From 849511b6ca1117d585d4bc21213bfd4a06918ec8 Mon Sep 17 00:00:00 2001 From: zhenyus Date: Wed, 16 Apr 2025 06:17:32 +0800 Subject: [PATCH] feat: add OpenTelemetry RBAC configuration with ServiceAccount and ClusterRole Signed-off-by: zhenyus --- .../authentication/opentelemetry-rbac.yaml | 46 +++++++++++++++++++ .../authentication/opentelemetry.yaml | 1 + 2 files changed, 47 insertions(+) create mode 100644 freeleaps/helm-pkg/authentication/templates/authentication/opentelemetry-rbac.yaml diff --git a/freeleaps/helm-pkg/authentication/templates/authentication/opentelemetry-rbac.yaml b/freeleaps/helm-pkg/authentication/templates/authentication/opentelemetry-rbac.yaml new file mode 100644 index 00000000..8d25fa64 --- /dev/null +++ b/freeleaps/helm-pkg/authentication/templates/authentication/opentelemetry-rbac.yaml @@ -0,0 +1,46 @@ +{{- if .Values.logIngest.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }}-otel-collector + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.Name }}-otel-collector +rules: + - apiGroups: [""] + resources: + - pods + - namespaces + - nodes + verbs: + - get + - watch + - list + - apiGroups: ["apps"] + resources: + - replicasets + - deployments + - statefulsets + - daemonsets + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.Name }}-otel-collector +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Release.Name }}-otel-collector +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }}-otel-collector + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/freeleaps/helm-pkg/authentication/templates/authentication/opentelemetry.yaml b/freeleaps/helm-pkg/authentication/templates/authentication/opentelemetry.yaml index e9607e35..7c7cfcee 100644 --- a/freeleaps/helm-pkg/authentication/templates/authentication/opentelemetry.yaml +++ b/freeleaps/helm-pkg/authentication/templates/authentication/opentelemetry.yaml @@ -7,6 +7,7 @@ metadata: spec: mode: sidecar image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:latest + serviceAccount: {{ .Release.Name }}-otel-collector config: receivers: filelog: