I'm wanting to understand what authorisation requests are possible when implementing a custom webhook. The docs describe a SubjectAccessReview that references a SubjectAccessReviewSpec that references a ResourceAttributes object that references a string field called resource, which is described as:
Resource is one of the existing resource types. "*" means all.
Where is the list of all resources and what resources are defined?
What are the verbs that can appear in the request?
Kubernetes resources are grouped together because they are logically related.For examples,
apps/v1beta1/deployment(group/version/resource or GVR).Therefore, the Pods needs to run all the time.That's why they are called workload. another example would bebatch/v1/cronJobtherefore, Pod needs to run for short time.By using the following command you can list out the current Groups/Versions in the cluster.
Now If you want to know about what kind of operation you can do on the resources you can use the following command. It will list out the operation with explanation.
I have attached links for further understanding the kube-api server
deep-dive-api-server-part-1
deep-dive-api-server-part-2
deep-dive-api-server-part-3
typical-flow-in-k8s
what-happens-when-k8s