Before Maistra can be installed into an existing installation it is necessary to make several changes to the master configuration and each of the schedulable nodes. These changes will enable features required within Istio and also ensure Elasticsearch will function correctly.
The master/node updates discussed below are not necessary in OCP/OKD 4.1
If manual sidecar injection (i.e. kube-inject) is used this section may be skipped.
To enable the automatic injection of the Istio sidecar we first need to modify the master configuration on each master to include support for webhooks and signing of Certificate Signing Requests (CSRs). Then each individual Deployment requiring automatic injection needs to be modified.
First, make the following changes on each master within your installation.
Change to the directory containing the master configuration file (e.g. /etc/origin/master/master-config.yaml)
Create a file named master-config.patch with the following contents
admissionConfig:
pluginConfig:
MutatingAdmissionWebhook:
configuration:
apiVersion: apiserver.config.k8s.io/v1alpha1
kubeConfigFile: /dev/null
kind: WebhookAdmission
ValidatingAdmissionWebhook:
configuration:
apiVersion: apiserver.config.k8s.io/v1alpha1
kubeConfigFile: /dev/null
kind: WebhookAdmissionWithin the same directory issue the following commands:
cp -p master-config.yaml master-config.yaml.prepatch
oc ex config patch master-config.yaml.prepatch -p "$(cat master-config.patch)" > master-config.yaml
master-restart api
master-restart controllersTo run the Elasticsearch application, it is necessary to make a change to the kernel configuration on each node. This change will be handled through the sysctl service.
Make the following changes on each node within your installation
Create a file named /etc/sysctl.d/99-elasticsearch.conf with the following contents: vm.max_map_count = 262144
Execute the following command:
sysctl vm.max_map_count=262144