Google Distributed Cloud deploys Pods to your nodes that have elevated role-based access control (RBAC) permissions such as the ability to modify all Deployments and to read all cluster Secrets. These permissions are required for Google Distributed Cloud to function correctly.
The following components have elevated RBAC permissions:
- gke-connect-agent
- ais
- coredns-autoscaler
- kube-proxy
- calico-node
- anet-operator
- metal
- cluster-health-controller
- gmsa-webhook
- onprem-user-cluster-controller
- gke-usage-metering
- metrics-server