-
Notifications
You must be signed in to change notification settings - Fork 454
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatically create rbac permissions flag for Prometheus receiver #3078
Comments
@iblancasa anything jumping out as problematic here? |
IIRC the |
however it would be great to support it |
fyi for clarity my test setup did not use the target allocator (I'm aware the current helm charts require you to manually setup the target allocator RBAC resources). Apologies for the confusion in the naming. My sample config is below.
|
@paebersold-tyro |
Correct, this should be an enhancement proposal to automate RBAC for the prometheus receiver. |
I have updated the title, please edit it if it does not match what is being asked here. |
Thanks for the clarification on the issue and fine with the title update. Ideally it would be great to have a note on exactly what |
Actually, the title should be changed because the flag does nothing now. Now, we check if the operator has permissions to create RBAC resources and, if permissions are there, the operator will create the RBAC resources. |
+1 on this if we have a solution |
Component(s)
collector
What happened?
Description
I am running the opentelemetry-operator with the
--create-rbac-permissions
flag set. When a new OpenTelemetryCollector resource is created (eg mode: daemonset) new pods are created and a new serviceaccount is created as well. However no new clusterroles or clusterrolebindings are created. This results in prometheus scrape errors due to lack of permissions for example. EgNo logs are generated on the operator-manager pod.
The clusterole that the operator manager is using has the access to create clusterroles/clusterrolebindings (I am deploying via the helm chart opentelemetry-operator version 0.62.0 (https://open-telemetry.github.io/opentelemetry-helm-charts)
Based on other issues raised previously it seems this flag was optional but now may no longer be required with the permissions being automatically granted based on existing access - I would like clarification on this aspect too please.
Steps to Reproduce
Run the opentelementry-operator with the create-rbac-permissions flag.
Expected Result
Clusterroles/bindings would be create when the new collector pods are created
Actual Result
No new roles/bindings created
Kubernetes Version
1.29
Operator version
0.102.0
Collector version
0.102.0
Environment information
Serviceaccount used by manager
Clusterrolebinding
clusterrole for the operator manager (generated via helm chart)
Log output
No response
Additional context
Pods created via manager..
Associated service account
No clusterroles/etc associated
The text was updated successfully, but these errors were encountered: