Menu
I want to give my application limited access to get the replicas of different statefulsets (and maybe deployment) and if necessary scale them up or down.
I have created ServiceAccount, Rolebinding and Role for this but I can't find the complete list of rule verbs ("get", "watch", "list", "update") and what are their limitations, for example can I use update for scaling or I need another verb? And where can I find a list or table that described these verbs?
My yaml file:
kind: Role apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: scaler-role namespace: {{ .Release.Namespace | quote }} rules: - apiGroups: ["apps"] resources: ["statefulset"] verbs: ["get", "watch", "list", "update"] 
364
RBAC in Kubernetes is the mechanism that enables you to configure fine-grained and specific sets of permissions that define how a given user, or group of users, can interact with any Kubernetes object in cluster, or in a specific Namespace of cluster.
Kubernetes supports multiple authorization modules, such as ABAC mode, RBAC Mode, and Webhook mode.
In Kubernetes, ClusterRoles and Roles define the actions a user can perform within a cluster or namespace, respectively. You can assign these roles to Kubernetes subjects (users, groups, or service accounts) with role bindings and cluster role bindings.
Here is the list of RBAC verbs:
For scaling, I think you'll need write permissions (create, update and patch) along with read permissions (get, list and watch).
195
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
