I am using elasticsearch in kubernetes. I wish to add another layer of protection using nginx.
When I try to run nginx using systemctl start nginx
I get:
Failed to get D-Bus connection: Operation not permitted
This seems to be a known problem with centos
because its docker distribution does not come with a full systemd
.
Following the centos guide for this did not work for me:
https://hub.docker.com/_/centos see section Dockerfile for systemd base image
My Tries
Docker file -
FROM docker.elastic.co/elasticsearch/elasticsearch:7.6.1
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
# Install gcs plugin
RUN bin/elasticsearch-plugin install --batch repository-gcs
# install nginx
RUN yum install -y epel-release
RUN yum install -y nginx
# Copy configuration
COPY my-config.conf /etc/nginx/sites-enabled/my-config.conf
CMD ["/usr/sbin/init"]
Also tried to add docker arguments in the kubernetes yaml -
args:
["--tmpfs", "/run", "-v", "/sys/fs/cgroup:/sys/fs/cgroup:ro"]
or
["-ti", "-v", "/sys/fs/cgroup:/sys/fs/cgroup:ro", "-v", "/tmp/$(mktemp -d):/run"]
None of these helped.
Seen many answers about this issue but none seem to work, for example: https://serverfault.com/questions/824975/failed-to-get-d-bus-connection-operation-not-permitted https://github.com/CentOS/sig-cloud-instance-images/issues/45#issuecomment-363709254
Using priviliged docker container is not recomended for safty reasons so i rather not use it.
How can i make this work?
Containers are built to run a single application. You should use a separate one for the nginx proxy and another for Elasticsearch.