RBAC permissions for system components

Stay organized with collections Save and categorize content based on your preferences.

Anthos clusters on VMware deploys Pods to your nodes that have elevated role-based access control (RBAC) permissions such as the ability to modify all Deployments and to read all cluster Secrets. These permissions are required for Anthos clusters on VMware to function correctly.

The following components have elevated RBAC permissions:

  • gke-connect-agent
  • ais
  • coredns-autoscaler
  • kube-proxy
  • calico-node
  • anet-operator
  • metal
  • cluster-health-controller
  • gmsa-webhook
  • onprem-user-cluster-controller
  • gke-usage-metering
  • metrics-server