-
Notifications
You must be signed in to change notification settings - Fork 719
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docs: Use docker.io/bash
for sleep container of max-map-count-setter Daemonset
#7332
Conversation
…onset On GKE Autopilot the Daemonset only works if a `docker.io/bash` image is used for the sleep container. For other images trying to apply this gives the follwing error message: ``` Error from server (GKE Warden constraints violations): error when creating "daemonset.yaml": admission webhook "warden-validating.common-webhooks.networking.gke.io" denied the request: GKE Warden rejected the request because it violates one or more constraints. Violations details: {"[denied by autogke-disallow-privilege]":["container max-map-count-setter is privileged; not allowed in Autopilot"]} ```
docker.io/bash
for sleep container of max-map-count-setter Daemonsetdocker.io/bash
for sleep container of max-map-count-setter Daemonset
buildkite test this please @florianmutter good catch it seems this was accidentally changed in the documentation in #6700 |
@elasticmachine, run elasticsearch-ci/docs |
@@ -92,7 +92,8 @@ spec: | |||
command: ['/usr/local/bin/bash', '-e', '-c', 'echo 262144 > /proc/sys/vm/max_map_count'] | |||
containers: | |||
- name: sleep | |||
image: gcr.io/google-containers/pause-amd64:3.2 | |||
image: docker.io/bash:5.2.21 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we use the same version as in the init container?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 fixed. updated the init container to the latest bash image version as well
Thank you @florianmutter for the contribution! |
buildkite test this |
@elasticmachine run elasticsearch-ci/docs |
…r Daemonset (elastic#7332) * Use `docker.io/bash` for sleep container of max-map-count-setter Daemonset On GKE Autopilot the Daemonset only works if a `docker.io/bash` image is used for the sleep container. For other images trying to apply this gives the follwing error message: ``` Error from server (GKE Warden constraints violations): error when creating "daemonset.yaml": admission webhook "warden-validating.common-webhooks.networking.gke.io" denied the request: GKE Warden rejected the request because it violates one or more constraints. Violations details: {"[denied by autogke-disallow-privilege]":["container max-map-count-setter is privileged; not allowed in Autopilot"]} ``` * Use latest docker.io/bash image for initContainer
On GKE Autopilot the Daemonset only works if a
docker.io/bash
image is used for the sleep container. For other images trying to apply this gives the follwing error message:I could not find official documentation from Google on this but I tested myself and it only works this way.