So I have an elasticsearch cluster of three nodes (test phase;)) + an instance of Kibana that connects to it.
Everything seems to work because everything is in a "green" state:
[root@chnkubmtr36 es-operator]# kubectl get elasticsearch
NAME HEALTH NODES VERSION PHASE AGE
quickstart green 3 7.1.0 Operational 26m
But all the elasticsearch-pods are in the crashloopbackoff state.
[root@chnkubmtr36 es-operator]# kubectl get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
quickstart-es-55mbfz28n8 0/1 Init:CrashLoopBackOff 2 28m 10.233.66.163 chnkubnode38 <none> <none>
quickstart-es-d789sfck4d 0/1 Init:CrashLoopBackOff 2 28m 10.233.65.56 chnkubnode37 <none> <none>
quickstart-es-g8dx797tw5 0/1 Init:CrashLoopBackOff 1 28m 10.233.64.129 chnkubmtr36 <none> <none>
What did you expect to see?
All the pods in running state without any errors.
What did you see instead? Under which circumstances?
Elasticsearch pods in crashloopbackoff and when described the elasticsearch pods, we found out that inject-process-manager container is going to crashloopbackoff. and we are not able to view its logs as well.
So what are functionalities of inject-process-manager container? and on what all conditions does it fail?
Are there any restrictions on running privileged containers in the environment or modifying host level settings? The privileged container sets the VMMaxMap setting for the host, and this setting may be failing causing the CrashLoopBackOff
When you say cannot view the logs, does kubectl describe es quickstart return anything?
if [[ $status == "200" ]]; then
exit 0
else
exit 1
fi
] delay=10s timeout=5s period=10s #success=3 #failure=3
Environment:
POD_NAME: quickstart-es-g8dx797tw5 (v1:metadata.name)
POD_IP: (v1:status.podIP)
ES_JAVA_OPTS: -Xms2048M -Xmx2048M -Djava.security.properties=/usr/share/elasticsearch/config/managed/security.properties
READINESS_PROBE_PROTOCOL: https
PROBE_USERNAME: elastic-internal-probe
PROBE_PASSWORD_FILE: /mnt/elastic/probe-user/elastic-internal-probe
PM_PROC_NAME: es
PM_PROC_CMD: /usr/local/bin/docker-entrypoint.sh
PM_TLS: true
PM_CERT_PATH: /usr/share/elasticsearch/config/node-certs/cert.pem
PM_KEY_PATH: /usr/share/elasticsearch/config/private-key/node.key
KEYSTORE_SOURCE_DIR: /mnt/elastic/secure-settings
KEYSTORE_RELOAD_CREDENTIALS: true
KEYSTORE_ES_USERNAME: elastic-internal-reload-creds
KEYSTORE_ES_PASSWORD_FILE: /mnt/elastic/reload-creds-user/elastic-internal-reload-creds
KEYSTORE_ES_CA_CERTS_PATH: /usr/share/elasticsearch/config/node-certs/ca.pem
KEYSTORE_ES_ENDPOINT: https://127.0.0.1:9200
KEYSTORE_ES_VERSION: 7.1.0
Mounts:
/mnt/elastic/es-config from es-config (ro)
/mnt/elastic/probe-user from probe-user (ro)
/mnt/elastic/process-manager from local-bin-volume (rw)
/mnt/elastic/reload-creds-user from reload-creds-user (ro)
/mnt/elastic/secrets from users (ro)
/mnt/elastic/secure-settings from secure-settings (ro)
/mnt/elastic/unicast-hosts from quickstart-unicast-hosts (ro)
/usr/share/elasticsearch/bin from bin-volume (rw)
/usr/share/elasticsearch/config from config-volume (rw)
/usr/share/elasticsearch/config/extrafiles from extrafiles (ro)
/usr/share/elasticsearch/config/managed from quickstart (ro)
/usr/share/elasticsearch/config/node-certs from node-certificates (ro)
/usr/share/elasticsearch/config/private-key from private-key-volume (rw)
/usr/share/elasticsearch/data from data (rw)
/usr/share/elasticsearch/logs from logs (rw)
/usr/share/elasticsearch/plugins from plugins-volume (rw)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
config-volume:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
plugins-volume:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
bin-volume:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
data:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
logs:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
private-key-volume:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
local-bin-volume:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
users:
Type: Secret (a volume populated by a Secret)
SecretName: quickstart-es-roles-users
Optional: false
quickstart:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: quickstart
Optional: false
quickstart-unicast-hosts:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: quickstart-unicast-hosts
Optional: false
probe-user:
Type: Secret (a volume populated by a Secret)
SecretName: quickstart-internal-users
Optional: false
extrafiles:
Type: Secret (a volume populated by a Secret)
SecretName: quickstart-extrafiles
Optional: false
reload-creds-user:
Type: Secret (a volume populated by a Secret)
SecretName: quickstart-internal-users
Optional: false
secure-settings:
Type: Secret (a volume populated by a Secret)
SecretName: quickstart-secure-settings
Optional: false
node-certificates:
Type: Secret (a volume populated by a Secret)
SecretName: quickstart-es-g8dx797tw5-certs
Optional: false
es-config:
Type: Secret (a volume populated by a Secret)
SecretName: quickstart-es-g8dx797tw5-config
Optional: false
QoS Class: Guaranteed
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
Normal Pulled 37m (x717 over 20h) kubelet, chnkubmtr36 Successfully pulled image "docker.elastic.co/eck/eck-operator:0.8.0"
Warning BackOff 17m (x3203 over 18h) kubelet, chnkubmtr36 Back-off restarting failed container
Normal Pulled 2m4s (x784 over 20h) kubelet, chnkubmtr36 Container image "docker.elastic.co/eck/eck-operator:0.8.0" already present on machine
Couldn't post the entire log in a single message because of character limitations per message. So I have split it as 3 messages and posted it in sequence.
Please let me know if you can figure out what might the reason for this issue.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.