Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG][opensearch] setting vm.max_map_count=262144 on GKE fails #143

Closed
bluehawk27 opened this issue Nov 24, 2021 · 1 comment
Closed

[BUG][opensearch] setting vm.max_map_count=262144 on GKE fails #143

bluehawk27 opened this issue Nov 24, 2021 · 1 comment
Labels
bug Something isn't working untriaged Issues that have not yet been triaged

Comments

@bluehawk27
Copy link
Contributor

Describe the bug
setting vm.max_map_count=262144 on gke with the security context via the helm chart currently does not work.

To Reproduce
Steps to reproduce the behavior:

  1. set sysctlVmMaxMapCount: 262144
  2. set sysctl.enabled: true
  3. Apply helm chart
  4. sysctl error on GKE

Expected behavior
Sysctl should set the vm.max_map_count

Chart Name
opensearch

Screenshots
If applicable, add screenshots to help explain your problem.

Host/Environment (please complete the following information):

  • Helm Version: [e.g. 3.5.4]
  • Kubernetes Version: [e.g. 1.19.x]

Do you have any additional context?
Current workaround is to run an init container to achieve the same goal:

`extraInitContainers:

name: ini-sysctl
securityContext:
runAsUser: 0
privileged: true
image: busybox:latest
command: ['sysctl', '-w','vm.max_map_count=262144']`
@bluehawk27 bluehawk27 added bug Something isn't working untriaged Issues that have not yet been triaged labels Nov 24, 2021
@bluehawk27 bluehawk27 changed the title [BUG][Chart Name] [BUG][opensearch] setting vm.max_map_count=262144 on GKE fails Nov 24, 2021
@DandyDeveloper
Copy link
Collaborator

@bluehawk27 I am going to close this as a duplicate of #87

Theres a slow discussion surrounding this there.

For GKE, it seems marking the initContainer as a privileged: true is the only workaround for this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working untriaged Issues that have not yet been triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bluehawk27 @DandyDeveloper