openshift-auditd

Setup Project

# oadm new-project testdaemonset
$ oc project testdaemonset

Set SCC

The auditd pods need to run privileged in order to access certain system resources.

/etc/foo - read

As system:admin do the following:

# oadm policy add-scc-to-user privileged system:serviceaccount:testdaemonset:default

Grant Daemonset ClusterRole

If you are using a different user than admin, you have to grant a daemonset clusterrole.

As Admin, create a dedicated cluster role:

cat <<EOF | oc create -f -
apiVersion: v1
kind: ClusterRole
metadata:
  name: system:daemonset-admin
rules:
- resources:
  - daemonsets
  apiGroups:
  - extensions
  verbs:
  - create
  - get
  - list
  - watch
  - delete
  - update
EOF

Grant the daemonset cluster role to your user in the right namespace

oadm policy add-role-to-user system:daemonset-admin flambert@redhat.com -n testdaemonset

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
scripts		scripts
Dockerfile		Dockerfile
LICENSE		LICENSE
README.adoc		README.adoc
dockerfile_start.sh		dockerfile_start.sh
openshift-auditd-template.yml		openshift-auditd-template.yml
template.sh		template.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

openshift-auditd

Setup Project

Set SCC

Grant Daemonset ClusterRole

About

Releases

Packages

Contributors 3

Languages

License

talset/openshift-auditd

Folders and files

Latest commit

History

Repository files navigation

openshift-auditd

Setup Project

Set SCC

Grant Daemonset ClusterRole

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 3

Languages

Packages