Reputation: 1292
What is the easiest way to refer to groups, resources and verbs to create k8s roles
It might be silly however I couldn't easily find any documentation or commands which I can use to list all the groups, resources and verbs which I can use to construct my custom roles for k8s deployment. Usually the api documents will have some info about rbac permission however the k8s api doc doesn't really have the details. For e.g. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#-strong-read-operations-strong--60 pod resource has 6 types of read operations and 6 types of write operations however if I see the permission set of cluster admin role (kubectl describe clusterrole admin) the it gives me only these verbs assigned to role
pods [] [] [create delete deletecollection get list patch update watch]
Now I'm wondering what should be my reference if I want to create my own custom roles with very specific groups, resources and verbs. Any direction or help would be grate.
Upvotes: 0
Views: 256
Answers (2)
Reputation: 381
Append with -o wide flag and grep as per your requirement
kubectl api-resources -o wide | grep deployment
I've highlighted the output for easy reference
Upvotes: 0
Reputation: 9012
To get full list of API groups and resources in your cluster you may execute
kubectl api-resources
The list of verbs is pretty much standard and you already got it.
Upvotes: 1
Related Questions
- Create user group using RBAC API?
- kubernetes RBAC role verbs to exec to pod
- What apiGroups and resources exist for RBAC rules in kubernetes?
- RBAC role to manage single pod with dynamic name
- Kubernetes RBAC roles with resourceName and listing objects
- Proper use of Role.rules.resourceNames for creating pods with limited access to resources
- How to make a k8s role that allows all operations on roles and rolebindings in a namespace?
- simplify creation of kubernetes RBAC definition
- How to refer to all subresources in a Role definition?
- kubernetes group definitions. Create and details