Tried another stting

nullchimp · nullchimp · commit 3f6ef4ecaae2 · 2025-05-21T13:22:12.000+02:00
diff --git a/docs/memgraph-troubleshooting.md b/docs/memgraph-troubleshooting.md
@@ -87,7 +87,27 @@ python examples/10-azure-memgraph-test.py
 
 ### VM Max Map Count Error
 
-If you see an error like "Max virtual memory areas vm.max_map_count 65530 is too low", this is fixed in the latest deployment configuration with an init container.
+If you see an error like "Max virtual memory areas vm.max_map_count 65530 is too low" or a `SysctlForbidden` error message with "forbidden sysctl: vm.max_map_count", this can be fixed in two ways:
+
+1. **AKS Cluster Level Fix (Preferred)**: 
+   The AKS cluster should be configured with proper sysctl permissions in its Terraform configuration:
+   ```tf
+   default_node_pool {
+     # Other settings...
+     linux_os_config {
+       sysctl_config {
+         vm_max_map_count = 262144
+       }
+     }
+   }
+   ```
+
+2. **Pod Level Fix**:
+   The Memgraph pod configuration includes both:
+   - securityContext with sysctls to request the setting
+   - An init container that attempts to set the value if privileged mode is allowed
+
+If you're still seeing this issue, check that your AKS cluster's security policies allow sysctls.
 
 ### Authentication Errors
 
diff --git a/infra/azure/main.tf b/infra/azure/main.tf
@@ -52,6 +52,13 @@ resource "azurerm_kubernetes_cluster" "this" {
     name       = "default"
     node_count = 1
     vm_size    = var.node_vm_size
+    
+    # Enable allowed sysctls specifically for Memgraph
+    linux_os_config {
+      sysctl_config {
+        vm_max_map_count = 262144
+      }
+    }
   }
 
   identity { type = "SystemAssigned" }
diff --git a/infra/k8s/memgraph.yaml b/infra/k8s/memgraph.yaml
@@ -36,6 +36,9 @@ spec:
       # ── pod security context for mounted volumes ─────
       securityContext:
         fsGroup: 1000                       # proper perms for mounted volumes
+        sysctls:
+        - name: vm.max_map_count
+          value: "262144"
 
       # schedule on B2ms nodes if available
       affinity:
@@ -48,7 +51,16 @@ spec:
 
       tolerations:
       - { key: "node.kubernetes.io/memory-pressure", operator: "Exists", effect: "NoSchedule" }
-
+      
+      # init container to set vm.max_map_count if needed and permitted
+      initContainers:
+      - name: increase-vm-max-map-count
+        image: busybox
+        imagePullPolicy: IfNotPresent
+        command: ["sysctl", "-w", "vm.max_map_count=262144"]
+        securityContext:
+          privileged: true
+      
       containers:
       - name: memgraph
         image: memgraph/memgraph-mage:latest
