Deploying Elastic Agent on Openshift may require additional permissions depending on the type of integration Elastic Agent is supposed to run. In any case, Elastic Agent uses a hostPath volume as its data directory on OpenShift to maintain a stable identity. Therefore, the Service Account used for Elastic Agent needs permissions to use hostPath volumes.
The following example assumes that Elastic Agent is deployed in the Namespace
elastic with the ServiceAccount
elastic-agent. You can replace these values according to your environment.
If you used the examples from the recipes directory, the ServiceAccount may already exist.
Create a dedicated ServiceAccount:
oc create serviceaccount elastic-agent -n elastic
Add the ServiceAccount to the required SCC:
oc adm policy add-scc-to-user hostaccess -z elastic-agent -n elastic
Update the Elastic Agent manifest to use the new ServiceAccount, for example:
apiVersion: agent.k8s.elastic.co/v1alpha1 kind: Agent metadata: name: my-agent spec: version: 7.15.1 daemonSet: podTemplate: spec: serviceAccountName: elastic-agent