Mayne0213
9e87e6fbcb
- Revert to simpler architecture where Prometheus scrapes metrics directly via ServiceMonitors - OTel Collector only handles logs (filelog) and traces (otlp) - Remove Target Allocator and metrics-related config - This reduces complexity and resource usage for home cluster
86 lines
2.4 KiB
YAML
86 lines
2.4 KiB
YAML
# RBAC for OpenTelemetry Collector and Target Allocator
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: otel-collector
|
|
namespace: opentelemetry
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: otel-collector
|
|
rules:
|
|
# For k8sattributes processor
|
|
- apiGroups: [""]
|
|
resources: ["pods", "namespaces", "nodes", "endpoints", "services"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["apps"]
|
|
resources: ["replicasets", "deployments", "statefulsets", "daemonsets"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["discovery.k8s.io"]
|
|
resources: ["endpointslices"]
|
|
verbs: ["get", "watch", "list"]
|
|
# For Target Allocator - ServiceMonitor/PodMonitor discovery
|
|
- apiGroups: ["monitoring.coreos.com"]
|
|
resources: ["servicemonitors", "podmonitors"]
|
|
verbs: ["get", "watch", "list"]
|
|
# For node metrics
|
|
- apiGroups: [""]
|
|
resources: ["nodes/metrics", "nodes/stats", "nodes/proxy"]
|
|
verbs: ["get"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: otel-collector
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: otel-collector
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: otel-collector
|
|
namespace: opentelemetry
|
|
---
|
|
# Target Allocator ServiceAccount and RBAC
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: otel-collector-targetallocator
|
|
namespace: opentelemetry
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: otel-targetallocator
|
|
rules:
|
|
# Core resources for service discovery
|
|
- apiGroups: [""]
|
|
resources: ["pods", "nodes", "services", "endpoints", "namespaces"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["discovery.k8s.io"]
|
|
resources: ["endpointslices"]
|
|
verbs: ["get", "watch", "list"]
|
|
# Prometheus CRs
|
|
- apiGroups: ["monitoring.coreos.com"]
|
|
resources: ["servicemonitors", "podmonitors", "probes", "scrapeconfigs"]
|
|
verbs: ["get", "watch", "list"]
|
|
# For allocator coordination
|
|
- apiGroups: ["opentelemetry.io"]
|
|
resources: ["opentelemetrycollectors"]
|
|
verbs: ["get", "watch", "list"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: otel-targetallocator
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: otel-targetallocator
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: otel-collector-targetallocator
|
|
namespace: opentelemetry
|