Why must you run pod containers in privileged mode when installing Kubernetes Monitoring for APM?

Document ID : KB000016273
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

  In the APM 10.7 and later documentation, the section on "Install and Configure Kubernetes Monitoring" states 

 "Before you proceed, ensure that your Kubernetes administrator has given you the role required for running pod containers in privileged mode."

  But it does not describe this is needed.

Question:

  Why do I need to have a role requiring running pod containers in privileged mode when installing Kubernetes Monitoring for APM?

Environment:
APM 10.7 with Kubernetes
Answer:

  Per the documentation, the containers needs to be run in privileged mode . If for some reason, it does not run in privileged mode, then the Kubernetes engine will not deploy the Pod in Running state. This is the behavior of the Kubernetes software. 

 

 

  For example. When running the YML file, this will install the Pod in the system:

 

[root@abcde01-S193861 ~]# oc get pods

NAME                                 READY     STATUS    RESTARTS   AGE

caagent-deployment-170437119-4w42c   1/1       Running   0          20h

caagent-vtfw9                        1/1       Running   0          20h

 

 

  If it does not work, it will be in the ERROR state like below:

 

[root@abcde01-S193861 ~]# oc get pods --all-namespaces

NAMESPACE        NAME                                 READY     STATUS      RESTARTS   AGE

caapm            caagent-deployment-170437119-4w42c   1/1       Running     0          20h

caapm            caagent-vtfw9                        1/1       Running     0          20h

creditapp        tomcat-1-bpbc0                       1/1       Running     0          20h

creditapp        wilytomcat-1-xqktm                   1/1       Running     2          14d

creditapp        wilywlp-1-vfgtc                      1/1       Running     2          14d

default          docker-registry-1-1sxs3              1/1       Running     16         218d

helloworld-msa   hola-1-build                         0/1       Completed   0          93d

helloworld-msa   hola-2-build                         0/1       Error       0          92d

helloworld-msa   hola-2-j28fk                         1/1       Running     3          93d

helloworld-msa   openshiftmonitor-1-build             0/1       Error       0          92d

test             nodejs-ex-1-build                    0/1       Error       0          218d

test             ruby-ex-1-build                      0/1       Error       0          218d

 

 You can get more details about the error by entering

 oc describe <pod_name>

Additional Information:

      https://docs.openshift.com/           OpenShift Documentation

      https://kubernetes.io/docs/home/  Kubernetes Documentation