How to do chown 1000:1000 on the elasticsearch data directory in Kubernetes

Question

I\'m getting the Failed to created node environment error with an elasticsearch docker image:

[unknown] uncaught exception in thread [main]
org.         


        

Answer 1

There seems to be on open bug regarding permissions hostPath volumes. To work around this issue you should create an initContainer initially setting the proper permissions:

piVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: elasticsearch
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: elasticsearch
    spec:
      initContainers:
        - name: set-permissions
          image: registry.hub.docker.com/library/busybox:latest
          command: ['sh', '-c', 'mkdir -p /usr/share/elasticsearch/data && chown 1000:1000 /usr/share/elasticsearch/data' ]
          volumeMounts:
            - mountPath: /usr/share/elasticsearch/data
              name: elasticsearch-volume
      containers:
        - name: elasticsearch
          image: me-name/elasticsearch:6.7
          imagePullPolicy: "IfNotPresent"
          ports:
            - containerPort: 9200
          envFrom:
            - configMapRef:
                name: elasticsearch-config
          volumeMounts:
            - mountPath: /usr/share/elasticsearch/data
              name: elasticsearch-volume
      securityContext:
        runAsUser: 1000
        fsGroup: 1000
        capabilities:
          add:
            - IPC_LOCK
            - SYS_RESOURCE
      volumes:
        - name: elasticsearch-volume
          persistentVolumeClaim:
            claimName: elasticsearch-pv-claim
      lifecycle:
        postStart:
          exec:
            command: ["/bin/sh", "-c", "sysctl -w vm.max_map_count=262144"]

You are on the right track by setting the fsGroup but what you are currently doing is setting the user to 1000 and mounting the volume with access to the group 1000. What you should change is to use runAsGroup: 1000 instead of runAsUser: 1000.