Skip to content

Commit

Permalink
fix(processor/k8sattributes): README was misleading/had typoes (open-…
Browse files Browse the repository at this point in the history
…telemetry#29108)

**Description:**
Fixes misleading documentation about which RBAC role is required and
other invalid YAML I found along the way
  • Loading branch information
lizthegrey authored and RoryCrispin committed Nov 24, 2023
1 parent c13708c commit a435ca9
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions processor/k8sattributesprocessor/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -158,9 +158,9 @@ k8sattributes/2:
## Role-based access control
The k8sattributesprocessor needs `get`, `watch` and `list` permissions on both `pods` and `namespaces` resources, for all namespaces and pods included in the configured filters. Additionally, when using `k8s.deployment.uid` or `k8s.deployment.name` the processor also needs `get`, `watch` and `list` permissions for `replicaset` resources. When extracting metadatas from `node`, the processor needs `get`, `watch` and `list` permissions for `node` resources.
The k8sattributesprocessor needs `get`, `watch` and `list` permissions on both `pods` and `namespaces` resources, for all namespaces and pods included in the configured filters. Additionally, when using `k8s.deployment.uid` or `k8s.deployment.name` the processor also needs `get`, `watch` and `list` permissions for `replicasets` resources. When extracting metadatas from `node`, the processor needs `get`, `watch` and `list` permissions for `nodes` resources.

Here is an example of a `ClusterRole` to give a `ServiceAccount` the necessary permissions for all pods and namespaces in the cluster (replace `<OTEL_COL_NAMESPACE>` with a namespace where collector is deployed):
Here is an example of a `ClusterRole` to give a `ServiceAccount` the necessary permissions for all pods, nodes, and namespaces in the cluster (replace `<OTEL_COL_NAMESPACE>` with a namespace where collector is deployed):

```yaml
apiVersion: v1
Expand All @@ -175,7 +175,7 @@ metadata:
name: otel-collector
rules:
- apiGroups: [""]
resources: ["pods", "namespaces"]
resources: ["pods", "namespaces", "nodes"]
verbs: ["get", "watch", "list"]
- apiGroups: ["apps"]
resources: ["replicasets"]
Expand Down Expand Up @@ -220,7 +220,7 @@ to complete the following steps:
Add the following snippet under the pod env section of the OpenTelemetry container.

```yaml
2. spec:
spec:
containers:
- env:
- name: KUBE_NODE_NAME
Expand Down

0 comments on commit a435ca9

Please sign in to comment.