K
Q

What is the easiest way to refer to groups, resources and verbs to create k8s roles

4/25/2019

It might be silly however I couldn't easily find any documentation or commands which I can use to list all the groups, resources and verbs which I can use to construct my custom roles for k8s deployment. Usually the api documents will have some info about rbac permission however the k8s api doc doesn't really have the details. For e.g. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#-strong-read-operations-strong--60 pod resource has 6 types of read operations and 6 types of write operations however if I see the permission set of cluster admin role (kubectl describe clusterrole admin) the it gives me only these verbs assigned to role

pods                                            []                 []              [create delete deletecollection get list patch update watch]

Now I'm wondering what should be my reference if I want to create my own custom roles with very specific groups, resources and verbs. Any direction or help would be grate.

-- Max
kubernetes
rbac

Similar Questions

How to authenticate to multiple GKE Kubernetes clusters using dynamic and unique google credentials
What is the sequence of cleaning up the resources in a namespace of Kubernetes?
kubernetes: waiting for first consumer to be created before binding
What are reasons for "Unable to mount volumes for pod" "timeout expired waiting for ..." in Google Kubernetes Engine?
How to get the environment variables of the docker container through the cri interface?

1 Answer

4/26/2019

To get full list of API groups and resources in your cluster you may execute

kubectl api-resources

The list of verbs is pretty much standard and you already got it.

-- Vasily Angapov
Source: StackOverflow