open-telemetry
diff --git a/‎.chloggen/3429.yaml
+16 b/‎.chloggen/3429.yaml
+16
diff --git a/‎.chloggen/3446.yaml
+19 b/‎.chloggen/3446.yaml
+19
diff --git a/‎autoinstrumentation/java/version.txt
+1-1 b/‎autoinstrumentation/java/version.txt
+1-1
diff --git a/‎internal/components/receivers/helpers.go
+3 b/‎internal/components/receivers/helpers.go
+3
diff --git a/‎internal/components/receivers/k8sobjects.go
+49 b/‎internal/components/receivers/k8sobjects.go
+49
diff --git a/‎internal/components/receivers/k8sobjects_test.go
+136 b/‎internal/components/receivers/k8sobjects_test.go
+136
diff --git a/‎internal/operator-metrics/metrics.go
+67-15 b/‎internal/operator-metrics/metrics.go
+67-15
@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action)
+component: collector
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Create RBAC rules for the k8sobjects receiver automatically.
+
+# One or more tracking issues related to the change
+issues: [3429]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
@@ -0,0 +1,19 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: 'bug_fix'
+
+# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action)
+component: operator
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Operator pod crashed if the Service Monitor for the operator metrics was created before by another operator pod.
+
+# One or more tracking issues related to the change
+issues: [3446]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext: |
+  Operator fails when the pod is restarted and the Service Monitor for operator metrics was already created by another operator pod.
+  To fix this, the operator now sets the owner reference on the Service Monitor to itself and checks if the Service Monitor already exists.
+
@@ -1 +1 @@
-2.9.0
+2.10.0
@@ -143,6 +143,9 @@ var (
 		components.NewBuilder[k8seventsConfig]().WithName("k8s_events").
 			WithRbacGen(generatek8seventsRbacRules).
 			MustBuild(),
+		components.NewBuilder[k8sobjectsConfig]().WithName("k8sobjects").
+			WithRbacGen(generatek8sobjectsRbacRules).
+			MustBuild(),
 		NewScraperParser("prometheus"),
 		NewScraperParser("sshcheck"),
 		NewScraperParser("cloudfoundry"),
 
@@ -0,0 +1,49 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package receivers
+
+import (
+	"github.com/go-logr/logr"
+	rbacv1 "k8s.io/api/rbac/v1"
+)
+
+type k8sobjectsConfig struct {
+	Objects []k8sObject `yaml:"objects"`
+}
+
+type k8sObject struct {
+	Name  string `yaml:"name"`
+	Mode  string `yaml:"mode"`
+	Group string `yaml:"group,omitempty"`
+}
+
+func generatek8sobjectsRbacRules(_ logr.Logger, config k8sobjectsConfig) ([]rbacv1.PolicyRule, error) {
+	// https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/k8sobjectsreceiver#rbac
+	prs := []rbacv1.PolicyRule{}
+	for _, obj := range config.Objects {
+		permissions := []string{"list"}
+		if obj.Mode == "pull" && (obj.Name != "events" && obj.Name != "events.k8s.io") {
+			permissions = append(permissions, "get")
+		} else if obj.Mode == "watch" {
+			permissions = append(permissions, "watch")
+		}
+		prs = append(prs, rbacv1.PolicyRule{
+			APIGroups: []string{obj.Group},
+			Resources: []string{obj.Name},
+			Verbs:     permissions,
+		})
+	}
+	return prs, nil
+}
@@ -0,0 +1,136 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package receivers
+
+import (
+	"testing"
+
+	"github.com/go-logr/logr"
+	"github.com/stretchr/testify/assert"
+	rbacv1 "k8s.io/api/rbac/v1"
+)
+
+func Test_generatek8sobjectsRbacRules(t *testing.T) {
+	tests := []struct {
+		name   string
+		config k8sobjectsConfig
+		want   []rbacv1.PolicyRule
+	}{
+		{
+			name: "basic watch mode",
+			config: k8sobjectsConfig{
+				Objects: []k8sObject{
+					{
+						Name:  "pods",
+						Mode:  "watch",
+						Group: "v1",
+					},
+				},
+			},
+			want: []rbacv1.PolicyRule{
+				{
+					APIGroups: []string{"v1"},
+					Resources: []string{"pods"},
+					Verbs:     []string{"list", "watch"},
+				},
+			},
+		},
+		{
+			name: "pull mode with events",
+			config: k8sobjectsConfig{
+				Objects: []k8sObject{
+					{
+						Name:  "events",
+						Mode:  "pull",
+						Group: "v1",
+					},
+				},
+			},
+			want: []rbacv1.PolicyRule{
+				{
+					APIGroups: []string{"v1"},
+					Resources: []string{"events"},
+					Verbs:     []string{"list"},
+				},
+			},
+		},
+		{
+			name: "pull mode with non-events",
+			config: k8sobjectsConfig{
+				Objects: []k8sObject{
+					{
+						Name:  "pods",
+						Mode:  "pull",
+						Group: "v1",
+					},
+				},
+			},
+			want: []rbacv1.PolicyRule{
+				{
+					APIGroups: []string{"v1"},
+					Resources: []string{"pods"},
+					Verbs:     []string{"list", "get"},
+				},
+			},
+		},
+		{
+			name: "multiple objects",
+			config: k8sobjectsConfig{
+				Objects: []k8sObject{
+					{
+						Name:  "pods",
+						Mode:  "pull",
+						Group: "v1",
+					},
+					{
+						Name:  "events",
+						Mode:  "pull",
+						Group: "v1",
+					},
+					{
+						Name:  "deployments",
+						Mode:  "watch",
+						Group: "apps/v1",
+					},
+				},
+			},
+			want: []rbacv1.PolicyRule{
+				{
+					APIGroups: []string{"v1"},
+					Resources: []string{"pods"},
+					Verbs:     []string{"list", "get"},
+				},
+				{
+					APIGroups: []string{"v1"},
+					Resources: []string{"events"},
+					Verbs:     []string{"list"},
+				},
+				{
+					APIGroups: []string{"apps/v1"},
+					Resources: []string{"deployments"},
+					Verbs:     []string{"list", "watch"},
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := generatek8sobjectsRbacRules(logr.Logger{}, tt.config)
+			assert.NoError(t, err)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
@@ -19,8 +19,11 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/go-logr/logr"
 	monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
+	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/intstr"
@@ -51,26 +54,85 @@ var _ manager.Runnable = &OperatorMetrics{}
 
 type OperatorMetrics struct {
 	kubeClient client.Client
+	log        logr.Logger
 }
 
-func NewOperatorMetrics(config *rest.Config, scheme *runtime.Scheme) (OperatorMetrics, error) {
+func NewOperatorMetrics(config *rest.Config, scheme *runtime.Scheme, log logr.Logger) (OperatorMetrics, error) {
 	kubeClient, err := client.New(config, client.Options{Scheme: scheme})
 	if err != nil {
 		return OperatorMetrics{}, err
 	}
 
 	return OperatorMetrics{
 		kubeClient: kubeClient,
+		log:        log,
 	}, nil
 }
 
 func (om OperatorMetrics) Start(ctx context.Context) error {
+	err := om.createOperatorMetricsServiceMonitor(ctx)
+	if err != nil {
+		om.log.Error(err, "error creating Service Monitor for operator metrics")
+	}
+
+	return nil
+}
+
+func (om OperatorMetrics) NeedLeaderElection() bool {
+	return true
+}
+
+func (om OperatorMetrics) caConfigMapExists() bool {
+	return om.kubeClient.Get(context.Background(), client.ObjectKey{
+		Name:      caBundleConfigMap,
+		Namespace: openshiftInClusterMonitoringNamespace,
+	}, &corev1.ConfigMap{},
+	) == nil
+}
+
+func (om OperatorMetrics) getOwnerReferences(ctx context.Context, namespace string) (metav1.OwnerReference, error) {
+	var deploymentList appsv1.DeploymentList
+
+	listOptions := []client.ListOption{
+		client.InNamespace(namespace),
+		client.MatchingLabels(map[string]string{
+			"app.kubernetes.io/name": "opentelemetry-operator",
+			"control-plane":          "controller-manager",
+		}),
+	}
+
+	err := om.kubeClient.List(ctx, &deploymentList, listOptions...)
+	if err != nil {
+		return metav1.OwnerReference{}, err
+	}
+
+	if len(deploymentList.Items) == 0 {
+		return metav1.OwnerReference{}, fmt.Errorf("no deployments found with the specified label")
+	}
+	deployment := &deploymentList.Items[0]
+
+	ownerRef := metav1.OwnerReference{
+		APIVersion: "apps/v1",
+		Kind:       "Deployment",
+		Name:       deployment.Name,
+		UID:        deployment.UID,
+	}
+
+	return ownerRef, nil
+}
+
+func (om OperatorMetrics) createOperatorMetricsServiceMonitor(ctx context.Context) error {
 	rawNamespace, err := os.ReadFile(namespaceFile)
 	if err != nil {
 		return fmt.Errorf("error reading namespace file: %w", err)
 	}
 	namespace := string(rawNamespace)
 
+	ownerRef, err := om.getOwnerReferences(ctx, namespace)
+	if err != nil {
+		return fmt.Errorf("error getting owner references: %w", err)
+	}
+
 	var tlsConfig *monitoringv1.TLSConfig
 
 	if om.caConfigMapExists() {
@@ -101,6 +163,7 @@ func (om OperatorMetrics) Start(ctx context.Context) error {
 				"app.kubernetes.io/part-of": "opentelemetry-operator",
 				"control-plane":             "controller-manager",
 			},
+			OwnerReferences: []metav1.OwnerReference{ownerRef},
 		},
 		Spec: monitoringv1.ServiceMonitorSpec{
 			Selector: metav1.LabelSelector{
@@ -123,23 +186,12 @@ func (om OperatorMetrics) Start(ctx context.Context) error {
 	}
 
 	err = om.kubeClient.Create(ctx, &sm)
-	if err != nil {
-		return fmt.Errorf("error creating service monitor: %w", err)
+	// The ServiceMonitor can be already there if this is a restart
+	if err != nil && !apierrors.IsAlreadyExists(err) {
+		return err
 	}
 
 	<-ctx.Done()
 
 	return om.kubeClient.Delete(ctx, &sm)
 }
-
-func (om OperatorMetrics) NeedLeaderElection() bool {
-	return true
-}
-
-func (om OperatorMetrics) caConfigMapExists() bool {
-	return om.kubeClient.Get(context.Background(), client.ObjectKey{
-		Name:      caBundleConfigMap,
-		Namespace: openshiftInClusterMonitoringNamespace,
-	}, &corev1.ConfigMap{},
-	) == nil
-}