CODEWITHSUNDEEP
elasticsearchkuberneteskubernetes-helm
beatrice
beatrice

Reputation: 4401

Elasticsearch helm chart gives AccessDenied exception

It is a common issue still seems unresolved:

ElasticsearchException[failed to bind service]; nested: AccessDeniedException[/usr/share/elasticsearch/data/nodes];
Likely root cause: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/nodes

I am trying to run it on a cluster setup by RKE. I started to use it in an outofabox manner, means only using it as a dependency :

dependencies:
  - name: elasticsearch
    version: 7.6.2
    repository: https://helm.elastic.co

It just fails right away.

I am aware and have followed the corresponding github issues like:
https://github.com/elastic/helm-charts/issues/429
https://github.com/elastic/helm-charts/issues/137
https://github.com/elastic/helm-charts/issues/388
https://github.com/elastic/helm-charts/issues/258

I have also tried to cmod-ing it by hand in 'initresources' , I have played with fsgroup, and I have also tried to use Rancher Local Path Provisioner(menioned in issue 429).
No success at all ,same exception comes every time.

Any idea?

Upvotes: 5

Views: 1576

Answers (1)

Carlos Castillo
Carlos Castillo

Reputation: 907

Pasting here the answer I gave at https://github.com/elastic/helm-charts/issues/258

Basically, I've fixed this issue by grabbing the values.yaml from the helm chart and adding a securityContext. The configure-sysctl initContainer that comes with the chart itself does this (privileged + runAsUser):

extraInitContainers:
   - name: file-permissions
     image: busybox
     command: ['chown', '-R', '1000:1000', '/usr/share/elasticsearch/']
     volumeMounts:
     - mountPath: /usr/share/elasticsearch/data
       name: elasticsearch-master
     securityContext:
       privileged: true
       runAsUser: 0

Upvotes: 4

Related Questions