Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discuss/Draft: Automatically adjust Elastic Beat hostPath permissions #6612

Closed
wants to merge 4 commits into from
Closed

Discuss/Draft: Automatically adjust Elastic Beat hostPath permissions #6612

wants to merge 4 commits into from

Conversation

naemono
Copy link
Contributor

@naemono naemono commented Mar 28, 2023

relates #6599, #6600, #6280

I would like to handle Beat hostpath permissions similar to Agent being done in #6599. Unfortunately Beats seems to be a bit more complicated and strict when it comes to permissions.

Issues

  1. Beat handles files in subdirectories in it's data directory, not just the root so recursive operations are needed when adjusting permissions.
  2. Beat seems to try and chmod files that it doesn't like the ownership/permissions of (see details in hostPathVolumeInitContainerCommand func)
  3. Beat is very strict about it's permissions on the keystore, and requires it be owned by the UID of Beat, and only be readable/writable by that user.

What this means is we need to know the UID that beat is running as, which isn't especially difficult in a standard Kubernetes environment, but when Openshift is involved, this is not predictable.

Does anyone see a path forward for handling hostPaths automatically for Beat in Openshift outside of detecting it, and doing nothing (as we do now). The current solution in this PR works (in limited testing) outside of Openshift.

naemono added 4 commits March 28, 2023 11:30
@naemono
Allow InitContainer for Beat for managing permissions on hostPath dat…
24aff50 
…a volume.

Signed-off-by: Michael Montgomery <mmontg1@gmail.com>
@naemono
Add some comments to better explain some actions.
0cc1990 
Signed-off-by: Michael Montgomery <mmontg1@gmail.com>
@naemono
One more comment
6a18e12 
Signed-off-by: Michael Montgomery <mmontg1@gmail.com>
@naemono
spaces not tabs
8137264 
Signed-off-by: Michael Montgomery <mmontg1@gmail.com>
@naemono naemono added discuss We need to figure this out >feature Adds or discusses adding a feature to the product labels Mar 28, 2023
@naemono
Copy link
Contributor Author

naemono commented Apr 21, 2023

Closing for the same reasons noted #6599 (comment)

@naemono naemono closed this Apr 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
discuss We need to figure this out >feature Adds or discusses adding a feature to the product
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@naemono