Why is cluster-reader role required for the caapm user and privileged access required for the default namespace?
Release: Component: APMAGT
To obtain these metrics Openshift monitor uses various Openshift APIs which can be executed remotely to query state of various Kubernetes and Docker objects in the environment. The cluster-reader role is needed for the caapm service account to obtain metrics. Privileged access is needed since the monitor runs on top of a pod/container and is needed in order to get suitable access on the filesystem and docker.sock file from the host the environment runs on.