[NEW] Openshift 4 - Fleet and Elastic Agent permission denied

Elastic Orchestration Elastic Cloud on Kubernetes (ECK)
1

Hi,

I'd like to reopen the old post from splitmessage88 as I'm facing the exact same issue while trying to configure an Elastic Agent on an ARO cluster. I've followed all the existing instructions for deploy the ECK operator on Openshift but in the end the only result is that the daemonSet is not able to mkdir the /usr/share/elastic-agent/state hostPath directory even with privileged scc serviceAccount or runAsUser:0 securityContext.

Has anyone ever achieved deploying successfully on Openshift or on Managed Openshift service (like ARO/ROSA) an elastic-agent daemonSet running?

If it's not possibile, can be specified on the docs that ECK can't be deployed successfully on managed platforms or that it hasn't been tested at least so it might not work even if the steps on the docs are followed?

2

IIRC being in the privileged scc is not enough, could you also check that the container is privileged:

    podTemplate:
      spec:
        securityContext:
          runAsUser: 0
        containers:
          - name: agent
            securityContext:
              runAsUser: 0
              privileged: true
1 Like
3

Thank you for your answer, that worked like a charm!

1 Like
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.