系統元件的 RBAC 權限

Google Distributed Cloud 會將 Pod 部署至具有提升RBAC 權限的節點,例如修改所有 Deployment 和讀取所有叢集密鑰的權限。Google Distributed Cloud 必須取得這些權限才能正常運作。

下表列出所有具有提升權限的 Google Distributed Cloud 元件:

  • ais
  • anet-operator
  • anthos-cluster-operator
  • anthos-multinet-controller
  • cap-controller-manager
  • capi-controller-manager
  • capi-kubeadm-bootstrap-controller-manager
  • cdi-operator
  • cert-manager-cainjector
  • cert-manager-webhook
  • cert-manager
  • cluster-metrics-webhook
  • csi-snapshot-controller
  • istio-ingress
  • istiod
  • kube-state-metrics
  • localpv
  • metallb-controller
  • metrics-server-operator
  • metrics-server
  • network-controller-manager
  • sp-anthos-static-provisioner
  • stackdriver-operator
  • virt-api
  • virt-controller
  • virt-handler
  • virt-operator
  • vm-controller-controller-manager
  • vmruntime-controller-manager