Hi,
I have been stuck with this issue for a couple of days and can't get it working.
We are using Openshift 4.12 & argoCD with the elastic operator in Openshift.
I followed the official eck k8s 2.6 documentation and created the required resources.
Worth mentioning is that we implemented the compliance operator and have used the CIS operator to hardening the platform.
apiVersion: agent.k8s.elastic.co/v1alpha1
kind: Agent
metadata:
name: fleet-server-dev
namespace: elastic-dev
spec:
version: 8.6.1
kibanaRef:
name: kibanadev
elasticsearchRefs:
- name: esdev01
mode: fleet
fleetServerEnabled: true
deployment:
replicas: 1
podTemplate:
spec:
serviceAccountName: elastic-agent
automountServiceAccountToken: true
securityContext:
runAsUser: 0
---
apiVersion: agent.k8s.elastic.co/v1alpha1
kind: Agent
metadata:
name: elastic-agent-dev
namespace: elastic-dev
spec:
version: 8.6.1
kibanaRef:
name: kibanadev
fleetServerRef:
name: fleet-server-dev
mode: fleet
daemonSet:
podTemplate:
spec:
serviceAccountName: elastic-agent
automountServiceAccountToken: true
securityContext:
runAsUser: 0
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: elastic-agent
rules:
- apiGroups: [""] # "" indicates the core API group
resources:
- pods
- nodes
- namespaces
verbs:
- get
- watch
- list
- apiGroups: ["coordination.k8s.io"]
resources:
- leases
verbs:
- get
- create
- update
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: elastic-agent
namespace: elastic-dev
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: elastic-agent
subjects:
- kind: ServiceAccount
name: elastic-agent
namespace: elastic-dev
roleRef:
kind: Role
name: elastic-agent
apiGroup: rbac.authorization.k8s.io
Rolebinding
Name: elastic-agent-rb
Labels: <none>
Annotations: <none>
Role:
Kind: ClusterRole
Name: system:openshift:scc:privileged
Subjects:
Kind Name Namespace
---- ---- ---------
ServiceAccount elastic-agent elastic-dev
The hostpath is created on the physical machine but we are still getting permissions denied!
Error: preparing STATE_PATH(/usr/share/elastic-agent/state) failed: mkdir /usr/share/elastic-agent/state/data: permission denied
For help, please see our troubleshooting guide at https://www.elastic.co/guide/en/fleet/8.6/fleet-troubleshooting.html