Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.changeguard.ai/llms.txt

Use this file to discover all available pages before exploring further.

Read-Only by Design

The ChangeGuard agent uses a Kubernetes ClusterRole with strictly read-only permissions. It can only get, list, and watch resources — it cannot create, modify, or delete anything in your cluster. 
rules:
  - apiGroups: [""]
    resources: [pods, namespaces, nodes, events, services]
    verbs: [get, list, watch]
  - apiGroups: [""]
    resources: [pods/log]
    verbs: [get, list]
  - apiGroups: [""]
    resources: [secrets]
    verbs: [get]          # metadata only — see below
  - apiGroups: [apps]
    resources: [deployments, statefulsets, daemonsets, replicasets]
    verbs: [get, list, watch]
  - apiGroups: [networking.k8s.io]
    resources: [ingresses, networkpolicies]
    verbs: [get, list, watch]
The secrets permission reads metadata only (name, namespace, type, labels). The agent never reads Secret data or stringData fields. Secret values never leave your cluster.

Hardened Container

The agent pod enforces strict security constraints:
SettingValuePurpose
runAsNonRoottrueNever runs as root
runAsUser1000Dedicated non-root UID
readOnlyRootFilesystemtrueCannot write to container filesystem
allowPrivilegeEscalationfalseCannot gain additional privileges
capabilities.drop["ALL"]All Linux capabilities removed
seccompProfileRuntimeDefaultKernel syscall filtering enabled

What the Agent Collects

The agent collects Kubernetes metadata — the operational state of your cluster, not your application data.

Collected

  • Pod names, status, restart counts, resource usage
  • Deployment, StatefulSet, DaemonSet, and Job specifications
  • Node names, status, CPU and memory utilization
  • Kubernetes events (especially warnings)
  • Container image names and tags
  • Namespace names and labels
  • Service and Ingress configurations
  • NetworkPolicy definitions
  • ArgoCD application sync status (if ArgoCD is present)
  • Pod log lines (only when log collection is explicitly enabled)

Never Collected

  • Secret values or environment variable contents
  • ConfigMap data fields
  • PersistentVolume or PersistentVolumeClaim data
  • Application network traffic or payloads
  • Application source code or build artifacts
  • Credentials, tokens, or certificates
  • Container filesystem contents

Network Posture

The agent is outbound-only. It initiates HTTPS connections to api.changeguard.ai:443 and receives responses. It never:
  • Opens a listening port
  • Creates a LoadBalancer or NodePort Service
  • Creates an Ingress resource
  • Accepts inbound connections from any source

Firewall Rules

If your cluster restricts egress, allow: 
Destination: api.changeguard.ai
Port: 443 (HTTPS)
Protocol: TCP
Direction: Outbound
No other network access is required.

Dedicated Namespace

The agent installs into its own changeguard-agent namespace with a dedicated ServiceAccount. It does not share a namespace, ServiceAccount, or RBAC role with any of your application workloads.

Resource Footprint

Default resource requests and limits:
ResourceRequestLimit
CPU50m200m
Memory64Mi128Mi
The agent typically uses less than 30m CPU and 40Mi memory. These defaults are configurable via the agent deployment manifest.

Graceful Shutdown

The agent handles SIGTERM gracefully — it completes any in-flight push, closes connections cleanly, and exits. No data is lost during rolling updates or node drains.