Stay organized with collections
Save and categorize content based on your preferences.
Google Distributed Cloud deploys Pods to your nodes that have elevated
RBAC
permissions such as the ability to modify all Deployments and to read all
cluster Secrets. These permissions are required for Google Distributed Cloud to
function correctly.
The following table lists all Google Distributed Cloud components with elevated
permissions:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-02 UTC."],[],[],null,["Google Distributed Cloud deploys Pods to your nodes that have elevated\n[RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)\npermissions such as the ability to modify all Deployments and to read all\ncluster Secrets. These permissions are required for Google Distributed Cloud to\nfunction correctly.\n\nThe following table lists all Google Distributed Cloud components with elevated\npermissions:\n| **Note:** Select features like VM Runtime on GDC or multi-NIC for pods require some of these system components. These features are disabled by default and the related components aren't active unless the feature is enabled.\n\n- `ais`\n- `anet-operator`\n- `anthos-cluster-operator`\n- `anthos-multinet-controller`\n- `cap-controller-manager`\n- `capi-controller-manager`\n- `capi-kubeadm-bootstrap-controller-manager`\n- `cdi-operator`\n- `cert-manager-cainjector`\n- `cert-manager-webhook`\n- `cert-manager`\n- `cluster-metrics-webhook`\n- `csi-snapshot-controller`\n- `istio-ingress`\n- `istiod`\n- `kube-state-metrics`\n- `localpv`\n- `metallb-controller`\n- `metrics-server-operator`\n- `metrics-server`\n- `network-controller-manager`\n- `sp-anthos-static-provisioner`\n- `stackdriver-operator`\n- `virt-api`\n- `virt-controller`\n- `virt-handler`\n- `virt-operator`\n- `vm-controller-controller-manager`\n- `vmruntime-controller-manager`"]]
