A newer version is available. For the latest information, see the
current release documentation.
Deploy an APM Server instance with a route
editDeploy an APM Server instance with a route
editIt is currently not possible to run the APM Server with the restricted
SCC. A possible workaround is to allow the Pod to run with the default uid 1000
by assigning it to the anyuid
SCC:
-
Create a service account to run the APM Server
oc create serviceaccount apm-server -n elastic
-
Add the APM service account to the
anyuid
SCCoc adm policy add-scc-to-user anyuid -z apm-server -n elastic
scc "anyuid" added to: ["system:serviceaccount:elastic:apm-server"]
-
Deploy an APM Server and a route with the following manifest
cat <<EOF | oc apply -n elastic -f - apiVersion: apm.k8s.elastic.co/v1 kind: ApmServer metadata: name: apm-server-sample spec: version: 8.16.0 count: 1 elasticsearchRef: name: "elasticsearch-sample" podTemplate: spec: serviceAccountName: apm-server --- apiVersion: v1 kind: Route metadata: name: apm-server-sample spec: #host: apm-server.example.com # override if you don't want to use the host that is automatically generated by OpenShift (<route-name>[-<namespace>].<suffix>) tls: termination: passthrough # the APM Server is the TLS endpoint insecureEdgeTerminationPolicy: Redirect to: kind: Service name: apm-server-sample-apm-http EOF
To check that the Pod of the APM Server is using the correct SCC, use the following command:
oc get pod -o go-template='{{range .items}}{{$scc := index .metadata.annotations "openshift.io/scc"}}{{.metadata.name}}{{" scc:"}}{{range .spec.containers}}{{$scc}}{{" "}}{{"\n"}}{{end}}{{end}}'
apm-server-sample-apm-server-86bfc5c95c-96lbx scc:anyuid elasticsearch-sample-es-5tsqghmm79 scc:restricted elasticsearch-sample-es-6qk52mz5jk scc:restricted elasticsearch-sample-es-dg4vvpm2mr scc:restricted kibana-sample-kb-97c6b6b8d-lqfd2 scc:restricted