I want to give my application limited access to get the replicas of different statefulsets (and maybe deployment) and if necessary scale them up or down.
I have created ServiceAccount, Rolebinding and Role for this but I can't find the complete list of rule verbs ("get", "watch", "list", "update") and what are their limitations, for example can I use update
for scaling or I need another verb? And where can I find a list or table that described these verbs?
My yaml file:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: scaler-role
namespace: {{ .Release.Namespace | quote }}
rules:
- apiGroups: ["apps"]
resources: ["statefulset"]
verbs: ["get", "watch", "list", "update"]
Here is the list of RBAC verbs:
For scaling, I think you'll need write permissions (create
, update
and patch
) along with read permissions (get
, list
and watch
).