Getting started
Administration
- User management
- Single sign-on
Integrations
- Cloud
- AWS
- Azure
- GCP
- Kubernetes
- KSPM overview
- Workload scanning overview
- Plerion Collector Manager
- Metrics
- Troubleshooting
- Code
- Compliance and security
- Messaging
- Ticketing
- Others
Platform
- Overview
- Alerts
- Assets
- Asset groups
- Well-Architected workloads
- Compliance
- Custom reports
- CWPP
- Entitlements
- Findings
- Plerion risk score
- Workflows
- How CDR selects a principal
- Subscription
Collector Manager Permissions Overview
Below, you can find the permissions configuration for the Plerion Collector Manager. This configuration includes definitions for service accounts, cluster roles, cluster role bindings, roles, and role bindings, allowing you to understand the precise permissions granted to the collector-manager.
Copy
Ask AI
# ------------------------------------------------------------------------------
# Service Account
# ------------------------------------------------------------------------------
apiVersion: v1
kind: ServiceAccount
metadata:
name: plerion-collector-manager
namespace: plerion-system
labels:
app.kubernetes.io/instance: plerion-collector-manager
app.kubernetes.io/name: collector-manager
# ------------------------------------------------------------------------------
# Cluster Role
# ------------------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: plerion-collector-manager
labels:
app.kubernetes.io/instance: plerion-collector-manager
app.kubernetes.io/name: collector-manager
rules:
# ----------------------------------------------------------------------------
# (Read Only)
# Required for functional operation of KSPM
# ----------------------------------------------------------------------------
- verbs:
- list
apiGroups:
- apps
resources:
- deployments
- replicasets
- statefulsets
- daemonsets
- verbs:
- get
- list
apiGroups:
- ''
resources:
- serviceaccounts
- verbs:
- list
apiGroups:
- ''
resources:
- services
- configmaps
- resourcequotas
- limitranges
- replicationcontrollers
- nodes
- verbs:
- list
apiGroups:
- batch
resources:
- cronjobs
- jobs
- verbs:
- list
apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
- verbs:
- list
apiGroups:
- networking.k8s.io
resources:
- networkpolicies
- ingresses
- verbs:
- get
- list
- watch
apiGroups:
- ''
resources:
- pods
- verbs:
- get
apiGroups:
- ''
resources:
- pods
# (Additional rules changes may apply when fetching other Kubernetes resources.)
# ------------------------------------------------------------------------------
# Cluster Role Binding
# ------------------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: plerion-collector-manager
labels:
app.kubernetes.io/instance: plerion-collector-manager
app.kubernetes.io/name: collector-manager
subjects:
- kind: ServiceAccount
name: plerion-collector-manager
namespace: plerion-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: plerion-collector-manager
# ------------------------------------------------------------------------------
# Role
# ------------------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: plerion-collector-manager
namespace: plerion-system
labels:
app.kubernetes.io/instance: plerion-collector-manager
app.kubernetes.io/name: collector-manager
rules:
# ------------------------------------------------------------------------------------
# (Optional)
# Required for operation of collector-manager, like leader election, maintaining labels
# ------------------------------------------------------------------------------------
- verbs:
- get
- create
- update
apiGroups:
- coordination.k8s.io
resources:
- leases
- verbs:
- create
apiGroups:
- ''
resources:
- events
- verbs:
- update
apiGroups:
- ''
resources:
- pods
# ------------------------------------------------------------------------------
# Role Binding
# ------------------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: plerion-collector-manager
namespace: plerion-system
labels:
app.kubernetes.io/instance: plerion-collector-manager
app.kubernetes.io/name: collector-manager
subjects:
- kind: ServiceAccount
name: plerion-collector-manager
namespace: plerion-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: plerion-collector-manager
Was this page helpful?
Assistant
Responses are generated using AI and may contain mistakes.