Skip to content

Commit 2779fd7

Browse files
committed
Scope profile RBAC to k8s profile presets
1 parent 433e4b1 commit 2779fd7

3 files changed

Lines changed: 4 additions & 7 deletions

File tree

charts/opentelemetry-collector/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
- [Feat] Forward eBPF profiler profiles to a node-local agent over OTLP by default, keeping Kubernetes attributes and profile service-name mapping on the standard agent collector.
88
- [Feat] Add the `x-coralogix-ingress: otlp/v1.10.0` header to Coralogix profile exports.
99
- [Fix] Match profile Kubernetes attributes by `container.id` before falling back to connection-based pod association.
10+
- [Fix] Scope profile Kubernetes RBAC to the `profilesCollection` and `profilesK8sAttributes` presets that configure `k8sattributes/profiles`.
1011

1112
### v0.131.0 / 2026-04-30
1213

charts/opentelemetry-collector/templates/clusterrole.yaml

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,4 @@
1-
{{- $ebpfProfilerNeedsK8sRBAC := and (.Values.presets.ebpfProfiler.enabled) (not .Values.presets.ebpfProfiler.forwardToAgent.enabled) -}}
2-
{{- $profilesK8sAttributesNeedsRBAC := and (.Values.presets.profilesK8sAttributes.enabled) (not (and .Values.presets.ebpfProfiler.enabled .Values.presets.ebpfProfiler.forwardToAgent.enabled)) -}}
3-
{{- if or (.Values.clusterRole.create) (.Values.presets.kubernetesAttributes.enabled) (.Values.presets.clusterMetrics.enabled) (.Values.presets.kubeletMetrics.enabled) (.Values.presets.kubernetesEvents.enabled) (.Values.presets.mysql.metrics.enabled) (.Values.presets.kubernetesResources.enabled) (.Values.presets.profilesCollection.enabled) ($profilesK8sAttributesNeedsRBAC) ($ebpfProfilerNeedsK8sRBAC) (.Values.presets.loadBalancing.k8s.enabled) (.Values.presets.kubernetesExtraMetrics.enabled) (.Values.presets.kubernetesApiServerMetrics.enabled) (.Values.presets.prometheusAnnotationDiscovery.enabled) (eq .Values.distribution "eks/fargate") -}}
1+
{{- if or (.Values.clusterRole.create) (.Values.presets.kubernetesAttributes.enabled) (.Values.presets.clusterMetrics.enabled) (.Values.presets.kubeletMetrics.enabled) (.Values.presets.kubernetesEvents.enabled) (.Values.presets.mysql.metrics.enabled) (.Values.presets.kubernetesResources.enabled) (.Values.presets.profilesCollection.enabled) (.Values.presets.profilesK8sAttributes.enabled) (.Values.presets.loadBalancing.k8s.enabled) (.Values.presets.kubernetesExtraMetrics.enabled) (.Values.presets.kubernetesApiServerMetrics.enabled) (.Values.presets.prometheusAnnotationDiscovery.enabled) (eq .Values.distribution "eks/fargate") -}}
42
apiVersion: rbac.authorization.k8s.io/v1
53
kind: ClusterRole
64
metadata:
@@ -17,7 +15,7 @@ rules:
1715
{{- if .Values.clusterRole.rules -}}
1816
{{ toYaml .Values.clusterRole.rules | nindent 2 -}}
1917
{{- end }}
20-
{{- if or (.Values.presets.kubernetesAttributes.enabled) (.Values.presets.mysql.metrics.enabled) (.Values.presets.profilesCollection.enabled) ($profilesK8sAttributesNeedsRBAC) ($ebpfProfilerNeedsK8sRBAC) }}
18+
{{- if or (.Values.presets.kubernetesAttributes.enabled) (.Values.presets.mysql.metrics.enabled) (.Values.presets.profilesCollection.enabled) (.Values.presets.profilesK8sAttributes.enabled) }}
2119
- apiGroups: [""]
2220
resources: ["pods", "namespaces"]
2321
verbs: ["get", "watch", "list"]

charts/opentelemetry-collector/templates/clusterrolebinding.yaml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,4 @@
1-
{{- $ebpfProfilerNeedsK8sRBAC := and (.Values.presets.ebpfProfiler.enabled) (not .Values.presets.ebpfProfiler.forwardToAgent.enabled) -}}
2-
{{- $profilesK8sAttributesNeedsRBAC := and (.Values.presets.profilesK8sAttributes.enabled) (not (and .Values.presets.ebpfProfiler.enabled .Values.presets.ebpfProfiler.forwardToAgent.enabled)) -}}
3-
{{- if or (.Values.clusterRole.create) (.Values.presets.kubernetesAttributes.enabled) (.Values.presets.clusterMetrics.enabled) (.Values.presets.kubeletMetrics.enabled) (.Values.presets.kubernetesEvents.enabled) (.Values.presets.mysql.metrics.enabled) (.Values.presets.kubernetesResources.enabled) (.Values.presets.profilesCollection.enabled) ($profilesK8sAttributesNeedsRBAC) ($ebpfProfilerNeedsK8sRBAC) (.Values.presets.loadBalancing.k8s.enabled) (.Values.presets.kubernetesExtraMetrics.enabled) (.Values.presets.kubernetesApiServerMetrics.enabled) (eq .Values.distribution "eks/fargate") -}}
1+
{{- if or (.Values.clusterRole.create) (.Values.presets.kubernetesAttributes.enabled) (.Values.presets.clusterMetrics.enabled) (.Values.presets.kubeletMetrics.enabled) (.Values.presets.kubernetesEvents.enabled) (.Values.presets.mysql.metrics.enabled) (.Values.presets.kubernetesResources.enabled) (.Values.presets.profilesCollection.enabled) (.Values.presets.profilesK8sAttributes.enabled) (.Values.presets.loadBalancing.k8s.enabled) (.Values.presets.kubernetesExtraMetrics.enabled) (.Values.presets.kubernetesApiServerMetrics.enabled) (eq .Values.distribution "eks/fargate") -}}
42
apiVersion: rbac.authorization.k8s.io/v1
53
kind: ClusterRoleBinding
64
metadata:

0 commit comments

Comments
 (0)