I am trying to read the container logs through fluentd and pass it to the elastic search. I have mounted the directories from the host onto fluentd container which include all symlinks and actual files. But when I see the fluentd container logs , it say those logs, present under /var/log/pods/
are unreadable. Then I manually navigated to the path under fluentd container where logs are present but unfortunately I got permission denied issue. I went till /var/lib/docker/containers
, then the permissions were 0700 and owner was root. Even I am trying to run my fluentd container by setting- name: FLUENT_UID value: "0"
But still it is not able to read.
volumes: - name: varlog hostPath: path: /var/log/ - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers
..... volumeMounts: - name: varlog mountPath: /var/log/ - name: varlibdockercontainers mountPath: /var/lib/docker/containers
You should take a look at security contexts. Among other things they allow you to specify the user that will run in the container with runAsUser
, the primary group of that user with runAsGroup
, and the volume owner with fsGroup
.