From d59629f28a8403f77ac47e29880bc675563917ef Mon Sep 17 00:00:00 2001
From: Chris Mark <chrismarkou92@gmail.com>
Date: Mon, 13 Apr 2020 09:45:38 +0300
Subject: [PATCH] Add privileged option for Auditbeat in Openshift (#17637)
 (#17662)

(cherry picked from commit e6b7a1cf2d0f81c4fed2b49e44d0bd388fdc77e9)
---
 CHANGELOG.next.asciidoc                              | 1 +
 deploy/kubernetes/auditbeat-kubernetes.yaml          | 2 ++
 deploy/kubernetes/auditbeat/auditbeat-daemonset.yaml | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index d7e71bc433e..a2408363953 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -197,6 +197,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Fix pubsub metricset to collect all GA stage metrics from gcp stackdriver. {issue}17154[17154] {pull}17600[17600]
 - Add privileged option so as mb to access data dir in Openshift. {pull}17606[17606]
 - Fix "ID" event generator of Google Cloud module {issue}17160[17160] {pull}17608[17608]
+- Add privileged option for Auditbeat in Openshift {pull}17637[17637]
 - Fix storage metricset to allow config without region/zone. {issue}17623[17623] {pull}17624[17624]
 
 *Packetbeat*
diff --git a/deploy/kubernetes/auditbeat-kubernetes.yaml b/deploy/kubernetes/auditbeat-kubernetes.yaml
index dd0727d7444..1b2abec791b 100644
--- a/deploy/kubernetes/auditbeat-kubernetes.yaml
+++ b/deploy/kubernetes/auditbeat-kubernetes.yaml
@@ -133,6 +133,8 @@ spec:
               fieldPath: spec.nodeName
         securityContext:
           runAsUser: 0
+          # If using Red Hat OpenShift uncomment this:
+          #privileged: true
           capabilities:
             add:
               # Capabilities needed for auditd module
diff --git a/deploy/kubernetes/auditbeat/auditbeat-daemonset.yaml b/deploy/kubernetes/auditbeat/auditbeat-daemonset.yaml
index 79a4c473da7..21ffb167107 100644
--- a/deploy/kubernetes/auditbeat/auditbeat-daemonset.yaml
+++ b/deploy/kubernetes/auditbeat/auditbeat-daemonset.yaml
@@ -46,6 +46,8 @@ spec:
               fieldPath: spec.nodeName
         securityContext:
           runAsUser: 0
+          # If using Red Hat OpenShift uncomment this:
+          #privileged: true
           capabilities:
             add:
               # Capabilities needed for auditd module