T4K Pod/Job Capabilities
This page covers the permissions for Trilio pods and jobs.
Last updated
This page covers the permissions for Trilio pods and jobs.
Last updated
Operation | Original Kind | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
---|---|---|---|---|---|
Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
---|---|---|---|---|---|---|
Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
---|---|---|---|---|---|---|
Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
---|---|---|---|---|---|---|
Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
---|---|---|---|---|---|---|
Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
---|---|---|---|---|---|---|
Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
---|---|---|---|---|---|---|
Admission-webhook
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Webhook-init
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Control Plane
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Analyzer
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Exporter
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Ingress-nginx-controller
Deployment
NET_BIND_SERVICE
101, true
false, true
false
Web
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Web Backend
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Dex
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Dex-Init
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Manager
Deployment
KILL, AUDIT_WRITE
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Syncer
Deployment
KILL, AUDIT_WRITE
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Watcher
Deployment
CHOWN,FOWNER,DAC_OVERRIDE,SETGID,SETUID
For NFS target - 1001, true For ObjectStore target - 0, false
For NFS target - false, false For ObjectStore target - true, true
false
Continuous Restore Service
Deployment
CHOWN,FOWNER,DAC_OVERRIDE,SETGID,SETUID
For NFS target - 1001, true For ObjectStore target - 0, false
For NFS target - false, false For ObjectStore target - true, true
false
Continuous Restore Responder
Deployment
CHOWN,FOWNER,DAC_OVERRIDE,SETGID,SETUID
For NFS target - 1001, true For ObjectStore target - 0, false
For NFS target - false, false For ObjectStore target - true, true
false
Resource Cleaner
Job
KILL, AUDIT_WRITE
1001, true
false, false
true
Validator
Job
true
AUDIT_WRITE,KILL
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Target Browser
Deployment
true
CHOWN,FOWNER,DAC_OVERRIDE,SETGID,SETUID
0, false
For NFS target - true, true For ObjectStore target - true, true
true
Backup / ClusterBackup Scheduler
Job
false
KILL, AUDIT_WRITE
1001, true
false, false
true
Snapshotting
Job
true
CHOWN,FOWNER,DAC_OVERRIDE,SETGID,SETUID
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Image Backup
Job
true
T4K 3.0.3 onwards:
CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID
T4K < 3.0.3:
For NFS target - CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID For ObjectStore target - SYS_ADMIN
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Metadata Upload
Job
true
CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Retention
Job
true
CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Data Upload
Job
true
T4K 3.0.3 onwards:
CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID
T4K < 3.0.3:
For NFS target - CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID For ObjectStore target - SYS_ADMIN
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Quiesce
Job
false
KILL, AUDIT_WRITE
1001, true
false, false
true
Unquiesce
Job
false
KILL, AUDIT_WRITE
1001, true
false, false
true
Cleaner
Job
true
KILL, AUDIT_WRITE
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Metadata Validation
Job
true
CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Metadata Restore
Job
true
CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Add Protection
Job
true
CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Data Owner Update
Job
true
CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID
1001, true
false, false
true
Data Restore
Job
true
T4K 3.0.3 onwards:
CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID
T4K < 3.0.3:
For NFS target - CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID For ObjectStore target - SYS_ADMIN
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Quiesce
Job
false
KILL, AUDIT_WRITE
1001, true
false, false
true
Cleanup
Job
false
KILL, AUDIT_WRITE
1001, true
false, false
true
Pre Cluster Restore
Job
true
CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID
For NFS target - 1001, true For ObjectStore target - 0, false
For NFS target - false, false For ObjectStore target - true, true
true
Cleanup
Job
false
KILL, AUDIT_WRITE
1001, true
false, false
true
Pre Consistent Set
Job
true
CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID
For NFS target - 1001, true For ObjectStore target - 0, false
For NFS target - false, false For ObjectStore target - true, true
true
Data Restore
Job
true
CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID
For NFS target - 1001, true For ObjectStore target - 0, false
For NFS target - false, false For ObjectStore target - true, true
true