openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
f7d44a9b4b2a320f6bb30c068dbe07712a915744
openshift-docs/modules/network-observability-multitenancy.adoc

50 lines
2.1 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// network_observability/installing-operators.adoc
:_mod-docs-content-type: PROCEDURE
[id="network-observability-multi-tenancy_{context}"]
= Enabling multi-tenancy in network observability
[role="_abstract"]
Enable multi-tenancy in network observability by configuring cluster roles and namespace roles to grant project administrators and developers granular, restricted access to flows and metrics in Loki and Prometheus.
Access is enabled for project administrators. Project administrators who have limited access to some namespaces can access flows for only those namespaces.
For Developers, multi-tenancy is available for both Loki and Prometheus but requires different access rights.
.Prerequisite
* If you are using Loki, you have installed at least link:https://catalog.redhat.com/software/containers/openshift-logging/loki-rhel8-operator/622b46bcae289285d6fcda39[Loki Operator version 5.7].
* You must be logged in as a project administrator.
.Procedure
* For per-tenant access, you must have the `netobserv-loki-reader` cluster role and the `netobserv-metrics-reader` namespace role to use the developer perspective. Run the following commands for this level of access:
+
[source,terminal]
----
$ oc adm policy add-cluster-role-to-user netobserv-loki-reader <user_group_or_name>
----
+
[source,terminal]
----
$ oc adm policy add-role-to-user netobserv-metrics-reader <user_group_or_name> -n <namespace>
----
* For cluster-wide access, non-cluster-administrators must have the `netobserv-loki-reader`, `cluster-monitoring-view`, and `netobserv-metrics-reader` cluster roles. In this scenario, you can use either the admin perspective or the developer perspective. Run the following commands for this level of access:
+
[source,terminal]
----
$ oc adm policy add-cluster-role-to-user netobserv-loki-reader <user_group_or_name>
----
+
[source,terminal]
----
$ oc adm policy add-cluster-role-to-user cluster-monitoring-view <user_group_or_name>
----
+
[source,terminal]
----
$ oc adm policy add-cluster-role-to-user netobserv-metrics-reader <user_group_or_name>
----
View Git Blame Copy Permalink