Skip to content

Commit cff10aa

Browse files
authored
[nr-k8s-otel-collector] chore: exclude container overlay path in OKE (#2114)
#### What this PR does / why we need it: Deploying the nr-k8s-otel-collector chart to an OKE cluster will result in a functional DaemonSet, but the DaemonSet logs will include the following log on each scrape interval: ``` 2026-02-10T19:11:45.349Z error scraperhelper@v0.142.0/obs_metrics.go:61 Error scraping metrics {"resource": {"service.instance.id": "0423df01-041e-4e36-aaa0-284cd7dba542", "service.name": "nrdot-collector-k8s", "service.version": "1.8.0"}, "otelcol.component.id": "hostmetrics", "otelcol.component.kind": "receiver", "otelcol.signal": "metrics", "error": "failed to read usage at /hostfs/var/lib/containers/storage/overlay: permission denied"} go.opentelemetry.io/collector/scraper/scraperhelper.wrapObsMetrics.func1 go.opentelemetry.io/collector/scraper/scraperhelper@v0.142.0/obs_metrics.go:61 go.opentelemetry.io/collector/scraper.ScrapeMetricsFunc.ScrapeMetrics go.opentelemetry.io/collector/scraper@v0.142.0/metrics.go:24 go.opentelemetry.io/collector/scraper/scraperhelper.scrapeMetrics go.opentelemetry.io/collector/scraper/scraperhelper@v0.142.0/controller.go:256 go.opentelemetry.io/collector/scraper/scraperhelper.NewMetricsController.func1 go.opentelemetry.io/collector/scraper/scraperhelper@v0.142.0/controller.go:228 go.opentelemetry.io/collector/scraper/scraperhelper.(*controller[...]).startScraping.func1 go.opentelemetry.io/collector/scraper/scraperhelper@v0.142.0/controller.go:171 ``` **This error also occurs in the vanilla opentelemetry collector chart when deployed to OKE**. OKE uses the CRI-O container runtime, and the nonroot user cannot access this particular path. Excluding the mount path when the user is running as nonroot will prevent the error from appearing in logs. If the user chooses to run as root or in privileged mode, the path will be allowed. #### Which issue this PR fixes *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)* - fixes # #### Special notes for your reviewer: #### Checklist [Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.] - [x] Chart Version bumped - [x] Title of the PR starts with chart name (e.g. `[mychartname]`) # Release Notes to Publish (nr-k8s-otel-collector) If this PR contains changes in `nr-k8s-otel-collector`, please complete the following section. All other charts should ignore this section. <!--BEGIN-RELEASE-NOTES--> ## 🚀 What's Changed * Excludes the var/lib/containers/storage/overlay path from hostmetrics receiver when running as nonroot, which was throwing permission denied errors in OKE. <!--END-RELEASE-NOTES-->
1 parent 96436be commit cff10aa

File tree

13 files changed

+238
-15
lines changed

13 files changed

+238
-15
lines changed

charts/nr-k8s-otel-collector/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ type: application
1717
# This is the chart version. This version number should be incremented each time you make changes
1818
# to the chart and its templates, including the app version.
1919
# Versions are expected to follow Semantic Versioning (https://semver.org/)
20-
version: 0.10.4
20+
version: 0.10.5
2121

2222

2323
dependencies:

charts/nr-k8s-otel-collector/examples/k8s/rendered/clusterrole.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ metadata:
99
app.kubernetes.io/managed-by: Helm
1010
app.kubernetes.io/name: nr-k8s-otel-collector
1111
app.kubernetes.io/version: 1.2.0
12-
helm.sh/chart: nr-k8s-otel-collector-0.10.4
12+
helm.sh/chart: nr-k8s-otel-collector-0.10.5
1313
rules:
1414
- apiGroups:
1515
- ""

charts/nr-k8s-otel-collector/examples/k8s/rendered/clusterrolebinding.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ metadata:
99
app.kubernetes.io/managed-by: Helm
1010
app.kubernetes.io/name: nr-k8s-otel-collector
1111
app.kubernetes.io/version: 1.2.0
12-
helm.sh/chart: nr-k8s-otel-collector-0.10.4
12+
helm.sh/chart: nr-k8s-otel-collector-0.10.5
1313
subjects:
1414
- kind: ServiceAccount
1515
name: nr-k8s-otel-collector

charts/nr-k8s-otel-collector/examples/k8s/rendered/daemonset-configmap.yaml

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ metadata:
1010
app.kubernetes.io/managed-by: Helm
1111
app.kubernetes.io/name: nr-k8s-otel-collector
1212
app.kubernetes.io/version: 1.2.0
13-
helm.sh/chart: nr-k8s-otel-collector-0.10.4
13+
helm.sh/chart: nr-k8s-otel-collector-0.10.5
1414
data:
1515
daemonset-config.yaml: |
1616
receivers:
@@ -43,6 +43,12 @@ data:
4343
metrics:
4444
system.filesystem.utilization:
4545
enabled: true
46+
# Exclude container storage overlay mount to avoid permission errors when running as non-root
47+
# This is only relevant for CRI-O container runtime (used by OKE, OpenShift, etc.)
48+
exclude_mount_points:
49+
mount_points:
50+
- ^/var/lib/containers/storage/overlay$
51+
match_type: regexp
4652
disk:
4753
metrics:
4854
system.disk.merged:
@@ -607,7 +613,7 @@ data:
607613
value: <cluser_name>
608614
- key: "newrelic.chart.version"
609615
action: upsert
610-
value: 0.10.4
616+
value: 0.10.5
611617
- key: newrelic.entity.type
612618
action: upsert
613619
value: "k8s"

charts/nr-k8s-otel-collector/examples/k8s/rendered/daemonset.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ metadata:
1010
app.kubernetes.io/managed-by: Helm
1111
app.kubernetes.io/name: nr-k8s-otel-collector
1212
app.kubernetes.io/version: 1.2.0
13-
helm.sh/chart: nr-k8s-otel-collector-0.10.4
13+
helm.sh/chart: nr-k8s-otel-collector-0.10.5
1414
spec:
1515
selector:
1616
matchLabels:
@@ -24,7 +24,7 @@ spec:
2424
app.kubernetes.io/name: nr-k8s-otel-collector
2525
component: daemonset
2626
annotations:
27-
checksum/config: d2b3a75ff0824bb1a9ba7c3fadcfed978f9cfbc98ab21cace51a0a4d4aaba8b9
27+
checksum/config: 6c5ce1a6f82c834eb8b42383bd1fb5181cea24c7ccdbd725ce105076e2cb1094
2828
spec:
2929
serviceAccountName: nr-k8s-otel-collector
3030
initContainers:

charts/nr-k8s-otel-collector/examples/k8s/rendered/deployment-configmap.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ metadata:
1010
app.kubernetes.io/managed-by: Helm
1111
app.kubernetes.io/name: nr-k8s-otel-collector
1212
app.kubernetes.io/version: 1.2.0
13-
helm.sh/chart: nr-k8s-otel-collector-0.10.4
13+
helm.sh/chart: nr-k8s-otel-collector-0.10.5
1414
data:
1515
deployment-config.yaml: |
1616
receivers:
@@ -516,7 +516,7 @@ data:
516516
value: <cluser_name>
517517
- key: "newrelic.chart.version"
518518
action: upsert
519-
value: 0.10.4
519+
value: 0.10.5
520520
- key: newrelic.entity.type
521521
action: upsert
522522
value: "k8s"
@@ -534,7 +534,7 @@ data:
534534
value: <cluser_name>
535535
- key: "newrelic.chart.version"
536536
action: upsert
537-
value: 0.10.4
537+
value: 0.10.5
538538
539539
transform/events:
540540
log_statements:

charts/nr-k8s-otel-collector/examples/k8s/rendered/deployment.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ metadata:
1010
app.kubernetes.io/managed-by: Helm
1111
app.kubernetes.io/name: nr-k8s-otel-collector
1212
app.kubernetes.io/version: 1.2.0
13-
helm.sh/chart: nr-k8s-otel-collector-0.10.4
13+
helm.sh/chart: nr-k8s-otel-collector-0.10.5
1414
spec:
1515
replicas: 1
1616
minReadySeconds: 5
@@ -26,7 +26,7 @@ spec:
2626
app.kubernetes.io/name: nr-k8s-otel-collector
2727
component: deployment
2828
annotations:
29-
checksum/config: 83286d160925df1d451b4b722c4a301886b5071459be13ed88cf2918d817233d
29+
checksum/config: cdcda6b0e1e1481ee0d0ee12c277157e965d9a3c2452b4e275e8c13fb218aa59
3030
spec:
3131
serviceAccountName: nr-k8s-otel-collector
3232
containers:

charts/nr-k8s-otel-collector/examples/k8s/rendered/secret.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,6 @@ metadata:
1010
app.kubernetes.io/managed-by: Helm
1111
app.kubernetes.io/name: nr-k8s-otel-collector
1212
app.kubernetes.io/version: 1.2.0
13-
helm.sh/chart: nr-k8s-otel-collector-0.10.4
13+
helm.sh/chart: nr-k8s-otel-collector-0.10.5
1414
data:
1515
licenseKey: PE5SX2xpY2Vuc2VLZXk+

charts/nr-k8s-otel-collector/examples/k8s/rendered/service.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ metadata:
1010
app.kubernetes.io/managed-by: Helm
1111
app.kubernetes.io/name: nr-k8s-otel-collector
1212
app.kubernetes.io/version: 1.2.0
13-
helm.sh/chart: nr-k8s-otel-collector-0.10.4
13+
helm.sh/chart: nr-k8s-otel-collector-0.10.5
1414
spec:
1515
type: ClusterIP
1616
ports:

charts/nr-k8s-otel-collector/examples/k8s/rendered/serviceaccount.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,5 +10,5 @@ metadata:
1010
app.kubernetes.io/managed-by: Helm
1111
app.kubernetes.io/name: nr-k8s-otel-collector
1212
app.kubernetes.io/version: 1.2.0
13-
helm.sh/chart: nr-k8s-otel-collector-0.10.4
13+
helm.sh/chart: nr-k8s-otel-collector-0.10.5
1414
annotations:

0 commit comments

Comments
 (0)