56 lines
1.4 KiB
YAML
56 lines
1.4 KiB
YAML
# 1. 创建monitoring命名空间
|
||
apiVersion: v1
|
||
kind: Namespace
|
||
metadata:
|
||
name: monitoring
|
||
labels:
|
||
name: monitoring
|
||
|
||
---
|
||
# 2. 创建ServiceAccount
|
||
apiVersion: v1
|
||
kind: ServiceAccount
|
||
metadata:
|
||
name: otel-collector
|
||
namespace: monitoring
|
||
|
||
---
|
||
# 3. 创建ClusterRole(最小权限)
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
kind: ClusterRole
|
||
metadata:
|
||
name: otel-collector-role
|
||
rules:
|
||
# 读取节点/Pod/服务元数据(基础权限)
|
||
- apiGroups: [""]
|
||
resources: ["nodes", "pods", "services", "endpoints", "nodes/metrics", "nodes/stats"]
|
||
verbs: ["get", "list", "watch"]
|
||
|
||
# 后续增加
|
||
# # 新增:采集Deployment/DaemonSet/StatefulSet(apps API组)
|
||
# - apiGroups: ["apps"]
|
||
# resources: ["deployments", "daemonsets", "statefulsets", "replicasets"]
|
||
# verbs: ["get", "list", "watch"]
|
||
# # 新增:采集HPA(autoscaling API组)
|
||
# - apiGroups: ["autoscaling"]
|
||
# resources: ["horizontalpodautoscalers"]
|
||
# verbs: ["get", "list", "watch"]
|
||
# # 新增:采集k8s事件(可选,用于故障排查)
|
||
# - apiGroups: [""]
|
||
# resources: ["events"]
|
||
# verbs: ["get", "list", "watch"]
|
||
|
||
---
|
||
# 4. 绑定ClusterRole到ServiceAccount
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
kind: ClusterRoleBinding
|
||
metadata:
|
||
name: otel-collector-binding
|
||
subjects:
|
||
- kind: ServiceAccount
|
||
name: otel-collector
|
||
namespace: monitoring
|
||
roleRef:
|
||
kind: ClusterRole
|
||
name: otel-collector-role
|
||
apiGroup: rbac.authorization.k8s.io |