Version 1.9. This version is no longer supported. For more information, see the version support policy. For information about how to upgrade to version 1.10, see Upgrading Anthos on bare metal in the 1.10 documentation.

Available supported versions: 1.14  |   1.13  |   1.12

RBAC permissions for system components

Stay organized with collections Save and categorize content based on your preferences.

Anthos clusters on bare metal deploys Pods to your nodes that have elevated RBAC permissions such as the ability to modify all Deployments and to read all cluster Secrets. These permissions are required for Anthos clusters on bare metal to function correctly.

The following table lists all Anthos clusters on bare metal components with elevated permissions:

  • ais
  • anet-operator
  • anthos-cluster-operator
  • anthos-multinet-controller
  • cap-controller-manager
  • capi-controller-manager
  • capi-kubeadm-bootstrap-controller-manager
  • cdi-operator
  • cert-manager-cainjector
  • cert-manager-webhook
  • cert-manager
  • cluster-metrics-webhook
  • csi-snapshot-controller
  • istio-ingress
  • istiod
  • kube-state-metrics
  • localpv
  • metallb-controller
  • metrics-server-operator
  • metrics-server
  • network-controller-manager
  • sp-anthos-static-provisioner
  • stackdriver-operator
  • virt-api
  • virt-controller
  • virt-handler
  • virt-operator
  • vm-controller-controller-manager
  • vmruntime-controller-manager