Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Commit

Permalink
Merge pull request #220 from JorisAndrade/joris/optional_privileged_true
Browse files Browse the repository at this point in the history 
Add option to disable sysctlInitContainer
  • Loading branch information
@Crazybus
Crazybus authored Jul 11, 2019
2 parents 288e5f7 + 2188b4a commit 5d8c687
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 1 deletion.
3 changes: 2 additions & 1 deletion elasticsearch/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ helm install --name elasticsearch elastic/elasticsearch --version 7.2.0 --set im
| `podSecurityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the pod | `fsGroup: 1000` |
| `securityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the container | `capabilities.drop:[ALL]`<br>`runAsNonRoot: true`<br>`runAsUser: 1000` |
| `terminationGracePeriod` | The [terminationGracePeriod](https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods) in seconds used when trying to stop the pod | `120` |
| `sysctlInitContainer.enabled` | Allows you to disable the sysctlInitContainer if you are setting vm.max_map_count with another method | `true` |
| `sysctlVmMaxMapCount` | Sets the [sysctl vm.max_map_count](https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html#vm-max-map-count) needed for Elasticsearch | `262144` |
| `readinessProbe` | Configuration fields for the [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) | `failureThreshold: 3`<br>`initialDelaySeconds: 10`<br>`periodSeconds: 10`<br>`successThreshold: 3`<br>`timeoutSeconds: 5` |
| `clusterHealthCheckParams` | The [Elasticsearch cluster health status params](https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html#request-params) that will be used by readinessProbe command | `wait_for_status=green&timeout=1s` |
Expand All @@ -108,7 +109,7 @@ helm install --name elasticsearch elastic/elasticsearch --version 7.2.0 --set im
| `ingress` | Configurable [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) to expose the Elasticsearch service. See [`values.yaml`](./values.yaml) for an example | `enabled: false` |
| `schedulerName` | Name of the [alternate scheduler](https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/#specify-schedulers-for-pods) | `nil` |
| `masterTerminationFix` | A workaround needed for Elasticsearch < 7.2.0 to prevent master status being lost during restarts [#63](https://github.com/elastic/helm-charts/issues/63) | `false` |
| `lifecycle` | Allows you to add lifecycle configuration. See [values.yaml](./values.yaml) for an example of the formatting. | `{}` |
| `lifecycle` | Allows you to add lifecycle configuration. See [values.yaml](./values.yaml) for an example of the formatting. | `{}` |

## Try it out

Expand Down
2 changes: 2 additions & 0 deletions elasticsearch/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@ spec:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
initContainers:
{{- if .Values.sysctlInitContainer.enabled }}
- name: configure-sysctl
securityContext:
runAsUser: 0
Expand All @@ -124,6 +125,7 @@ spec:
command: ["sysctl", "-w", "vm.max_map_count={{ .Values.sysctlVmMaxMapCount}}"]
resources:
{{ toYaml .Values.initResources | indent 10 }}
{{- end }}
{{- if .Values.extraInitContainers }}
{{ tpl .Values.extraInitContainers . | indent 6 }}
{{- end }}
Expand Down
17 changes: 17 additions & 0 deletions elasticsearch/tests/elasticsearch_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,23 @@ def test_adding_a_extra_init_container():
extraInitContainer = r['statefulset'][uname]['spec']['template']['spec']['initContainers']
assert {'name': 'do-something', 'image': 'busybox', 'command': ['do', 'something'], } in extraInitContainer

def test_sysctl_init_container_disabled():
config = '''
sysctlInitContainer:
enabled: false
'''
r = helm_template(config)
initContainers = r['statefulset'][uname]['spec']['template']['spec']['initContainers']
assert initContainers is None

def test_sysctl_init_container_enabled():
config = '''
sysctlInitContainer:
enabled: true
'''
r = helm_template(config)
initContainers = r['statefulset'][uname]['spec']['template']['spec']['initContainers']
assert initContainers[0]['name'] == 'configure-sysctl'

def test_adding_storageclass_annotation_to_volumeclaimtemplate():
config = '''
Expand Down
3 changes: 3 additions & 0 deletions elasticsearch/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,3 +204,6 @@ lifecycle: {}
# postStart:
# exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]

sysctlInitContainer:
enabled: true

0 comments on commit 5d8c687

Please sign in to comment.