3.0.X
Search…
⌃K

TVK Pod/Job Capabilities

This page covers the permissions for TrilioVault pods and jobs.

TVK Application :

Operation
Original Kind
Capabilities
RunAsUser / RunAsNonRoot
Privileged / AllowPrivilegeEscalation
ReadOnlyRootFilesystem
Admission-webhook
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Webhook-init
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Control Plane
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Analyzer
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Exporter
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Ingress-nginx-controller
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Web
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Web Backend
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Dex
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true
Dex-Init
Deployment
KILL, AUDIT_WRITE
1001, true
false, false
true

Target :

Operation
Original Kind
Has data-attacher
Capabilities
RunAsUser / RunAsNonRoot
Privileged / AllowPrivilegeEscalation
ReadOnlyRootFilesystem
Validator
Job
true
SYS_ADMIN
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Target Browser
Deployment
true
SYS_ADMIN
0, false
For NFS target - false, false For ObjectStore target - true, true
true

BackupPlan / ClusterBackupPlan :

Operation
Original Kind
Has data-attacher
Capabilities
RunAsUser / RunAsNonRoot
Privileged / AllowPrivilegeEscalation
ReadOnlyRootFilesystem
Backup / ClusterBackup Scheduler
Job
false
KILL, AUDIT_WRITE
1001, true
false, false
true

Backup :

Operation
Original Kind
Has data-attacher
Capabilities
RunAsUser / RunAsNonRoot
Privileged / AllowPrivilegeEscalation
ReadOnlyRootFilesystem
Snapshotting
Job
true
SYS_ADMIN
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Metadata Upload
Job
true
SYS_ADMIN
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Retention
Job
true
SYS_ADMIN
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Data Upload
Job
true
For NFS target - CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID For ObjectStore target - SYS_ADMIN
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Quiesce
Job
false
KILL, AUDIT_WRITE
1001, true
false, false
true
Unquiesce
Job
false
KILL, AUDIT_WRITE
1001, true
false, false
true
Cleaner
Job
true
SYS_ADMIN
0, false
For NFS target - false, false For ObjectStore target - true, true
true

Restore :

Operation
Original Kind
Has data-attacher
Capabilities
RunAsUser / RunAsNonRoot
Privileged / AllowPrivilegeEscalation
ReadOnlyRootFilesystem
Metadata Validation
Job
true
SYS_ADMIN
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Metadata Restore
Job
true
SYS_ADMIN
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Add Protection
Job
true
SYS_ADMIN
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Data Restore
Job
true
For NFS target - CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID For ObjectStore target - SYS_ADMIN
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Quiesce
Job
false
KILL, AUDIT_WRITE
1001, true
false, false
true
Cleanup
Job
false
KILL, AUDIT_WRITE
1001, true
false, false
true

ClusterRestore :

Operation
Original Kind
Has data-attacher
Capabilities
RunAsUser / RunAsNonRoot
Privileged / AllowPrivilegeEscalation
ReadOnlyRootFilesystem
Pre Cluster Restore
Job
true
SYS_ADMIN
0, false
For NFS target - false, false For ObjectStore target - true, true
true
Cleanup
Job
false
KILL, AUDIT_WRITE
1001, true
false, false
true