search

astefanutti / kubebox

⎈❏ Terminal and Web console for Kubernetes
http://astefanutti.github.io/kubebox
MIT License
2.14k stars 142 forks source link

Resources usage metrics unauthorized in kubernetes 1.14 #83

Closed raapperez closed 4 years ago

raapperez commented 4 years ago

I'm getting the error Resources usage metrics unauthorized in the Memory/Cpu/Net box.

The Debug screen isn't helpful with no authorization errors.

I'm using eks.7 with kubernetes 1.14 and kubebox v0.7.0

When I run kubectl auth can-i get nodes/proxy I get yes

Also kubectl top pods works fine for my user.

The metrics-server is running fine with no erros in logs.

I believe my user has some ClusterRoles missing, I can't find the right required rules for kubebox to add to my user.

ClusterRole bonded to my user:

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: view-metrics
rules:
  - apiGroups: ["metrics.k8s.io"]
    resources:
      - nodes
      - nodes/proxy
      - pods
    verbs: ["get", "list", "watch"]
astefanutti commented 4 years ago

Kubebox reads the metrics from the stats endpoint on the Kubelet rather than from the metrics-server.

It seems the default apiGroups is missing from your ClusterRole, e.g.:

rules:
  - apiGroups:
      - ''
    resources:
      - nodes
      - nodes/proxy
      - pods
    verbs: ["get", "list", "watch"]

Could you also try running:

$ kubectl get --raw /api/v1/nodes/<NODE>/proxy/stats/summary

You may find some useful information in #66.

raapperez commented 4 years ago

Thanks @astefanutti ! Adding these rules did the trick.