Permission denied metricbeat on openshift

7/6/2019

I'm trying to deploy metricbeat on openshift, and after many hours of work i cannot have it worked. The same image is running normally on docker. Thank you

#Dockerfile

FROM docker.elastic.co/beats/metricbeat:7.2.0
COPY metricbeat.yml /usr/share/metricbeat/metricbeat.yml
USER root 
RUN mkdir /var/log/metricbeat \
    && chown metricbeat /usr/share/metricbeat/metricbeat.yml \
    && chown metricbeat /usr/share/metricbeat/metricbeat \
    && chmod go-w /usr/share/metricbeat/metricbeat.yml \
    && chown metricbeat /var/log/metricbeat

COPY entrypoint.sh /usr/local/bin/custom-entrypoint
RUN chmod +x /usr/local/bin/custom-entrypoint \
    && chown metricbeat /usr/local/bin/custom-entrypoint

ENV PATH="/usr/share/metricbeat:${PATH}"

USER metricbeat

ENTRYPOINT [ "/usr/local/bin/custom-entrypoint" ]

#entrypoint.sh
#!/usr/bin/env bash
/usr/share/metricbeat/metricbeat -e --strict.perms=false -c /usr/share    /metricbeat/metricbeat.yml  

Error: /usr/local/bin/custom-entrypoint: line 2: /usr/share/metricbeat/metricbeat: Permission denied

-- jdtotow
docker
kubernetes
metricbeat
openshift

1 Answer

7/7/2019

The Dockerfile shows switching to the root user while setting up the directory structure and permissions when building the image, and finally switching to USER metricbeat to run the container with it.

However, by default OpenShift runs containers with a user with a random UID (from a preconfigured range).

One option is to relax the security policy as Graham Dumpleton suggested.

To make it work without relaxing the security, I'll suggest to change ownership as follows:

RUN chown -R metricbeat:root /usr/share/metricbeat \
 && chmod -R 0775 /usr/share/metricbeat

...or incorporate the above two commands in the first RUN instruction.

-- apisim
Source: StackOverflow