicationFactor: 1
        ## https://kafka.apache.org/documentation/#topicconfigs
        config:
          max.message.bytes: 64000
          flush.messages: 1
      containerSecurityContext:
        readOnlyRootFilesystem: true
        enabled: true
  ml-model-service:
    enabled: true
    ambassador:
      containerSecurityContext:
        readOnlyRootFilesystem: true
      prometheusExporter:
        enabled: true
        securityContext:
          readOnlyRootFilesystem: true
    milvus:
      mysql:
        metrics:
          enabled: true
          securityContext:
            readOnlyRootFilesystem: true
        containerSecurityContext:
          readOnlyRootFilesystem: true
      cluster:
        enabled: false
      mishards:
        securityContext:
          readOnlyRootFilesystem: true
      admin:
        enabled: true
        securityContext:
          readOnlyRootFilesystem: true
      securityContext:
        readOnlyRootFilesystem: true
  seldon-core-operator:
    containersSecurityContext:
      readOnlyRootFilesystem: true
  argo-common-workflows:
    containerSecurityContext:
      readOnlyRootFilesystem: true
  question-answering:
    containersSecurityContext:
      readOnlyRootFilesystem: true
  classification:
    containersSecurityContext:
      readOnlyRootFilesystem: true

Supported services

The table below lists the services that support a read-only root file system, the ones that have it enabled by default, and the Fusion release in which support was added:

Chart Name Pod Name Container Name Supported Default enabled Supported version

Chart Name	Pod Name	Container Name	Supported	Default enabled	Supported version
`admin-ui`	`admin-ui`	`admin-ui`	✅	✅	5.9.9+
`api-gateway`	`api-gateway`	`init/api-gateway`	✅	✅	5.9.9+
`api-gateway`	`api-gateway`	`api-gateway`	✅	✅	5.9.9+
`api-gateway`	`api-gateway`	`generate-jks`	✅	✅	5.9.9+
`apps-manager`	`apps-manager`	`apps-manager`	✅	✅	5.9.9+
`argo`	`argo-server`	`argo-server`	✅	❌	5.9.10+
`argo`	`argo-executor`	`executor`	✅	❌	5.9.10+
`argo`	`argo-mainContainer`	`mainContainer`	✅	❌	5.9.10+
`argo`	`argo-controller`	`controller`	✅	✅	5.9.10+
`argo/minio`	`minio`	`minio`	✅	❌	5.9.10+
`argo/minio`	`minio`	`minio`	✅	❌	5.9.10+
`argo/minio`	`make-bucket-job`	`minio-mc`	✅	❌	5.9.10+
`argo-common-workflows`	`delete-model`	`init/main/wait`	✅	❌	5.9.10+
`argo-common-workflows`	`deploy-model`	`init/main/wait`	✅	❌	5.9.10+
`argo-common-workflows`	`milvus-maintenance`	`init/main/wait`	✅	❌	5.9.10+
`argo-common-workflows`	`upload-model-to-cloud`	`init/main/wait`	✅	❌	5.9.10+
`async-parsing`	`async-parsing`	`tika-server`	✅	✅	5.9.9+
`async-parsing`	`async-parsing`	`async-parsing`	✅	✅	5.9.9+
`auth-ui`	`auth-ui`	`auth-ui`	✅	✅	5.9.9+
`classic-rest-service`	`classic-rest-service`	`init/import-certs`	✅	✅	5.9.10+
`classic-rest-service`	`classic-rest-service`	`classic-rest-service`	✅	✅	5.9.9+
`classification`	`argo/classification`	`init/wait/main`	✅	❌	5.9.10+
`connector-plugin`	`connector-plugin`	`init/import-certs`	✅	❌	5.9.10+
`connector-plugin`	`connector-plugin`	`connector-plugin`	✅	✅	5.9.9+
`connectors`	`connectors`	`connectors`	✅	✅	5.9.9+
`connectors-backend`	`CRD`		✅	✅	5.9.9+
`connectors-backend`	`connectors-backend`	`connectors-backend`	✅	✅	5.9.9+
`fusion-admin`	`fusion-admin`	`admin`	✅	✅	5.9.9+
`fusion-commons`		`check-admin`	✅	✅	5.9.9+
`fusion-commons`		`check-api-gateway`	✅	✅	5.9.9+
`fusion-commons`		`check-indexing`	✅	✅	5.9.9+
`fusion-commons`		`check-kafka`	✅	✅	5.9.9+
`fusion-commons`		`check-logstash`	✅	✅	5.9.9+
`fusion-commons`		`check-pulsar`	✅	✅	5.9.9+
`fusion-commons`		`setup-keystore-and-properties`	✅	✅	5.9.9+
`fusion-commons`		`check-zk`	✅	✅	5.9.9+
`fusion-config-sync`	`fusion-config-sync`	`fusion-config-sync`	✅	✅	5.9.9+
`fusion-data-augmentation`	`argo/data-augmentation/volume-fix`	`init/main/wait`	✅	❌	5.9.10+
`fusion-data-augmentation`	`argo/data-augmentation/init-workspace`	`init/main/wait`	✅	❌	5.9.10+
`fusion-data-augmentation`	`argo/data-augmentation/write-job-configs`	`init/main/wait`	✅	❌	5.9.10+
`fusion-data-augmentation`	`argo/data-augmentation/write-io-configs`	`init/main/wait`	✅	❌	5.9.10+
`fusion-data-augmentation`	`argo/data-augmentation/add-zkhost`	`init/main/wait`	✅	❌	5.9.10+
`fusion-data-augmentation`	`argo/data-augmentation/pull-data-training-and-metadata`	`init/main/wait`	✅	❌	5.9.10+
`fusion-data-augmentation`	`argo/data-augmentation/pull-data-training-and-metadata-cloud`	`init/main/wait`	✅	❌	5.9.10+
`fusion-data-augmentation`	`argo/data-augmentation/volume-fix2`	`init/main/wait`	✅	❌	5.9.10+
`fusion-data-augmentation`	`argo/data-augmentation/synonym-list`	`init/main/wait`	✅	❌	5.9.10+
`fusion-data-augmentation`	`argo/data-augmentation/download-synonym-dictionary`	`init/main/wait`	✅	❌	5.9.10+
`fusion-data-augmentation`	`argo/data-augmentation/keystroke-list`	`init/main/wait`	✅	❌	5.9.10+
`fusion-data-augmentation`	`argo/data-augmentation/download-keystroke-blob`	`init/main/wait`	✅	❌	5.9.10+
`fusion-data-augmentation`	`argo/data-augmentation/augment`	`init/main/wait`	✅	❌	5.9.10+
`fusion-data-augmentation`	`argo/data-augmentation/push-augmented-data`	`init/main/wait`	✅	❌	5.9.10+
`fusion-data-augmentation`	`argo/data-augmentation/push-augmented-data-cloud`	`init/main/wait`	✅	❌	5.9.10+
`fusion-indexing`	`fusion-indexing`	`fusion-indexing`	✅	✅	5.9.9+
`fusion-resources`	`fusion-resources-secret-hook`	`setup-keystore-and-properties`	✅	✅	5.9.10+
`insights`	`insights`	`insights`	✅	✅	5.9.9+
`job-launcher`	`job-launcher`	`job-launcher`	✅	✅	5.9.9+
`job-launcher`	`job-launcher`	`kubectl-runner`	✅	✅	5.9.9+
`job-launcher`	`job-launcher-spark-cleanup`	`kubectl-runner`	✅	✅	5.9.9+
`job-launcher`	`spark-kubernetes-driver`	`spark-kubernetes-driver`	✅	❌	5.9.10+
`job-launcher`	`spark-kubernetes-executor`	`spark-kubernetes-executor`	✅	❌	5.9.10+
`job-rest-server`	`job-rest-server`	`job-rest-server`	✅	✅	5.9.9+
`kafka`	`kafka-metrics`	`kafka-exporter-archived`	✅	❌	5.9.10+
`kafka`	`kafka-provisioning`	`init/wait-for-available-kafka`	✅	❌	5.9.10+
`kafka`	`kafka-provisioning`	`kafka-provisioning`	✅	❌	5.9.10+
`kafka`	`kafka`	`kafka`	✅	❌	5.9.10+
`kafka`	`kafka`	`jmx-exporter`	✅	❌	5.9.10+
`kafka`	`kafka`	`init/check-zk`	✅	✅	5.9.9+
`kafka`	`kafka`	`init/auto-discovery`	✅	❌	5.9.10+
`kafka`	`kafka`	`init/volume-permissions`	✅	❌	5.9.10+
`lwai-gateway`	`lwai-gateway`	`lwai-gateway`	✅	✅	5.9.9+
`ml-model-service`	`ml-model-service`	`java-service`	✅	✅	5.9.9+
`ml-model-service`	`ml-model-service-namespace-hook`	`kubectl-runner`	✅	✅	5.9.9+
`ml-model-service/ambassador`	`ambassador`	`ambassador`	✅	❌	5.9.10+
`ml-model-service/ambassador`	`ambassador`	`prometheus-exporter`	✅	❌	5.9.10+
`ml-model-service/milvus`	`milvus-writable`	`milvus`	✅	❌	5.9.10+
`ml-model-service/milvus`	`milvus-writable`	`init/wait-for-mysql`	✅	✅	5.9.10+
`ml-model-service/milvus`	`milvus-writable`	`init/create-for-share-storage`	✅	❌	5.9.10+
`ml-model-service/milvus`	`milvus-admin`	`admin`	✅	❌	5.9.10+
`ml-model-service/milvus`	`milvus-admin`	`init/wait-for-milvus`	✅	✅	5.9.10+
`ml-model-service/milvus`	`milvus-mishards`	`init/wait-for-mysql`	✅	✅	5.9.10+
`ml-model-service/milvus`	`milvus-mishards`	`init/wait-for-mysql`	✅	✅	5.9.10+
`ml-model-service/milvus`	`milvus-mishards`	`mishards`	✅	❌	5.9.10+
`ml-model-service/milvus/mysql`	`mysql`	`init/remove-lost-found`	✅	✅	5.9.10+
`ml-model-service/milvus/mysql`	`mysql`	`mysql`	✅	❌	5.9.10+
`pm-ui`	`pm-ui`	`pm-ui`	✅	✅	5.9.9+
`query-pipeline`	`query-pipeline`	`query-pipeline`	✅	✅	5.9.9+
`question-answering`	`argo/qna-coldstart/init-workspace`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-coldstart/write-job-configs`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-coldstart/write-io-configs`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-coldstart/write-io-configs`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-coldstart/add-zkHost`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-coldstart/pull-data`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-coldstart/pull-data-cloud`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-coldstart/train`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-coldstart/list-workspace`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-coldstart/post-model`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-coldstart/apply-seldon-deployment`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-supervised/init-workspace`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-supervised/write-job-configs`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-supervised/write-io-configs`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-supervised/add-zkhost`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-supervised/pull-qa-data-cloud`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-supervised/pull-qa-data`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-supervised/train`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-supervised/train-with-texts`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-supervised/list-workspace`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-supervised/post-model`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-supervised/apply-seldon-deployment`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-evaluation/init-workspace`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-evaluation/write-job-configs`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-evaluation/write-io-configs`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-evaluation/add-zkhost`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-evaluation/list-workspace`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-evaluation/pull-eval-data`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-evaluation/pull-eval-data-cloud`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-evaluation/evaluate`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-evaluation/push-eval-results-cloud`	`init/wait/main`	✅	❌	5.9.10+
`question-answering`	`argo/qna-evaluation/push-eval-results`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-user`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-user/init-workspace`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-user/write-job-configs`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-user/write-io-configs`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-user/add-zkhost`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-user/pull-data-training-and-metadata`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-user/pull-data-training-and-metadata-cloud`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-user/train-with-metadata`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-user/train-without-metadata`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-user/push-recommendations`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-user/push-recommendations-cloud`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-user/add-default-exclude-query`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-user/init-workspace`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-content/copy-model`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-content/write-job-configs`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-content/write-io-configs`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-content/add-zkhost`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-content/pull-data`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-content/pull-data-cloud`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-content/train`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-content/push-content`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-content/push-content-cloud`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-content/add-default-exclude-query`	`init/wait/main`	✅	❌	5.9.10+
`recommender`	`argo/item-recommender-content/delete-old-content-recommendations`	`init/wait/main`	✅	❌	5.9.10+
`reverse-search`	`reverse-search`	`init/set-reverse-search-zone`	✅	✅	5.9.10+
`reverse-search`	`reverse-search`	`init/check-zk`	✅	✅	5.9.9+
`reverse-search`	`reverse-search`	`init/enable-tls-in-reverse-search`	✅	✅	5.9.10+
`reverse-search`	`reverse-search`	`reverse-search`	✅	❌	5.9.10+
`rules-ui`	`rules-ui`	`rules-ui`	✅	✅	5.9.9+
`seldon-core-operator`	`seldon-controller-manager`	`manager`	✅	❌	5.9.10+
`seldon-core-operator`	`seldon-spartakus-volunteer`	`seldon-spartakus-volunteer`	✅	❌	5.9.9+
`seldon-core-operator`	`crd/SeldonDeployment`		✅/❌	❌	5.9.9+
`solr`	`solr`	`init/set-solr-zone`	✅	✅	5.9.10+
`solr`	`solr`	`init/enable-tls-in-solr`	✅	✅	5.9.10+
`solr`	`configset-bootstrap`	`configset-bootstrap`	✅	✅	5.9.10+
`solr`	`solr`	`solr`	✅	❌	5.9.10+
`solr`	`solr-exporter`	`exporter`	✅	❌	5.9.10+
`solr`	`solr-exporter`	`init/solr-init`	✅	✅	5.9.10+
`solr-managed`	`configset-bootstrap`	`configset-bootstrap`	✅	✅	5.9.10+
`solr-managed`	`exporter`	`exporter`	✅	❌	5.9.10+
`solr-managed`	`exporter`	`init/solr-init`	✅	✅	5.9.10+
`solr-managed`	`solr`	`init/set-solr-zone`	✅	✅	5.9.10+
`solr-managed`	`solr`	`init/enable-tls-in-solr`	✅	✅	5.9.10+
`solr-managed`	`solr`	`solr`	✅	❌	5.9.10+
`solr-managed`	`solr`	`process-raw`	✅	❌	5.9.10+
`solr-backup-runner`	`solr-backup-runner-backup`	`solr-backups`	✅	❌	5.9.10+
`solr-backup-runner`	`solr-backup-runner-prune`	`solr-prune`	✅	❌	5.9.10+
`templating`	`templating`	`templating`	✅	✅	5.9.9+
`webapps`	`webapps`	`webapps`	✅	✅	5.9.9+
`zookeeper`	`zookeeper`	`zookeeper`	✅	❌	5.9.10+
`zookeeper`	`zookeeper`	`jmx-exporter`	✅	❌	5.9.10+
`zookeeper`	`zookeeper`	`zookeeper-exporter`	✅	❌	5.9.10+
`zookeeper`	`zookeeper-chroots`	`main`	✅	❌	5.9.10+

admin-ui

✅

5.9.9+

api-gateway

init/api-gateway

✅

5.9.9+

api-gateway

✅

5.9.9+

api-gateway

generate-jks

✅

5.9.9+

apps-manager

✅

5.9.9+

argo

argo-server

✅

❌

5.9.10+

argo

argo-executor

executor

✅

❌

5.9.10+

argo

argo-mainContainer

mainContainer

✅

❌

5.9.10+

argo

argo-controller

controller

✅

5.9.10+

argo/minio

minio

✅

❌

5.9.10+

argo/minio

minio

✅

❌

5.9.10+

argo/minio

make-bucket-job

minio-mc

✅

❌

5.9.10+

argo-common-workflows

delete-model

init/main/wait

✅

❌

5.9.10+

argo-common-workflows

deploy-model

init/main/wait

✅

❌

5.9.10+

argo-common-workflows

milvus-maintenance

init/main/wait

✅

❌

5.9.10+

argo-common-workflows

upload-model-to-cloud

init/main/wait

✅

❌

5.9.10+

async-parsing

tika-server

✅

5.9.9+

async-parsing

✅

5.9.9+

auth-ui

✅

5.9.9+

classic-rest-service

init/import-certs

✅

5.9.10+

classic-rest-service

✅

5.9.9+

classification

argo/classification

init/wait/main

✅

❌

5.9.10+

connector-plugin

init/import-certs

✅

❌

5.9.10+

connector-plugin

✅

5.9.9+

connectors

✅

5.9.9+

connectors-backend

CRD

✅

5.9.9+

connectors-backend

✅

5.9.9+

fusion-admin

admin

✅

5.9.9+

fusion-commons

check-admin

✅

5.9.9+

fusion-commons

check-api-gateway

✅

5.9.9+

fusion-commons

check-indexing

✅

5.9.9+

fusion-commons

check-kafka

✅

5.9.9+

fusion-commons

check-logstash

✅

5.9.9+

fusion-commons

check-pulsar

✅

5.9.9+

fusion-commons

setup-keystore-and-properties

✅

5.9.9+

fusion-commons

check-zk

✅

5.9.9+

fusion-config-sync

✅

5.9.9+

fusion-data-augmentation

argo/data-augmentation/volume-fix

init/main/wait

✅

❌

5.9.10+

fusion-data-augmentation

argo/data-augmentation/init-workspace

init/main/wait

✅

❌

5.9.10+

fusion-data-augmentation

argo/data-augmentation/write-job-configs

init/main/wait

✅

❌

5.9.10+

fusion-data-augmentation

argo/data-augmentation/write-io-configs

init/main/wait

✅

❌

5.9.10+

fusion-data-augmentation

argo/data-augmentation/add-zkhost

init/main/wait

✅

❌

5.9.10+

fusion-data-augmentation

argo/data-augmentation/pull-data-training-and-metadata

init/main/wait

✅

❌

5.9.10+

fusion-data-augmentation

argo/data-augmentation/pull-data-training-and-metadata-cloud

init/main/wait

✅

❌

5.9.10+

fusion-data-augmentation

argo/data-augmentation/volume-fix2

init/main/wait

✅

❌

5.9.10+

fusion-data-augmentation

argo/data-augmentation/synonym-list

init/main/wait

✅

❌

5.9.10+

fusion-data-augmentation

argo/data-augmentation/download-synonym-dictionary

init/main/wait

✅

❌

5.9.10+

fusion-data-augmentation

argo/data-augmentation/keystroke-list

init/main/wait

✅

❌

5.9.10+

fusion-data-augmentation

argo/data-augmentation/download-keystroke-blob

init/main/wait

✅

❌

5.9.10+

fusion-data-augmentation

argo/data-augmentation/augment

init/main/wait

✅

❌

5.9.10+

fusion-data-augmentation

argo/data-augmentation/push-augmented-data

init/main/wait

✅

❌

5.9.10+

fusion-data-augmentation

argo/data-augmentation/push-augmented-data-cloud

init/main/wait

✅

❌

5.9.10+

fusion-indexing

✅

5.9.9+

fusion-resources

fusion-resources-secret-hook

setup-keystore-and-properties

✅

5.9.10+

insights

✅

5.9.9+

job-launcher

✅

5.9.9+

job-launcher

kubectl-runner

✅

5.9.9+

job-launcher

job-launcher-spark-cleanup

kubectl-runner

✅

5.9.9+

job-launcher

spark-kubernetes-driver

✅

❌

5.9.10+

job-launcher

spark-kubernetes-executor

✅

❌

5.9.10+

job-rest-server

✅

5.9.9+

kafka

kafka-metrics

kafka-exporter-archived

✅

❌

5.9.10+

kafka

kafka-provisioning

init/wait-for-available-kafka

✅

❌

5.9.10+

kafka

kafka-provisioning

✅

❌

5.9.10+

kafka

✅

❌

5.9.10+

kafka

jmx-exporter

✅

❌

5.9.10+

kafka

init/check-zk

✅

5.9.9+

kafka

init/auto-discovery

✅

❌

5.9.10+

kafka

init/volume-permissions

✅

❌

5.9.10+

lwai-gateway

✅

5.9.9+

ml-model-service

java-service

✅

5.9.9+

ml-model-service

ml-model-service-namespace-hook

kubectl-runner

✅

5.9.9+

ml-model-service/ambassador

ambassador

✅

❌

5.9.10+

ml-model-service/ambassador

ambassador

prometheus-exporter

✅

❌

5.9.10+

ml-model-service/milvus

milvus-writable

milvus

✅

❌

5.9.10+

ml-model-service/milvus

milvus-writable

init/wait-for-mysql

✅

5.9.10+

ml-model-service/milvus

milvus-writable

init/create-for-share-storage

✅

❌

5.9.10+

ml-model-service/milvus

milvus-admin

admin

✅

❌

5.9.10+

ml-model-service/milvus

milvus-admin

init/wait-for-milvus

✅

5.9.10+

ml-model-service/milvus

milvus-mishards

init/wait-for-mysql

✅

5.9.10+

ml-model-service/milvus

milvus-mishards

init/wait-for-mysql

✅

5.9.10+

ml-model-service/milvus

milvus-mishards

mishards

✅

❌

5.9.10+

ml-model-service/milvus/mysql

mysql

init/remove-lost-found

✅

5.9.10+

ml-model-service/milvus/mysql

mysql

✅

❌

5.9.10+

pm-ui

✅

5.9.9+

query-pipeline

✅

5.9.9+

question-answering

argo/qna-coldstart/init-workspace

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-coldstart/write-job-configs

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-coldstart/write-io-configs

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-coldstart/write-io-configs

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-coldstart/add-zkHost

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-coldstart/pull-data

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-coldstart/pull-data-cloud

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-coldstart/train

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-coldstart/list-workspace

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-coldstart/post-model

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-coldstart/apply-seldon-deployment

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-supervised/init-workspace

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-supervised/write-job-configs

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-supervised/write-io-configs

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-supervised/add-zkhost

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-supervised/pull-qa-data-cloud

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-supervised/pull-qa-data

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-supervised/train

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-supervised/train-with-texts

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-supervised/list-workspace

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-supervised/post-model

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-supervised/apply-seldon-deployment

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-evaluation/init-workspace

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-evaluation/write-job-configs

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-evaluation/write-io-configs

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-evaluation/add-zkhost

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-evaluation/list-workspace

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-evaluation/pull-eval-data

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-evaluation/pull-eval-data-cloud

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-evaluation/evaluate

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-evaluation/push-eval-results-cloud

init/wait/main

✅

❌

5.9.10+

question-answering

argo/qna-evaluation/push-eval-results

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-user

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-user/init-workspace

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-user/write-job-configs

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-user/write-io-configs

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-user/add-zkhost

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-user/pull-data-training-and-metadata

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-user/pull-data-training-and-metadata-cloud

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-user/train-with-metadata

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-user/train-without-metadata

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-user/push-recommendations

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-user/push-recommendations-cloud

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-user/add-default-exclude-query

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-user/init-workspace

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-content/copy-model

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-content/write-job-configs

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-content/write-io-configs

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-content/add-zkhost

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-content/pull-data

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-content/pull-data-cloud

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-content/train

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-content/push-content

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-content/push-content-cloud

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-content/add-default-exclude-query

init/wait/main

✅

❌

5.9.10+

recommender

argo/item-recommender-content/delete-old-content-recommendations

init/wait/main

✅

❌

5.9.10+

reverse-search

init/set-reverse-search-zone

✅

5.9.10+

reverse-search

init/check-zk

✅

5.9.9+

reverse-search

init/enable-tls-in-reverse-search

✅

5.9.10+

reverse-search

✅

❌

5.9.10+

rules-ui

✅

5.9.9+

seldon-core-operator

seldon-controller-manager

manager

✅

❌

5.9.10+

seldon-core-operator

seldon-spartakus-volunteer

✅

❌

5.9.9+

seldon-core-operator

crd/SeldonDeployment

✅/❌

❌

5.9.9+

solr

init/set-solr-zone

✅

5.9.10+

solr

init/enable-tls-in-solr

✅

5.9.10+

solr

configset-bootstrap

✅

5.9.10+

solr

✅

❌

5.9.10+

solr

solr-exporter

exporter

✅

❌

5.9.10+

solr

solr-exporter

init/solr-init

✅

5.9.10+

solr-managed

configset-bootstrap

✅

5.9.10+

solr-managed

exporter

✅

❌

5.9.10+

solr-managed

exporter

init/solr-init

✅

5.9.10+

solr-managed

solr

init/set-solr-zone

✅

5.9.10+

solr-managed

solr

init/enable-tls-in-solr

✅

5.9.10+

solr-managed

solr

✅

❌

5.9.10+

solr-managed

solr

process-raw

✅

❌

5.9.10+

solr-backup-runner

solr-backup-runner-backup

solr-backups

✅

❌

5.9.10+

solr-backup-runner

solr-backup-runner-prune

solr-prune

✅

❌

5.9.10+

templating

✅

5.9.9+

webapps

✅

5.9.9+

zookeeper

✅

❌

5.9.10+

zookeeper

jmx-exporter

✅

❌

5.9.10+

zookeeper

zookeeper-exporter

✅

❌

5.9.10+

zookeeper

zookeeper-chroots

main

✅

❌

5.9.10+