Permissions

The GoKubeDownscaler needs certain permissions to scale workloads.

If there are namespaces defined in constrainedNamespaces the Helm Chart will create roles for each listed namespace.

Otherwise it will always create a cluster role with the needed permissions.

Default Permissions

By default the GoKubeDownscaler will always have the following permissions if it is installed via our Helm Chart:

- apiGroups:
    - ""
  resources:
    - namespaces
  verbs:
    - get
- apiGroups:
    - ""
  resources:
    - events
  verbs:
    - get
    - create
    - update

These are necessary for the GoKubeDownscaler to work properly.

Workload Permissions

The Helm Chart assigns get, list and update permissions for the workloads defined in includedResources.

These resources can be:

Deployments
Statefulsets
Daemonsets
Rollouts
HorizontalPodAutoscalers
Jobs
Cronjobs
ScaledObjects
Stacks
PodDisruptionBudgets
Prometheuses

Default Permissions​

Workload Permissions​

Default Permissions

Workload Permissions