This page covers the permissions for Trilio pods and jobs.
Last updated
| Operation | Privileged / AllowPrivilegeEscalation | RunAsUser / RunAsNonRoot | ReadOnlyRootFilesystem | Capabilities | Original Kind |
|---|---|---|---|---|---|
| Operation | Privileged / AllowPrivilegeEscalation | RunAsUser / RunAsNonRoot | ReadOnlyRootFilesystem | Capabilities | Has data-attacher | Original Kind |
|---|---|---|---|---|---|---|
| Operation | Privileged / AllowPrivilegeEscalation | RunAsUser / RunAsNonRoot | ReadOnlyRootFilesystem | Capabilities | Has data-attacher | Original Kind |
|---|---|---|---|---|---|---|
| Operation | Privileged / AllowPrivilegeEscalation | RunAsUser / RunAsNonRoot | ReadOnlyRootFilesystem | Capabilities | Has data-attacher | Original Kind |
|---|---|---|---|---|---|---|
| Operation | Privileged / AllowPrivilegeEscalation | RunAsUser / RunAsNonRoot | ReadOnlyRootFilesystem | Capabilities | Has data-attacher | Original Kind |
|---|---|---|---|---|---|---|
| Operation | Privileged / AllowPrivilegeEscalation | RunAsUser / RunAsNonRoot | ReadOnlyRootFilesystem | Capabilities | Has data-attacher | Original Kind |
|---|---|---|---|---|---|---|
| Operation | Privileged / AllowPrivilegeEscalation | RunAsUser / RunAsNonRoot | ReadOnlyRootFilesystem | Capabilities | Has data-attacher | Original Kind |
|---|---|---|---|---|---|---|
Admission-webhook
false, false
1001, true
true
KILL, AUDIT_WRITE
Deployment
Webhook-init
false, false
1001, true
true
KILL, AUDIT_WRITE
Deployment
Control Plane
false, false
1001, true
true
KILL, AUDIT_WRITE
Deployment
Analyzer
false, false
1001, true
true
KILL, AUDIT_WRITE
Deployment
Exporter
false, false
1001, true
true
KILL, AUDIT_WRITE
Deployment
Ingress-nginx-controller
false, true
101, true
false
NET_BIND_SERVICE
Deployment
Web
false, false
1001, true
true
KILL, AUDIT_WRITE
Deployment
Web Backend
false, false
1001, true
true
KILL, AUDIT_WRITE
Deployment
Dex
false, false
1001, true
true
KILL, AUDIT_WRITE
Deployment
Dex-Init
false, false
1001, true
true
KILL, AUDIT_WRITE
Deployment
Manager
For NFS target - false, false For ObjectStore target - true, true
0, false
true
KILL, AUDIT_WRITE
Deployment
Syncer
For NFS target - false, false For ObjectStore target - true, true
0, false
true
KILL, AUDIT_WRITE
Deployment
Watcher
For NFS target - false, false For ObjectStore target - true, true
For NFS target - 1001, true For ObjectStore target - 0, false
false
CHOWN,FOWNER,DAC_OVERRIDE,SETGID,SETUID
Deployment
Continuous Restore Service
For NFS target - false, false For ObjectStore target - true, true
For NFS target - 1001, true For ObjectStore target - 0, false
false
CHOWN,FOWNER,DAC_OVERRIDE,SETGID,SETUID
Deployment
Continuous Restore Responder
For NFS target - false, false For ObjectStore target - true, true
For NFS target - 1001, true For ObjectStore target - 0, false
false
CHOWN,FOWNER,DAC_OVERRIDE,SETGID,SETUID
Deployment
Resource Cleaner
false, false
1001, true
true
KILL, AUDIT_WRITE
Job
Validator
For NFS target - false, false For ObjectStore target - true, true
0, false
true
AUDIT_WRITE,KILL
true
Job
Target Browser
For NFS target - true, true For ObjectStore target - true, true
0, false
true
CHOWN,FOWNER,DAC_OVERRIDE,SETGID,SETUID
true
Deployment
Backup / ClusterBackup Scheduler
false, false
1001, true
true
KILL, AUDIT_WRITE
false
Job
Snapshotting
For NFS target - false, false For ObjectStore target - true, true
0, false
true
CHOWN,FOWNER,DAC_OVERRIDE,SETGID,SETUID
true
Job
Image Backup
For NFS target - false, false For ObjectStore target - true, true
0, false
true
T4K 3.0.3 onwards:
CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID
T4K < 3.0.3:
For NFS target - CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID For ObjectStore target - SYS_ADMIN
true
Job
Metadata Upload
For NFS target - false, false For ObjectStore target - true, true
0, false
true
CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID
true
Job
Retention
For NFS target - false, false For ObjectStore target - true, true
0, false
true
CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID
true
Job
Data Upload
For NFS target - false, false For ObjectStore target - true, true
0, false
true
T4K 3.0.3 onwards:
CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID
T4K < 3.0.3:
For NFS target - CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID For ObjectStore target - SYS_ADMIN
true
Job
Quiesce
false, false
1001, true
true
KILL, AUDIT_WRITE
false
Job
Unquiesce
false, false
1001, true
true
KILL, AUDIT_WRITE
false
Job
Cleaner
For NFS target - false, false For ObjectStore target - true, true
0, false
true
KILL, AUDIT_WRITE
true
Job
Metadata Validation
For NFS target - false, false For ObjectStore target - true, true
0, false
true
CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID
true
Job
Metadata Restore
For NFS target - false, false For ObjectStore target - true, true
0, false
true
CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID
true
Job
Add Protection
For NFS target - false, false For ObjectStore target - true, true
0, false
true
CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID
true
Job
Data Owner Update
false, false
1001, true
true
CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID
true
Job
Data Restore
For NFS target - false, false For ObjectStore target - true, true
0, false
true
T4K 3.0.3 onwards:
CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID
T4K < 3.0.3:
For NFS target - CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID For ObjectStore target - SYS_ADMIN
true
Job
Quiesce
false, false
1001, true
true
KILL, AUDIT_WRITE
false
Job
Cleanup
false, false
1001, true
true
KILL, AUDIT_WRITE
false
Job
Pre Cluster Restore
For NFS target - false, false For ObjectStore target - true, true
For NFS target - 1001, true For ObjectStore target - 0, false
true
CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID
true
Job
Cleanup
false, false
1001, true
true
KILL, AUDIT_WRITE
false
Job
Pre Consistent Set
For NFS target - false, false For ObjectStore target - true, true
For NFS target - 1001, true For ObjectStore target - 0, false
true
CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID
true
Job
Data Restore
For NFS target - false, false For ObjectStore target - true, true
For NFS target - 1001, true For ObjectStore target - 0, false
true
CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID
true
Job
