TRACING-5064 | RHOSDT (any version), fix RBAC for k8sattribute processor

Signed-off-by: Pavol Loffay <p.loffay@gmail.com>

modules/otel-forwarding-traces.adoc

@@ -37,14 +37,19 @@ kind: ClusterRole
 metadata:
   name: otel-collector
 rules:
-  # <1>
-  # <2>
-- apiGroups: ["", "config.openshift.io"]
-  resources: ["pods", "namespaces", "infrastructures", "infrastructures/status"]
-  verbs: ["get", "watch", "list"]
+- apiGroups: [""]
+  resources: ["pods", "namespaces",]
+  verbs: ["get", "watch", "list"] # <1>
+- apiGroups: ["apps"]
+  resources: ["replicasets"]
+  verbs: ["get", "watch", "list"] # <2>
+- apiGroups: ["config.openshift.io"]
+  resources: ["infrastructures", "infrastructures/status"]
+  verbs: ["get", "watch", "list"] # <3>
 ----
-<1> The `k8sattributesprocessor` requires permissions for pods and namespaces resources.
-<2> The `resourcedetectionprocessor` requires permissions for infrastructures and status.
+<1> This example uses the Kubernetes Attributes Processor, which requires these permissions for the `pods` and `namespaces` resources.
+<2> Also due to the Kubernetes Attributes Processor, these permissions are required for the `replicasets` resources.
+<3> This example also uses the Resource Detection Processor, which requires these permissions for the `infrastructures` and `status` resources.
 
 . Bind the cluster role to the service account.
 +

observability/otel/otel-collector/otel-collector-processors.adoc

@@ -333,6 +333,9 @@ rules:
   - apiGroups: ['']
     resources: ['pods', 'namespaces']
     verbs: ['get', 'watch', 'list']
+  - apiGroups: ['apps']
+    resources: ['replicasets']
+    verbs: ['get', 'watch', 'list']
 # ...
 ----