Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

kind elastic 7.5.1 chart - access denied

See original GitHub issue

Summary: Elastic chart mounts gives an error within kubernetes in docker (kind) - Repro and logs below Guess the latest docs indicate that the following examples are not good beyond 6.8.6 ? https://github.com/elastic/helm-charts/tree/master/elasticsearch/examples/kubernetes-kind

Tried checking out helm-charts, adapting values.yaml with the extraInitContainers etc., no breakthrough.

Found a similar issue and tried all options there as well, https://github.com/elastic/helm-charts/issues/258

Help appreciated 😃

Repro:

helm install my-release-elasticsearch elastic/elasticsearch --set imageTag=7.5.1

Error:

kubectl logs elasticsearch-master-0

OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
{"type": "server", "timestamp": "2020-01-04T16:19:48,108Z", "level": "WARN", "component": "o.e.b.ElasticsearchUncaughtExceptionHandler", "cluster.name": "elasticsearch", "node.name": "elasticsearch-master-0", "message": "uncaught exception in thread [main]", 
"stacktrace": ["org.elasticsearch.bootstrap.StartupException: ElasticsearchException[failed to bind service]; nested: AccessDeniedException[/usr/share/elasticsearch/data/nodes];",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125) ~[elasticsearch-cli-7.5.1.jar:7.5.1]",
"at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.5.1.jar:7.5.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.5.1.jar:7.5.1]",
"Caused by: org.elasticsearch.ElasticsearchException: failed to bind service",
"at org.elasticsearch.node.Node.<init>(Node.java:607) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:253) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.5.1.jar:7.5.1]",
"... 6 more",
"Caused by: java.nio.file.AccessDeniedException: /usr/share/elasticsearch/data/nodes",
"at sun.nio.fs.UnixException.translateToIOException(UnixException.java:90) ~[?:?]",
"at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111) ~[?:?]",
"at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116) ~[?:?]",
"at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:389) ~[?:?]",
"at java.nio.file.Files.createDirectory(Files.java:693) ~[?:?]",
"at java.nio.file.Files.createAndCheckIsDirectory(Files.java:800) ~[?:?]",
"at java.nio.file.Files.createDirectories(Files.java:786) ~[?:?]",
"at org.elasticsearch.env.NodeEnvironment.lambda$new$0(NodeEnvironment.java:272) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.env.NodeEnvironment$NodeLock.<init>(NodeEnvironment.java:209) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:269) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:273) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:253) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.5.1.jar:7.5.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.5.1.jar:7.5.1]",
"... 6 more"] }

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:8 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
jerishsdcommented, Jan 8, 2020

Thx much @jmlrt 🙏

0reactions
jmlrtcommented, Jan 8, 2020

OK, I took some time to setup kind and reproduce your issue.

Following https://github.com/elastic/helm-charts/issues/388#issuecomment-569330365, this is related to https://github.com/kubernetes-sigs/kind/issues/830.

This should be fixed in kind next release (https://github.com/kubernetes-sigs/kind/pull/1157 to fix it was merged one month ago).

Meanwhile, the workaround is to install manually Rancher Local Path Provisioner and use local-pathstorage class for Elasticsearch volumes.

# Install local-path storage class
kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml

# Fix specific helm values for kind
cat << EOF > ./helm-charts/elasticsearch/examples/kubernetes-kind/values.yaml
antiAffinity: "soft"
esJavaOpts: "-Xmx128m -Xms128m"
resources:
  requests:
    cpu: "100m"
    memory: "512M"
  limits:
    cpu: "1000m"
    memory: "512M"
volumeClaimTemplate:
  accessModes: [ "ReadWriteOnce" ]
  storageClassName: "local-path"
  resources:
    requests:
      storage: 100M
EOF

# Deploy helm chart
helm install my-release-elastic ./helm-charts/elasticsearch/ --values ./helm-charts/elasticsearch/examples/kubernetes-kind/values.yaml

I’ll create a PR to update the kind example with this workaround.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Field level security | Elasticsearch Guide [7.17] | Elastic
Field level security restricts the fields that users have read access to. ... You can deny permission to access fields with the following...
Read more >
Setting up field and document level security - Elastic
You can control access to data within a data stream or index by adding field and document level security permissions to a role....
Read more >
Kibana role management | Kibana Guide [8.5] - Elastic
With field-level security (FLS), you can instruct Elasticsearch to grant or deny access to specific fields within each document.
Read more >
Elasticsearch version 7.12.0 | Elasticsearch Guide [7.17] | Elastic
Implement support for date_nanos Elasticsearch field type #67666 (issue: ... Add more context to cluster access denied messages #66900 (issues: #42166, ...
Read more >
Security issues | Elastic
This allows an attacker to intercept communication and access secure data. ... vulnerability was discovered in the Vega Charts Kibana integration which ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[elasticsearch] recommended method to automate an api call (e.g. ILM) post deployment?

Next page

helm upgrade --force fails due to 'failed to replace object' 'spec.clusterIP: Invalid value: "": field is immutable'