I'm attempting to deploy EFK on my Kubernetes cluster. The ElasticSearch version is 6.5.4. The pods get created and then immediately go to an error state with the exception:
AccessDeniedException. The error in the logs:
Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/nodes
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116) ~[?:?]
at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:385) ~[?:?]
at java.nio.file.Files.createDirectory(Files.java:689) ~[?:?]
at java.nio.file.Files.createAndCheckIsDirectory(Files.java:796) ~[?:?]
at java.nio.file.Files.createDirectories(Files.java:782) ~[?:?]
In the YAML file I have the following:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: es-cluster
namespace: "{{ .Values.efk.namespace }}"
labels:
k8s-app: es-cluster
version: "{{ .Values.elasticsearch.version }}"
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
app: elasticsearch
spec:
name: es-cluster
replicas: {{ .Values.elasticsearch.replicacount }}
selector:
matchLabels:
k8s-app: es-cluster
version: "{{ .Values.elasticsearch.version }}"
app: elasticsearch
template:
metadata:
labels:
k8s-app: es-cluster
version: "{{ .Values.elasticsearch.version }}"
kubernetes.io/cluster-service: "true"
app: elasticsearch
spec:
serviceAccountName: es-cluster
containers:
- image: "docker.elastic.co/elasticsearch/elasticsearch-oss:{{ .Values.elasticsearch.version }}"
name: es-cluster
resources:
# need more cpu upon initialization, therefore burstable class
limits:
cpu: 1000m
requests:
cpu: 100m
ports:
- containerPort: 9200
name: db
protocol: TCP
- containerPort: 9300
name: transport
protocol: TCP
volumeMounts:
- name: data
mountPath: /usr/share/elasticsearch/data
env:
- name: node.name
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: cluster.name
value: k8s-logs
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: discovery.zen.ping.unicast.hosts
value: "es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch"
- name: discovery.zen.minimum_master_nodes
value: "2"
- name: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
volumeClaimTemplates:
- metadata:
name: elasticsearch-logging
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 50Gi
initContainers:- image: busybox
command: ["/sbin/sysctl", "-w", "vm.max_map_count=262144"]
name: elasticsearch-logging-init
securityContext:
privileged: true - image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /usr/share/elasticsearch/data"]
name: fix-permissions
securityContext:
privileged: true
volumeMounts:- name: data
mountPath: /usr/share/elasticsearch/data
- name: data
- image: busybox
command: ["sh", "-c", "ulimit -n 65536"]
name: fix-file-descriptors
securityContext:
privileged: true
- image: busybox
I'm trying to identify how to rectify the AccessDeniedException. I've set the permissions on the location, but this doesn't work.
Any ideas on what I need to do to fix?