Open lindeskar opened 1 week ago
@lindeskar you are correct, the preset only sets the RBAC to meet the permission requirements of the k8sattributes processor as the preset defines it. Since you added additional scope (extracting node labels) you must also supply the additional RBAC for that feature.
We do this to ensure the preset configures the minimum permissions necessary. We do not want to give more permissions that the components need as that is a security risk.
Thanks. I agree that's a reasonable default.
Then I wish for a comment about this in:
and:
Can I create PR for it?
Yes please
The kubernetesAttributes preset does not include "nodes" in it's ClusterRole, leading to errors when trying to access Node metadata:
Example chart values causing the error:
This addition to values fixes the problem:
Is this by design? I think we could update the preset documentation, or simply add "nodes" to the template:
https://github.com/open-telemetry/opentelemetry-helm-charts/blob/694c38d175d72fe8e3bc6cc5c182728615f72cbd/charts/opentelemetry-collector/templates/clusterrole.yaml#L18-L28
--
From the k8sattributesprocessor README: