List of Kubernetes RBAC rule verbs

The best way is

kubectl api-resources --sort-by name -o wide

The above api-resources command is explicit and easy to grep. The complete list of possible verbs can be obtained thus:

$ kubectl api-resources --no-headers --sort-by name -o wide | sed 's/.*\[//g' | tr -d "]" | tr " " "\n" | sort | uniq
create
delete
deletecollection
get
list
patch
update
watch

The Resource Operations section of API reference docs (eg https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/) talks a little bit about them but doesn't mention deletecollection (btw: see interesting info about deletecollection; suggests that whenever you give delete, you should give deletecollection permission too, if the resource supports it).

The Determine the Request Verb section of Authorization Overview does briefly mention deletecollection, as well as a half a dozen more verbs (such as escalate as pointed out rightfully by @RoryMcCune) which, unfortunately, do not show up in output of kubectl api-resources -o wide command.

BTW the api-resources command also lists the short names of commands, such as svc for services.


Here is the list of RBAC verbs:

RBAC verbs

For scaling, I think you'll need write permissions (create, update and patch) along with read permissions (get, list and watch).