The problem was arrived, when guys from my team decided to redeploy matrics once again. Current version of our Origin is 1.5.1. (We are one step before upgrade to 3.6).
The ansible flow used "latest" tag. This mean that we have 1.5.1 with metrics images from latest master branch.
The latest metrics, has got some issues. After upgrade all our customers stopped seeing metrics and had lost access to them.
Result was error code in browser 403, cannot retrieve metrics, and screen from my last email.
After deeper investigation , I had discovered , that metrics are working fine, but simple there is no permissions to see them.
"cluster-admin" allows me to see metrics, then I noticed that cluster reader is the minimum access level, which allows me to see metrics.
I couldn't find answers so I decided to create my own metrics role, that allows all authenticated users (customers), see own metrics. The role allows only to gain access to metrics ,
This policy solved my problems, till time when we approach to upgrade to the latest version.
After creation just assign it to proper group. For example, if you want to grant this permissions to all authenticated users from oauth , you can choose "system:authenticate-oauth"