> ## Documentation Index
> Fetch the complete documentation index at: https://docs.odigos.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Kubernetes RBAC Permissions
This page lists the Kubernetes Roles and ClusterRoles used by Odigos and the Odigos Operator.
# Components
This section lists the RBAC policies used by the Odigos components.
## ClusterRoles
Below are the ClusterRoles used by Odigos components.
### odigos-autoscaler
| APIGroups | Resources | Resource Names | Verbs |
| ---------------------------- | ------------------------------- | ---------------------------------------------- | ----------------------------------------------------------- |
| odigos.io | instrumentationconfigs | \* | get
list
watch |
| odigos.io | sources | \* | get
list
watch |
| odigos.io | collectorsgroups/finalizers | \* | get
patch
update |
| admissionregistration.k8s.io | validatingwebhookconfigurations | \* | get
list
watch |
| admissionregistration.k8s.io | validatingwebhookconfigurations | odigos-action-validating-webhook-configuration | update |
| apiregistration.k8s.io | apiservices | \* | get
list
watch
create
update
patch |
### cleanup-clusterrole
| APIGroups | Resources | Resource Names | Verbs |
| --------- | --------- | -------------- | ---------------- |
| odigos.io | sources | \* | list
delete |
| \* | pods | \* | list |
| \* | nodes | \* | list
patch |
### odigos-gateway
| APIGroups | Resources | Resource Names | Verbs |
| --------- | -------------------------------------------------------------- | -------------- | ------------------------ |
| odigos.io | instrumentationconfigs | \* | get
list
watch |
| \* | pods
namespaces | \* | get
list
watch |
| apps | replicasets
deployments
statefulsets
daemonsets | \* | get
list
watch |
### odigos-instrumentor
| APIGroups | Resources | Resource Names | Verbs |
| ---------------------------- | ------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------- |
| \* | nodes | \* | list
watch
get |
| \* | namespaces | \* | list
watch
get |
| \* | pods | \* | list
watch
get |
| batch | cronjobs | \* | list
watch
get |
| apps | daemonsets | \* | get
list
watch
update
patch |
| apps | deployments | \* | get
list
watch
update
patch |
| apps | statefulsets | \* | get
list
watch
update
patch |
| apps | statefulsets/finalizers
deployments/finalizers
daemonsets/finalizers | \* | update |
| apps.openshift.io | deploymentconfigs
deploymentconfigs/finalizers | \* | get
list
watch
update
patch |
| argoproj.io | rollouts | \* | get
list
watch
patch |
| operator.odigos.io | odigos/finalizers | \* | update |
| odigos.io | instrumentationconfigs/status | \* | get
patch
update |
| odigos.io | instrumentationconfigs | \* | create
delete
get
list
patch
update
watch |
| odigos.io | sources | \* | create
delete
get
list
patch
update
watch |
| odigos.io | sources/finalizers | \* | update |
| admissionregistration.k8s.io | mutatingwebhookconfigurations | \* | get
list
watch |
| admissionregistration.k8s.io | mutatingwebhookconfigurations | odigos-source-mutating-webhook-configuration
odigos-pod-mutating-webhook-configuration | update |
| admissionregistration.k8s.io | validatingwebhookconfigurations | \* | get
list
watch |
| admissionregistration.k8s.io | validatingwebhookconfigurations | odigos-source-validating-webhook-configuration | update |
### odiglet
| APIGroups | Resources | Resource Names | Verbs |
| ---------------- | -------------------------------------------------------------- | -------------- | ----------------------------------------------------------------------- |
| \* | pods
services | \* | get
list
watch |
| \* | pods/status | \* | get |
| \* | pods/finalizers | \* | update |
| \* | nodes | \* | get
list
watch
patch
update |
| odigos.io | instrumentationinstances | \* | create
get
list
patch
update
watch
delete |
| odigos.io | instrumentationinstances/status | \* | get
patch
update |
| odigos.io | instrumentationconfigs | \* | get
list
watch
patch
update |
| odigos.io | instrumentationconfigs/status | \* | get
patch
update |
| \* | nodes/stats | \* | get
list |
| \* | pods
namespaces | \* | get
list
watch |
| apps | replicasets
deployments
daemonsets
statefulsets | \* | get
list
watch |
| discovery.k8s.io | endpointslices | \* | get
list
watch |
### odigos-scheduler
| APIGroups | Resources | Resource Names | Verbs |
| --------- | ---------------------- | -------------- | ------------------------ |
| odigos.io | instrumentationconfigs | \* | get
list
watch |
| \* | configmaps/finalizers | \* | update |
| batch | cronjobs | \* | list
watch |
| \* | configmaps | \* | list |
### odigos-ui
| APIGroups | Resources | Resource Names | Verbs |
| ------------------ | -------------------------------------------------------------------------------- | -------------- | ----------------------------------------------- |
| \* | namespaces | \* | get
list
watch
patch |
| apps | deployments
statefulsets
daemonsets | \* | get
list
watch
update
patch |
| batch | cronjobs | \* | get
list
watch
update
patch |
| apps.openshift.io | deploymentconfigs | \* | get
list
watch
update
patch |
| argoproj.io | rollouts | \* | get
list
watch
update
patch |
| apps | replicasets | \* | get
list |
| \* | services | \* | get
list |
| \* | pods | \* | get
list
watch
delete |
| odigos.io | \* | \* | get
list
watch |
| odigos.io | instrumentationconfigs
instrumentationinstances
sources
samplings | \* | update
patch
create
delete |
| operator.odigos.io | odigos | \* | get
list
watch |
| actions.odigos.io | \* | \* | get
list
watch |
## Roles
Below are the Roles used by Odigos components. These Roles are only scoped to the Namespace in which Odigos is installed.
### odigos-autoscaler
| APIGroups | Resources | Resource Names | Verbs |
| ----------------- | ------------------------ | ------------------------ | --------------------------------------------------------------------------------------------- |
| \* | pods | \* | get
list
watch |
| \* | configmaps | \* | get
list
watch
create
patch
update
delete |
| \* | services | \* | get
list
watch
create
patch
update
delete
deletecollection |
| apps | daemonsets | \* | get
list
watch
create
patch
update
delete
deletecollection |
| apps | daemonsets/status | \* | get |
| apps | deployments | \* | create
delete
deletecollection
get
list
patch
update
watch |
| apps | deployments/status | \* | get |
| autoscaling | horizontalpodautoscalers | \* | create
patch
update
delete |
| \* | secrets | \* | get
list
watch |
| \* | secrets | autoscaler-webhooks-cert | update |
| \* | secrets | autoscaler-webhook-cert | delete |
| odigos.io | destinations | \* | get
list
watch |
| odigos.io | destinations/status | \* | get
patch
update |
| odigos.io | processors | \* | get
list
watch
create
patch
update
delete |
| actions.odigos.io | \* | \* | get
list
watch
update |
| actions.odigos.io | \*/status | \* | get
patch
update |
| odigos.io | collectorsgroups | \* | get
list
watch |
| odigos.io | collectorsgroups/status | \* | get
patch
update |
| odigos.io | actions | \* | get
list
watch
create
patch
update |
| odigos.io | actions/status | \* | get
patch
update |
| apps | deployments/finalizers | \* | update |
### cleanup-role
| APIGroups | Resources | Resource Names | Verbs |
| --------- | ---------- | ------------------------------------------- | --------------- |
| \* | configmaps | odigos-deployment
odigos-configuration | get |
| \* | configmaps | \* | list |
| \* | configmaps | odigos-config | get
delete |
### odigos-gateway
| APIGroups | Resources | Resource Names | Verbs |
| --------- | ---------- | -------------- | ------------------------ |
| \* | configmaps | odigos-gateway | get
list
watch |
### odigos-instrumentor
| APIGroups | Resources | Resource Names | Verbs |
| --------- | --------------------------- | -------------------------- | -------------------------- |
| \* | configmaps | effective-config | get
list
watch |
| odigos.io | collectorsgroups | \* | get
list
watch |
| odigos.io | collectorsgroups/status | \* | get
list
watch |
| odigos.io | destinations | \* | get
list
watch |
| odigos.io | instrumentationrules | \* | get
list
watch |
| odigos.io | instrumentationrules/status | \* | get
patch
update |
| odigos.io | actions
samplings | \* | get
list
watch |
| odigos.io | samplings/status | \* | get
patch
update |
| \* | secrets | \* | get
list
watch |
| \* | secrets | instrumentor-webhooks-cert | update |
| \* | secrets | webhook-cert | delete |
| apps | daemonsets | odiglet | get
list
watch |
### odigos-leader-election-role
| APIGroups | Resources | Resource Names | Verbs |
| ------------------- | --------- | -------------- | ----------------------------------------------------------------------- |
| \* | events | \* | create
patch |
| coordination.k8s.io | leases | \* | get
list
watch
create
update
patch
delete |
### odiglet
| APIGroups | Resources | Resource Names | Verbs |
| --------- | ---------- | -------------------------------------------- | ------------------------ |
| \* | configmaps | \* | list
watch |
| \* | configmaps | odigos-data-collection
effective-config | get
list
watch |
### odigos-scheduler
| APIGroups | Resources | Resource Names | Verbs |
| --------- | ------------------------------------------------- | -------------------------------------------------------------- | ----------------------------------------------------------------------- |
| \* | configmaps | \* | get
list
watch |
| \* | configmaps | effective-config
odigos-deployment
odigos-go-offsets | patch
create
update |
| \* | configmaps | odigos-config | delete |
| odigos.io | collectorsgroups | \* | get
list
create
patch
update
watch
delete |
| odigos.io | collectorsgroups/status | \* | get |
| odigos.io | instrumentationrules
processors
actions | \* | get
list
watch
patch
delete
create |
| \* | secrets | \* | get
list
watch |
| batch | cronjobs | odigos-go-offsets-updater | get
list
watch
create
update
patch
delete |
| batch | jobs | \* | create |
| apps | daemonsets | odiglet | patch |
| apps | deployments | odigos-scheduler | get
list
watch |
| odigos.io | destinations | \* | get
list
watch |
| odigos.io | samplings | \* | get
list
watch |
| apps | deployments/finalizers | \* | update |
### odigos-ui
| APIGroups | Resources | Resource Names | Verbs |
| ------------------ | ------------------------------------------------------------------ | ------------------- | ----------------------------------------------------------------------- |
| \* | configmaps | \* | get
list
watch
create
update
patch |
| \* | secrets | \* | get
list
watch
create
patch
update
delete |
| apps | replicasets | \* | get
list |
| autoscaling | horizontalpodautoscalers | \* | get |
| odigos.io | \* | \* | get
list
watch |
| odigos.io | instrumentationrules
destinations
actions
samplings | \* | create
patch
update
delete |
| odigos.io | collectorsgroups | \* | get
list
watch |
| actions.odigos.io | \* | \* | get
list
watch
create
patch
update
delete |
| operator.odigos.io | odigos | \* | get
list
watch |
| apps | deployments/scale | odigos-instrumentor | get
update
patch |
| apps | daemonsets | odiglet | get
update
patch |
| \* | pods | \* | get
list
delete |
| \* | pods/log | \* | get |
| \* | pods/proxy | \* | get |
# Operator
This section lists the RBAC policies used by the Odigos Operator. Many of these permissions are necessary in order to create the RBAC policies for the components listed above.
## ClusterRoles
| APIGroups | Resources | Resource Names | Verbs |
| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | -------------- | --------------------------------------------------------------------------------------------- |
| \* | configmaps
endpoints
secrets
services | \* | create
delete
deletecollection
get
list
patch
update
watch |
| \* | configmaps/finalizers
pods/finalizers | \* | update |
| \* | events | \* | create
get
list
patch
watch |
| \* | namespaces | \* | get
list
patch
watch |
| \* | namespaces/status
nodes/spec
nodes/stats
replicationcontrollers
replicationcontrollers/status
resourcequotas | \* | get
list
watch |
| \* | nodes | \* | get
list
patch
update
watch |
| \* | pods | \* | delete
get
list
watch |
| \* | pods/log
pods/proxy
pods/status | \* | get |
| \* | serviceaccounts | \* | create
delete
get
list
patch
watch |
| actions.odigos.io | \* | \* | create
delete
deletecollection
get
list
patch
update
watch |
| actions.odigos.io | \*/status | \* | get
patch
update |
| admissionregistration.k8s.io | mutatingwebhookconfigurations
validatingwebhookconfigurations | \* | create
delete
get
list
patch
update
watch |
| apiextensions.k8s.io | customresourcedefinitions | \* | create
delete
deletecollection
get
list
patch
update
watch |
| apiregistration.k8s.io | apiservices | \* | create
get
list
patch
update
watch |
| apps | daemonsets
deployments
replicasets
statefulsets | \* | create
delete
deletecollection
get
list
patch
update
watch |
| apps | daemonsets/finalizers
deployments/finalizers
replicasets/finalizers
statefulsets/finalizers | \* | update |
| apps | daemonsets/status
deployments/status
statefulsets/status | \* | get |
| apps | deployments/scale | \* | get
patch
update |
| apps.openshift.io | deploymentconfigs
deploymentconfigs/finalizers | \* | get
list
patch
update
watch |
| argoproj.io | rollouts | \* | get
list
patch
update
watch |
| autoscaling | horizontalpodautoscalers | \* | create
delete
get
list
patch
update
watch |
| batch | cronjobs | \* | create
delete
get
list
patch
update
watch |
| batch | jobs | \* | create
delete
get
list
watch |
| coordination.k8s.io | leases | \* | create
delete
get
list
patch
update
watch |
| discovery.k8s.io | endpointslices | \* | get
list
watch |
| extensions | daemonsets
deployments
replicasets | \* | get
list
watch |
| odigos.io | \* | \* | \* |
| odigos.io | collectorsgroups/finalizers
sources/finalizers | \* | update |
| odigos.io | collectorsgroups/status
destinations/status
instrumentationconfigs/status
instrumentationinstances/status | \* | get
list
patch
update
watch |
| odigos.io | instrumentationrules/status | \* | get
patch
update |
| odigos.io | sampling | \* | create
delete
get
list
patch
update
watch |
| operator.odigos.io | odigos | \* | create
delete
get
list
patch
update
watch |
| operator.odigos.io | odigos/finalizers | \* | update |
| operator.odigos.io | odigos/status | \* | get
patch
update |
| policy | podsecuritypolicies | privileged | use |
| rbac.authorization.k8s.io | clusterrolebindings
clusterroles
rolebindings
roles | \* | create
delete
deletecollection
get
list
patch
update
watch |
| security.openshift.io | securitycontextconstraints | \* | use |
| authentication.k8s.io | tokenreviews | \* | create |
| authorization.k8s.io | subjectaccessreviews | \* | create |