Enable access to display cluster monitoring data for project members with "Viewer" permissions #11
Labels
kind/enhancement
Enhancement, improvement, extension
lifecycle/icebox
Temporarily on hold (will not age; may have dependencies, lack priority, miss feedback, etc.)
lifecycle/rotten
Nobody worked on this for 12 months (final aging stage)
Comments
gardener-robot
added
the
lifecycle/stale
gardener-robot
added
lifecycle/rotten
wyb1
added
lifecycle/icebox
4 tasks
gardener-robot
added
the
lifecycle/stale
gardener-robot
added
lifecycle/rotten
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like to be added:
Gardener project members assigned with "Viewer" role have to see the URL and credentials for Grafana.
Why is this needed:
At the moment Gardener project members assigned with "Viewer" role can see the cluster status but cannot see the monitoring data for the clusters they are responsible to monitor. Overall access to Grafana is only displayed at the moment for Gardener consumers (Owners and Admins of a project). There are no change activities possible for these users in the monitoring solution. This is a good reason to make the access to the monitoring solution accessible also to the project members assigned with the "Viewer" role in the project - they can be displayed with the URL and the secret for Grafana via the dashboard.
This is very important for large Kubernetes operation teams that are using Gardener where different level of responsibilities are organized. In such teams there are operators from the first level who are only responsible to monitor the status of the clusters and to look at the monitoring data to do evaluations and to report problems to the next level.
The best solution will be to implement an SSO solution for the monitoring tool and to also stop using static secrets for the authentication.
The text was updated successfully, but these errors were encountered: