Disable telemetry for share process namespace

pkg/otel/templates/metrics.tmpl

@@ -1,12 +1,5 @@
 {{- define "metrics-node-receivers" -}}
 {{- if .Metrics.Enabled -}}
-prometheus/self:
-    config:
-      scrape_configs:
-        - job_name: 'otel-collector'
-          scrape_interval: 15s
-          static_configs:
-            - targets: ['127.0.0.1:{{ .Metrics.ListenPort }}']
 {{ template "metrics-nodehost-receiver" . }}
 {{- end -}}
 {{- end -}}
@@ -81,10 +74,8 @@ kubeletstats:
 {{- define "metrics-self-telemetry" -}}
 {{- if .Metrics.Enabled -}}
   telemetry:
-    logs:
-      level : {{ or .Metrics.LogLevel "debug" }}
     metrics:
-      address : "127.0.0.1:{{ .Metrics.ListenPort }}"
+      level: none
 {{- end -}}
 {{- end -}}
 

pkg/otel/types.go

@@ -154,7 +154,6 @@ func (w *WALConfig) DeepCopy() *WALConfig {
 func (d NodeConfig) MetricReceivers() []string {
 	res := []string{}
 	if d.Metrics.Enabled {
-		res = append(res, "prometheus/self")
 		if lo.FromPtrOr(d.Metrics.Spec.HostMetrics, false) {
 			res = append(res, "hostmetrics")
 			if d.Containerized {
@@ -168,7 +167,6 @@ func (d NodeConfig) MetricReceivers() []string {
 func (o AggregatorConfig) MetricReceivers() []string {
 	res := []string{}
 	if o.Metrics.Enabled {
-		res = append(res, "prometheus/self")
 		if len(o.Metrics.Spec.AdditionalScrapeConfigs) > 0 {
 			res = append(res, "prometheus/additional")
 		}

pkg/resources/collector/templates.go

@@ -197,7 +197,6 @@ receivers:
     protocols:
       grpc: {}
       http: {}
-  {{ template "metrics-self-receiver" . }}
   {{ template "metrics-prometheus-receiver" . }}
   {{ template "metrics-prometheus-discoverer" . }}
 {{- if .LogsEnabled }}

pkg/resources/collector/workloads.go

@@ -25,7 +25,7 @@ const (
 	collectorImage     = "rancher-sandbox/opni-otel-collector"
 	collectorVersion   = "v0.1.2-0.74.0"
 	reloaderImage      = "rancher-sandbox/config-reloader"
-	reloaderVersion    = "v0.1.0"
+	reloaderVersion    = "v0.1.2"
 	otelColBinaryName  = "otelcol-custom"
 	otelConfigDir      = "/etc/otel"
 
@@ -286,7 +286,7 @@ func (r *Reconciler) daemonSet() resources.Resource {
 							},
 							VolumeMounts: volumeMounts,
 						},
-						r.configReloaderContainer(volumeMounts),
+						r.configReloaderContainer(volumeMounts, true),
 					},
 					ImagePullSecrets: imageSpec.ImagePullSecrets,
 					Volumes:          volumes,
@@ -415,7 +415,7 @@ func (r *Reconciler) deployment() resources.Resource {
 								},
 							},
 						},
-						r.configReloaderContainer(volumeMounts),
+						r.configReloaderContainer(volumeMounts, false),
 					},
 					ImagePullSecrets:   imageSpec.ImagePullSecrets,
 					Volumes:            volumes,
@@ -465,7 +465,7 @@ func (r *Reconciler) service() resources.Resource {
 	return resources.Present(svc)
 }
 
-func (r *Reconciler) configReloaderContainer(mounts []corev1.VolumeMount) corev1.Container {
+func (r *Reconciler) configReloaderContainer(mounts []corev1.VolumeMount, runAsRoot bool) corev1.Container {
 	reloaderImageSpec := r.configReloaderImageSpec()
 	return corev1.Container{
 		Name:            "config-reloader",
@@ -477,13 +477,20 @@ func (r *Reconciler) configReloaderContainer(mounts []corev1.VolumeMount) corev1
 			"-process",
 			otelColBinaryName,
 		},
-		SecurityContext: &corev1.SecurityContext{
-			Capabilities: &corev1.Capabilities{
-				Add: []corev1.Capability{
-					"SYS_PTRACE",
+		SecurityContext: func() *corev1.SecurityContext {
+			ctx := &corev1.SecurityContext{
+				Capabilities: &corev1.Capabilities{
+					Add: []corev1.Capability{
+						"SYS_PTRACE",
+					},
 				},
-			},
-		},
+				RunAsUser: lo.ToPtr[int64](10001),
+			}
+			if runAsRoot {
+				ctx.RunAsUser = lo.ToPtr[int64](0)
+			}
+			return ctx
+		}(),
 		VolumeMounts: mounts,
 	}
 }