Where can I get a list of Kubernetes API resources and subresources?
I am trying to configure Kubernetes RBAC in the least-permissive way possible and I want to scope my roles to specific resources and subresouces. I\'ve dug through the doc
-
Using
kubectl api-resources -o wideshows all the ressources, verbs and associated API-group.$ kubectl api-resources -o wide NAME SHORTNAMES APIGROUP NAMESPACED KIND VERBS bindings true Binding [create] componentstatuses cs false ComponentStatus [get list] configmaps cm true ConfigMap [create delete deletecollection get list patch update watch] endpoints ep true Endpoints [create delete deletecollection get list patch update watch] events ev true Event [create delete deletecollection get list patch update watch] limitranges limits true LimitRange [create delete deletecollection get list patch update watch] namespaces ns false Namespace [create delete get list patch update watch] nodes no false Node [create delete deletecollection get list patch update watch] persistentvolumeclaims pvc true PersistentVolumeClaim [create delete deletecollection get list patch update watch] persistentvolumes pv false PersistentVolume [create delete deletecollection get list patch update watch] pods po true Pod [create delete deletecollection get list patch update watch] statefulsets sts apps true StatefulSet [create delete deletecollection get list patch update watch] meshpolicies authentication.istio.io false MeshPolicy [delete deletecollection get list patch create update watch] policies authentication.istio.io true Policy [delete deletecollection get list patch create update watch] ... ...I guess you can use this to create the list of ressources needed in your RBAC config
加载中...
- 热议问题