Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide a reference to RBAC instructions for the Prometheus #424

Closed
rakyll opened this issue Sep 9, 2021 · 5 comments
Closed

Provide a reference to RBAC instructions for the Prometheus #424

rakyll opened this issue Sep 9, 2021 · 5 comments
Labels
area:collector Issues for deploying collector enhancement New feature or request help wanted Extra attention is needed

Comments

@rakyll
Copy link
Contributor

rakyll commented Sep 9, 2021

The deployment YAML don't set them up, we need to give an example for users who want to use the Prometheus receiver.

Example:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: simplest-collector
rules:
- apiGroups: [""]
  resources:
  - nodes
  - nodes/proxy
  - services
  - endpoints
  - pods
  verbs: ["get", "list", "watch"]
- apiGroups:
  - extensions
  resources:
  - ingresses
  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: simplest-collector
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: simplest-collector
subjects:
- kind: ServiceAccount
  name: simplest-collector
  namespace: opentelemetry-operator-system
@etiennejournet
Copy link

Is it possible to implement this in some way through the operator ?

Multiple options :

  • Adding a rbac bool field, the operator creates roles and rolebinding
  • Adding a role string field, the operator creates the rolebinding to it
  • Adding a role v1.role field, the operator creates the role and binds it the pod SA
  • Adding both role v1.role and serviceAccount v1.serviceAccount, the operator creates both and do proper mapping/binding

@jaronoff97
Copy link
Contributor

@iblancasa we should add this in as well after #2396

@jaronoff97 jaronoff97 added enhancement New feature or request area:collector Issues for deploying collector labels Nov 28, 2023
@pavolloffay pavolloffay added the help wanted Extra attention is needed label Feb 1, 2024
@pavolloffay
Copy link
Member

How do we want to handle this?

It would be great at least document this in the readme and then find more automated approach.

@jaronoff97
Copy link
Contributor

we could do this similar to what @iblancasa proposes here. We could also document the requirements in our readme.

@pavolloffay pavolloffay mentioned this issue Mar 8, 2024
Closed
@pavolloffay
Copy link
Member

Closing in favor #2734

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area:collector Issues for deploying collector enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rakyll @pavolloffay @jaronoff97 @etiennejournet