Filebeat unable to access logs under “/var/lib/docker/containers” path due to "Permission Denied" issue

bhavaniprasad_reddy · May 28, 2020, 9:04am

I am trying to deploy ELK stack with Filebeat in Openshift environment.

Filebeat is trying to read the log files under "/var/lib/docker/containers" path of a pod but it failed with "Permission Denied" error.

I am using an SCC with "runsAsAny" and "runAsUser: 0",

- apiVersion: v1
  kind: SecurityContextConstraints
  metadata:
    name: hostpath
  allowPrivilegedContainer: true
  allowHostDirVolumePlugin: true
  runAsUser:
    type: RunAsAny
  seLinuxContext:
    type: RunAsAny
  fsGroup:
    type: RunAsAny
  readOnlyRootFilesystem: false
  supplementalGroups:
    type: RunAsAny
  users:
  - my-admin-user
  groups:
  - my-admin-group

Volume Mounts:

volumeMounts:
- mountPath: /var/lib/docker/containers
  name: varlibdockercontainers

HostPath Volume:

securityContext:
  runAsUser: 0
volumes:
- hostPath:
    path: /var/lib/docker/containers
    type: ""
  name: varlibdockercontainers

Please let me know if I am missing something in SCC to have atleast read permissions in "/var/lib/docker/containers" path.

ELK stack versions:

FIlebeat - 6.4.1
Logstash - 6.3.1
elastic - 6.5.4 &
kibana - 6.5.4

system · June 25, 2020, 9:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ELK no read logs from docker containers Beats filebeat	2	403	June 25, 2019
Handling permissions on logs and certificates with filebeat / logstash Beats filebeat	6	2838	May 11, 2018
Filebeat output file permission Beats filebeat	4	753	October 12, 2020
Filebeat: permission denied Beats docker , filebeat	7	2930	May 30, 2023
Logstash starts with an error and does not receive filebeat data Beats filebeat	2	930	June 24, 2019

Filebeat unable to access logs under “/var/lib/docker/containers” path due to "Permission Denied" issue

Related topics