This page lists the Kubernetes Roles and ClusterRoles used by Odigos and the Odigos Operator.Documentation Index
Fetch the complete documentation index at: https://docs.odigos.io/llms.txt
Use this file to discover all available pages before exploring further.
Components
This section lists the RBAC policies used by the Odigos components.ClusterRoles
Below are the ClusterRoles used by Odigos components.odigos-autoscaler
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| odigos.io | instrumentationconfigs | * | get list watch |
| odigos.io | sources | * | get list watch |
| odigos.io | collectorsgroups/finalizers | * | get patch update |
| admissionregistration.k8s.io | validatingwebhookconfigurations | * | get list watch |
| admissionregistration.k8s.io | validatingwebhookconfigurations | odigos-action-validating-webhook-configuration | update |
| apiregistration.k8s.io | apiservices | * | get list watch create update patch |
cleanup-clusterrole
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| odigos.io | sources | * | list delete |
| * | pods | * | list |
| * | nodes | * | list patch |
odigos-gateway
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| odigos.io | instrumentationconfigs | * | get list watch |
| * | pods namespaces | * | get list watch |
| apps | replicasets deployments statefulsets daemonsets | * | get list watch |
odigos-instrumentor
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| * | nodes | * | list watch get |
| * | namespaces | * | list watch get |
| * | pods | * | list watch get |
| batch | cronjobs | * | list watch get |
| apps | daemonsets | * | get list watch update patch |
| apps | deployments | * | get list watch update patch |
| apps | statefulsets | * | get list watch update patch |
| apps | statefulsets/finalizers deployments/finalizers daemonsets/finalizers | * | update |
| apps.openshift.io | deploymentconfigs deploymentconfigs/finalizers | * | get list watch update patch |
| argoproj.io | rollouts | * | get list watch patch |
| operator.odigos.io | odigos/finalizers | * | update |
| odigos.io | instrumentationconfigs/status | * | get patch update |
| odigos.io | instrumentationconfigs | * | create delete get list patch update watch |
| odigos.io | sources | * | create delete get list patch update watch |
| odigos.io | sources/finalizers | * | update |
| admissionregistration.k8s.io | mutatingwebhookconfigurations | * | get list watch |
| admissionregistration.k8s.io | mutatingwebhookconfigurations | odigos-source-mutating-webhook-configuration odigos-pod-mutating-webhook-configuration | update |
| admissionregistration.k8s.io | validatingwebhookconfigurations | * | get list watch |
| admissionregistration.k8s.io | validatingwebhookconfigurations | odigos-source-validating-webhook-configuration | update |
odiglet
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| * | pods services | * | get list watch |
| * | pods/status | * | get |
| * | pods/finalizers | * | update |
| * | nodes | * | get list watch patch update |
| odigos.io | instrumentationinstances | * | create get list patch update watch delete |
| odigos.io | instrumentationinstances/status | * | get patch update |
| odigos.io | instrumentationconfigs | * | get list watch patch update |
| odigos.io | instrumentationconfigs/status | * | get patch update |
| * | nodes/stats | * | get list |
| * | pods namespaces | * | get list watch |
| apps | replicasets deployments daemonsets statefulsets | * | get list watch |
| discovery.k8s.io | endpointslices | * | get list watch |
odigos-scheduler
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| odigos.io | instrumentationconfigs | * | get list watch |
| * | configmaps/finalizers | * | update |
| batch | cronjobs | * | list watch |
| * | configmaps | * | list |
odigos-ui
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| * | namespaces | * | get list watch patch |
| apps | deployments statefulsets daemonsets | * | get list watch update patch |
| batch | cronjobs | * | get list watch update patch |
| apps.openshift.io | deploymentconfigs | * | get list watch update patch |
| argoproj.io | rollouts | * | get list watch update patch |
| apps | replicasets | * | get list |
| * | services | * | get list |
| * | pods | * | get list watch delete |
| odigos.io | * | * | get list watch |
| odigos.io | instrumentationconfigs instrumentationinstances sources samplings | * | update patch create delete |
| operator.odigos.io | odigos | * | get list watch |
| actions.odigos.io | * | * | get list watch |
Roles
Below are the Roles used by Odigos components. These Roles are only scoped to the Namespace in which Odigos is installed.odigos-autoscaler
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| * | pods | * | get list watch |
| * | configmaps | * | get list watch create patch update delete |
| * | services | * | get list watch create patch update delete deletecollection |
| apps | daemonsets | * | get list watch create patch update delete deletecollection |
| apps | daemonsets/status | * | get |
| apps | deployments | * | create delete deletecollection get list patch update watch |
| apps | deployments/status | * | get |
| autoscaling | horizontalpodautoscalers | * | create patch update delete |
| * | secrets | * | get list watch |
| * | secrets | autoscaler-webhooks-cert | update |
| * | secrets | autoscaler-webhook-cert | delete |
| odigos.io | destinations | * | get list watch |
| odigos.io | destinations/status | * | get patch update |
| odigos.io | processors | * | get list watch create patch update delete |
| actions.odigos.io | * | * | get list watch update |
| actions.odigos.io | */status | * | get patch update |
| odigos.io | collectorsgroups | * | get list watch |
| odigos.io | collectorsgroups/status | * | get patch update |
| odigos.io | actions | * | get list watch create patch update |
| odigos.io | actions/status | * | get patch update |
| apps | deployments/finalizers | * | update |
cleanup-role
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| * | configmaps | odigos-deployment odigos-configuration | get |
| * | configmaps | * | list |
| * | configmaps | odigos-config | get delete |
odigos-gateway
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| * | configmaps | odigos-gateway | get list watch |
odigos-instrumentor
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| * | configmaps | effective-config | get list watch |
| odigos.io | collectorsgroups | * | get list watch |
| odigos.io | collectorsgroups/status | * | get list watch |
| odigos.io | destinations | * | get list watch |
| odigos.io | instrumentationrules | * | get list watch |
| odigos.io | instrumentationrules/status | * | get patch update |
| odigos.io | actions samplings | * | get list watch |
| odigos.io | samplings/status | * | get patch update |
| * | secrets | * | get list watch |
| * | secrets | instrumentor-webhooks-cert | update |
| * | secrets | webhook-cert | delete |
| apps | daemonsets | odiglet | get list watch |
odigos-leader-election-role
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| * | events | * | create patch |
| coordination.k8s.io | leases | * | get list watch create update patch delete |
odiglet
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| * | configmaps | * | list watch |
| * | configmaps | odigos-data-collection effective-config | get list watch |
odigos-scheduler
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| * | configmaps | * | get list watch |
| * | configmaps | effective-config odigos-deployment odigos-go-offsets | patch create update |
| * | configmaps | odigos-config | delete |
| odigos.io | collectorsgroups | * | get list create patch update watch delete |
| odigos.io | collectorsgroups/status | * | get |
| odigos.io | instrumentationrules processors actions | * | get list watch patch delete create |
| * | secrets | * | get list watch |
| batch | cronjobs | odigos-go-offsets-updater | get list watch create update patch delete |
| batch | jobs | * | create |
| apps | daemonsets | odiglet | patch |
| apps | deployments | odigos-scheduler | get list watch |
| odigos.io | destinations | * | get list watch |
| odigos.io | samplings | * | get list watch |
| apps | deployments/finalizers | * | update |
odigos-ui
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| * | configmaps | * | get list watch create update patch |
| * | secrets | * | get list watch create patch update delete |
| apps | replicasets | * | get list |
| autoscaling | horizontalpodautoscalers | * | get |
| odigos.io | * | * | get list watch |
| odigos.io | instrumentationrules destinations actions samplings | * | create patch update delete |
| odigos.io | collectorsgroups | * | get list watch |
| actions.odigos.io | * | * | get list watch create patch update delete |
| operator.odigos.io | odigos | * | get list watch |
| apps | deployments/scale | odigos-instrumentor | get update patch |
| apps | daemonsets | odiglet | get update patch |
| * | pods | * | get list delete |
| * | pods/log | * | get |
| * | pods/proxy | * | get |
Operator
This section lists the RBAC policies used by the Odigos Operator. Many of these permissions are necessary in order to create the RBAC policies for the components listed above.ClusterRoles
| APIGroups | Resources | Resource Names | Verbs |
|---|---|---|---|
| * | configmaps endpoints secrets services | * | create delete deletecollection get list patch update watch |
| * | configmaps/finalizers pods/finalizers | * | update |
| * | events | * | create get list patch watch |
| * | namespaces | * | get list patch watch |
| * | namespaces/status nodes/spec nodes/stats replicationcontrollers replicationcontrollers/status resourcequotas | * | get list watch |
| * | nodes | * | get list patch update watch |
| * | pods | * | delete get list watch |
| * | pods/log pods/proxy pods/status | * | get |
| * | serviceaccounts | * | create delete get list patch watch |
| actions.odigos.io | * | * | create delete deletecollection get list patch update watch |
| actions.odigos.io | */status | * | get patch update |
| admissionregistration.k8s.io | mutatingwebhookconfigurations validatingwebhookconfigurations | * | create delete get list patch update watch |
| apiextensions.k8s.io | customresourcedefinitions | * | create delete deletecollection get list patch update watch |
| apiregistration.k8s.io | apiservices | * | create get list patch update watch |
| apps | daemonsets deployments replicasets statefulsets | * | create delete deletecollection get list patch update watch |
| apps | daemonsets/finalizers deployments/finalizers replicasets/finalizers statefulsets/finalizers | * | update |
| apps | daemonsets/status deployments/status statefulsets/status | * | get |
| apps | deployments/scale | * | get patch update |
| apps.openshift.io | deploymentconfigs deploymentconfigs/finalizers | * | get list patch update watch |
| argoproj.io | rollouts | * | get list patch update watch |
| autoscaling | horizontalpodautoscalers | * | create delete get list patch update watch |
| batch | cronjobs | * | create delete get list patch update watch |
| batch | jobs | * | create delete get list watch |
| coordination.k8s.io | leases | * | create delete get list patch update watch |
| discovery.k8s.io | endpointslices | * | get list watch |
| extensions | daemonsets deployments replicasets | * | get list watch |
| odigos.io | * | * | * |
| odigos.io | collectorsgroups/finalizers sources/finalizers | * | update |
| odigos.io | collectorsgroups/status destinations/status instrumentationconfigs/status instrumentationinstances/status | * | get list patch update watch |
| odigos.io | instrumentationrules/status | * | get patch update |
| odigos.io | sampling | * | create delete get list patch update watch |
| operator.odigos.io | odigos | * | create delete get list patch update watch |
| operator.odigos.io | odigos/finalizers | * | update |
| operator.odigos.io | odigos/status | * | get patch update |
| policy | podsecuritypolicies | privileged | use |
| rbac.authorization.k8s.io | clusterrolebindings clusterroles rolebindings roles | * | create delete deletecollection get list patch update watch |
| security.openshift.io | securitycontextconstraints | * | use |
| authentication.k8s.io | tokenreviews | * | create |
| authorization.k8s.io | subjectaccessreviews | * | create |