2.3. Granting user permissions using web console

Procedure

1. In the web console, navigate to User Management Role Bindings Create Binding.
2. In Binding Type, select the "Namespace Role Binding" type.
3. In Name, enter a name for the binding.
4. In Namespace, select the namespace where you want to grant the access. For example, select ns1.

5. In Role Name, enter monitoring-rules-view, monitoring-rules-edit, or monitoring-edit.

   • monitoring-rules-view allows reading PrometheusRule custom resources within the namespace.
   • monitoring-rules-edit allows creating, modifying, and deleting PrometheusRule custom resources matching the permitted namespace.
   • monitoring-edit gives the same permissions as monitoring-rules-edit. Additionally, it allows creating scraping targets for services or pods. It also allows creating, modifying, and deleting ServiceMonitor and PodMonitor resources.
   重要

   Whichever role you choose, you must bind it against a specific namespace as a cluster administrator.

   For example, enter monitoring-edit.

6. In Subject, select User.
7. In Subject Name, enter the name of the user. For example, enter johnsmith.
8. Confirm the role binding. If you followed the example, then user johnsmith has been assigned the permissions for setting up metrics collection and creating alerting rules in the ns1 namespace.