--- apiVersion: v1 kind: ServiceAccount metadata: name: openobserve-collector namespace: openobserve-collector labels: app: openobserve-collector --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: openobserve-collector labels: app: openobserve-collector rules: - nonResourceURLs: ["/metrics", "/metrics/cadvisor"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: - endpoints - events - namespaces - namespaces/status - nodes - nodes/spec - nodes/stats - nodes/metrics - nodes/proxy - persistentvolumes - persistentvolumeclaims - pods - pods/status - replicationcontrollers - replicationcontrollers/status - resourcequotas - services - configmaps verbs: ["get", "list", "watch"] - apiGroups: ["monitoring.coreos.com"] resources: - servicemonitors - podmonitors - probes - scrapeconfigs verbs: ["*"] - apiGroups: ["apps"] resources: - daemonsets - deployments - replicasets - statefulsets verbs: ["get", "list", "watch"] - apiGroups: ["extensions"] resources: - ingresses verbs: ["get", "list", "watch"] - apiGroups: ["batch"] resources: - jobs - cronjobs verbs: ["get", "list", "watch"] - apiGroups: ["autoscaling"] resources: - horizontalpodautoscalers verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: - ingresses verbs: ["get", "list", "watch"] - apiGroups: ["discovery.k8s.io"] resources: - endpointslices verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: openobserve-collector labels: app: openobserve-collector roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: openobserve-collector subjects: - kind: ServiceAccount name: openobserve-collector namespace: openobserve-collector