Full Kubernetes Agent (KRM) Permissions
IT Asset Management
(Cloud)
Core permissions
- Read-only access (get, list,
watch) to
nodes,namespaces, andpods. - Write access (create, delete,
patch, update) for
StatefulSets,DaemonSets, andServices. - Access to
pods/execfor software inventory collection.
Optional permissions
- OLM Support—Read-only access to resources like
clusterserviceversions,catalogsources,installplans,subscriptions, andoperatorgroups. - Storage Resources—Read-only access to
persistentvolumes,persistentvolumeclaims, andstorageclasses. - IBM Licensing:
- Read-only access to IBM License Service API endpoints (for example,
/products,/bundled_products,/snapshot,/health,/version) by way of theibm-license-service-api-accessClusterRole. - Read-only access (get,
list, watch)
to
ibmlicensingsKubernetes resources via theflexera-krm-ibmlicensingsClusterRole.
- Read-only access to IBM License Service API endpoints (for example,
- Advanced Configurations—Access to
configmapsfor managing advanced configurations. - Security Context Constraints (SCC)—Access to the
flexera-krm-sccresource for managing security context constraints in OpenShift environments.
IT Asset Management (Cloud)
Current