T4K Pod/Job Capabilities
This page covers the permissions for Trilio pods and jobs.
T4K Application :
| Operation | Original Kind | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
|---|---|---|---|---|---|
Admission-webhook | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Webhook-init | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Control Plane | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Analyzer | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Exporter | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Ingress-nginx-controller | Deployment | NET_BIND_SERVICE | 101, true | false, true | false |
Web | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Web Backend | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Dex | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Dex-Init | Deployment | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Manager | Deployment | KILL, AUDIT_WRITE | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Syncer | Deployment | KILL, AUDIT_WRITE | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Watcher | Deployment | CHOWN,FOWNER,DAC_OVERRIDE,SETGID,SETUID | For NFS target - 1001, true For ObjectStore target - 0, false | For NFS target - false, false For ObjectStore target - true, true | false |
Continuous Restore Service | Deployment | CHOWN,FOWNER,DAC_OVERRIDE,SETGID,SETUID | For NFS target - 1001, true For ObjectStore target - 0, false | For NFS target - false, false For ObjectStore target - true, true | false |
Continuous Restore Responder | Deployment | CHOWN,FOWNER,DAC_OVERRIDE,SETGID,SETUID | For NFS target - 1001, true For ObjectStore target - 0, false | For NFS target - false, false For ObjectStore target - true, true | false |
Resource Cleaner | Job | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Target :
| Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
|---|---|---|---|---|---|---|
Validator | Job | true | AUDIT_WRITE,KILL | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Target Browser | Deployment | true | CHOWN,FOWNER,DAC_OVERRIDE,SETGID,SETUID | 0, false | For NFS target - true, true For ObjectStore target - true, true | true |
BackupPlan / ClusterBackupPlan :
| Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
|---|---|---|---|---|---|---|
Backup / ClusterBackup Scheduler | Job | false | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Backup :
| Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
|---|---|---|---|---|---|---|
Snapshotting | Job | true | CHOWN,FOWNER,DAC_OVERRIDE,SETGID,SETUID | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Image Backup | Job | true | T4K 3.0.3 onwards: CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID T4K < 3.0.3: For NFS target - CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID For ObjectStore target - SYS_ADMIN | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Metadata Upload | Job | true | CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Retention | Job | true | CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Data Upload | Job | true | T4K 3.0.3 onwards: CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID T4K < 3.0.3: For NFS target - CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID For ObjectStore target - SYS_ADMIN | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Quiesce | Job | false | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Unquiesce | Job | false | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Cleaner | Job | true | KILL, AUDIT_WRITE | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Restore :
| Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
|---|---|---|---|---|---|---|
Metadata Validation | Job | true | CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Metadata Restore | Job | true | CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Add Protection | Job | true | CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Data Owner Update | Job | true | CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID | 1001, true | false, false | true |
Data Restore | Job | true | T4K 3.0.3 onwards: CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID T4K < 3.0.3: For NFS target - CHOWN, FOWNER, DAC_OVERRIDE, SETGID, SETUID For ObjectStore target - SYS_ADMIN | 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Quiesce | Job | false | KILL, AUDIT_WRITE | 1001, true | false, false | true |
Cleanup | Job | false | KILL, AUDIT_WRITE | 1001, true | false, false | true |
ClusterRestore :
| Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
|---|---|---|---|---|---|---|
Pre Cluster Restore | Job | true | CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID | For NFS target - 1001, true For ObjectStore target - 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Cleanup | Job | false | KILL, AUDIT_WRITE | 1001, true | false, false | true |
ConsistentSet:
| Operation | Original Kind | Has data-attacher | Capabilities | RunAsUser / RunAsNonRoot | Privileged / AllowPrivilegeEscalation | ReadOnlyRootFilesystem |
|---|---|---|---|---|---|---|
Pre Consistent Set | Job | true | CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID | For NFS target - 1001, true For ObjectStore target - 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Data Restore | Job | true | CHOWN,FOWNER,DAC_OVERRIDE,SETUID,SETGID | For NFS target - 1001, true For ObjectStore target - 0, false | For NFS target - false, false For ObjectStore target - true, true | true |
Last updated