Restricting Prometheus to a particular Namespace
43 views
Skip to first unread message
Venkata Bhagavatula
May 26, 2020, 1:01:54 PM5/26/20
to Prometheus Users, Prometheus Developers
Hi All,
Currently Prometheus needs ClusterRole and ClusterRoleBinding for scrapping the metrics on Kubernetes. We want to restrict the prometheus to a particular namespace.
So we changed RBAC to using Role and RoleBinding and in the Prometheus configuration we added namespaces to kubernetes_sd_configs section. we see that we are able to scrape metrics
from the configured namespace, but continuously seeing the errors saying access forbidden to *v1.Pod etc. Currently my cluster is down. will share the exact error once it is available.
Following is the Prometheus configuration:
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
namespaces:
names: ['admin']
kubernetes_sd_configs:
- role: endpoints
namespaces:
names: ['admin']
Please let me know whether we can do with Role and RoleBinding?
Thanks n Regards,
Chalapathi.
Venkata Bhagavatula
May 29, 2020, 3:38:32 AM5/29/20
to Prometheus Users, Prometheus Developers
Able to solve the issue. There is a configuration error in one config file where namespaces were not added. Also if we add node role, then clusterrole, clusterolebinding is needed, as node resource is cluster scoped.
Thanks n Regards,
Chalapathi
Reply all
Reply to author
Forward
0 new messages