-
Notifications
You must be signed in to change notification settings - Fork 479
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[collector] kubernetesAttributes preset ClusterRole does not include "nodes" #1377
Comments
@lindeskar you are correct, the preset only sets the RBAC to meet the permission requirements of the k8sattributes processor as the preset defines it. Since you added additional scope (extracting node labels) you must also supply the additional RBAC for that feature. We do this to ensure the preset configures the minimum permissions necessary. We do not want to give more permissions that the components need as that is a security risk. |
Thanks. I agree that's a reasonable default. Then I wish for a comment about this in: opentelemetry-helm-charts/charts/opentelemetry-collector/values.yaml Lines 45 to 47 in 694c38d
and: opentelemetry-helm-charts/charts/opentelemetry-collector/README.md Lines 144 to 146 in 694c38d
Can I create PR for it? |
Yes please |
The kubernetesAttributes preset does not include "nodes" in it's ClusterRole, leading to errors when trying to access Node metadata:
Example chart values causing the error:
This addition to values fixes the problem:
Is this by design? I think we could update the preset documentation, or simply add "nodes" to the template:
opentelemetry-helm-charts/charts/opentelemetry-collector/templates/clusterrole.yaml
Lines 18 to 28 in 694c38d
--
From the k8sattributesprocessor README:
The text was updated successfully, but these errors were encountered: