From a435ca98635476fffb0d94f672c88abd90af9e94 Mon Sep 17 00:00:00 2001 From: Liz Fong-Jones Date: Fri, 10 Nov 2023 16:33:33 -0800 Subject: [PATCH] fix(processor/k8sattributes): README was misleading/had typoes (#29108) **Description:** Fixes misleading documentation about which RBAC role is required and other invalid YAML I found along the way --- processor/k8sattributesprocessor/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/processor/k8sattributesprocessor/README.md b/processor/k8sattributesprocessor/README.md index 724b08e979cb..a286db6265da 100644 --- a/processor/k8sattributesprocessor/README.md +++ b/processor/k8sattributesprocessor/README.md @@ -158,9 +158,9 @@ k8sattributes/2: ## Role-based access control -The k8sattributesprocessor needs `get`, `watch` and `list` permissions on both `pods` and `namespaces` resources, for all namespaces and pods included in the configured filters. Additionally, when using `k8s.deployment.uid` or `k8s.deployment.name` the processor also needs `get`, `watch` and `list` permissions for `replicaset` resources. When extracting metadatas from `node`, the processor needs `get`, `watch` and `list` permissions for `node` resources. +The k8sattributesprocessor needs `get`, `watch` and `list` permissions on both `pods` and `namespaces` resources, for all namespaces and pods included in the configured filters. Additionally, when using `k8s.deployment.uid` or `k8s.deployment.name` the processor also needs `get`, `watch` and `list` permissions for `replicasets` resources. When extracting metadatas from `node`, the processor needs `get`, `watch` and `list` permissions for `nodes` resources. -Here is an example of a `ClusterRole` to give a `ServiceAccount` the necessary permissions for all pods and namespaces in the cluster (replace `` with a namespace where collector is deployed): +Here is an example of a `ClusterRole` to give a `ServiceAccount` the necessary permissions for all pods, nodes, and namespaces in the cluster (replace `` with a namespace where collector is deployed): ```yaml apiVersion: v1 @@ -175,7 +175,7 @@ metadata: name: otel-collector rules: - apiGroups: [""] - resources: ["pods", "namespaces"] + resources: ["pods", "namespaces", "nodes"] verbs: ["get", "watch", "list"] - apiGroups: ["apps"] resources: ["replicasets"] @@ -220,7 +220,7 @@ to complete the following steps: Add the following snippet under the pod env section of the OpenTelemetry container. ```yaml -2. spec: +spec: containers: - env: - name: KUBE_NODE_NAME