在哪里可以获得 Kubernetes API 资源和子资源的列表? [英] Where can I get a list of Kubernetes API resources and subresources?

问题描述

我正在尝试以最宽松的方式配置 Kubernetes RBAC，并且我想将我的角色范围限定为特定资源和子资源.我已经翻阅了文档，但找不到资源及其子资源的简明列表.

I am trying to configure Kubernetes RBAC in the least-permissive way possible and I want to scope my roles to specific resources and subresouces. I've dug through the docs and can't find a concise list of resources and their subresources.

我对管理部署规范一部分的子资源特别感兴趣——容器镜像.

I'm particularly interested in a the subresource that governs a part of a Deployment's spec--the container image.

推荐答案

Using kubectl api-resources -o wide 显示所有资源、动词strong> 和相关的 API 组.

Using kubectl api-resources -o wide shows all the ressources, verbs and associated API-group.

$ kubectl api-resources -o wide
NAME                              SHORTNAMES     APIGROUP                       NAMESPACED   KIND                             VERBS
bindings                                                                        true         Binding                          [create]
componentstatuses                 cs                                            false        ComponentStatus                  [get list]
configmaps                        cm                                            true         ConfigMap                        [create delete deletecollection get list patch update watch]
endpoints                         ep                                            true         Endpoints                        [create delete deletecollection get list patch update watch]
events                            ev                                            true         Event                            [create delete deletecollection get list patch update watch]
limitranges                       limits                                        true         LimitRange                       [create delete deletecollection get list patch update watch]
namespaces                        ns                                            false        Namespace                        [create delete get list patch update watch]
nodes                             no                                            false        Node                             [create delete deletecollection get list patch update watch]
persistentvolumeclaims            pvc                                           true         PersistentVolumeClaim            [create delete deletecollection get list patch update watch]
persistentvolumes                 pv                                            false        PersistentVolume                 [create delete deletecollection get list patch update watch]
pods                              po                                            true         Pod                              [create delete deletecollection get list patch update watch]
statefulsets                      sts            apps                           true         StatefulSet                      [create delete deletecollection get list patch update watch]
meshpolicies                                     authentication.istio.io        false        MeshPolicy                       [delete deletecollection get list patch create update watch]
policies                                         authentication.istio.io        true         Policy                           [delete deletecollection get list patch create update watch]
...
...

我想您可以使用它来创建 RBAC 配置中所需的资源列表

I guess you can use this to create the list of ressources needed in your RBAC config

这篇关于在哪里可以获得 Kubernetes API 资源和子资源的列表?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！