What are the permissions pluto needs to scan a live cluster?

Question

hueami opened this issue 2 years ago · 3 comments

Hello,
I am trying to scan a live cluster, but my user is missing permissions:

Error running helm-detect: namespaces is forbidden: User "user" cannot list resource "namespaces" in API group "" at the cluster scope

I was not able to find sth about this in the documentation. What permissions are necessary?

Thanks!

Answer 1 · 2023-01-18T17:25:12.000Z

Pluto uses the helm client to discover Helm releases, so it will need access to list namespaces, and read secrets. You can reference our install of Pluto in the insights agent here - https://github.com/FairwindsOps/charts/blob/master/stable/insights-agent/templates/pluto/rbac.yaml

Answer 2 · 2023-01-18T17:25:58.000Z

You might also be able to scope pluto to a single namespace using the --namespace flag to avoid needing the list namespaces permission

Answer 3 · 2023-01-19T07:23:26.000Z

Thanks for your reply! That helps.
I scanned with the namespace parameter, the error occured anyway.