Collector Manager Permissions Overview
Below, you can find the permissions configuration for the Plerion Collector Manager. This configuration includes definitions for service accounts, cluster roles, cluster role bindings, roles, and role bindings, allowing you to understand the precise permissions granted to the collector-manager.
# ------------------------------------------------------------------------------
# Service Account
# ------------------------------------------------------------------------------
apiVersion: v1
kind: ServiceAccount
metadata:
name: plerion-collector-manager
namespace: plerion-system
labels:
app.kubernetes.io/instance: plerion-collector-manager
app.kubernetes.io/name: collector-manager
# ------------------------------------------------------------------------------
# Cluster Role
# ------------------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: plerion-collector-manager
labels:
app.kubernetes.io/instance: plerion-collector-manager
app.kubernetes.io/name: collector-manager
rules:
# ----------------------------------------------------------------------------
# (Read Only)
# Required for functional operation of KSPM
# ----------------------------------------------------------------------------
- verbs:
- list
apiGroups:
- apps
resources:
- deployments
- replicasets
- statefulsets
- daemonsets
- verbs:
- get
- list
apiGroups:
- ''
resources:
- serviceaccounts
- verbs:
- list
apiGroups:
- ''
resources:
- services
- configmaps
- resourcequotas
- limitranges
- replicationcontrollers
- nodes
- verbs:
- list
apiGroups:
- batch
resources:
- cronjobs
- jobs
- verbs:
- list
apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
- verbs:
- list
apiGroups:
- networking.k8s.io
resources:
- networkpolicies
- ingresses
- verbs:
- get
- list
- watch
apiGroups:
- ''
resources:
- pods
- verbs:
- get
apiGroups:
- ''
resources:
- pods
# (Additional rules changes may apply when fetching other Kubernetes resources.)
# ------------------------------------------------------------------------------
# Cluster Role Binding
# ------------------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: plerion-collector-manager
labels:
app.kubernetes.io/instance: plerion-collector-manager
app.kubernetes.io/name: collector-manager
subjects:
- kind: ServiceAccount
name: plerion-collector-manager
namespace: plerion-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: plerion-collector-manager
# ------------------------------------------------------------------------------
# Role
# ------------------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: plerion-collector-manager
namespace: plerion-system
labels:
app.kubernetes.io/instance: plerion-collector-manager
app.kubernetes.io/name: collector-manager
rules:
# ------------------------------------------------------------------------------------
# (Optional)
# Required for operation of collector-manager, like leader election, maintaining labels
# ------------------------------------------------------------------------------------
- verbs:
- get
- create
- update
apiGroups:
- coordination.k8s.io
resources:
- leases
- verbs:
- create
apiGroups:
- ''
resources:
- events
- verbs:
- update
apiGroups:
- ''
resources:
- pods
# ------------------------------------------------------------------------------
# Role Binding
# ------------------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: plerion-collector-manager
namespace: plerion-system
labels:
app.kubernetes.io/instance: plerion-collector-manager
app.kubernetes.io/name: collector-manager
subjects:
- kind: ServiceAccount
name: plerion-collector-manager
namespace: plerion-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: plerion-collector-manager