From b2c7e9290e255874e0473b87b2b1c1988ad6935c Mon Sep 17 00:00:00 2001
From: Pavol Loffay <p.loffay@gmail.com>
Date: Tue, 12 May 2026 18:17:48 +0200
Subject: [PATCH 1/3] Remove unnecessary RBAC from the k8sevents receiver

Signed-off-by: Pavol Loffay <p.loffay@gmail.com>
---
 internal/components/receivers/k8sevents.go | 44 ----------------------
 1 file changed, 44 deletions(-)

diff --git a/internal/components/receivers/k8sevents.go b/internal/components/receivers/k8sevents.go
index de2c043063..b60d393ead 100644
--- a/internal/components/receivers/k8sevents.go
+++ b/internal/components/receivers/k8sevents.go
@@ -17,50 +17,6 @@ func generatek8seventsRbacRules(_ logr.Logger, _ k8seventsConfig) ([]rbacv1.Poli
 			APIGroups: []string{""},
 			Resources: []string{
 				"events",
-				"namespaces",
-				"namespaces/status",
-				"nodes",
-				"nodes/spec",
-				"pods",
-				"pods/status",
-				"replicationcontrollers",
-				"replicationcontrollers/status",
-				"resourcequotas",
-				"services",
-			},
-			Verbs: []string{"get", "list", "watch"},
-		},
-		{
-			APIGroups: []string{"apps"},
-			Resources: []string{
-				"daemonsets",
-				"deployments",
-				"replicasets",
-				"statefulsets",
-			},
-			Verbs: []string{"get", "list", "watch"},
-		},
-		{
-			APIGroups: []string{"extensions"},
-			Resources: []string{
-				"daemonsets",
-				"deployments",
-				"replicasets",
-			},
-			Verbs: []string{"get", "list", "watch"},
-		},
-		{
-			APIGroups: []string{"batch"},
-			Resources: []string{
-				"jobs",
-				"cronjobs",
-			},
-			Verbs: []string{"get", "list", "watch"},
-		},
-		{
-			APIGroups: []string{"autoscaling"},
-			Resources: []string{
-				"horizontalpodautoscalers",
 			},
 			Verbs: []string{"get", "list", "watch"},
 		},

From a1adc1a4154570778732507d78f59ce68c4a57ef Mon Sep 17 00:00:00 2001
From: Pavol Loffay <p.loffay@gmail.com>
Date: Tue, 12 May 2026 18:21:11 +0200
Subject: [PATCH 2/3] Remove unnecessary RBAC from the k8sevents receiver

Signed-off-by: Pavol Loffay <p.loffay@gmail.com>
---
 .chloggen/events-receiver-role.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 .chloggen/events-receiver-role.yaml

diff --git a/.chloggen/events-receiver-role.yaml b/.chloggen/events-receiver-role.yaml
new file mode 100644
index 0000000000..03b163ec4a
--- /dev/null
+++ b/.chloggen/events-receiver-role.yaml
@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: bug_fix
+
+# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action)
+component: collector
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Remove unnecessary RBAC permissions from the events receiver.
+
+# One or more tracking issues related to the change
+issues: [5073]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

From 546da69163277cc6be38e4aa3498d5f12b173639 Mon Sep 17 00:00:00 2001
From: Pavol Loffay <p.loffay@gmail.com>
Date: Wed, 13 May 2026 09:48:23 +0200
Subject: [PATCH 3/3] Fix the e2e test

Signed-off-by: Pavol Loffay <p.loffay@gmail.com>
---
 .../receiver-k8sevents/01-assert.yaml         | 48 -------------------
 1 file changed, 48 deletions(-)

diff --git a/tests/e2e-automatic-rbac/receiver-k8sevents/01-assert.yaml b/tests/e2e-automatic-rbac/receiver-k8sevents/01-assert.yaml
index 59440d2ba7..b2f2343148 100644
--- a/tests/e2e-automatic-rbac/receiver-k8sevents/01-assert.yaml
+++ b/tests/e2e-automatic-rbac/receiver-k8sevents/01-assert.yaml
@@ -7,58 +7,10 @@ rules:
   - ""
   resources:
   - events
-  - namespaces
-  - namespaces/status
-  - nodes
-  - nodes/spec
-  - pods
-  - pods/status
-  - replicationcontrollers
-  - replicationcontrollers/status
-  - resourcequotas
-  - services
   verbs:
   - get
   - list
   - watch
-- apiGroups:
-  - apps
-  resources:
-  - daemonsets
-  - deployments
-  - replicasets
-  - statefulsets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - extensions
-  resources:
-  - daemonsets
-  - deployments
-  - replicasets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - batch
-  resources:
-  - jobs
-  - cronjobs
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-    - autoscaling
-  resources:
-    - horizontalpodautoscalers
-  verbs:
-    - get
-    - list
-    - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding