Hello,
I am trying to run auditbeat on kubernetes cluster
But kubernetes metadata are not added to events when I run application with not a root account
Below is a debug messages
2020-09-16T04:59:16.435Z DEBUG [add_process_metadata] add_process_metadata/add_process_metadata.go:195 failed to get process metadata for PID=11776: readlink /proc/11776/exe: permission denied {"instance_id": 1}
2020-09-16T04:59:16.435Z DEBUG [processors] processing/processors.go:112 Fail to apply processor global{add_host_metadata=[netinfo.enabled=[true], cache.ttl=[5m0s]], add_process_metadata=[match_pids=[system.process.pid process.ppid process.parent.pid process.parent.ppid], mappings={"container.id":"container.id"}, ignore_missing=false, overwrite_fields=true, restricted_fields=true, host_path=/, cgroup_prefixes=[/kubepods /docker]], add_kubernetes_metadata}: process not found
It seems that the approach to the /proc/* path is only possible root account.
Is there any way to check k8s metadata with an account other than the root?
Thanks