I am trying to install elasticsearch in my aks cluster and it is failing.
I have followed the below steps:
root@developer1:~/elasticsearch# git clone https://github.com/elastic/helm-charts.git
Cloning into 'helm-charts'...
remote: Enumerating objects: 23913, done.
remote: Counting objects: 100% (494/494), done.
remote: Compressing objects: 100% (230/230), done.
remote: Total 23913 (delta 270), reused 426 (delta 233), pack-reused 23419
Receiving objects: 100% (23913/23913), 4.68 MiB | 24.59 MiB/s, done.
Resolving deltas: 100% (15805/15805), done.
root@developer1:~/elasticsearch/helm-charts(main)# cd elasticsearch/
root@developer1:~/elasticsearch/helm-charts/elasticsearch(main)# ls
Chart.yaml Makefile README.md examples templates tests values.yaml
root@developer1:~/elasticsearch/helm-charts/elasticsearch(main)# helm install elasticsearch --set imageTag=8.5.1 ./
NAME: elasticsearch
LAST DEPLOYED: Fri Dec 30 14:08:33 2022
NAMESPACE: test-sugarcrm
STATUS: deployed
REVISION: 1
NOTES:
1. Watch all cluster members come up.
$ kubectl get pods --namespace=test-sugarcrm -l app=elasticsearch-master -w
2. Retrieve elastic user's password.
$ kubectl get secrets --namespace=test-sugarcrm elasticsearch-master-credentials -ojsonpath='{.data.password}' | base64 -d
3. Test cluster health using Helm test.
$ helm --namespace=test-sugarcrm test elasticsearch
After this, pod was not coming up and I checked the events which gave below errors:
0s Warning FailedCreate statefulset/elasticsearch-master create Pod elasticsearch-master-0 in StatefulSet elasticsearch-master failed error: pods "elasticsearch-master-0" is forbidden: PodSecurityPolicy: unable to admit pod: [spec.initContainers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed spec.initContainers[0].securityContext.runAsUser: Invalid value: 0: running with the root UID is forbidden spec.initContainers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed]
Some security policies are not allowing me to run the default helm configuration. So I changed the templates/statefulset.yaml as below and upgrade the helm chart:
securityContext:
runAsUser: 1000
privileged: false
Now the pods started showing up but not Ready at all.
NAME READY STATUS RESTARTS AGE
elasticsearch-master-0 0/1 Pending 0 3s
elasticsearch-master-1 0/1 Pending 0 3s
elasticsearch-master-2 0/1 Pending 0 3s
From the events, it is clear that the readiness probe fails continuously after the change in statefulset.yaml and pod never get to the Ready state.
0s Warning Unhealthy pod/elasticsearch-master-1 Readiness probe failed: Waiting for elasticsearch cluster to become ready (request params: "wait_for_status=green&timeout=1s" )...
Can someone guide me how to proceed? I need to ensure that without any compromise to the security, I should be able to get the ES Cluster up and running.