mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-07 00:48:01 +01:00
6208e13663
Add instructions on accessing metrics from all namespaces Remove a deprecated section, make minor changes for "monitoring own services" Update modules/monitoring-roles-for-monitoring-your-own-services.adoc Co-authored-by: Simon Pasquier <spasquie@redhat.com> Update modules/monitoring-roles-for-monitoring-your-own-services.adoc Co-authored-by: Simon Pasquier <spasquie@redhat.com> Update modules/monitoring-creating-alerting-rules.adoc Co-authored-by: Lili Cosic <cosiclili@gmail.com> More updates to "Monitoring your own services" Numerous updates to "Monitoring your own services" Small updates Structural changes in some sections & a number of style corrections Switch order of two variants of a procedure A few language improvements Update a command output and a link
37 lines
1.4 KiB
Plaintext
37 lines
1.4 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * monitoring/monitoring-your-own-services.adoc
|
|
|
|
[id="granting-user-permissions-using-cli_{context}"]
|
|
= Granting user permissions using CLI
|
|
|
|
This procedure shows how to grant users permissions for monitoring their own services using the CLI.
|
|
|
|
.Prerequisites
|
|
|
|
* Have a user created.
|
|
* Log in using the `oc` command.
|
|
|
|
.Procedure
|
|
|
|
* Run this command to assign <role> to <user> in <namespace>:
|
|
+
|
|
----
|
|
$ oc policy add-role-to-user <role> <user> -n <namespace>
|
|
----
|
|
+
|
|
Substitute <role> with `monitoring-rules-view`, `monitoring-rules-edit`, or `monitoring-edit`.
|
|
+
|
|
--
|
|
** `monitoring-rules-view` allows reading PrometheusRule custom resources within the namespace.
|
|
** `monitoring-rules-edit` allows creating, modifying, and deleting PrometheusRule custom resources matching the permitted namespace.
|
|
** `monitoring-edit` gives the same permissions as `monitoring-rules-edit`. Additionally, it allows creating new scraping targets for services or Pods. It also allows creating, modifying, and deleting ServiceMonitors and PodMonitors.
|
|
--
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
Whichever role you choose, you must bind it against a specific namespace as a cluster administrator.
|
|
====
|
|
+
|
|
As an example, substitute <role> with `monitoring-edit`, <user> with `johnsmith`, and <namespace> with `ns1`. This assigns to user `johnsmith` the permissions for setting up metrics collection and creating alerting rules in the `ns1` namespace.
|