Add automatic RBAC creation for k8sevents receiver #3421
Conversation
Signed-off-by: Israel Blancas <[email protected]>
Signed-off-by: Israel Blancas <[email protected]>
|
|
||
| func generatek8seventsRbacRules(_ logr.Logger, _ k8seventsConfig) ([]rbacv1.PolicyRule, error) { | ||
| // The k8s Events Receiver needs get permissions on the following resources always. | ||
| return []rbacv1.PolicyRule{ |
There was a problem hiding this comment.
Do we know why this component requires all of these permissions? It looks like it only sets a watch on Events themselves.
There was a problem hiding this comment.
I just followed the component documentation: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/receiver/k8seventsreceiver/README.md#rbac
I agree they are a lot. Maybe I can work on the future in the contrib repo to see if we really need that, fix the documentation and fix the permissions where. WDYT?
|
Can we merge this? |
| debug: | ||
| service: | ||
| pipelines: | ||
| traces: |
There was a problem hiding this comment.
This shouldn't work and should fail with Error: failed to build pipelines: failed to create "k8s_events" receiver for data type "traces": telemetry type is not supported.
I wonder if this is the reason why no CR/CRB is created if I deploy exactly this manifest, but with logs instead of traces?
There was a problem hiding this comment.
Nevermind, my operator SA was missing permissions... but this typo is legit.
There was a problem hiding this comment.
Worth fixing, but for the purpose of this test it doesn't matter. We don't even care if the collector starts, just that the generated ClusterRole is correct.
Link to tracking Issue(s):