dxin/Work-configuration-file
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cf5b9c9d2b48139a196a5a294c7fadc47a16a1bb
Work-configuration-file/OpenTelemetry/Collector_v2/11-otel-agent-rbac.yaml
dxinn cf5b9c9d2b 0119同步
2026-01-19 22:08:33 +08:00

40 lines
984 B
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 1. 权限配置
apiVersion: v1
kind: ServiceAccount
metadata:
name: otel-agent
namespace: monitoring
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: otel-agent-role
rules:
# 允许读取 Pod 和 Node 信息
- apiGroups: [""]
resources: ["nodes", "nodes/stats", "nodes/proxy", "pods", "services", "endpoints"]
verbs: ["get", "watch", "list"]
# 允许读取 ReplicaSets以便 k8sattributes 处理器解析 Deployment 名称
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["get", "watch", "list"]
# 非资源型 URL 权限 (访问 Kubelet 统计接口)
- nonResourceURLs: ["/metrics", "/metrics/cadvisor"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: otel-agent-binding
subjects:
- kind: ServiceAccount
name: otel-agent
namespace: monitoring
roleRef:
kind: ClusterRole
name: otel-agent-role
apiGroup: rbac.authorization.k8s.io
Reference in New Issue View Git Blame Copy Permalink