Grant host access permission to Elastic Agentedit

Deploying Elastic Agent on Openshift may require additional permissions depending on the type of integration Elastic Agent is supposed to run. In any case, Elastic Agent uses a hostPath volume as its data directory on OpenShift to maintain a stable identity. Therefore, the Service Account used for Elastic Agent needs permissions to use hostPath volumes.

The following example assumes that Elastic Agent is deployed in the Namespace elastic with the ServiceAccount elastic-agent. You can replace these values according to your environment.

If you used the examples from the recipes directory, the ServiceAccount may already exist.

  1. Create a dedicated ServiceAccount:

    oc create serviceaccount elastic-agent -n elastic
  2. Add the ServiceAccount to the required SCC:

    oc adm policy add-scc-to-user hostaccess -z elastic-agent -n elastic
  3. Update the Elastic Agent manifest to use the new ServiceAccount, for example:

    apiVersion: agent.k8s.elastic.co/v1alpha1
    kind: Agent
    metadata:
      name: my-agent
    spec:
      version: 7.13.4
      daemonSet:
        podTemplate:
          spec:
            serviceAccountName: elastic-agent