Skip to content

Commit e9e5336

Browse files
skrthomasskrthomas
authored
Merge pull request #78162 from skrthomas/OSDOCS-10601
OSDOCS-10601: Updates to Custom admin group access for netobserv
2 parents 8b11d59 + a124b13 commit e9e5336

File tree

1 file changed

+22
-2
lines changed

1 file changed

+22
-2
lines changed

modules/logging-loki-log-access.adoc

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
// Module included in the following assemblies:
22
//
3-
// * network_observability/installing-operators.adoc
3+
// * observability/network_observability/installing-operators.adoc
44
// * logging/cluster-logging-loki.adoc
55

66
:_mod-docs-content-type: CONCEPT
@@ -74,16 +74,36 @@ subjects:
7474
// tag::CustomAdmin[]
7575
== Custom admin group access
7676

77-
If you have a large deployment with a number of users who require broader permissions, you can create a custom group using the `adminGroup` field. Users who are members of any group specified in the `adminGroups` field of the `LokiStack` CR are considered admins. Admin users have access to all application logs in all namespaces, if they also get assigned the `cluster-logging-application-view` role.
77+
// tag::LokiMode[]
78+
If you have a large deployment with several users who require broader permissions, you can create a custom group using the `adminGroup` field. Users who are members of any group specified in the `adminGroups` field of the `LokiStack` CR are considered administrators.
79+
// end::LokiMode[]
80+
81+
// tag::NetObservMode[]
82+
If you need to see cluster-wide logs without necessarily being an administrator, or if you already have any group defined that you want to use here, you can specify a custom group using the `adminGroup` field. Users who are members of any group specified in the `adminGroups` field of the `LokiStack` custom resource (CR) have the same read access to logs as administrators.
83+
// end::NetObservMode[]
84+
85+
// tag::LokiMode[]
86+
Administrator users have access to all application logs in all namespaces, if they also get assigned the `cluster-logging-application-view` role.
87+
// end::LokiMode[]
88+
89+
// tag::NetObservMode[]
90+
Administrator users have access to all network logs across the cluster.
91+
// end::NetObservMode[]
7892

7993
.Example LokiStack CR
8094
[source,yaml]
8195
----
8296
apiVersion: loki.grafana.com/v1
8397
kind: LokiStack
8498
metadata:
99+
# tag::LokiMode[]
85100
name: logging-loki
86101
namespace: openshift-logging
102+
# end::LokiMode[]
103+
# tag::NetObservMode[]
104+
name: loki
105+
namespace: netobserv
106+
# end::NetObservMode[]
87107
spec:
88108
tenants:
89109
# tag::LokiMode[]

0 commit comments

Comments
 (0)