List of Kubernetes RBAC rule verbs

kubernetes service-accounts rbac
AVarf picture AVarf · Aug 26, 2019 · Viewed 12.2k times · Source

I want to give my application limited access to get the replicas of different statefulsets (and maybe deployment) and if necessary scale them up or down.

I have created ServiceAccount, Rolebinding and Role for this but I can't find the complete list of rule verbs ("get", "watch", "list", "update") and what are their limitations, for example can I use update for scaling or I need another verb? And where can I find a list or table that described these verbs?

My yaml file:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: scaler-role
  namespace: {{ .Release.Namespace  | quote }}
rules:
- apiGroups: ["apps"]
  resources: ["statefulset"]
  verbs: ["get", "watch", "list", "update"]

Answer

Vikram Hosakote picture Vikram Hosakote · Aug 26, 2019

Here is the list of RBAC verbs:

RBAC verbs

For scaling, I think you'll need write permissions (create, update and patch) along with read permissions (get, list and watch).

Related questions

How to configure a non-default serviceAccount on a deployment

My Understanding of this doc page is, that I can configure service accounts with Pods and hopefully also deployments, so I can access the k8s API in Kubernetes 1.6+. In order not to alter or use the default one I …

Read More
Restart container within pod

I have a pod test-1495806908-xn5jn with 2 containers. I'd like to restart one of them called container-test. Is it possible to restart a single container within a pod and how? If not, how do I restart the pod? The …

Read More
Command to delete all pods in all kubernetes namespaces

Upon looking at the docs, there is an API call to delete 'a' pod, but is there a way to kill all pods in all namespaces?

Read More