Red Hat's Loki Operator deploys a Loki that is always protected by kube-rbac-proxy. This means that the pods holding CloudKitty containers will need to have the appropriate rbac configuration to be able to connect to Loki.

However, even if the appropriate rbac is created, CloudKitty Loki driver does not make any use of it, so this need a CloudKitty modification to be able to get the token from the container and present it to Loki on each API request.