While I did find at leasts lists of all possible RBAC verbs in the documentation, I haven’t found a concrete explanation of which means what. I understand that possible mix of verbs to systems is probably quite large, but some rough points would be nice.
Create and Delete are pretty self explanatory. Patch is probably the equivalent kubectl command. But what is the different between get and list, and what is upgrade limiting exactly?
Thank you.
If there isn’t one available, look it up in the api:
Hope this helps.
I looked through the docs and found this link helpful: Authorization | Kubernetes
But this one more so: Kubernetes RBAC: Best Practices & Examples
Here’s the table of verbs as described by kubecost.com:
| Verb | Action |
|---|---|
| Get | Allows the user to retrieve the state of a Kubernetes resource. |
| List | Allows the user to retrieve a list of Kubernetes resources. |
| Watch | Allows the user to receive notifications when the state of a Kubernetes resource changes. |
| Create | Allows the user to create a new Kubernetes resource. |
| Update | Allows the user to update an existing Kubernetes resource. |
| Patch | Allows the user to make partial updates to an existing Kubernetes resource. |
| Delete | Allows the user to delete an existing Kubernetes resource. |
| Deletecollection | Allows the user to delete a collection of Kubernetes resources. |
| Proxy | Allows the user to access the Kubernetes API server through a proxy. |
| Connect | Allows the user to connect to the console of a Kubernetes container. |
| Redirect | Allows the user to redirect traffic to a Kubernetes service. |
| Portforward | Allows the user to forward network traffic to a Kubernetes pod. |
You may also find this link helpful as it goes over the other attributes which go into the authorization of K8s requests: Authorization | Kubernetes
Personally I always find it frustrating when researching a topic and coming to posts like these without answers posted, so I hope that’s helpful to some folks out there!