Rancher 25 Prometheus for cluster/project owners

Hi,

Currently my company is running a proof of concept with Rancher 2.5.3 and so far we are liking what we see.

With rancher 2.5 Prometheus should be deployed using the Cluster Explorer -> App Marketplace, which we did.

However I am trying to get promotheus to show metrics for Cluster Owners / Members and Project owners/members. But when I am logging in as that user the Monitoring options shows: “Resource unavailable”

Unfortunately the masterclass didn’t touch on this point.
And the documentation doesn’t seem to updated on how to do this for rancher 2.5 via the cluster explorer.

Any help and pointers would be greatly appreciated.

1 Like

Hi
Have you been able to get around this? I have also followed this, which unfortunately didn’t work for me: Cluster Member can't see/use Grafana or monitoring stuff

1 Like

The problem I posted as 15814 was related to older Rancher version.
Currently (2.5.x) the deployment of prometheus/grafana is different and I have actually not tried yet whether my teammates can access Grafana with this new Rancher Monitoring deployment.

Thanks a lot…! makes sense. The documentation simply states:

Rancher allows any users who are authenticated by Kubernetes and have access the Grafana service deployed by the Rancher Monitoring chart to access Grafana via the Rancher Dashboard UI.

This doesn’t seem to be the case in my situation. I have found that the monitoring option (in the Explorer dropdown menu) doesn’t even show when the user doesn’t have access to any projects. After creating a project and a namespace, the monitoring option is available. Although the links simply display a ‘resource unavailable’ when hovering over the each option

Edit: Rancher 2.5.2 and the user in question is a cluster member and owns a project or 2

I doubled checked with a teammate ( which was previously, i.e. using the older rancher version, able to see grafana, hence the permissions are still there ) but he was now unable to view grafana, receiving the same error “Resource unavailable”.

I finally figured it out yesterday quite late… The global project role requires access to endpoints, and podmonitors as well… Working on my end with Rancher v2.5.2

@smitphilip could yo maybe elaborate which role you had to change? I tried adding a new custom role, but that did not resolve this problem.

@smitphilip I’m having the same problem but like @Snieuw I’m having difficulty figuring out which ‘global project role’ you changed. Could you elaborate please?

sure…
Global view → Security → Roles → Add Global Role

Give the new role a name, and grant the permissions in the screenshot above.

Then navigate to the cluster of choice, and ensure that the following namespaces are grouped into the System project:

  • cattle-dashboards
  • cattle-prometheus
  • cattle-monitoring-system

Edit the System project, and select members, add the AD group, or user to the System project, with the Role created in steps above.

Save

Thanks very much for responding so quickly @smitphilip. I’ve tried your process above and noticed a couple of things:

  1. I don’t have a cattle-prometheus namespace.
  2. I can’t add the new role to my user. My user is the default cluster admin user and is already has the Project Owner role. I don’t seem to be able to add any permissions to the existing role.

I should probably have explained that I installed via rancherd on a new high powered Linux laptop as a single node installation. The install is completely default and then all I did was went to the Marketplace and added Monitoring. Everything seemed to install but I get no data and I get the “Resource unavailable” when I hover over any of the 5 panels in the Monitoring Dashboard.