ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

OpenShift Monitor Security Requirements


Article ID: 104998


Updated On:


CA Application Performance Management Agent (APM / Wily / Introscope) INTROSCOPE


The steps to install CA APM's Openshift monitor are documented here:

Why is cluster-reader role required for the caapm user and privileged access required for the default namespace? 


Component: APMAGT


To obtain these metrics Openshift monitor uses various Openshift APIs which can be executed remotely to query state of various Kubernetes and Docker objects in the environment. The cluster-reader role is needed for the caapm service account to obtain metrics. Privileged access is needed since the monitor runs on top of a pod/container and is needed in order to get suitable access on the filesystem and docker.sock file from the host the environment runs on.