RBAC Reference
Centurion requires a ClusterRole with read-only access to cluster resources. The chart creates this automatically when centurion.rbac.create=true (default).
Permissions
| Resource | Verbs | Why |
|---|---|---|
pods, nodes, services, deployments, replicasets, statefulsets, daemonsets, jobs, cronjobs | get, list, watch | Topology and event context |
events | get, list, watch | Core event stream |
ingresses, ingressclasses | get, list, watch | Service discovery |
persistentvolumeclaims | get, list, watch | PVC health events |
namespaces | get, list, watch | Namespace-scoped filtering |
ConfigMaps and Secrets are not watched by default. Enable via centurion.watcher.watchConfigMaps / watchSecrets only if needed.