I am trying to configure the metrics endpoint in a Kubernetes (k8s) operator. The comments regarding authentication are as follows:
// WithAuthenticationAndAuthorization provides a metrics.Filter for authentication and authorization.
// Metrics will be authenticated (via TokenReviews) and authorized (via SubjectAccessReviews) with the
// kube-apiserver.
// For the authentication and authorization, the controller needs a ClusterRole
// with the following rules:
// * apiGroups: authentication.k8s.io, resources: tokenreviews, verbs: create
// * apiGroups: authorization.k8s.io, resources: subjectaccessreviews, verbs: create
//
// To scrape metrics e.g. via Prometheus, the client needs a ClusterRole
// with the following rule:
// * nonResourceURLs: "/metrics", verbs: get
//
// Note: Please note that configuring this metrics provider will introduce a dependency on "k8s.io/apiserver"
// to your go module.
func WithAuthenticationAndAuthorization(config *rest.Config, httpClient *http.Client) (metricsserver.Filter, error)
When I connect to the metrics endpoint, it asks me for a username and password. I would appreciate help in explaining what I need to create in terms of RBAC so that I can authenticate to this endpoint.
WithAuthenticationAndAuthorization code
example:
Thanks