search

enonic / xp-operator

Enonic Kubernetes Operator
5 stars 0 forks source link

GKE Autopilot restricts privileged mode #454

Closed vbradnitski closed 11 months ago

vbradnitski commented 1 year ago

https://discuss.enonic.com/t/kubernetes-operator-cluster-config-mount-issue/3028

In a GKE Autopilot mode cluster, the configure-sysctl init container operates in a privileged mode, which is restricted. To address this, we need to change the XP docker image by adding the 'vm.max_map_count=262144' value to the /etc/sysctl.conf file, which is a recommended configuration. Consequently, we can remove the init container.

rymsha commented 12 months ago

https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/

rymsha commented 12 months ago

DaemonSet echo 262144 > /proc/sys/vm/max_map_count should do the trick

vbradnitski commented 11 months ago

https://cloud.google.com/kubernetes-engine/docs/resources/autopilot-partners There is no way to bypass GKE Autopilot restrictions for privileged mode(except for becoming a Google trusted partner). We cannot fully support autopilot and must document this.