Add missing mention to the permissions

Signed-off-by: Israel Blancas <iblancasa@gmail.com>
openshift · Apr 26, 2024 · e84052b · e84052b
1 parent 532e24e
commit e84052b
Showing 1 changed file with 34 additions and 17 deletions.
diff --git a/modules/otel-collector-components.adoc b/modules/otel-collector-components.adoc
@@ -85,34 +85,51 @@ The Jaeger receiver ingests traces in the Jaeger formats.
 [id="kubeletstats-receiver_{context}"]
 === Kubelet Stats Receiver
 
-The Kubelet Stats Receiver extracts metrics related to nodes, pods, containers, and volumes from the kubelet's API server. These metrics are then channeled through the metrics processing pipeline for additional analysis.
+The Kubelet Stats receiver is currently a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature only.
 
-Add this to your OpenTelemetry Collector instance to set the `K8S_NODE_NAME` to authenticate to the API:
+The Kubelet Stats receiver extracts metrics related to nodes, pods, containers, and volumes from the kubelet's API server. These metrics are then channeled through the metrics-processing pipeline for additional analysis.
+
+.OpenTelemetry Collector custom resource with an enabled Kubelet Stats receiver
 [source,yaml]
 ----
+config: |
+  receivers:
+    kubeletstats:
+      collection_interval: 20s
+      auth_type: "serviceAccount"
+      endpoint: "https://${env:K8S_NODE_NAME}:10250"
+      insecure_skip_verify: true
+  service:
+    pipelines:
+      metrics:
+	receivers: [kubeletstats]
 env:
-  - name: K8S_NODE_NAME
+  - name: K8S_NODE_NAME # <1>
     valueFrom:
       fieldRef:
         fieldPath: spec.nodeName
 ----
+<1> Sets the `K8S_NODE_NAME` to authenticate to the API.
 
-.OpenTelemetry Collector custom resource with an enabled Kubelet Stats receiver
+The Kubelet Stats receiver requires additional permissions for the service account used for running the OpenTelemetry Collector.
+
+.Permissions required by the service account
 [source,yaml]
 ----
-  config: |
-    receivers:
-      kubeletstats:
-        collection_interval: 20s
-        auth_type: "serviceAccount"
-        endpoint: "https://${env:K8S_NODE_NAME}:10250"
-        insecure_skip_verify: true
-    service:
-      pipelines:
-        metrics:
-          receivers: [kubeletstats]
-----
-
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: otel-collector
+rules:
+  - apiGroups: [""]
+    resources: ["nodes/stats"] # <1>
+    verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["nodes/proxy"] # <2>
+    verbs: ["get"]
+----
+<1> Requires the `get` permissions.
+<2> Requires permissions when using the `extra_metadata_labels` or the `request_utilization` or `limit_utilization` metrics.
 
 [id="prometheus-receiver_{context}"]
 === Prometheus Receiver