Skip to content

docs(inputs.kubernetes): Document required RBAC permissions#18865

Merged
skartikey merged 2 commits into
influxdata:masterfrom
wucm667:docs/k8s-rbac-permissions
May 11, 2026
Merged

docs(inputs.kubernetes): Document required RBAC permissions#18865
skartikey merged 2 commits into
influxdata:masterfrom
wucm667:docs/k8s-rbac-permissions

Conversation

@wucm667

@wucm667 wucm667 commented May 7, 2026

Copy link
Copy Markdown
Contributor

Summary

The kubernetes input plugin uses the Kubernetes API server to discover all
cluster nodes when url is not set (cluster mode). This requires a ClusterRole
with read access to nodes, which was previously undocumented.

Added a working ClusterRole and ClusterRoleBinding YAML example documenting
the minimal required permissions (nodes: list, get). Also clarified that no
Kubernetes RBAC is needed when url is explicitly set (single-node mode).

Checklist

  • No AI generated code was used in this PR

Related issues

resolves #16407

@wucm667
docs(kubernetes): add RBAC permissions documentation to README
42afc14 
The kubernetes input plugin uses the Kubernetes API server to discover
cluster nodes when url is not set (cluster mode), which requires a
ClusterRole with read access to nodes. This was not documented, leaving
users unsure about what service account permissions are needed.

Added a working ClusterRole and ClusterRoleBinding YAML example that
documents the minimal required permissions (nodes: list, get). Also
clarified that no RBAC is needed when url is explicitly set (single-node
mode).

Closes influxdata#16407

Signed-off-by: wucm667 <stevenwucongmin@gmail.com>
@telegraf-tiger telegraf-tiger Bot added the docs Issues related to Telegraf documentation and configuration descriptions label May 7, 2026
@srebhan srebhan changed the title docs(kubernetes): add RBAC permissions documentation to README docs(inputs.kubernetes): Document required RBAC permissions May 8, 2026
@telegraf-tiger telegraf-tiger Bot added the plugin/input 1. Request for new input plugins 2. Issues/PRs that are related to input plugins label May 8, 2026
srebhan
srebhan reviewed May 8, 2026
View reviewed changes

@srebhan srebhan left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for improving the documentation @wucm667! One small comment...

Comment thread plugins/inputs/kubernetes/README.md Outdated
@srebhan srebhan self-assigned this May 8, 2026
@wucm667
docs(inputs.kubernetes): replace RBAC YAML with permission list and d…
2069cb5 
…ocs link

Remove the full ClusterRole/ClusterRoleBinding YAML example to avoid
maintenance burden. List the required permissions explicitly and link to
the official Kubernetes RBAC documentation instead.

Signed-off-by: wucm667 <stevenwucongmin@gmail.com>
srebhan
srebhan approved these changes May 11, 2026
View reviewed changes

@srebhan srebhan left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome. Thanks @wucm667!

@srebhan srebhan added the ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review. label May 11, 2026
@srebhan srebhan assigned skartikey and unassigned srebhan May 11, 2026
skartikey
skartikey approved these changes May 11, 2026
View reviewed changes

@skartikey skartikey left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wucm667 Thanks for the contribution!

@skartikey skartikey merged commit 471264c into influxdata:master May 11, 2026
27 checks passed
@github-actions github-actions Bot added this to the v1.38.4 milestone May 11, 2026
@wucm667 wucm667 deleted the docs/k8s-rbac-permissions branch May 11, 2026 09:22
srebhan pushed a commit that referenced this pull request May 11, 2026
@wucm667 @srebhan
docs(inputs.kubernetes): Document required RBAC permissions (#18865)
1d23761 
Signed-off-by: wucm667 <stevenwucongmin@gmail.com>
(cherry picked from commit 471264c)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@skartikey skartikey skartikey approved these changes

@srebhan srebhan srebhan approved these changes

Assignees

@skartikey skartikey

Labels

area/k8s docs Issues related to Telegraf documentation and configuration descriptions plugin/input 1. Request for new input plugins 2. Issues/PRs that are related to input plugins ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review.

Projects

None yet

Milestone

v1.38.4

Development

Successfully merging this pull request may close these issues.

[inputs.kubernetes] lacks any documentation what permissions the serviceaccount needs

3 participants

@wucm667 @skartikey @srebhan