Deploy Helm chart for linkerd-viz using stable-2.13.x - can no longer access Prometheus

Hello All,

New to Linkerd. I was deploying Helm charts that were using linkerd-viz release stable-2.12.x and I was able to access the provided Prometheus server without a problem. Now, if I deploy any Helm chart that is using linkerd-viz release stable-2.13.x, I get a 403 Forbidden error when trying to access the provided Prometheus server.

As additional info, the control-plane is running stable-2.13.5.

I’m assuming this is some sort of new/changed authorization policy, but have no clue as to what I should modify or add. Any assistance would be greatly appreciated. Thanks.

By default, Linkerd-viz’s Prometheus is locked down so that it can only be accessed by the metrics-api service account:

You can create more AuthorizationPolicy resources to allow access from other service accounts or subnets. For more details on how AuthorizationPolicies work, see: Authorization Policy | Linkerd

Thanks! So one other question: Do these AuthorizationPolicy objects go into effect immediately, or does anything require a restart?

They are detected and go into effect immediately automatically so there’s no need to restart anything.