-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
Quality / Stability / Reliability
-
1
-
False
-
-
False
-
-
When assigning a storage like
extensions: file_storage: compaction: cleanup_on_start: false directory: /queues/compact/ on_start: false create_directory: true directory: /queues/work/ fsync: true timeout: 1s
volumeClaimTemplates:
- metadata:
name: otel-queue
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: storageclassname
status: {}
the OTC works perfectly fine until the ServiceAccount get's privileges assigned.
Easiest reproducer .. assing cluster-admin
oc adm policy add-cluster-role-to-user cluster-admin -z otel-collector
That changes the `require-scc` annotation for the pod to `anyuid` which causes the Storage access to fail as the OTC does not configure any access by uid to the filesystem
securityContext: supplementalGroups: [uid-range-from-namespace] ... containers: - ... securityContext: runAsUser: uid-range-from-namespace
causing access to the file system to fail
$ oc -n istio-system logs user-collector-1
...
spanmetricsconnector@v0.140.1/connector.go:119 Building spanmetrics connector {"resource": {"service.instance.id": "ef921d02-2946-490d-9bb2-096e980b15ee", "service.name": "otelcol", "service.version": "0.140.1"}, "otelcol.component.id": "spanmetrics", "otelcol.component.kind": "connector", "otelcol.signal": "traces", "otelcol.signal.output": "metrics"}2025-11-26T12:07:30.858Z info bearertokenauthextension@v0.140.1/bearertokenauth.go:151 refresh token {"resource": {"service.instance.id": "ef921d02-2946-490d-9bb2-096e980b15ee", "service.name": "otelcol", "service.version": "0.140.1"}, "otelcol.component.id": "bearertokenauth", "otelcol.component.kind": "extension", "filename": "/var/run/secrets/kubernetes.io/serviceaccount/token"}2025-11-26T12:07:30.859Z error service@v0.140.0/service.go:150 error found during service initialization {"resource": {"service.instance.id": "ef921d02-2946-490d-9bb2-096e980b15ee", "service.name": "otelcol", "service.version": "0.140.1"}, "error": "failed to build extensions: failed to create extension \"file_storage\": mkdir /queues/work/: permission denied"}go.opentelemetry.io/collector/service.New.func1 go.opentelemetry.io/collector/service@v0.140.0/service.go:150go.opentelemetry.io/collector/service.New go.opentelemetry.io/collector/service@v0.140.0/service.go:208go.opentelemetry.io/collector/otelcol.(*Collector).setupConfigurationComponents go.opentelemetry.io/collector/otelcol@v0.140.0/collector.go:199go.opentelemetry.io/collector/otelcol.(*Collector).Run go.opentelemetry.io/collector/otelcol@v0.140.0/collector.go:317go.opentelemetry.io/collector/otelcol.NewCommand.func1 go.opentelemetry.io/collector/otelcol@v0.140.0/command.go:39github.com/spf13/cobra.(*Command).execute github.com/spf13/cobra@v1.10.1/command.go:1015github.com/spf13/cobra.(*Command).ExecuteC github.com/spf13/cobra@v1.10.1/command.go:1148github.com/spf13/cobra.(*Command).Execute github.com/spf13/cobra@v1.10.1/command.go:1071main.runInteractive github.com/os-observability/redhat-opentelemetry-collector/main.go:58main.run github.com/os-observability/redhat-opentelemetry-collector/main_others.go:10main.main github.com/os-observability/redhat-opentelemetry-collector/main.go:51runtime.main runtime/proc.go:283Error: failed to build extensions: failed to create extension "file_storage": mkdir /queues/work/: permission denied2025/11/26 12:07:30 collector server run finished with error: failed to build extensions: failed to create extension "file_storage": mkdir /queues/work/: permission denied
- clones
-
-
- New
-
- is cloned by
-
TRACING-5840 [RHOSDT 3.8] prometheusremotewrite extensive logs on out-of-bounds when restarting OTC
-
- New
-