56 lines
1.4 KiB
YAML
56 lines
1.4 KiB
YAML
|
# 1. 创建monitoring命名空间
|
|||
|
|
apiVersion: v1
|
|||
|
|
kind: Namespace
|
|||
|
|
metadata:
|
|||
|
|
name: monitoring
|
|||
|
|
labels:
|
|||
|
|
name: monitoring
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
# 2. 创建ServiceAccount
|
|||
|
|
apiVersion: v1
|
|||
|
|
kind: ServiceAccount
|
|||
|
|
metadata:
|
|||
|
|
name: otel-collector
|
|||
|
|
namespace: monitoring
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
# 3. 创建ClusterRole(最小权限)
|
|||
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|||
|
|
kind: ClusterRole
|
|||
|
|
metadata:
|
|||
|
|
name: otel-collector-role
|
|||
|
|
rules:
|
|||
|
|
# 读取节点/Pod/服务元数据(基础权限)
|
|||
|
|
- apiGroups: [""]
|
|||
|
|
resources: ["nodes", "pods", "services", "endpoints", "nodes/metrics", "nodes/stats"]
|
|||
|
|
verbs: ["get", "list", "watch"]
|
|||
|
|
|
|||
|
|
# 后续增加
|
|||
|
|
# # 新增:采集Deployment/DaemonSet/StatefulSet(apps API组)
|
|||
|
|
# - apiGroups: ["apps"]
|
|||
|
|
# resources: ["deployments", "daemonsets", "statefulsets", "replicasets"]
|
|||
|
|
# verbs: ["get", "list", "watch"]
|
|||
|
|
# # 新增:采集HPA(autoscaling API组)
|
|||
|
|
# - apiGroups: ["autoscaling"]
|
|||
|
|
# resources: ["horizontalpodautoscalers"]
|
|||
|
|
# verbs: ["get", "list", "watch"]
|
|||
|
|
# # 新增:采集k8s事件(可选,用于故障排查)
|
|||
|
|
# - apiGroups: [""]
|
|||
|
|
# resources: ["events"]
|
|||
|
|
# verbs: ["get", "list", "watch"]
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
# 4. 绑定ClusterRole到ServiceAccount
|
|||
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|||
|
|
kind: ClusterRoleBinding
|
|||
|
|
metadata:
|
|||
|
|
name: otel-collector-binding
|
|||
|
|
subjects:
|
|||
|
|
- kind: ServiceAccount
|
|||
|
|
name: otel-collector
|
|||
|
|
namespace: monitoring
|
|||
|
|
roleRef:
|
|||
|
|
kind: ClusterRole
|
|||
|
|
name: otel-collector-role
|
|||
|
|
apiGroup: rbac.authorization.k8s.io
|