List of Kubernetes RBAC rule verbs

Here is the list of RBAC verbs:

For scaling, I think you'll need write permissions (create, update and patch) along with read permissions (get, list and watch).

The best way is

kubectl api-resources --sort-by name -o wide

The above api-resources command is explicit and easy to grep. The complete list of possible verbs can be obtained thus:

$ kubectl api-resources --no-headers --sort-by name -o wide | sed 's/.*\[//g' | tr -d "]" | tr " " "\n" | sort | uniqcreatedeletedeletecollectiongetlistpatchupdatewatch

The Resource Operations section of API reference docs (eg https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/) talks a little bit about them but doesn't mention deletecollection (btw: see interesting info about deletecollection; suggests that whenever you give delete, you should give deletecollection permission too, if the resource supports it).

The Determine the Request Verb section of Authorization Overview does briefly mention deletecollection, as well as a half a dozen more verbs (such as escalate as pointed out rightfully by @RoryMcCune) which, unfortunately, do not show up in output of kubectl api-resources -o wide command.

BTW the api-resources command also lists the short names of commands, such as svc for services.

A list of verbs can be found here https://kubernetes.io/docs/reference/access-authn-authz/authorization/#review-your-request-attributes

and a brief description can be found here https://kubernetes.io/docs/reference/access-authn-authz/authorization/#determine-the-request-verb

I have a role that I use for updating the docker image tag for deployments which looks like this (I don't use mine to create the deployment, just to patch the image tag)

kind: ClusterRoleapiVersion: rbac.authorization.k8s.io/v1beta1metadata:  name: deployerrules:- apiGroups: ["apps"]  resources: ["deployments"]  verbs: ["get", "patch"]