apiVersion: v1
kind: Namespace
metadata:
  name: monitoring
---
# 1. 权限配置 (RBAC)
apiVersion: v1
kind: ServiceAccount
metadata:
  name: otel-gateway
  namespace: monitoring
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: otel-gateway-role
rules:
  # 允许读取 Pods, Nodes, Namespaces 用于打标和获取元数据
  - apiGroups: [""]
    resources: ["pods", "nodes", "namespaces", "services", "endpoints"]
    verbs: ["get", "list", "watch"]
  # 允许读取 Events (用于采集 K8s 事件)
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: otel-gateway-binding
subjects:
  - kind: ServiceAccount
    name: otel-gateway
    namespace: monitoring
roleRef:
  kind: ClusterRole
  name: otel-gateway-role
  apiGroup: rbac.authorization.k8s.io