opentelemetry-collector
opentelemetry-collector copied to clipboard
Published
20 hours ago •
open-telemetry
open-telemetry
Unable to run opentelemetry-collector in namespaced mode
Describe the bug
Provide a way to run the opentelemetry-collector in namespaced mode (without the need for a cluster-role)
Steps to reproduce
Deploy opentelemetry-collector with a role and add a receiver that will access the K8S API (ex: prometheus)
What did you expect to see?
No RBAC errors should be reported
What did you see instead?
RBAC errors are printed to console, where resources like Pods, ReplicaSets are being listed at the cluster level, instead of namespace.
E0628 13:56:31.636433 1 reflector.go:147] k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v1.ReplicationController: failed to list *v1.ReplicationController: replicationcontrollers is forbidden: User "system:serviceaccount:argocd-openshift:collector-sa" cannot list resource "replicationcontrollers" in API group "" at the cluster scope
E0628 13:56:36.263036 1 reflector.go:147] k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v1.Deployment: failed to list *v1.Deployment: deployments.apps is forbidden: User "system:serviceaccount:argocd-openshift:collector-sa" cannot list resource "deployments" in API group "apps" at the cluster scope
E0628 13:56:41.790609 1 reflector.go:147] k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v1.Event: failed to list *v1.Event: events is forbidden: User "system:serviceaccount:argocd-openshift:collector-sa" cannot list resource "events" in API group "" at the cluster scope
E0628 14:00:54.757556 1 reflector.go:147] k8s.io/[email protected]/tools/cache/reflector.go:229: Failed to watch *v2.HorizontalPodAutoscaler: failed to list *v2.HorizontalPodAutoscaler: horizontalpodautoscalers.autoscaling is forbidden: User "system:serviceaccount:argocd-openshift:collector-sa" cannot list resource "horizontalpodautoscalers" in API group "autoscaling" at the cluster scope
Additional context
I want to be able to run otel-operator + collectors in a K8S environment, where I only have access to a namespace.
