ClusterRoles and Permissions for Lightweight Kubernetes Agent (LWK)

FlexNet Manager Suite 2024 R2 (On-Premises)

flexera-lwk

  • Purpose—This ClusterRole provides essential read-only permissions necessary for monitoring cluster resources, which is fundamental for the operation of the Lightweight Kubernetes Inventory Agent (LWK).
  • Permissions—The role includes get, list, and watch permissions for nodes, namespaces, and pods.
  • Required—Always required for the LWK agent.

flexera-lwk-olm

  • Purpose—Grants permissions to monitor Operator Lifecycle Manager (OLM) resources, such as clusterserviceversions, which represent installed operators and their versions.
  • Permissionsget, list, watch for OLM resources like clusterserviceversions, catalogsources, installplans, subscriptions, operatorgroups, and packagemanifests.
  • Required—To report on OLM resources if OLM is available.

flexera-lwk-storageresources

  • Purpose—Grants permissions to monitor storage-related resources, such as persistent volumes and storage classes.
  • Permissionsget, list, watch for persistentvolumes, persistentvolumeclaims, and storageclasses.
  • Required—If storage monitoring is enabled for the LWK agent.

ibm-license-service-api-access

  • Purpose—Grants permissions to interact with the IBM License Service API for collecting licensing data.
  • Permissionsget for non-resource URLs like /products, /bundled_products, /snapshot, /health, and /version.
  • Required—If IBM Licensing is enabled for the LWK agent.

FlexNet Manager Suite (On-Premises)

2024 R2