I'm new to k8s, prometheus. I'm trying to collect the metrics of each pods with prometheus but unable to so because of the error: API ERROR.
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
  },
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/metrics\"",
  "reason": "Forbidden",
  "details": {
  },
  "code": 403
}
Create the following manifests:
ServiceAccount.yaml:
    apiVersion: v1
    kind: ServiceAccount
    metadata:
        labels:
            app.kubernetes.io/name: kube-state-metrics
        name: kube-state-metrics
        namespace: grafanaClusterRole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
    labels:
        app.kubernetes.io/name: kube-state-metrics
    name: kube-state-metrics
rules:
    - apiGroups:
        - ""
      resources:
          - configmaps
          - secrets
          - nodes
          - pods
          - services
          - resourcequotas
          - replicationcontrollers
          - limitranges
          - persistentvolumeclaims
          - persistentvolumes
          - namespaces
          - endpoints
      verbs:
          - list
          - watch
    - apiGroups:
        - extensions
      resources:
          - daemonsets
          - deployments
          - replicasets
          - ingresses
      verbs:
          - list
          - watch
    - apiGroups:
        - apps
      resources:
          - statefulsets
          - daemonsets
          - deployments
          - replicasets
      verbs:
          - list
          - watch
    - apiGroups:
        - batch
      resources:
          - cronjobs
          - jobs
      verbs:
          - list
          - watch
    - apiGroups:
        - autoscaling
      resources:
          - horizontalpodautoscalers
      verbs:
          - list
          - watch
    - apiGroups:
        - authentication.k8s.io
      resources:
          - tokenreviews
      verbs:
        - create
    - apiGroups:
        - authorization.k8s.io
      resources:
          - subjectaccessreviews
      verbs:
          - create
    - apiGroups:
        - policy
      resources:
          - poddisruptionbudgets
      verbs:
          - list
          - watch
    - apiGroups:
        - certificates.k8s.io
      resources:
          - certificatesigningrequests
      verbs:
          - list
          - watch
    - apiGroups:
        - storage.k8s.io
      resources:
          - storageclasses
      verbs:
          - list
          - watch
    - nonResourceURLs:
          - "/metrics"
      verbs:
          - getClusterRoleBinding.yaml:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
    labels:
        app.kubernetes.io/name: kube-state-metrics
    name: kube-state-metrics
roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: kube-state-metrics
subjects:
    - kind: ServiceAccount
      name: kube-state-metrics
      namespace: grafanaAnd inform your Kube-State-Metrics deployment to use the new ServiceAccount with the following addition to your Template Spec: serviceAccountName: kube-state-metrics.
system:anonymous means that an unauthenticated user is trying to get a resource from your cluster, which is forbidden. You will need to create a service account, then give that service account some permissions through RBAC, then make that service account to get the metrics. All that is documented.
As a workaround, you can do this:
kubectl create clusterrolebinding prometheus-admin --clusterrole cluster-admin --user system:anonymousNow, note that this is a terrible idea, unless you are playing with kubernetes. With this permission you are giving any unauthenticated user total permissions into your cluster.