kubernetes: how to set "top node" and "top pod" permissions?
There is no specific permission for top node and top pod. The permission is on whether you can do get nodes and get pods. If permission is there to do get nodes and get pods then you should be able to top nodes and top pods as well. Permission to perform get nodes or get pods is defined via RBAC in kubernetes.
The metric server just exposes metrics of different resources such as pods, nodes by collecting and aggregating it from different sources such as kubelet. That's the reason there is no permission for the metrics itself rather the permission is on the resources of which you want to see the metrics.
The API that is being invoked when you do kubectl top pods is this
GET https://API-SERVER-IP:6443/apis/metrics.k8s.io/v1beta1/namespaces/default/podsSo you can only see metrics for pods in the default namespace when you are targeted to default namespace. Now whether you can get pods in default namespace is governed by RBAC.