T4K Pod/Job Capabilities
This page covers the permissions for Trilio pods and jobs.
Deprecated Documentation
This document is deprecated and no longer supported. For accurate, up-to-date information, please refer to the documentation for the latest version of Trilio.
# T4K Pod/Job Capabilities
T4K Application :
| Operation | Original Kind | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
|---|---|---|---|---|---|
Admission-webhook | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Webhook-init | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Control Plane | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Analyzer | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Exporter | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Ingress-nginx-controller | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Web | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Web Backend | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Dex | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Dex-Init | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Target :
| Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
|---|---|---|---|---|---|---|
Validator | Job | true | SYS_ADMIN | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Target Browser | Deployment | true | SYS_ADMIN | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
BackupPlan / ClusterBackupPlan :
| Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
|---|---|---|---|---|---|---|
Backup / ClusterBackup Scheduler | Job | false | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Backup :
| Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
|---|---|---|---|---|---|---|
Snapshotting | Job | true | SYS_ADMIN | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Metadata Upload | Job | true | SYS_ADMIN | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Retention | Job | true | SYS_ADMIN | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Data Upload | Job | true | For NFS target - CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID For ObjectStore target - SYS_ADMIN | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Quiesce | Job | false | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Unquiesce | Job | false | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Cleaner | Job | true | SYS_ADMIN | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Restore :
| Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
|---|---|---|---|---|---|---|
Metadata Validation | Job | true | SYS_ADMIN | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Metadata Restore | Job | true | SYS_ADMIN | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Add Protection | Job | true | SYS_ADMIN | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Data Restore | Job | true | For NFS target - CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID For ObjectStore target - SYS_ADMIN | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Quiesce | Job | false | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Cleanup | Job | false | KILL, AUDIT_WRITE | 1001, true | false, false | true |
ClusterRestore :
| Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
|---|---|---|---|---|---|---|
Pre Cluster Restore | Job | true | SYS_ADMIN | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Cleanup | Job | false | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Last updated