Description of problem: We need the ability delegate the permissions to access kibana and kibana-ops to our monitoring team. Giving them the cluster-reader role gives them access to kibana but not kibana-ops. We don’t want to give full cluster-admin rights as that is much more than what’s needed and this is an important feature for us to be able to move in to production. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: This seems to be a known issue upstream (https://github.com/fabric8io/openshift-elasticsearch-plugin/issues/42).
This functionality had been veriried on OCP 3.4.0. Passed verification with the reproduce of https://bugzilla.redhat.com/show_bug.cgi?id=1388031. Imaged tested with: (ops registry): openshift3/logging-auth-proxy e96b37a99960 openshift3/logging-kibana 27f978fc2946 openshift3/logging-fluentd c493f8b4553b openshift3/logging-elasticsearch 3ca95a8a9433 openshift3/logging-curator e39988877cd9 openshift3/logging-deployer 1033ccb0557b openshift version: openshift v3.4.0.38 kubernetes v1.4.0+776c994 etcd 3.1.0-rc.0
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0268