When installing YugabyteDB Anywhere (YBA) on a server for on-premises providers, no cloud permissions are required.

Linux OS root permissions are required for the server, see Servers for YBA.

When installing YugabyteDB Anywhere on an AWS VM, no cloud permissions are required.

Linux OS root permissions are required for the server, see Servers for YBA.

When installing YugabyteDB Anywhere on a GCP VM, no cloud permissions are required.

Linux OS root permissions are required for the server, see Servers for YBA.

When installing YugabyteDB Anywhere on an Azure VM, no cloud permissions are required.

Linux OS root permissions are required for the server, see Servers for YBA.

Installing YugabyteDB Anywhere to a Kubernetes pod requires a service account that has a RoleBinding to an admin role for at least one namespace. This is required to run the Helm commands necessary to install YBA.

Additionally, the default Helm chart will attempt to create a service account that has certain ClusterRoles listed here. These roles are used to do the following:

  1. Enable YBA to collect resource metrics such as CPU and memory from the Kubernetes nodes.
  2. Create YugabyteDB deployments in new namespaces.

If you cannot allow the creation of this service account, you can disable the automatic creation and instead specify a pre-created service account for YBA to use. We recommend that you grant this service account the cluster roles listed in the "required to scrape" section in this file along with a namespace admin role.