I installed FluentD on a Kubernetes cluster on AWS, and I had an issue with the security already in place on the cluster. It wasn't able to write in hostPath volumes.
After a quick search, I found a really good blog post that resumes all that we need to know about hostPath volumes and associated issues.
So if you have an issue with it, go check this link:
All that is written below is based on the blog post content.
Declare a PodSecurityPolicy and attach it to the ServiceAccount for my service.
apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: psp-hostpath spec: seLinux: rule: RunAsAny supplementalGroups: rule: RunAsAny runAsUser: rule: RunAsAny fsGroup: rule: RunAsAny volumes: - '*' privileged: false # Don't allow privileged pods! allowedHostPaths: - pathPrefix: /abc - pathPrefix: /def
kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: role-authorize-hostpath rules: - apiGroups: ['policy'] resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: - psp-hostpath
kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: rolebinding-hostpath-fluentd roleRef: kind: Role name: role-authorize-hostpath apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: fluentd # Name of the ServiceAccount namespace: fluentd
I hope it will help you as much as it helps me! 😃
Thanks Suraj Deshmukh for your blog post!
Don't hesitate to give some feedback to help me to improve my writing skills. Thanks!