Merge pull request #91630 from max-cx/OBSDOCS-1738

xenolinux · web-flow · commit 9a100eec2a3b · 2025-04-09T16:44:43.000+05:30
OBSDOCS-1738: Add a suitable k8sattributesprocessor to ClusterRole example
diff --git a/modules/otel-forwarding-traces.adoc b/modules/otel-forwarding-traces.adoc
@@ -37,14 +37,19 @@ kind: ClusterRole
 metadata:
   name: otel-collector
 rules:
-  # <1>
-  # <2>
-- apiGroups: ["", "config.openshift.io"]
-  resources: ["pods", "namespaces", "infrastructures", "infrastructures/status"]
-  verbs: ["get", "watch", "list"]
+- apiGroups: [""]
+  resources: ["pods", "namespaces",]
+  verbs: ["get", "watch", "list"] # <1>
+- apiGroups: ["apps"]
+  resources: ["replicasets"]
+  verbs: ["get", "watch", "list"] # <2>
+- apiGroups: ["config.openshift.io"]
+  resources: ["infrastructures", "infrastructures/status"]
+  verbs: ["get", "watch", "list"] # <3>
 ----
-<1> The `k8sattributesprocessor` requires permissions for pods and namespaces resources.
-<2> The `resourcedetectionprocessor` requires permissions for infrastructures and status.
+<1> This example uses the Kubernetes Attributes Processor, which requires these permissions for the `pods` and `namespaces` resources.
+<2> Also due to the Kubernetes Attributes Processor, these permissions are required for the `replicasets` resources.
+<3> This example also uses the Resource Detection Processor, which requires these permissions for the `infrastructures` and `status` resources.
 
 . Bind the cluster role to the service account.
 +
diff --git a/observability/otel/otel-collector/otel-collector-processors.adoc b/observability/otel/otel-collector/otel-collector-processors.adoc
@@ -333,6 +333,9 @@ rules:
   - apiGroups: ['']
     resources: ['pods', 'namespaces']
     verbs: ['get', 'watch', 'list']
+  - apiGroups: ['apps']
+    resources: ['replicasets']
+    verbs: ['get', 'watch', 'list']
 # ...
 ----
 
