kubernetes: how to set "top node" and "top pod" permissions?
There is no specific permission for top node
and top pod
. The permission is on whether you can do get nodes
and get pods
. If permission is there to do get nodes
and get pods
then you should be able to top nodes
and top pods
as well. Permission to perform get nodes
or get pods
is defined via RBAC in kubernetes.
The metric server just exposes metrics of different resources such as pods, nodes by collecting and aggregating it from different sources such as kubelet. That's the reason there is no permission for the metrics itself rather the permission is on the resources of which you want to see the metrics.
The API that is being invoked when you do kubectl top pods
is this
GET https://API-SERVER-IP:6443/apis/metrics.k8s.io/v1beta1/namespaces/default/pods
So you can only see metrics for pods in the default namespace when you are targeted to default namespace. Now whether you can get pods in default namespace is governed by RBAC.