openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 21:46:22 +01:00
Code Issues Releases Activity

Add a section on giving view permissions; many changes

Browse Source
This commit is contained in:
Maxim Svistunov
2020-01-20 13:57:57 +01:00
committed by openshift-cherrypick-robot
parent fe63dc51b2
commit c5c779e493
5 changed files with 35 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/monitoring-accessing-the-metrics-of-your-service.adoc
View File

@@ -5,14 +5,14 @@
[id="accessing-the-metrics-of-your-service_{context}"]
= Accessing the metrics of your service
Once you have enabled monitoring your own services, deployed a service, and set up metrics collection for it, you can access the metrics of the service as a cluster administrator, as a developer, or as a user associated with the project.
Once you have enabled monitoring your own services, deployed a service, and set up metrics collection for it, you can access the metrics of the service as a cluster administrator, as a developer, or as a user with view permissions for the project.
.Prerequisites
* You need to deploy the service that you want to monitor.
* You need to enable monitoring of your own services.
* You need to have metrics scraping set up for the service.
* You need to log in as a cluster administrator, a developer, or as a user associated with the project.
* You need to log in as a cluster administrator, a developer, or as a user with view permissions for the project.
.Procedure

6
modules/monitoring-creating-a-role-for-setting-up-metrics-collection.adoc
View File

@@ -5,13 +5,13 @@
[id="creating-a-role-for-setting-up-metrics-collection_{context}"]
= Creating a role for setting up metrics collection
By default, only cluster administrator users have access to metrics from your services. Using the soft tenancy feature, it is possible to also grant metrics access to an arbitrary user, who only has access to a particular project. To be able to grant metrics access, a user needs special permissions. This procedure shows how to create a role that gives such permissions.
This procedure shows how to create a role that allows a user to set up metrics collection for a service as described in "Setting up metrics collection".
.Procedure
. Create a YAML file for the new role. In this example, it is called `custom-metrics-role.yaml`.
. Fill the file with the configuration for the alerting rules:
. Fill the file with the configuration for the `monitor-crd-edit` role:
+
[source,yaml]
----
@@ -25,7 +25,7 @@ rules:
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
----
+
This configuration creates the `monitor-crd-edit` role, which enables the user to set up metrics collection for a service.
This role enables a user to set up metrics collection for services.
. Apply the configuration file to the cluster:
+

28
modules/monitoring-giving-view-access-to-a-user.adoc Normal file
View File

@@ -0,0 +1,28 @@
// Module included in the following assemblies:
//
// * monitoring/monitoring-your-own-services.adoc
[id="giving-view-access-to-a-user_{context}"]
= Giving view access to a user
By default, only cluster administrator users and developers have access to metrics from your services. This procedure shows how to grant metrics access to a particular project to an arbitrary user.
.Prerequisites
* You need to have a user created.
.Procedure
* Run this command to give <user> access to all metrics of your services in <namespace>:
+
----
$ oc policy add-role-to-user view <user> -n <namespace>
----
+
For example, to give view access to the `ns1` namespace to user `bobwilliams`, run:
+
----
$ oc policy add-role-to-user view bobwilliams -n ns1
----
* Alternatively, in the Web console, switch to the Developer Perspective, and click *Advanced* -> *Project Access*. From there, you can select the correct namespace and assign the `view` role to a user.

2
modules/monitoring-granting-the-role-to-a-user.adoc
View File

@@ -2,7 +2,7 @@
//
// * monitoring/monitoring-your-own-services.adoc
[id="granting-the-role-to-a-user.adoc_{context}"]
[id="granting-the-role-to-a-user_{context}"]
= Granting the role to a user
This procedure shows how to assign the `monitor-crd-edit` role to a user.

1
monitoring/monitoring-your-own-services.adoc
View File

@@ -22,4 +22,5 @@ include::modules/monitoring-creating-a-role-for-setting-up-metrics-collection.ad
include::modules/monitoring-granting-the-role-to-a-user.adoc[leveloffset=+1]
include::modules/monitoring-setting-up-metrics-collection.adoc[leveloffset=+1]
include::modules/monitoring-creating-alerting-rules.adoc[leveloffset=+1]
include::modules/monitoring-giving-view-access-to-a-user.adoc[leveloffset=+1]
include::modules/monitoring-accessing-the-metrics-of-your-service.adoc[leveloffset=+1]