-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Way to change index.store.type for ElasticSearch chart #5641
Comments
It is possible to use the ## Customize elasticsearch configuration
## ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html
##
# config: which it's going to create a ConfigMap with the data provided in this section and mounted to |
I looking to change this parameter because this allow to run ElasticSearch pod as unprivileged and allow to install this helm on GKE Autopilot. After your answer I created sysctlImage:
enabled: true
config:
index.store.type: niofs
node.store.allow_mmap: false and after running Helm chart provided by ElasticSearch itself with values sysctlInitContainer:
enabled: false
esConfig:
elasticsearch.yml: |
index.store.type: niofs
node.store.allow_mmap: false works normally - it skips checking value of |
Currently, Elasticsearch requires some changes in the kernel of the host machine to work as expected. If those values are not set in the underlying operating system, the ES containers fail to boot with ERROR messages. Here you can find more info about the specific case of Virtual Memory. The Bitnami Helm Chart try to solve this issue by adding an initContainer to change those settings in the Kernel by running: |
Yes, you are right and I'm aware of this need, but...
and there (on the same website) are solutions/workaround to make this works without need to change kernel settings. |
The privileged initContainer is enabled by default, in order to disable it, you need to set sysctlImage:
enabled: false
config:
index:
store:
type: niofs
node:
store:
allow_mmap: false In that case, are you able to see the proper configuration in the config file ( What is the exact error you are seen in the logs when deploying the chart with the above configuration? |
I'm little ambarased because I made mistake in config in my second post, of course there should be So below steps to reproduce on GKE with some output - helm chart elastic/elasticsearch with same config works on GKE cat <<EOF > myvalues.yml
sysctlImage:
enabled: false
config:
index.store.type: niofs
node.store.allow_mmap: false
EOF
helm install -f myvalues.yml bitnami-es bitnami/elasticsearch
kubectl get pods
NAME READY STATUS RESTARTS AGE
bitnami-es-elasticsearch-coordinating-only-85cd75d5b4-ftptg 0/1 CrashLoopBackOff 3 105s
bitnami-es-elasticsearch-coordinating-only-85cd75d5b4-lt2bj 0/1 ContainerCreating 0 105s
bitnami-es-elasticsearch-data-0 0/1 Pending 0 105s
bitnami-es-elasticsearch-data-1 0/1 ContainerCreating 0 104s
bitnami-es-elasticsearch-master-0 0/1 ContainerCreating 0 105s
bitnami-es-elasticsearch-master-1 0/1 ContainerCreating 0 104s
kubectl logs bitnami-es-elasticsearch-coordinating-only-85cd75d5b4-ftptg
elasticsearch 13:58:00.84
elasticsearch 13:58:00.90 Welcome to the Bitnami elasticsearch container
elasticsearch 13:58:00.90 Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-elasticsearch
elasticsearch 13:58:00.90 Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-elasticsearch/issues
elasticsearch 13:58:00.91
elasticsearch 13:58:00.91 INFO ==> ** Starting Elasticsearch setup **
elasticsearch 13:58:01.02 ERROR ==> Invalid kernel settings. Elasticsearch requires at least: vm.max_map_count = 262144 |
Thanks for the detailed explanation, I was taking a look and found where the issue comes from. During the # Ensure kernel settings are valid
elasticsearch_validate_kernel This function is defined at libelasticsearch.sh (link): ########################
# Validate kernel settings
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_validate_kernel() {
# Auxiliary functions
validate_sysctl_key() {
local key="${1:?key is missing}"
local value="${2:?value is missing}"
local current_value
current_value="$(sysctl -n "$key")"
if [[ "$current_value" -lt "$value" ]]; then
error "Invalid kernel settings. Elasticsearch requires at least: $key = $value"
exit 1
fi
}
debug "Validating Kernel settings..."
validate_sysctl_key "vm.max_map_count" 262144
validate_sysctl_key "fs.file-max" 65536
} This validation was implemented in the past because we were having several support cases related to that and probably modifying the storage type was not an option. I just created an internal task to investigate if we can improve the current container logic to support this use case. In the meantime, as a workaround, you can build your own image and use it in the Helm chart:
$ git clone https://github.com/bitnami/bitnami-docker-elasticsearch.git
$ cd bitnami-docker-elasticsearch/7/debian-10
$ vim rootfs/opt/bitnami/scripts/elasticsearch/setup.sh # Removing the elasticsearch_validate_kernel line
$ docker build -t myuser/custom-es:latest .
$ docker push myuser/custom-es:latest
image:
registry: docker.io
repository: myuser/custom-es
tag: latest
sysctlImage:
enabled: false
config:
index:
store:
type: niofs
node:
store:
allow_mmap: false Following the previous approach, you should be able to deploy ES in an unprivileged cluster by disabling the initcontainer and using a custom config file, thanks to the removal of the validation in your custom image. |
I'm setting the "on-hold" label to prevent the stale bot from closing the issue while we work on the internal task to investigate what is the real purpose of the validation in the image and if there is a chance of getting rid of it |
@g00ntar we are working on some changes in the image to run the kernel settings validation only if Were you able to solve the issue with the proposed workaround? Basically, the solution we are going to provide is similar. In the proposed workaround the kernel validation was directly removed while in the long-term solution we are going to check the config file to determine if the validation should be executed or not, but the result should be the same |
This issue was automatically closed because the changes in the image were already implemented, see tag Now using custom config file containing
sysctlImage:
enabled: false
config:
index:
store:
type: niofs
node:
store:
allow_mmap: false
sysctlImage:
enabled: false
config:
index.store.type: niofs
node.store.allow_mmap: false the kernel setting validations shouldn't be executed during the container initialization. That means the deployment is not going to fail due to this reason, but then ES should handle properly the configured settings to deploy the Helm Chart in an unprivileged cluster, but this is something not checked/handled by the container image nor the Helm Chart. |
Is there way to change index.store.type like on https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-virtual-memory.html in ElasticSearch chart ?
The text was updated successfully, but these errors were encountered: