From 9c463f6a80f89aa585aa69f09ddba91eb1cd76c6 Mon Sep 17 00:00:00 2001 From: Florian Mutter Date: Wed, 22 Nov 2023 07:40:10 +0100 Subject: [PATCH 1/2] Use `docker.io/bash` for sleep container of max-map-count-setter Daemonset On GKE Autopilot the Daemonset only works if a `docker.io/bash` image is used for the sleep container. For other images trying to apply this gives the follwing error message: ``` Error from server (GKE Warden constraints violations): error when creating "daemonset.yaml": admission webhook "warden-validating.common-webhooks.networking.gke.io" denied the request: GKE Warden rejected the request because it violates one or more constraints. Violations details: {"[denied by autogke-disallow-privilege]":["container max-map-count-setter is privileged; not allowed in Autopilot"]} ``` --- .../elasticsearch/virtual-memory.asciidoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/orchestrating-elastic-stack-applications/elasticsearch/virtual-memory.asciidoc b/docs/orchestrating-elastic-stack-applications/elasticsearch/virtual-memory.asciidoc index 92fd70bafe..ac0a9cf0fe 100644 --- a/docs/orchestrating-elastic-stack-applications/elasticsearch/virtual-memory.asciidoc +++ b/docs/orchestrating-elastic-stack-applications/elasticsearch/virtual-memory.asciidoc @@ -92,7 +92,8 @@ spec: command: ['/usr/local/bin/bash', '-e', '-c', 'echo 262144 > /proc/sys/vm/max_map_count'] containers: - name: sleep - image: gcr.io/google-containers/pause-amd64:3.2 + image: docker.io/bash:5.2.21 + command: ['sleep', 'infinity'] EOF ---- @@ -122,4 +123,4 @@ spec: - name: max-map-count-check command: ['sh', '-c', "while true; do mmc=$(cat /proc/sys/vm/max_map_count); if [ ${mmc} -eq 262144 ]; then exit 0; fi; sleep 1; done"] EOF ----- \ No newline at end of file +---- From fc483129a670864d896bcb82a710bf061bde3490 Mon Sep 17 00:00:00 2001 From: Florian Mutter Date: Fri, 24 Nov 2023 14:43:07 +0100 Subject: [PATCH 2/2] Use latest docker.io/bash image for initContainer --- .../elasticsearch/virtual-memory.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/orchestrating-elastic-stack-applications/elasticsearch/virtual-memory.asciidoc b/docs/orchestrating-elastic-stack-applications/elasticsearch/virtual-memory.asciidoc index ac0a9cf0fe..b1ca57a968 100644 --- a/docs/orchestrating-elastic-stack-applications/elasticsearch/virtual-memory.asciidoc +++ b/docs/orchestrating-elastic-stack-applications/elasticsearch/virtual-memory.asciidoc @@ -81,7 +81,7 @@ spec: spec: initContainers: - name: max-map-count-setter - image: docker.io/bash:5.2.15 + image: docker.io/bash:5.2.21 resources: limits: cpu: 100m