This guide explains how to configure kubelet metrics collection in the k8s-infra OpenTelemetry collection agent for GKE Autopilot clusters, where certain RBAC permissions are restricted.
Prerequisites
Before configuring kubelet metrics collection for GKE Autopilot, ensure you have:
- A SigNoz backend (SigNoz Cloud or self-hosted) to receive OpenTelemetry data K8s-infra OpenTelemetry collection agent installed in your GKE Autopilot cluster
- Basic understanding of Kubernetes RBAC and GKE Autopilot security model
How Kubelet Metrics Collection Works in k8s-infra
The k8s-infra collection agent includes a kubeletMetrics preset that uses the OpenTelemetry Collector's kubeletstats receiver to gather node, pod, container, and volume metrics from the Kubelet API.
Understanding GKE Autopilot Limitations
GKE Autopilot blocks access to the nodes/proxy RBAC resource under its security model. It disables the insecure kubelet read-only port in favor of the more secure, authenticated port 10250 and restricts related proxy access.
Since the kubeletstats receiver needs get permissions for nodes/proxy resources to scrape extra_metadata_labels and {request|limit}_utilization metrics (refer to the kubeletstats receiver RBAC requirements), these metrics cannot be scraped on GKE Autopilot. When enabled, the otel-agent DaemonSet crashes repeatedly due to privilege errors, disrupting metrics collection. Disabling these metrics allows us to match the agent configuration to GKE Autopilot's security policies while still collecting essential kubelet metrics such as node, pod, container, and volume metrics.
Configure Kubelet Metrics Collection for GKE Autopilot
Using the Helm Chart (Recommended)
Our Helm chart for k8s-infra automatically handles GKE Autopilot restrictions. When deploying to GKE Autopilot, the chart disables extra_metadata_labels and {request|limit}_utilization metrics by default.
Step 1: Set the Cloud Provider
To override the default and set the cloud provider to GKE Autopilot, update your values.yaml for global.cloud:
global:
cloud: gcp/autogke
Step 2: Apply the Configuration
Apply your configuration changes to the k8s-infra Helm release:
helm upgrade <RELEASE_NAME> signoz/k8s-infra \
-n <NAMESPACE> \
-f <YOUR_VALUES_FILE>.yaml
Replace the following placeholders:
<RELEASE_NAME>: Name of your k8s-infra Helm release (e.g.,k8s-infra)<NAMESPACE>: Kubernetes namespace where k8s-infra is installed (e.g.,signoz)<YOUR_VALUES_FILE>: Path to your values YAML file (e.g.,values.yaml)
Manual Configuration
If you manage your own OpenTelemetry Collector configuration, you must explicitly disable the problematic metrics:
Update your values.yaml or collector configuration:
receivers:
kubeletstats:
# Disable extra metadata labels that require nodes/proxy access
extra_metadata_labels: []
# Disable metrics that require nodes/proxy permissions
metrics:
k8s.pod.cpu_limit_utilization:
enabled: false
k8s.pod.cpu_request_utilization:
enabled: false
k8s.pod.memory_limit_utilization:
enabled: false
k8s.pod.memory_request_utilization:
enabled: false
container.cpu_limit_utilization:
enabled: false
container.cpu_request_utilization:
enabled: false
container.memory_limit_utilization:
enabled: false
container.memory_request_utilization:
enabled: false
Validate
- Wait a minute for the updated settings to take effect.
- Open the SigNoz dashboard and confirm that node and pod metrics are visible (check the infrastructure or metrics page).
- If metrics do not appear as expected, inspect the k8s-infra collector pod logs for errors or warnings.
What Metrics Are Still Collected
Even with these restrictions, the kubeletstats receiver continues to collect essential metrics:
- Node metrics: CPU, memory, filesystem, and network usage
- Pod metrics: CPU and memory usage per pod
- Container metrics: CPU, memory, and filesystem usage per container
- Volume metrics: Available, capacity, and used storage for persistent volumes
These metrics provide comprehensive visibility into your cluster's resource consumption and are sufficient for most monitoring and alerting use cases.
