Advanced View Workloads Role

BLA · February 18, 2022, 10:30am

Hi;

I work on Rancher 2.6, I try to put an advanced view in read-only so that users can follow the workloads in a more detailed way in the rancher interface…

For this i created a project role which takes over the already existing roles View Workloads and View Config Maps.

I added to this role the rights to read events so that the Recent Events tab is visible on the view of a pod

screenshot

So far no difficulty; where I’m stuck is to display the workload-metrics tab for example on a deployment or a statefulsets

example with the view of an administrator

I tried adding the global role View Rancher 2 Metrics and the project role View Monitoring but without success.

Do you have any idea where i am wrong???

Note: monitoring run over rancher-monitoring:100.1.0+up19.0.3

BLA · February 18, 2022, 2:18pm

Some additional elements:
With Global Permissions: User-Base; the Cluster Owner role can see metrics but not the Cluster Member role.

I deduced that it came from

rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'

But I refuse to put such a privilege

BLA · February 19, 2022, 10:53am

I have refined the rights and I only work at the project level.
The basic permission remains User-Base (login-access only).

As indicated at the beginning of the topic, I always have a project role inspired by the View Workloads and View Config Maps role and which I apply to the project containing the workloads of my users.

This is complemented by a second role that inherits the View Monitoring and Project Monitoring View Role and which is applied to the System project.

All this allows my users to see the monitoring menu in the sidebar, see the monitoring config, and easily access Grafana.

Now I get stuck on displaying the metrics tab on the workloads page , for example here is what I see with my cluster owner profile:

After multiple tries I now know that rights to the System project are missing to display this tab, however I always find myself blocked because I only manage by giving more permissions than I want and without knowing really what right is missing

roleTemplateNames:
- monitoring-ui-view
- project-monitoring-readonly
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - list

BLA · February 20, 2022, 9:42am

Solves: read Workload metrics tab not displayed · Issue #36587 · rancher/rancher · GitHub

Rahul_Kumar1 · May 24, 2023, 3:39am

I am unable to find that option in the System project.

I can just view the Edit Config option in the System Project, where exactly should we add this in the Rancher 2.6, I am struck with the same issue for a week now.

My Role is Cluster Admin and I can view the workload metrics, whereas the Cluster Members are unable to view that option.

@BLA : Can you explain me where this change has to be done exactly.

Topic		Replies	Views
Rancher2.7 Permission setting problem Rancher 2.x	0	285	April 26, 2023
Custom read-only role Rancher 2.x	1	1051	September 2, 2021
Rancher 2.6.2 Cluster Members are not able to see Pod Metrics Rancher 2.x	1	693	October 27, 2021
Rancher 2.5 - How to grant permission allow project-owner access grafana monitoring Rancher 2.x	0	579	March 12, 2021
Kubernetes and Rancher RBACs role mapping	1	1238	August 27, 2019

Advanced View Workloads Role

Related Topics