List of Kubernetes RBAC rule verbs
The best way is
kubectl api-resources --sort-by name -o wide
The above api-resources
command is explicit and easy to grep. The complete list of possible verbs can be obtained thus:
$ kubectl api-resources --no-headers --sort-by name -o wide | sed 's/.*\[//g' | tr -d "]" | tr " " "\n" | sort | uniq
create
delete
deletecollection
get
list
patch
update
watch
The Resource Operations section of API reference docs (eg https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/) talks a little bit about them but doesn't mention deletecollection
(btw: see interesting info about deletecollection
; suggests that whenever you give delete
, you should give deletecollection
permission too, if the resource supports it).
The Determine the Request Verb section of Authorization Overview does briefly mention deletecollection
, as well as a half a dozen more verbs (such as escalate
as pointed out rightfully by @RoryMcCune) which, unfortunately, do not show up in output of kubectl api-resources -o wide
command.
BTW the api-resources
command also lists the short names of commands, such as svc
for services
.
Here is the list of RBAC verbs:
For scaling, I think you'll need write permissions (create
, update
and patch
) along with read permissions (get
, list
and watch
).