Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-5235

Provide more granular access to the federation endpoint

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Unresolved
    • Normal
    • None
    • openshift-4.14
    • Monitoring
    • None
    • False
    • None
    • False
    • Not Selected
    • 0
    • 0% 0%

    Description

      Currently, access to the federation endpoint requires a bearer token with `get` permission on the namespaces resource [1]

      This grants more permissions than customer would like to grant by giving access to the federation endpoint. 

      Does the move to kube rbac proxy facilate this in the future? 
      This is not a request for namespace based access - but less expansive permissions than`get` on all namespaces 

       
      [1]- https://docs.openshift.com/container-platform/4.14/monitoring/accessing-third-party-monitoring-apis.html#monitoring-querying-metrics-by-using-the-federation-endpoint-for-prometheus_accessing-third-party-monitoring-apis 

      Attachments

        Issue Links

          links to

          Web Link KCS

          Activity

            People

              rh-ee-rfloren Roger Florén
              rhn-support-nigsmith Nigel Smith
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: