在哪里可以获得Kubernetes API资源和子资源的列表? [英] Where can I get a list of Kubernetes API resources and subresources?
问题描述
我正在尝试以尽可能不被允许的方式配置Kubernetes RBAC,我想将角色的范围限定在特定的资源和子资源上.我已经浏览了文档,找不到资源及其子资源的简明列表.
I am trying to configure Kubernetes RBAC in the least-permissive way possible and I want to scope my roles to specific resources and subresouces. I've dug through the docs and can't find a concise list of resources and their subresources.
我对支配Deployment规范的一部分的子资源(容器映像)特别感兴趣.
I'm particularly interested in a the subresource that governs a part of a Deployment's spec--the container image.
推荐答案
使用kubectl api-resources -o wide
显示所有资源,动词和关联的 API组.
Using kubectl api-resources -o wide
shows all the ressources, verbs and associated API-group.
$ kubectl api-resources -o wide
NAME SHORTNAMES APIGROUP NAMESPACED KIND VERBS
bindings true Binding [create]
componentstatuses cs false ComponentStatus [get list]
configmaps cm true ConfigMap [create delete deletecollection get list patch update watch]
endpoints ep true Endpoints [create delete deletecollection get list patch update watch]
events ev true Event [create delete deletecollection get list patch update watch]
limitranges limits true LimitRange [create delete deletecollection get list patch update watch]
namespaces ns false Namespace [create delete get list patch update watch]
nodes no false Node [create delete deletecollection get list patch update watch]
persistentvolumeclaims pvc true PersistentVolumeClaim [create delete deletecollection get list patch update watch]
persistentvolumes pv false PersistentVolume [create delete deletecollection get list patch update watch]
pods po true Pod [create delete deletecollection get list patch update watch]
statefulsets sts apps true StatefulSet [create delete deletecollection get list patch update watch]
meshpolicies authentication.istio.io false MeshPolicy [delete deletecollection get list patch create update watch]
policies authentication.istio.io true Policy [delete deletecollection get list patch create update watch]
...
...
我想您可以使用它来创建RBAC配置中所需的资源列表
I guess you can use this to create the list of ressources needed in your RBAC config
这篇关于在哪里可以获得Kubernetes API资源和子资源的列表?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!