Skip to main content

RedactManager Documentation

Kubernetes Permissions

Once you have set up a k8s environment, you will need to set the permissions for RedactManager in the Kubernetes cluster.

That applies especially if you are already running a k8s environment. If you want to learn more about authorization in Kubernetes, please see here.

Resources

Non-Resource URLs

Resource Names

Verbs

rolebindings.rbac.authorization.k8s.io

get, list, watch

roles.rbac.authorization.k8s.io

get, list, watch

persistentvolumeclaims

<redaction-namespace>

create, delete, get, list, patch, update, watch

configmaps

<redaction-namespace>

create, delete, get, list, patch, update, watch

endpoints

<redaction-namespace>

create, delete, get, list, patch, update, watch

pods

<redaction-namespace>

create, delete, get, list, patch, update, watch

replicationcontrollers/scale

create, delete, get, list, patch, update, watch

replicationcontrollers

<redaction-namespace>

create, delete, get, list, patch, update, watch

services

<redaction-namespace>

create, delete, get, list, patch, update, watch

daemonsets.apps

<redaction-namespace>

create, delete, get, list, patch, update, watch

deployments.apps/scale

<redaction-namespace>

create, delete, get, list, patch, update, watch

deployments.apps

<redaction-namespace>

create, delete, get, list, patch, update, watch

replicasets.apps/scale

<redaction-namespace>

create, delete, get, list, patch, update, watch

replicasets.apps

<redaction-namespace>

create, delete, get, list, patch, update, watch

statefulsets.apps/scale

<redaction-namespace>

create, delete, get, list, patch, update, watch

statefulsets.apps

<redaction-namespace>

create, delete, get, list, patch, update, watch

horizontalpodautoscalers.autoscaling

<redaction-namespace>

create, delete, get, list, patch, update, watch

cronjobs.batch

<redaction-namespace>

create, delete, get, list, patch, update, watch

jobs.batch

<redaction-namespace>

create, delete, get, list, patch, update, watch

daemonsets.extensions

<redaction-namespace>

create, delete, get, list, patch, update, watch

deployments.extensions/scale

<redaction-namespace>

create, delete, get, list, patch, update, watch

deployments.extensions

<redaction-namespace>

create, delete, get, list, patch, update, watch

ingresses.extensions

<redaction-namespace>

create, delete, get, list, patch, update, watch

networkpolicies.extensions

<redaction-namespace>

create, delete, get, list, patch, update, watch

replicasets.extensions/scale

<redaction-namespace>

create, delete, get, list, patch, update, watch

replicasets.extensions

<redaction-namespace>

create, delete, get, list, patch, update, watch

replicationcontrollers.extensions/scale

<redaction-namespace>

create, delete, get, list, patch, update, watch

ingresses.networking.k8s.io

<redaction-namespace>

create, delete, get, list, patch, update, watch

poddisruptionbudgets.policy

<redaction-namespace>

create, delete, get, list, patch, update, watch

deployments.apps/rollback

<redaction-namespace>

create, delete, get, list, patch, update, watch

deployments.extensions/rollback

<redaction-namespace>

create, delete, get, list, patch, update, watch

pods.metrics.k8s.io

<redaction-namespace>

create, delete, get, list, patch, update, watch

pods/attach

<redaction-namespace>

create, delete, get, list, patch, update, watch

pods/exec

<redaction-namespace>

create, delete, get, list, patch, update, watch

pods/portforward

<redaction-namespace>

create, delete, get, list, patch, update, watch

pods/proxy

<redaction-namespace>

create, delete, get, list, patch, update, watch

secrets

<redaction-namespace>

create, delete, get, list, patch, update, watch

services/proxy

<redaction-namespace>

create, delete, get, list, patch, update, watch

bindings

<redaction-namespace>

get, list, watch

events

<redaction-namespace>

get, list, watch

limitranges

<redaction-namespace>

get, list, watch

namespaces/status

<redaction-namespace>

get, list, watch

persistentvolumeclaims/status

<redaction-namespace>

get, list, watch

persistentvolumes

<redaction-namespace>

get, list, watch

pods/log

<redaction-namespace>

get, list, watch

pods/status

<redaction-namespace>

get, list, watch

replicationcontrollers/status

<redaction-namespace>

get, list, watch

resourcequotas/status

<redaction-namespace>

get, list, watch

resourcequotas

<redaction-namespace>

get, list, watch

services/status

<redaction-namespace>

get, list, watch

daemonsets.apps/status

<redaction-namespace>

get, list, watch

deployments.apps/status

<redaction-namespace>

get, list, watch

replicasets.apps/status

<redaction-namespace>

get, list, watch

statefulsets.apps/status

<redaction-namespace>

get, list, watch

horizontalpodautoscalers.autoscaling/status

<redaction-namespace>

get, list, watch

cronjobs.batch/status

<redaction-namespace>

get, list, watch

jobs.batch/status

<redaction-namespace>

get, list, watch

persistentvolumes.core

<redaction-namespace>

get, list, watch

daemonsets.extensions/status

<redaction-namespace>

get, list, watch

deployments.extensions/status

<redaction-namespace>

get, list, watch

ingresses.extensions/status

<redaction-namespace>

get, list, watch

replicasets.extensions/status

<redaction-namespace>

get, list, watch

nodes.metrics.k8s.io

<redaction-namespace>

get, list, watch

ingresses.networking.k8s.io/status

<redaction-namespace>

get, list, watch

poddisruptionbudgets.policy/status

<redaction-namespace>

get, list, watch

storageclasses.storage.k8s.io

<redaction-namespace>

get, list, watch

serviceaccounts

<redaction-namespace>

get, list, watch

In this section: