本文永久链接: https://www.xtplayer.cn/rancher/rancher-ui-pod-metrics-permission/

1,将以下 yaml 导入 local 集群创建项目角色。

apiVersion: management.cattle.io/v3
builtin: false
context: project
description: Members can only view the metrics of resources inside the Project.
displayName: Monitoring View
external: false
hidden: false
kind: RoleTemplate
metadata:
  annotations:
    cleanup.cattle.io/rtUpgradeCluster: 'true'
    lifecycle.cattle.io/create.mgmt-auth-roletemplate-lifecycle: 'true'
  finalizers:
    - controller.cattle.io/mgmt-auth-roletemplate-lifecycle
  name: monitoring-view
  generation: 2
  labels:
    cattle.io/creator: norman
rules:
- apiGroups:
  - monitoring.coreos.com
  resources:
  - '*'
  verbs:
  - list
  - get
  - watch
- apiGroups:
  - '*'
  resources:
  - endpoints
  verbs:
  - list
  - get
  - watch
- apiGroups:
  - '*'
  resources:
  - services/proxy
  verbs:
  - list
  - get
  - watch
  - create
  - update
- apiGroups:
  - catalog.cattle.io
  resources:
  - apps
  verbs:
  - list
  - get
  - watch

2,建议创建一个新的项目,比如叫 system-monitoring,然后将 Namespace cattle-monitoring-system 移动到此项目。

3,编辑步骤 2 创建的项目,为用户分配步骤 1 创建的权限。

4,授予角色后,再通过普通用户登录 Rancher,看看是否能查看 Pod Metrics。