openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
e6b264c09edfed2f959cb1a5d5ab4df8992d7153
openshift-docs/modules/network-observability-multitenancy.adoc

47 lines
2.0 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// network_observability/installing-operators.adoc
:_mod-docs-content-type: PROCEDURE
[id="network-observability-multi-tenancy_{context}"]
= Enabling multi-tenancy in network observability
Multi-tenancy in the Network Observability Operator allows and restricts individual user access, or group access, to the flows stored in Loki and or Prometheus. Access is enabled for project administrators. Project administrators who have limited access to some namespaces can access flows for only those namespaces.
For Developers, multi-tenancy is available for both Loki and Prometheus but requires different access rights.
.Prerequisite
* If you are using Loki, you have installed at least link:https://catalog.redhat.com/software/containers/openshift-logging/loki-rhel8-operator/622b46bcae289285d6fcda39[Loki Operator version 5.7].
* You must be logged in as a project administrator.
.Procedure
* For per-tenant access, you must have the `netobserv-loki-reader` cluster role and the `netobserv-metrics-reader` namespace role to use the developer perspective. Run the following commands for this level of access:
+
[source,terminal]
----
$ oc adm policy add-cluster-role-to-user netobserv-loki-reader <user_group_or_name>
----
+
[source,terminal]
----
$ oc adm policy add-role-to-user netobserv-metrics-reader <user_group_or_name> -n <namespace>
----
* For cluster-wide access, non-cluster-administrators must have the `netobserv-loki-reader`, `cluster-monitoring-view`, and `netobserv-metrics-reader` cluster roles. In this scenario, you can use either the admin perspective or the developer perspective. Run the following commands for this level of access:
+
[source,terminal]
----
$ oc adm policy add-cluster-role-to-user netobserv-loki-reader <user_group_or_name>
----
+
[source,terminal]
----
$ oc adm policy add-cluster-role-to-user cluster-monitoring-view <user_group_or_name>
----
+
[source,terminal]
----
$ oc adm policy add-cluster-role-to-user netobserv-metrics-reader <user_group_or_name>
----
View Git Blame Copy Permalink