Prometheus-operator RBAC: not able to see metrics from other namespaces in the cluster

[Zhang Zhao]

The Prometheus was deployed by stable/prometheus-operator helm chart. The issue I ran into was that after prometheus was deployed on namespace called "espr-prometheus-nonprod", prometheus was only able to get data from espr-prometheus-nonprod, default and kube-system 3 namespaces that I highlighted below. I don't see any metrics from other namespaces where the applications run..  

I tried to apply cluster role and cluster role binding config as below, but I still didn't see data from other namespaces coming in..

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRole

metadata:

  name: prometheus

rules:

- apiGroups: [""]

  resources:

  - nodes

  - nodes/metrics

  - services

  - endpoints

  - pods

  verbs: ["get", "list", "watch"]

- apiGroups: [""]

  resources:

  - configmaps

  verbs: ["get"]

- nonResourceURLs: ["/metrics"]

  verbs: ["get"]

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

  name: prometheus

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: prometheus

subjects:

- kind: ServiceAccount

  name: prometheus

  namespace: espr-prometheus-nonprod

Zhang

[Matthias Rampke]

In what way can it "not get metrics"? Does it discover the targets (do they show on the target page) but cannot scrape them? On the configuration page, does the scrape configuration include the jobs that you are missing? Are there any errors in the Prometheus log?

Is this a problem with Prometheus discovering the targets, or with the operator discovering the custom resources?

/MR

--
You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/9d0d5afd-c5c4-4c28-9362-61312eb01785o%40googlegroups.com.