List of Kubernetes RBAC rule verbs

AVarf picture AVarf · Aug 26, 2019 · Viewed 12.2k times · Source

I want to give my application limited access to get the replicas of different statefulsets (and maybe deployment) and if necessary scale them up or down.

I have created ServiceAccount, Rolebinding and Role for this but I can't find the complete list of rule verbs ("get", "watch", "list", "update") and what are their limitations, for example can I use update for scaling or I need another verb? And where can I find a list or table that described these verbs?

My yaml file:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: scaler-role
  namespace: {{ .Release.Namespace  | quote }}
rules:
- apiGroups: ["apps"]
  resources: ["statefulset"]
  verbs: ["get", "watch", "list", "update"]

Answer

Vikram Hosakote picture Vikram Hosakote · Aug 26, 2019

Here is the list of RBAC verbs:

RBAC verbs

For scaling, I think you'll need write permissions (create, update and patch) along with read permissions (get, list and watch).