Provide a reference to RBAC instructions for the Prometheus

[rakyll]

The deployment YAML don't set them up, we need to give an example for users who want to use the Prometheus receiver.

Example:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: simplest-collector
rules:
- apiGroups: [""]
  resources:
  - nodes
  - nodes/proxy
  - services
  - endpoints
  - pods
  verbs: ["get", "list", "watch"]
- apiGroups:
  - extensions
  resources:
  - ingresses
  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: simplest-collector
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: simplest-collector
subjects:
- kind: ServiceAccount
  name: simplest-collector
  namespace: opentelemetry-operator-system

[etiennejournet]

Is it possible to implement this in some way through the operator ?

Multiple options :

• Adding a rbac bool field, the operator creates roles and rolebinding
• Adding a role string field, the operator creates the rolebinding to it
• Adding a role v1.role field, the operator creates the role and binds it the pod SA
• Adding both role v1.role and serviceAccount v1.serviceAccount, the operator creates both and do proper mapping/binding

[jaronoff97]

@iblancasa we should add this in as well after #2396

[pavolloffay]

How do we want to handle this?

It would be great at least document this in the readme and then find more automated approach.

[jaronoff97]

we could do this similar to what @iblancasa proposes here. We could also document the requirements in our readme.

[pavolloffay]

Closing in favor https://github.com/open-telemetry/opentelemetry-operator/issues/2734