Filebeat unable to access logs under "/var/lib/docker/containers" path due to Permission Denied issue

I am trying to deploy ELK stack with Filebeat in Openshift environment.

Filebeat is trying to read the log files under "/var/lib/docker/containers" path of a pod but it failed with "Permission Denied" error.

I am using an SCC with "runsAsAny" and "runAsUser: 0",

- apiVersion: v1
  kind: SecurityContextConstraints
  metadata:
    name: hostpath
  allowPrivilegedContainer: true
  allowHostDirVolumePlugin: true
  runAsUser:
    type: RunAsAny
  seLinuxContext:
    type: RunAsAny
  fsGroup:
    type: RunAsAny
  readOnlyRootFilesystem: false
  supplementalGroups:
    type: RunAsAny
  users:
  - my-admin-user
  groups:
  - my-admin-group

Volume Mounts:

volumeMounts:
- mountPath: /var/lib/docker/containers
  name: varlibdockercontainers

HostPath Volume:

securityContext:
  runAsUser: 0
volumes:
- hostPath:
    path: /var/lib/docker/containers
    type: ""
  name: varlibdockercontainers

Please let me know if I am missing something in SCC to have atleast read permissions in "/var/lib/docker/containers" path.

Recommended topics

Hot tags