What is the easiest way to refer to groups, resources and verbs to create k8s roles

4/25/2019

It might be silly however I couldn't easily find any documentation or commands which I can use to list all the groups, resources and verbs which I can use to construct my custom roles for k8s deployment. Usually the api documents will have some info about rbac permission however the k8s api doc doesn't really have the details. For e.g. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#-strong-read-operations-strong--60 pod resource has 6 types of read operations and 6 types of write operations however if I see the permission set of cluster admin role (kubectl describe clusterrole admin) the it gives me only these verbs assigned to role

pods                                            []                 []              [create delete deletecollection get list patch update watch]

Now I'm wondering what should be my reference if I want to create my own custom roles with very specific groups, resources and verbs. Any direction or help would be grate.

-- Max
kubernetes
rbac

1 Answer

4/26/2019

To get full list of API groups and resources in your cluster you may execute

kubectl api-resources

The list of verbs is pretty much standard and you already got it.

-- Vasily Angapov
Source: StackOverflow