Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

init containers should have request and limit set. #2179

Closed
sanderma opened this issue Nov 27, 2019 · 1 comment
Closed

init containers should have request and limit set. #2179

sanderma opened this issue Nov 27, 2019 · 1 comment
Assignees
@sebgl
Labels
>enhancement Enhancement of existing functionality

Comments

@sanderma
Copy link
Contributor

Proposal

Set reasonable limits on the default init containers. It should be easy to guess what is needed.

If you run a cluster with pod security policies that enforce this behaviour, the pod isn't scheduled.
As it is hard to change the config of the init containers (see issue 1617) this is hard to accomplish.

Environment

  • ECK version:

    1.0.0-beta1

  • Kubernetes information:

    • On premise (PKS)

Deployed Resources (Note the missing limits)

initContainers:
- command:
  - bash
  - -c
  - /mnt/elastic-internal/scripts/prepare-fs.sh
  env:
  - name: POD_IP
    valueFrom:
      fieldRef:
        apiVersion: v1
        fieldPath: status.podIP
  - name: POD_NAME
    valueFrom:
      fieldRef:
        apiVersion: v1
        fieldPath: metadata.name
  - name: POD_IP
    valueFrom:
      fieldRef:
        apiVersion: v1
        fieldPath: status.podIP
  - name: POD_NAME
    valueFrom:
      fieldRef:
        apiVersion: v1
        fieldPath: metadata.name
  image: docker.elastic.co/elasticsearch/elasticsearch:7.4.0
  imagePullPolicy: IfNotPresent
  name: elastic-internal-init-filesystem
  resources: {}
  securityContext:
    privileged: false
  terminationMessagePath: /dev/termination-log
  terminationMessagePolicy: File
  volumeMounts:
  - mountPath: /mnt/elastic-internal/elasticsearch-config-local
    name: elastic-internal-elasticsearch-config-local
  - mountPath: /mnt/elastic-internal/elasticsearch-plugins-local
    name: elastic-internal-elasticsearch-plugins-local
  - mountPath: /mnt/elastic-internal/elasticsearch-bin-local
    name: elastic-internal-elasticsearch-bin-local
  - mountPath: /mnt/elastic-internal/transport-certificates
    name: elastic-internal-transport-certificates
    readOnly: true
  - mountPath: /mnt/elastic-internal/scripts
    name: elastic-internal-scripts
    readOnly: true
  - mountPath: /usr/share/elasticsearch/data
    name: elasticsearch-data
  - mountPath: /usr/share/elasticsearch/logs
    name: elasticsearch-logs
  - mountPath: /mnt/elastic-internal/elasticsearch-config
    name: elastic-internal-elasticsearch-config
    readOnly: true
  - mountPath: /usr/share/elasticsearch/config/http-certs
    name: elastic-internal-http-certificates
    readOnly: true
  - mountPath: /mnt/elastic-internal/probe-user
    name: elastic-internal-probe-user
    readOnly: true
  - mountPath: /mnt/elastic-internal/unicast-hosts
    name: elastic-internal-unicast-hosts
    readOnly: true
  - mountPath: /mnt/elastic-internal/xpack-file-realm
    name: elastic-internal-xpack-file-realm
    readOnly: true
@pebrc pebrc added the >enhancement Enhancement of existing functionality label Nov 28, 2019
@sanderma sanderma mentioned this issue Nov 28, 2019
Merged
@sebgl sebgl self-assigned this Dec 3, 2019
@sebgl
Copy link
Contributor

sebgl commented Dec 5, 2019

Fixed by #2186.

@sebgl sebgl closed this as completed Dec 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sebgl sebgl

Labels
>enhancement Enhancement of existing functionality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pebrc @sebgl @sanderma