From f9d8c30e3c013dcf41a4b1c4cdd01f4f737d3630 Mon Sep 17 00:00:00 2001
From: Chris Mark <chrismarkou92@gmail.com>
Date: Mon, 13 Apr 2020 09:45:13 +0300
Subject: [PATCH] Add privileged option for Auditbeat in Openshift (#17637)
 (#17661)

(cherry picked from commit a1278ac2474a71b2339c728d3169a52e36c78a86)
---
 CHANGELOG.next.asciidoc                              | 1 +
 deploy/kubernetes/auditbeat-kubernetes.yaml          | 2 ++
 deploy/kubernetes/auditbeat/auditbeat-daemonset.yaml | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 29dba4ff142..2b92d2bd3d1 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -198,6 +198,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Fix pubsub metricset to collect all GA stage metrics from gcp stackdriver. {issue}17154[17154] {pull}17600[17600]
 - Add privileged option so as mb to access data dir in Openshift. {pull}17606[17606]
 - Fix "ID" event generator of Google Cloud module {issue}17160[17160] {pull}17608[17608]
+- Add privileged option for Auditbeat in Openshift {pull}17637[17637]
 - Fix storage metricset to allow config without region/zone. {issue}17623[17623] {pull}17624[17624]
 
 *Packetbeat*
diff --git a/deploy/kubernetes/auditbeat-kubernetes.yaml b/deploy/kubernetes/auditbeat-kubernetes.yaml
index b8996084d78..dc0bd50e86f 100644
--- a/deploy/kubernetes/auditbeat-kubernetes.yaml
+++ b/deploy/kubernetes/auditbeat-kubernetes.yaml
@@ -133,6 +133,8 @@ spec:
               fieldPath: spec.nodeName
         securityContext:
           runAsUser: 0
+          # If using Red Hat OpenShift uncomment this:
+          #privileged: true
           capabilities:
             add:
               # Capabilities needed for auditd module
diff --git a/deploy/kubernetes/auditbeat/auditbeat-daemonset.yaml b/deploy/kubernetes/auditbeat/auditbeat-daemonset.yaml
index 79a4c473da7..21ffb167107 100644
--- a/deploy/kubernetes/auditbeat/auditbeat-daemonset.yaml
+++ b/deploy/kubernetes/auditbeat/auditbeat-daemonset.yaml
@@ -46,6 +46,8 @@ spec:
               fieldPath: spec.nodeName
         securityContext:
           runAsUser: 0
+          # If using Red Hat OpenShift uncomment this:
+          #privileged: true
           capabilities:
             add:
               # Capabilities needed for auditd module