Google Distributed Cloud deploys Pods to your nodes that have elevated
RBAC
permissions such as the ability to modify all Deployments and to read all
cluster Secrets. These permissions are required for Google Distributed Cloud to
function correctly.
These are the components that have elevated RBAC permissions:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-05 UTC."],[[["Google Distributed Cloud requires elevated RBAC permissions on its Pods to function correctly, enabling modifications to Deployments and access to cluster Secrets."],["Several Google Distributed Cloud components, including gke-connect-agent and ais, are granted these elevated RBAC permissions."],["Components such as coredns-autoscaler, kube-proxy, and calico-node, as well as metallb-speaker and metallb-controller also operate with elevated RBAC permissions within Google Distributed Cloud."],["Other components with the elevated RBAC permissions include cluster-health-controller, gmsa-webhook, onprem-user-cluster-controller, gke-usage-metering, and metrics-server."]]],[]]
