Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Heartbeat Openshift specific documentation needs an update? #7707

Open
mmentges opened this issue Apr 11, 2024 · 1 comment
Open

Heartbeat Openshift specific documentation needs an update? #7707

mmentges opened this issue Apr 11, 2024 · 1 comment
Labels
triage

Comments

@mmentges
Copy link

Documentation Update Suggestion

What did you do?
I tried to get Heartbeat running in an Azure Redhat Openshift environment for quiet some time and different Openshift versions with more or less effort.
Yesterday I finally got it running. I followed the official documentation https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-openshift-beats.html but it never worked out. The service account with the privleged scc is not enough, at least for me. The finally working configuration is below.
What did you expect to see?
I expected to see a running heatbeat pod without failing
What did you see instead? Under which circumstances?
A failing pod with permission issues
Environment

  • ECK version:

    ECK 2.11 - Heartbeat 8.12.1 (and all other Images)

  • Kubernetes information:

    • Azure Redhat Openshift 4.12.47
$ kubectl version

Server Version: v1.25.16+5c97f5b
  • Working Resource definition:
  deployment:
    replicas: 1
    podTemplate:
      spec:
        containers:
        - name: heartbeat
          securityContext:
            capabilities:
              add: ["NET_RAW", "SYS_CHROOT"]
        serviceAccountName: heartbeat
        securityContext:
          runAsUser: 0
        volumes:
          - name: beat-data
            emptyDir: {}
  • Error Logs without the added capabilities:
/usr/local/bin/docker-entrypoint: line 8: /usr/share/heartbeat/heartbeat: Operation not permitted

Not sure if it is only my specific environment or does the documentation need an update?
@botelastic botelastic bot added the triage label Apr 11, 2024
@pebrc
Copy link
Collaborator

pebrc commented Apr 19, 2024

Can you share your Heartbeat configuration? We are testing Heartbeat daily with this configuration on OpenShift:

cloud-on-k8s/test/e2e/beat/config.go

Lines 67 to 78 in 1577f2d

e2eHeartBeatConfigTpl = `
heartbeat.monitors:
- type: tcp
schedule: '@every 5s'
hosts: ["%s.%s.svc:9200"]
`
e2eHeartbeatPodTemplate = `spec:
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
securityContext:
runAsUser: 0
and I am trying to understand what is different in your use case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pebrc @mmentges