Kubernetes Elasticsearch centos - unable to start nginx in the pod

3/31/2020

I am using elasticsearch in kubernetes. I wish to add another layer of protection using nginx.

When I try to run nginx using systemctl start nginx I get:

Failed to get D-Bus connection: Operation not permitted

This seems to be a known problem with centos because its docker distribution does not come with a full systemd.

Following the centos guide for this did not work for me:

https://hub.docker.com/_/centos see section Dockerfile for systemd base image

My Tries

Docker file -

FROM docker.elastic.co/elasticsearch/elasticsearch:7.6.1


ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]

# Install gcs plugin
RUN bin/elasticsearch-plugin install --batch repository-gcs

# install nginx
RUN yum install -y epel-release
RUN yum install -y nginx

# Copy configuration
COPY my-config.conf /etc/nginx/sites-enabled/my-config.conf


CMD ["/usr/sbin/init"]

Also tried to add docker arguments in the kubernetes yaml -

args:
  ["--tmpfs", "/run", "-v", "/sys/fs/cgroup:/sys/fs/cgroup:ro"]

or

["-ti", "-v", "/sys/fs/cgroup:/sys/fs/cgroup:ro", "-v", "/tmp/$(mktemp -d):/run"]

None of these helped.

Seen many answers about this issue but none seem to work, for example: https://serverfault.com/questions/824975/failed-to-get-d-bus-connection-operation-not-permitted https://github.com/CentOS/sig-cloud-instance-images/issues/45#issuecomment-363709254

Using priviliged docker container is not recomended for safty reasons so i rather not use it.

How can i make this work?

-- Montoya
docker
elasticsearch
kubernetes
nginx

1 Answer

4/1/2020

Containers are built to run a single application. You should use a separate one for the nginx proxy and another for Elasticsearch.

-- Erhard Czving
Source: StackOverflow