Cluster roles for Kubeturbo
A cluster role specifies the permissions and privileges that are required to perform the following operations.
Operation | Supported role |
---|---|
Deploy Kubeturbo |
To deploy Kubeturbo to a cluster, you must have the
|
Monitor and optimize workloads in your cluster |
The role that you choose for Kubeturbo determines its level of access
to your cluster.
By default, Kubeturbo deploys to
your cluster with the cluster-admin role. This role has full control over
every resource in the cluster.
If you prefer a custom role, you must explicitly set that role when you deploy
Kubeturbo. The following custom roles are supported:
|
Turbonomic cluster admin custom role
apiGroups | Resources | Verbs | Description |
---|---|---|---|
“”
|
pods
|
"*" |
Needed to take automated actions on all pods and jobs. |
“”
|
deployments
|
get
|
Needed to take automated resize actions on all of the resources in the list. |
“”
|
nodes
|
get
|
Needed to discover all off the resources in the list. |
machine.openshift.io |
machines
|
get
|
Needed to automate node provision and suspend in Red Hat OpenShift using machinesets. |
“” |
nodes/spec
|
get |
Needed to discover all off the resources in the list. |
security.openshift.io |
securitycontextconstraints |
list
|
Needed in Red Hat OpenShift to use scc for automated action. |
“” |
serviceaccounts |
create
|
Needed to create, delete and impersonate service accounts for use in automated actions. Kubeturbo
also creates a separate service account for every scc in use for automating actions
with resources using those cc .
|
rbac.authorization.k8s.io |
roles
|
create
|
Needed to create the required resources in the cluster to automate actions. Kubeturbo will autocreate such resources based on the role and update them overtime as needed. |
“” |
secrets |
get
|
Needed for Kubeturbo to read the secret that stores the details on how to connect to . |
Turbonomic cluster reader custom role
apiGroups | Resources | Verbs | Description |
---|---|---|---|
“”
|
nodes
|
get
|
Discover/read all of the resources. |
machine.openshift.io |
machines
|
|
Discover/read all of the machinesets in Red Hat OpenShift. |
“” |
nodes/spec
nodes/stats
nodes/metrics
nodes/proxy
|
get |
Discover/read all of the nodes details. |