kevendeng 不知道在这里了,是否包含"/metrics"权限
kubectl describe sa prometheus-k8s -n kubesphere-monitoring-system
Name: prometheus-k8s
Namespace: kubesphere-monitoring-system
Labels: <none>
Annotations: Image pull secrets: <none>
Mountable secrets: prometheus-k8s-token-gkxkl
Tokens: prometheus-k8s-token-gkxkl
Events: <none>
kubectl describe clusterrolebinding kubesphere-prometheus-k8s
Name: kubesphere-prometheus-k8s
Labels: <none>
Annotations: Role:
Kind: ClusterRole
Name: kubesphere-prometheus-k8s
Subjects:
Kind Name Namespace
ServiceAccount prometheus-k8s kubesphere-monitoring-system
kubectl get clusterrole kubesphere-prometheus-k8s -n kubesphere-monitoring-system -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{“apiVersion”:“rbac.authorization.k8s.io/v1”,“kind”:“ClusterRole”,“metadata”:{“annotations”:{},“name”:“kubesphere-prometheus-k8s”},“rules”:[{“apiGroups”:[""],“resources”:[“nodes/metrics”,“nodes”,“services”,“endpoints”,“pods”],“verbs”:[“get”,“list”,“watch”]},{“nonResourceURLs”:[“/metrics”],“verbs”:[“get”]}]}
creationTimestamp: “2021-07-06T08:23:44Z”
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:rules: {}
manager: kubectl
operation: Update
time: “2021-07-06T08:23:44Z”
name: kubesphere-prometheus-k8s
resourceVersion: “3596238”
selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/kubesphere-prometheus-k8s
uid: 94dd6989-2d07-4cf8-bd71-b1e03a56ff6c
rules:
- apiGroups:
- ""
resources:
- nodes/metrics
- nodes
- services
- endpoints
- pods
verbs:
- get
- list
- watch
- nonResourceURLs:
- /metrics
verbs:
- get