Reading Kubernetes logs on Openshift without running as root

[tilleryd]

Question

Openshift pod logs on the cluster nodes have file mode 600 (r/w only for the root user).

-rw-------. 1 root root 10236666 Aug  5 14:26 0.log

We are running Vector as a Daemonset with mounted /var/log dir from the nodes. In the below Vector logs, you can see that permission is denied when attempting to read a log file. What's the easiest solution that requires minimal configuration change, while achieving a high level of security? Our organization has strict security requirements, therefore we cannot run the Vector container as root via the following config.

securityContext:
  runAsUser: 0

Vector Config

[api]
enabled = false
address = "0.0.0.0:8686"
playground = true

[sources.file]
type = "file"
data_dir = "/tmp/"
include = ['/var/log/pods/default*/sidecar*/*.log']
ignore_older = 1200

Vector Logs

2025-08-04T19:34:57.326098Z ERROR source{component_kind="source" component_id=file component_type=file}:file_server: vector::internal_events::file::source: Failed reading file for fingerprinting. file=/var/log/pods/default_nginx-test-546d794596-k7rwc_b6ea049b-91ce-4e94-aa43-5532c1a45dd6/sidecar/0.log error=Permission denied (os error 13) error_code="reading_fingerprint" error_type="reader_failed" stage="receiving" internal_log_rate_limit=true

[thomasqueirozb]

Hi @tilleryd, unfortunately you came across a known issue. I know it doesn't solve your original problem but you can try running Vector without some capabilities disabled as detailed here.

Also, were you able to verify that the container's user's UID/GID is able to read /var/log/pods/default_nginx-test-546d794596-k7rwc_b6ea049b-91ce-4e94-aa43-5532c1a45dd6/sidecar/0.log? You could verify this by spawning a shell in the container and trying to run cat on it.

You might have some success if you try to tweak user/group/file/folder permissions but it is not a guarantee that all Vector functionalities are going to work inside the non-root container.