How to validate against any pod security policy during deployment of elasticsearch

0
votes

I have deployed the Bitnami helm chart of elasticsearch on the Kubernetes environment.

https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch

Unfortunately, I am getting the following error for the coordinating-only pod. However, the cluster is restricted.

Pods "elasticsearch-elasticsearch-coordinating-only-5b57786cf6-" is forbidden: unable to validate against any pod security policy: [spec.initContainers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed]; Deployment does not have minimum availability.

I there anything I need to adapt/add-in default values.yaml?

Any suggestion to get rid of this error? Thanks.

2
elasticsearchkuberneteskubernetes-helmelastic-stack

2 Answers

1
votes

You can't validate if your cluster is restricted with some security policy. In your situation someone (assuming administrator) has blocked the option to run privileged containers for you.

Here's an example of how pod security policy blocks privileged containers:

apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: example
spec:
  privileged: false  # Don't allow privileged pods!
  seLinux:
    rule: RunAsAny

----

What is require for you is to have appropriate Role with a PodSecurityPolicy resource and RoleBinding that will allow you to run privileged containers.

This is very well explained in kubernetes documentation at Enabling pod security policy

0
votes

so the solution was to set the following parameter in values.yaml file then deploy simply. Don't need to create any role or pod security policy.

sysctlImage:
  enabled: false

curator:
  enabled: true
  rbac:
    # Specifies whether RBAC should be enabled
    enabled: true
  psp:
    # Specifies whether a podsecuritypolicy should be created
    create: true

Also run this command on each node:

sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536