Fluentd not able to access the logs present under /var/lib/docker/containers due to permission issue

9/19/2019

I am trying to read the container logs through fluentd and pass it to the elastic search. I have mounted the directories from the host onto fluentd container which include all symlinks and actual files. But when I see the fluentd container logs , it say those logs, present under /var/log/pods/ are unreadable. Then I manually navigated to the path under fluentd container where logs are present but unfortunately I got permission denied issue. I went till /var/lib/docker/containers , then the permissions were 0700 and owner was root. Even I am trying to run my fluentd container by setting
- name: FLUENT_UID value: "0" But still it is not able to read.

volumes: - name: varlog hostPath: path: /var/log/ - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers

..... volumeMounts: - name: varlog mountPath: /var/log/ - name: varlibdockercontainers mountPath: /var/lib/docker/containers

-- Nish
docker
fluentd
kubernetes
kubernetes-helm

1 Answer

9/19/2019

You should take a look at security contexts. Among other things they allow you to specify the user that will run in the container with runAsUser, the primary group of that user with runAsGroup, and the volume owner with fsGroup.

-- Alassane Ndiaye
Source: StackOverflow