You can get quite a bit of info via this:
kubectl api-resources --sort-by name -o wide
The above api-resources
command is explicit and easy to grep. The complete list of possible verbs can be obtained thus:
$ kubectl api-resources --no-headers --sort-by name -o wide | sed 's/.*\[//g' | tr -d "]" | tr " " "\n" | sort | uniq
create
delete
deletecollection
get
list
patch
update
watch
The Resource Operations section of API reference docs (eg https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/) talks a little bit about them but doesn’t mention deletecollection
(btw: see interesting info about deletecollection
; suggests that whenever you give delete
, you should give deletecollection
permission too, if the resource supports it).
The Determine the Request Verb section of Authorization Overview does briefly mention deletecollection
, as well as a half a dozen more verbs (such as escalate
as pointed out rightfully by @RoryMcCune) which, unfortunately, do not show up in output of kubectl api-resources -o wide
command.
BTW the api-resources
command also lists the short names of commands, such as svc
for services
.
Update May 2023:
Another less user-friendly but more complete way of getting the verbs is by directly querying the API server:
- in one terminal, start a proxy for the API server; eg
kubectl proxy --port=8080
- in another terminal, use
curl
on/api/v1
and/apis
For core resources (configmaps, etc):
Use curl -s lo calhost:8080 /api/v1
to get json with the verbs for each core resource type name. Eg (if you have jq
)
$ curl -s http://localhost:8080/api/v1 | jq '.resources[] | [.name, (.verbs | join(" "))] | join(" = ")' -r
bindings = create
componentstatuses = get list
configmaps = create delete deletecollection get list patch update watch
endpoints = create delete deletecollection get list patch update watch
...
For the non-core resources (deployments, CRD, etc):
Say you want the verbs for deployments, you know that the API group for deployments is apps
. First get the versioned group name for that API using curl -s http://localhost:8080/apis
. Eg (if you have jq
)
```
$ curl -s http://localhost:8080/apis | jq '.groups[].preferredVersion.groupVersion' -r | grep ^apps
apps/v1
```
Use this to query the API of that group for verbs by using curl -s http://localhost:8080/apis/VERSIONED_API
ie in the above example curl -s http://localhost:8080/apis/apps/v1
. Eg (if you have jq
, the jq is the same),
```
$ curl -s http://localhost:8080/apis/apps/v1 | jq '.resources[] | [.name, (.verbs | join(" "))] | join(" = ")' -r
controllerrevisions = create delete deletecollection get list patch update watch
daemonsets = create delete deletecollection get list patch update watch
daemonsets/status = get patch update
deployments = create delete deletecollection get list patch update watch
deployments/scale = get patch update
deployments/status = get patch update
...
```
BTW the page https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/ documents how to use Python, Java etc instead of curl.
I created a kubectl plugin, for the use case where one wants to get the verbs for a specific resource type: https://github.com/schollii/my-devops-lab/blob/main/kubernetes/kubectl-verbs. Eg
$ kubectl verbs configmaps
configmaps = create delete deletecollection get list patch update watch
$ kubectl verbs deployments apps
deployments = create delete deletecollection get list patch update watch
deployments/scale = get patch update
deployments/status = get patch update
The file has instructions to install it as a plugin. It is a simple bash script.