Uploaded image for project: 'Distributed Tracing'
  1. Distributed Tracing
  2. TRACING-4201

OpenTelemetry operator doesn't cleanup auto created ClusterRole and ClusterRoleBinding

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhosdt-3.3
    • None
    • OpenTelemetry
    • None
    • Tracing Sprint # 253

      Version of components:

      opentelemetry-operator.v0.98.0-32-g69e84a8e

      Description of the issue:
      When auto creation of RBAC is enabled for the operator with  --create-rbac-permissions, the created ClusterRoles and ClusterRoleBindings are not deleted after deleting the collector instance. 

      Steps to reproduce the issue:
      *Install the operator from the latest upstream main branch.
      *Enable the auto creation of RBAC for the operator.

      apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: generate-processors-rbac
rules:

apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - clusterrolebindings
  - clusterroles
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
—
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: generate-processors-rbac
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: generate-processors-rbac
subjects:

kind: ServiceAccount
  name: opentelemetry-operator-controller-manager
  namespace: opentelemetry-operator

      Set the following operator args in the CSV.

      --create-rbac-permissions

      *Create OpenTelemetry collector instance with k8sattributes processor.
      oc new-project chainsaw-k8sattributes

      apiVersion: opentelemetry.io/v1alpha1
kind: OpenTelemetryCollector
metadata:
  name: simplest
  namespace: chainsaw-k8sattributes
spec:
  image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.98.0
  config: |
    receivers:
      otlp:
        protocols:
          grpc:
          http:
    processors:
      k8sattributes:
    exporters:
      debug:
    service:
      pipelines:
        traces:
          receivers: [otlp]
          processors: [k8sattributes]
          exporters: [debug]

      *Make sure the collector has started and the ClusterRole and ClusterRoleBindings are created.

      oc get clusterrole simplest-chainsaw-k8sattributes-cluster-role
NAME                                           CREATED AT
simplest-chainsaw-k8sattributes-cluster-role   2024-04-30T09:15:34Z
oc get clusterrolebindings simplest-collector                          
NAME                 ROLE                                                       AGE
simplest-collector   ClusterRole/simplest-chainsaw-k8sattributes-cluster-role   33m

      *Delete the OpenTelemetry collector instance and check that the ClusterRole and ClusterRoleBindings are still present.

              ploffay@redhat.com Pavol Loffay
              rhn-support-ikanse Ishwar Kanse
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: