By default otel collector pod starts up with restricted-v2 SCC.

tempo-operator.v0.15.4-1
opentelemetry-operator.v0.119.0-2

100%

1. Install and configure TempoStack

2. Setup OpenTelemetryCollector to use FileLog receiver using documentation:
   [-] https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/red_hat_build_of_opentelemetry/configuring-the-collector#filelog-receiver_otel-collector-receivers

3. The pod doesn't initialize because of below event:

6s          Warning   FailedCreate        replicaset/dev-collector-6d7766cf95   Error creating: pods "dev-collector-6d7766cf95-" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used, provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "logging-scc": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]

Pod doesn't initialize because of SCC restrictions.

Enabling filelog receiver should configure OpenTelemetryCollector with correct security configs.

To workaround the problem, bind the serviceaccount used by OpenTelemetryCollector with privileged SCC:
$ oc adm policy add-scc-to-user privileged -z <otel-collector-serviceaccount> -n <otel-collector-namespace>