Elasticsearch docker ulimit

first of all, my Elasticsearch docker (under unprivileged mode, and using office Elasticsearch docker image from https://www.docker.elastic.co/) has passed boostrap check by setting correct vm.max_map_count, etc. One thing really piqued my curiosity, which is ulimit.

  1. inside the container I have:
    ulimit -n => 1048576
    ulimit -u => unlimited

  2. outside the container, and at the VM level I have the following:
    ulimit -n => 1024
    ulimit -u => 31706

So, it is plausible container can override daemon ulimit without using privileged mode? In my scenario above, do you think it is production-ready?

According to https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html. It appears I can do either at the VM level (docker daemon), or container level like below.

--ulimit nofile=65536:65536

Any advice?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.