charts
charts copied to clipboard
bitnami
[bitnami/elasticsearch] fix: Unable to run the image using the root user
Description of the change
Use the empty-dir volume instead of the {{ template "elasticsearch.master.tlsSecretName" . }} secret to mount the tls certificate files
Benefits
You can run elasticsearch as the root user to install some elasticsearch plug-ins that require special permissions
Possible drawbacks
Applicable issues
- fixes #25280
Additional information
When you run elasticsearch container as the root user, the following code changes the ownership of the /opt/bitnami/elasticsearch/config directory to the 'elasticsearch' user. But the files mounted by secret are read-only, which can lead to script errors:
https://github.com/bitnami/containers/blame/f9c0491bc648c894ce0a47cd5ced5c50e755ff92/bitnami/elasticsearch/8/debian-12/rootfs/opt/bitnami/scripts/libelasticsearch.sh#L380-L383
Test
Install the elaticsearch chart with follow values:
fullnameOverride: elasticsearch
global:
elasticsearch:
service:
name: elasticsearch
ports:
restAPI: 9200
kibanaEnabled: false
storageClass: longhorn
image:
tag: 8.14.0-debian-12-r0
debug: true
coordinating:
replicaCount: 1
resourcesPreset: medium
containerSecurityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
enabled: true
privileged: true
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
podSecurityContext:
enabled: true
fsGroup: 0
data:
replicaCount: 1
resourcesPreset: medium
containerSecurityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
enabled: true
privileged: true
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
podSecurityContext:
enabled: true
fsGroup: 0
ingest:
replicaCount: 1
resourcesPreset: medium
containerSecurityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
enabled: true
privileged: true
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
podSecurityContext:
enabled: true
fsGroup: 0
master:
masterOnly: true
replicaCount: 1
resourcesPreset: medium
persistence:
enabled: true
containerSecurityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
enabled: true
privileged: true
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
podSecurityContext:
enabled: true
fsGroup: 0
security:
elasticPassword: QcEFFcQ9xoFHdUu
enabled: true
tls:
autoGenerated: true
plugins: https://infinilabs.eastcoal.tech/analysis-ik/stable/analysis-ik-8.14.0.zip
Checklist
- [x] Chart version bumped in
Chart.yamlaccording to semver. This is not necessary when the changes only affect README.md files. - [x] Variables are documented in the values.yaml and added to the
README.mdusing readme-generator-for-helm - [x] Title of the pull request follows this pattern [bitnami/<name_of_the_chart>] Descriptive title
- [x] All commits signed off and in agreement of Developer Certificate of Origin (DCO)
I really hope it can be reviewed quickly, I am a little anxious. Thank you very much
Thank you for initiating this pull request. We appreciate your effort. Just a friendly reminder that it's important to sign your commits. Adding your signature certifies that you either authored the patch or have the necessary rights to contribute the changes. You can find detailed information on how to do this in the “Sign your work” section of our contributing guidelines.
Feel free to reach out if you have any questions or need assistance with the signing process.
This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Pull Request. Do not hesitate to reopen it later if necessary.