Skip to content

Missing permissions in kubernetes deployment manifest of Elastic-Agent  #35

Closed
#38
Closed
Missing permissions in kubernetes deployment manifest of Elastic-Agent #35
#38
Assignees
mjwolf
Labels
bugSomething isn't workingv8.5.0
@Danouchka

Description

@Danouchka
Danouchka
opened on Nov 8, 2022

Deploying https://github.com/elastic/endpoint/tree/main/releases/8.5.0/kubernetes/deploy on GKE, we can see this error from elastic-agent

metricbeat stderr: "E1108 07:59:03.061004 1702055 reflector.go:138] pkg/mod/k8s.io/client-go@v0.23.4/tools/cache/reflector.go:167: Failed to watch *v1.StorageClass: failed to list *v1.StorageClass: storageclasses.storage.k8s.io is forbidden: User \"system:serviceaccount:kube-system:elastic-agent\" cannot list resource \"storageclasses\" in API group \"storage.k8s.io\" at the cluster scope\n"

I think this should be added in the manifest

  • apiGroups: ["rbac.authorization.k8s.io"]
    resources:
    - clusterrolebindings
    - clusterroles
    - rolebindings
    - roles
    verbs: ["get", "list", "watch"]

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingv8.5.0

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions