Hello :) [SOLVED]:
The problem was arrived, when guys from my team decided to redeploy matrics once again. Current version of our Origin is 1.5.1. (We are one step before upgrade to 3.6). The ansible flow used "latest" tag. This mean that we have 1.5.1 with metrics images from latest master branch. The latest metrics, has got some issues. After upgrade all our customers stopped seeing metrics and had lost access to them. Result was error code in browser 403, cannot retrieve metrics, and screen from my last email. After deeper investigation , I had discovered , that metrics are working fine, but simple there is no permissions to see them. "cluster-admin" allows me to see metrics, then I noticed that cluster reader is the minimum access level, which allows me to see metrics. I couldn't find answers so I decided to create my own metrics role, that allows all authenticated users (customers), see own metrics. The role allows only to gain access to metrics , Name: metrics-workaround Namespace: <none> Created: 2 days ago Labels: <none> Annotations: authorization.openshift.io/system-only=true Verbs Non-Resource URLs Extension Resource Names API Groups Resources [list] [] [] [] [pods pods/status] [get] [] [] [] [nodes/metrics nodes/spec] This policy solved my problems, till time when we approach to upgrade to the latest version. After creation just assign it to proper group. For example, if you want to grant this permissions to all authenticated users from oauth , you can choose "system:authenticate-oauth" Best regads 2017-08-28 14:31 GMT+02:00 Łukasz Strzelec <[email protected]>: > Hello :) > I have following issue with my metrics: > > [image: Obraz w treści 1] > The metrics are working when I assigned cluster-role to my user. Any ideas > what should I do to allow regular users to see metrics properly? > > Best regards > > -- > Ł.S. > -- Ł.S. Sr. DevOps Expert / Product Owner of XaaS platform at ING Services Polska
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
