From 9a31fd5ae30e615760425c75bc73cdb773a515ba Mon Sep 17 00:00:00 2001 From: cswatt Date: Fri, 21 Feb 2020 09:37:05 -0500 Subject: [PATCH] [Docs] Openshift note about running Agent with elevated privileges (#5212) * [Docs] Openshift note about running Agent with elevated privileges for Docker metrics * fixing indent * wording update Co-authored-by: Pierre Guceski --- openshift/README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/openshift/README.md b/openshift/README.md index 31e012b4181dd..fbcc3a959a4fd 100644 --- a/openshift/README.md +++ b/openshift/README.md @@ -73,6 +73,13 @@ If SELinux is in enforcing mode, it is recommended to grant [the `spc_t` type][7 > :warning: **OpenShift 4.0+**: If you used the OpenShift installer on a supported cloud provider, you will need to modify the provided SCC with `allowHostNetwork: true` to get host tags/aliases as access to metadata servers from PODs network is otherwise restricited. +**Note**: The Docker socket is owned by the root group, so you may need to elevate the Agent's privileges to pull in Docker metrics. To run the Agent process as a root user, you can configure your SCC with the following: + +```yaml +runAsUser: + type: RunAsAny +``` + ### Validation See [kube_apiserver_metrics][1]