-
Notifications
You must be signed in to change notification settings - Fork 407
Open
Description
Hi,
I created RBAC role for a user to view only his namespace and pod which is working as expected but graphs metrics cpu/memory is not visible until you assign clusterrole and binding permission atleast to list all pods.
I had to permission this role to view the graph, is there any fix ?
5. UI listing to view graph cpu/memory
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: user-list-minimal-discovery
rules:
- apiGroups: [""]
resources: ["namespaces", "pods", "services"]
verbs: ["list"]
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: user-list-minimal-discovery-binding
subjects:
- kind: User
name: user@email.com
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: user-list-minimal-discovery
apiGroup: rbac.authorization.k8s.io
Metadata
Metadata
Assignees
Labels
No labels
Type
Projects
Status
Queued
Milestone
Relationships
Development
Select code repository
Activity
sniok commentedon Jul 23, 2025
I think this is how kubernetes permissions work for metrics, you need a list permission. I don't think this is Headlamp issue