Role-based access control (RBAC) for clusters
Your product supports several roles. Your role determines the actions that you can perform.
Kubernetes offers role-based access control (RBAC) authorization mechanisms, which are extended on the cluster. Users of the cluster platform can be grouped into teams and have namespaces dedicated to teams.
With your product, you can create a team and add users, user groups, and resources to that team. All users in a team have access to the team resources. A user, user group, or resource can be assigned to multiple teams.
Your product has one Cluster Administrator with cluster-wide access, while other users can be classified as Cloud Pak Administrator, Account Administrator, Administrator, Editor, Operator, Auditor, and Viewer, assigned to various namespaces. Based on the role that is assigned to a user or user group, the level of access to each logical resource on the cluster is defined.
- Platform roles and actions
- IAM roles and actions
- RBAC for IAM resources
- RBAC for resources in OpenShift clusters
Platform roles and actions
Your product supports the Cluster Administrator role. The Cluster Administrator has complete access to your product platform. Learn about roles in the following list:
Cluster Administrator access: The Cluster administrator has complete access for all operations.
- Connect to an LDAP directory
- Access and use the Administration panel UI dashboard
- Create teams, add users, and assign them the IAM roles
- Manage workloads, infrastructure, and applications across all namespaces
- Create namespaces
- Assign quotas
- Add pod security policies
- Add an internal Helm repository
- Delete an internal Helm repository
- Add Helm charts to the internal Helm repository
- Remove Helm charts from the internal Helm repository
- Synchronize internal and external Helm repositories
- Manage storage classes and persistent volumes across all namespaces
- Add, remove, and update image security enforcement policies
- Add, remove, and update service IDs in the cluster
Cloud Pak Administrator access: The Cloud Pak administrator has the access to the following resources
- Connect to an LDAP directory
- Access and use the Administration panel UI dashboard
- Create teams, add users, and assign them the IAM roles
- Manage workloads, infrastructure, and applications across the set of namespaces allocated to the corresponding Cloud Paks
- Create namespaces
- Manage storage classes and persistent volumes across the set of namespaces allocated to the corresponding Cloud Paks
- Add, remove, and update service IDs in the cluster
- Manage(all CRUD operations) on any other resource across the set of namespaces allocated to the corresponding Cloud Paks
Account Administrator access: The Account Administrator has all the privileges of the Administrator, and has add, update, view, and delete access for namespace.
Administrator access: The Administrator has add, update, view, and delete access.
Editor access: The Editor has read and edit access to team resources.
Operator access: The Operator has create, read, and edit access to team resources.
Auditor access: The Auditor can view logs within namespaces if given access to those namespaces.
Viewer access: The Viewer has read-only access. By default, users have Viewer access when they are added to a team.
IAM roles and actions
You can assign an IAM role to users or user groups when you add them to a team. Within a team, each user or user group can have only one role. However, a user might have multiple roles within a team when you add a user individually and also as a member of a team's group. If so, the user can act based on the highest role that is assigned to the user. For example, if you add the user as an administrator and you assign a Viewer role to the user's group, the user can act as an administrator for the team.
A user or user group can be a member of multiple teams and have different roles on each team.
An IAM role defines the actions that a user can perform on the team resources.
Your product supports the following IAM roles:
Note: Only the Cluster Administrator, Cloud Pak Administrator, and Administrator can access the Administration panel UI dashboard and manage teams, users, and roles. The Administrator cannot assign the Cluster Administrator or Cloud Pak Administrator role to any user or group.
Role | Description | Actions |
---|---|---|
Viewer | Has read-only access. | The following actions can be completed by a Viewer:
|
Editor | Has read and edit access. | The following actions can be completed by an Editor:
|
Auditor | Has read access. | The following actions can be completed by an Auditor:
|
Operator (Also referred to as Team Operator ) |
Has read, edit, and create access. | The following actions can be completed by an Operator:
|
Administrator (Also referred to as Team Administrator ) |
Has add, update, view, and delete access. | The Cluster Administrator must add the Administrator as a member of the team. If the Administrator needs to use the console to complete the following actions, then the Cluster Administrator must provide the Administrator with view access to
the LDAP directory.
|
Cluster Administrator | Has complete access to your product platform. | See Platform role and actions |
Cloud Pak Administrator | Has add, update, view, and delete access to all resources in the set of namespaces allocated to the corresponding Cloud Paks. Has add, update, view and delete access to all non-kubernetes resources. | See Platform role and actions |
Note: Viewers and editors cannot view logs on any of your product console pages.
RBAC for IAM resources
IAM resource | Action | Cloud Pak Administrator | Administrator | Operator | Editor | Auditor | Viewer |
---|---|---|---|---|---|---|---|
Identity Management API explorer | X | X | X | X | X | X | |
Certificate: /idmgmt/identity/api/v1/certificates | |||||||
Create user certificate | X | X | X | X | X | X | |
Read user certificate | X | X | X | X | X | X | |
Delete user certificate | X | X | X | X | X | X | |
Account: /idmgmt/identity/api/v1/account | |||||||
Read your product default account | X | X | X | X | X | X | |
Create your product default account | X | X | |||||
Update your product default account | X | X | |||||
Delete your product default account | X | X | |||||
Directory: /idmgmt/identity/api/v1/directory/ldap | |||||||
Read LDAP directory details | X | X | |||||
User: /idmgmt/identity/api/v1/users | |||||||
Create user details | X | X | |||||
Read user details | X | X | X | X | X | X | |
Update user details | X | X | |||||
Delete user details | X | X | |||||
User group: /idmgmt/identity/api/v1/usergroup | |||||||
Create user group details | X | X | |||||
Read user group details | X | X | X | X | X | X | |
Update user group details | X | X | |||||
Delete user group details | X | X | |||||
Team: /idmgmt/identity/api/v1/teams | |||||||
Create team details | X | X | |||||
Read team details | X | X | X | X | X | X | |
Update team details | X | ||||||
Delete team details | X | ||||||
Resource: /idmgmt/identity/api/v1/resources | |||||||
Create resource details | X | X | |||||
Read resource details | X | X | |||||
Update resource details | X | X | |||||
Delete resource details | X | X | |||||
User Preferences: /idmgmt/identity/api/v1/userpreferences | |||||||
Create user preferences | X | X | X | X | X | X | |
Read user preferences | X | X | X | X | X | X | |
Update user preferences | X | X | X | X | X | X | |
Security Assertion Markup Language (SAML) authentication: /idmgmt/v1/saml | |||||||
Get SAML status | X | X | |||||
Update or reconfigure SAML authentication | X | X | |||||
Create or configure SAML authentication | X | X | |||||
Service: /iam-pap/acms/v1/services | |||||||
Create a service | X | X | X | X | X | X | |
List service details | X | X | X | X | X | X | |
Update a service | X | X | X | X | X | X | |
Delete a service | X | X | X | X | X | X | |
Service ID: /iam-token/serviceids | |||||||
Create a service ID | X | X | X | X | X | X | |
List Service ID details | X | X | X | X | X | X | |
Update a service ID | X | X | X | X | X | X | |
Delete a service ID | X | X | X | X | X | X | |
API key: /iam-token/apikeys | |||||||
Create an API key | X | X | X | X | X | X | |
List all API keys | X | X | X | X | X | X | |
Update an API key | X | X | X | X | X | X | |
Delete an API key | X | X | X | X | X | X | |
Service policy: /v1/scopes/{scope}/service_ids/{serviceId}/policies | |||||||
Create service policy details | X | X | X | X | X | X | |
Read service policy details | X | X | X | X | X | X | |
Update service policy details | X | X | X | X | X | X | |
Delete service policy details | X | X | X | X | X | X |
Note: A user can create Service ID policies with the same level of access that the user has. The user cannot create or assign policies with a higher role to a service ID.
RBAC for resources in OpenShift clusters
OpenShift clusters use the Cluster Administrator, Administrator, Operator or Editor, and Viewer roles. The Cluster Administrator has complete access to all the resources. For the Administrator, Operator or Editor, and Viewer roles, the following tables list the resources and the actions that are allowed on the resources.
- For Administrator role, see Allowed resources for the Administrator role in OpenShift clusters
- For Operator or Editor role, see Allowed resources for the Operator or Editor role in OpenShift clusters
- For Viewer role, see Allowed resources for the Viewer role in OpenShift clusters
For more information about OpenShift RBAC, see the following OpenShift documentation:
- For OpenShift Container Platform version 4.6, see Using RBAC to define and apply permissions
- For OpenShift Container Platform version 4.5, see Using RBAC to define and apply permissions
- For OpenShift Container Platform version 4.4, see Using RBAC to define and apply permissions
Allowed resources for the Administrator role in OpenShift clusters
Resource | Get | List | Watch | Update | Patch | Create | Delete | Delete collection | Edit | View | Impersonate | Admin |
---|---|---|---|---|---|---|---|---|---|---|---|---|
app.ibm.com | X | X | X | X | X | X | X | X | ||||
apps/controllerrevisions | X | X | X | |||||||||
apps/daemonsets | X | X | X | X | X | X | X | X | ||||
apps/deployments | X | X | X | X | X | X | X | X | ||||
apps/deployments/rollback | X | X | X | X | X | |||||||
apps/deployments/scale | X | X | X | X | X | X | X | X | ||||
apps/replicasets | X | X | X | X | X | X | X | X | ||||
apps/replicasets/scale | X | X | X | X | X | X | X | X | ||||
apps/statefulsets | X | X | X | X | X | X | X | X | ||||
apps/statefulsets/scale | X | X | X | X | X | X | X | X | ||||
apps.openshift.io/deploymentconfigs | X | X | X | X | X | X | X | X | ||||
apps.openshift.io/deploymentconfigs/instantiate | X | |||||||||||
apps.openshift.io/deploymentconfigs/rollback | X | |||||||||||
apps.openshift.io/deploymentconfigs/scale | X | X | X | X | X | X | X | X | ||||
apps.openshift.io/deploymentconfigs/log | X | X | X | |||||||||
apps.openshift.io/deploymentconfigs/status | X | X | X | |||||||||
apps.openshift.io/deploymentconfigrollbacks | X | |||||||||||
authorization.k8s.io/localsubjectaccessreviews | X | |||||||||||
authorization.openshift.io/localresourceaccessreviews | X | |||||||||||
authorization.openshift.io/localsubjectaccessreviews | X | |||||||||||
authorization.openshift.io/rolebindings | X | X | X | X | X | X | X | X | ||||
authorization.openshift.io/rolebindingrestrictions | X | X | X | |||||||||
authorization.openshift.io/roles | X | X | X | X | X | X | X | X | ||||
authorization.openshift.io/resourceaccessreviews | X | |||||||||||
authorization.openshift.io/subjectaccessreviews | X | |||||||||||
authorization.openshift.io/subjectrulesreviews | X | |||||||||||
autoscaling/horizontalpodautoscalers | X | X | X | X | X | X | X | X | ||||
batch/cronjobs | X | X | X | X | X | X | X | X | ||||
batch/jobs | X | X | X | X | X | X | X | X | ||||
bindings | X | X | X | |||||||||
build.openshift.io/builds | X | X | X | X | X | X | X | X | ||||
build.openshift.io/builds/details | X | |||||||||||
build.openshift.io/builds/log | X | X | X | |||||||||
build.openshift.io/buildconfigs | X | X | X | X | X | X | X | X | ||||
build.openshift.io/buildconfigs/instantiate | X | |||||||||||
build.openshift.io//instantiatebinary | X | |||||||||||
build.openshift.io//clone | X | |||||||||||
build.openshift.io/buildconfigs/webhooks | X | X | X | X | X | X | X | X | ||||
build.openshift.io/buildlogs | X | X | X | X | X | X | X | X | ||||
build.openshift.io/jenkins | X | X | X | |||||||||
certmanager.k8s.io/certificates | X | X | X | X | X | X | X | X | ||||
certmanager.k8s.io/issuers | X | X | X | X | X | X | X | X | ||||
clusterloggings.logging.openshift.io/customresourcedefinitions | X | X | ||||||||||
clusters | X | X | X | X | X | X | X | X | ||||
configmaps | X | X | X | X | X | X | X | X | ||||
elasticsearches.logging.openshift.io/customresourcedefinitions | X | |||||||||||
endpoints | X | X | X | X | X | X | X | X | ||||
events | X | X | X | |||||||||
extensions/daemonsets | X | X | X | X | X | X | X | X | ||||
extensions/deployments | X | X | X | X | X | X | X | X | ||||
extensions/deployments/rollback | X | X | X | X | X | |||||||
extensions/deployments/scale | X | X | X | X | X | X | X | X | ||||
extensions/ingresses | X | X | X | X | X | X | X | X | ||||
extensions/networkpolicies | X | X | X | X | X | X | X | X | ||||
extensions/replicasets | X | X | X | X | X | X | X | X | ||||
extensions/replicasets/scale | X | X | X | X | X | X | X | X | ||||
extensions/replicationcontrollers/scale | X | X | X | X | X | X | X | X | ||||
image.openshift.io/imagestreamimages | X | X | X | X | X | X | X | X | ||||
image.openshift.io/imagestreamimports | X | |||||||||||
image.openshift.io/imagestreammappings | X | X | X | X | X | X | X | X | ||||
image.openshift.io/imagestreams | X | X | X | X | X | X | X | X | ||||
image.openshift.io/imagestreamtags | X | X | X | X | X | X | X | X | ||||
image.openshift.io/imagestreams/layers | X | X | ||||||||||
image.openshift.io/imagestreams/secrets | X | X | X | X | X | X | X | X | ||||
image.openshift.io/imagestreams/status | X | X | X | |||||||||
limitranges | X | X | X | |||||||||
logging.openshift.io/clusterloggings | X | X | X | X | X | X | X | |||||
logging.openshift.io/elasticsearches | X | X | X | X | X | X | X | |||||
metrics.k8s.io/pods | X | X | X | |||||||||
monitoringcontroller.cloud.ibm.com/alertrules | X | X | X | X | X | X | X | X | ||||
monitoringcontroller.cloud.ibm.com/monitoringdashboards | X | X | X | X | X | X | X | X | ||||
namespaces | X | X | X | |||||||||
namespaces/status | X | X | X | |||||||||
networking.k8s.io/ingresses | X | X | X | X | X | X | X | X | ||||
networking.k8s.io/networkpolicies | X | X | X | X | X | X | X | X | ||||
oidc.security.ibm.com/clients | X | X | X | X | X | X | X | |||||
operators.coreos.com/catalogsources | X | X | X | X | ||||||||
operators.coreos.com/clusterserviceversions | X | X | X | X | ||||||||
operators.coreos.com/installplans | X | X | X | X | ||||||||
operators.coreos.com/operatorgroups | X | X | X | |||||||||
operators.coreos.com/subscriptions | X | X | X | X | X | X | X | |||||
packages.operators.coreos.com/packagemanifests | X | X | X | X | X | X | X | |||||
packages.operators.coreos.com/packagemanifests/icon | X | X | X | |||||||||
persistentvolumeclaims | X | X | X | X | X | X | X | X | ||||
pods | X | X | X | X | X | X | X | X | ||||
pods/attach | X | X | X | X | X | X | X | X | ||||
pods/exec | X | X | X | X | X | X | X | X | ||||
pods/log | X | X | X | |||||||||
pods/portforward | X | X | X | X | X | X | X | X | ||||
pods/proxy | X | X | X | X | X | X | X | X | ||||
pods/status | X | X | X | |||||||||
policy/poddisruptionbudgets | X | X | X | X | X | X | X | X | ||||
project.openshift.io/projects | X | X | X | X | ||||||||
quota.openshift.io/appliedclusterresourcequotas | X | X | X | |||||||||
rbac.authorization.k8s.io/rolebindings | X | X | X | X | X | X | X | X | ||||
rbac.authorization.k8s.io/roles | X | X | X | X | X | X | X | X | ||||
replicationcontrollers | X | X | X | X | X | X | X | X | ||||
replicationcontrollers/scale | X | X | X | X | X | X | X | X | ||||
replicationcontrollers/status | X | X | X | |||||||||
resourcequotas | X | X | X | |||||||||
resourcequotas/status | X | X | X | |||||||||
resourcequotausages | X | X | X | |||||||||
route.openshift.io/routes | X | X | X | X | X | X | X | X | ||||
route.openshift.io/routes/custom-host | X | |||||||||||
route.openshift.io/routes/status | X | X | X | X | ||||||||
secrets | X | X | X | X | X | X | X | X | ||||
security.openshift.io/podsecuritypolicyreviews | X | |||||||||||
security.openshift.io/podsecuritypolicyselfsubjectreviews | X | |||||||||||
security.openshift.io/podsecuritypolicysubjectreviews | X | |||||||||||
serviceaccounts | X | X | X | X | X | X | X | X | X | |||
services | X | X | X | X | X | X | X | X | ||||
services/proxy | X | X | X | X | X | X | X | X | ||||
template.openshift.io/processedtemplates | X | X | X | X | X | X | X | X | ||||
template.openshift.io/templates | X | X | X | X | X | X | X | X | ||||
template.openshift.io/templateconfigs | X | X | X | X | X | X | X | X | ||||
template.openshift.io/templateinstances | X | X | X | X | X | X | X | X |
Allowed resources for the Operator or Editor role in OpenShift clusters
Resource | Get | List | Watch | Update | Patch | Create | Delete | Delete collection | Edit | View | Impersonate | Admin |
---|---|---|---|---|---|---|---|---|---|---|---|---|
apps/controllerrevisions | X | X | X | |||||||||
apps/daemonsets | X | X | X | X | X | X | X | X | ||||
apps/deployments | X | X | X | X | X | X | X | X | ||||
apps/deployments/rollback | X | X | X | X | X | |||||||
apps/deployments/scale | X | X | X | X | X | X | X | X | ||||
apps/replicasets | X | X | X | X | X | X | X | X | ||||
apps/replicasets/scale | X | X | X | X | X | X | X | X | ||||
apps/statefulsets | X | X | X | X | X | X | X | X | ||||
apps/statefulsets/scale | X | X | X | X | X | X | X | X | ||||
apps.openshift.io/deploymentconfigs | X | X | X | X | X | X | X | X | ||||
apps.openshift.io/deploymentconfigs/instantiate | X | |||||||||||
apps.openshift.io/deploymentconfigs/rollback | X | |||||||||||
apps.openshift.io/deploymentconfigs/scale | X | X | X | X | X | X | X | X | ||||
apps.openshift.io/deploymentconfigs/log | X | X | X | |||||||||
apps.openshift.io/deploymentconfigs/status | X | X | X | |||||||||
apps.openshift.io/deploymentconfigrollbacks | X | |||||||||||
autoscaling/horizontalpodautoscalers | X | X | X | X | X | X | X | X | ||||
batch/cronjobs | X | X | X | X | X | X | X | X | ||||
batch/jobs | X | X | X | X | X | X | X | X | ||||
bindings | X | X | X | |||||||||
build.openshift.io/builds | X | X | X | X | X | X | X | X | ||||
build.openshift.io/builds/details | X | |||||||||||
build.openshift.io/builds/log | X | X | X | |||||||||
build.openshift.io/buildconfigs | X | X | X | X | X | X | X | X | ||||
build.openshift.io/buildconfigs/instantiate | X | |||||||||||
build.openshift.io//instantiatebinary | X | |||||||||||
build.openshift.io//clone | X | |||||||||||
build.openshift.io/buildconfigs/webhooks | X | X | X | X | X | X | X | X | ||||
build.openshift.io/buildlogs | X | X | X | |||||||||
build.openshift.io/jenkins | X | X | ||||||||||
certmanager.k8s.io/certificates | X | X | X | X | X | X | ||||||
certmanager.k8s.io/issuers | X | X | X | X | X | X | ||||||
clusterloggings.logging.openshift.io/customresourcedefinitions | X | |||||||||||
configmaps | X | X | X | X | X | X | X | X | ||||
elasticsearches.logging.openshift.io/customresourcedefinitions | X | |||||||||||
endpoints | X | X | X | X | X | X | X | X | ||||
events | X | X | X | |||||||||
extensions/daemonsets | X | X | X | X | X | X | X | X | ||||
extensions/deployments | X | X | X | X | X | X | X | X | ||||
extensions/deployments/rollback | X | X | X | X | X | |||||||
extensions/deployments/scale | X | X | X | X | X | X | X | X | ||||
extensions/ingresses | X | X | X | X | X | X | X | X | ||||
extensions/networkpolicies | X | X | X | X | X | X | X | X | ||||
extensions/replicasets | X | X | X | X | X | X | X | X | ||||
extensions/replicasets/scale | X | X | X | X | X | X | X | X | ||||
extensions/replicationcontrollers/scale | X | X | X | X | X | X | X | X | ||||
image.openshift.io/imagestreamimages | X | X | X | X | X | X | X | X | ||||
image.openshift.io/imagestreamimports | X | |||||||||||
image.openshift.io/imagestreammappings | X | X | X | X | X | X | X | X | ||||
image.openshift.io/imagestreams | X | X | X | X | X | X | X | X | ||||
image.openshift.io/imagestreamtags | X | X | X | X | X | X | X | X | ||||
image.openshift.io/imagestreams/layers | X | X | ||||||||||
image.openshift.io/imagestreams/secrets | X | X | X | X | X | X | X | X | ||||
image.openshift.io/imagestreams/status | X | X | X | |||||||||
limitranges | X | X | X | |||||||||
logging.openshift.io/clusterloggings | X | X | X | X | X | X | X | |||||
logging.openshift.io/elasticsearches | X | X | X | X | X | X | X | |||||
metrics.k8s.io/pods | X | X | X | |||||||||
monitoringcontroller.cloud.ibm.com/alertrules | X | X | X | X | X | X | ||||||
monitoringcontroller.cloud.ibm.com/monitoringdashboards | X | X | X | X | X | X | ||||||
namespaces | X | X | X | |||||||||
namespaces/status | X | X | X | |||||||||
networking.k8s.io/ingresses | X | X | X | X | X | X | X | X | ||||
networking.k8s.io/networkpolicies | X | X | X | X | X | X | X | X | ||||
oidc.security.ibm.com/clients | X | X | X | X | X | X | X | |||||
operators.coreos.com/catalogsources | X | X | X | X | ||||||||
operators.coreos.com/clusterserviceversions | X | X | X | X | ||||||||
operators.coreos.com/installplans | X | X | X | X | ||||||||
operators.coreos.com/operatorgroups | X | X | X | |||||||||
operators.coreos.com/subscriptions | X | X | X | X | X | X | X | |||||
packages.operators.coreos.com/packagemanifests | X | X | X | X | X | X | X | |||||
packages.operators.coreos.com/packagemanifests/icon | X | X | X | |||||||||
persistentvolumeclaims | X | X | X | X | X | X | X | X | ||||
pods | X | X | X | X | X | X | X | X | ||||
pods/attach | X | X | X | X | X | X | X | X | ||||
pods/exec | X | X | X | X | X | X | X | X | ||||
pods/log | X | X | X | |||||||||
pods/portforward | X | X | X | X | X | X | X | X | ||||
pods/proxy | X | X | X | X | X | X | X | X | ||||
pods/status | X | X | X | |||||||||
policy/poddisruptionbudgets | X | X | X | X | X | X | X | X | ||||
project.openshift.io/projects | X | |||||||||||
quota.openshift.io/appliedclusterresourcequotas | X | X | X | |||||||||
replicationcontrollers | X | X | X | X | X | X | X | X | ||||
replicationcontrollers/scale | X | X | X | X | X | X | X | X | ||||
replicationcontrollers/status | X | X | X | |||||||||
resourcequotas | X | X | X | |||||||||
resourcequotas/status | X | X | X | |||||||||
resourcequotausages | X | X | X | |||||||||
route.openshift.io/routes | X | X | X | X | X | X | X | X | ||||
route.openshift.io/routes/custom-host | X | |||||||||||
route.openshift.io/routes/status | X | X | X | |||||||||
secrets | X | X | X | X | X | X | X | X | ||||
serviceaccounts | X | X | X | X | X | X | X | X | X | |||
services | X | X | X | X | X | X | X | X | ||||
services/proxy | X | X | X | X | X | X | X | X | ||||
template.openshift.io/processedtemplates | X | X | X | X | X | X | X | X | ||||
template.openshift.io/templates | X | X | X | X | X | X | X | X | ||||
template.openshift.io/templateconfigs | X | X | X | X | X | X | X | X | ||||
template.openshift.io/templateinstances | X | X | X | X | X | X | X | X |
Allowed resources for the Viewer role in OpenShift clusters
Resource | Get | List | Watch | View |
---|---|---|---|---|
apps/controllerrevisions | X | X | X | |
apps/daemonsets | X | X | X | |
apps/deployments | X | X | X | |
apps/deployments/scale | X | X | X | |
apps/replicasets | X | X | X | |
apps/replicasets/scale | X | X | X | |
apps/statefulsets | X | X | X | |
apps/statefulsets/scale | X | X | X | |
apps.openshift.io/deploymentconfigs | X | X | X | |
apps.openshift.io/deploymentconfigs/scale | X | X | X | |
apps.openshift.io/deploymentconfigs/log | X | X | X | |
apps.openshift.io/deploymentconfigs/status | X | X | X | |
autoscaling/horizontalpodautoscalers | X | X | X | |
batch/cronjobs | X | X | X | |
batch/jobs | X | X | X | |
bindings | X | X | X | |
build.openshift.io/builds | X | X | X | |
build.openshift.io/builds/log | X | X | X | |
build.openshift.io/buildconfigs | X | X | X | |
build.openshift.io/buildconfigs/webhooks | X | X | X | |
build.openshift.io/buildlogs | X | X | X | |
build.openshift.io/jenkins | X | |||
clusterloggings.logging.openshift.io/customresourcedefinitions | X | |||
configmaps | X | X | X | |
elasticsearches.logging.openshift.io/customresourcedefinitions | X | |||
endpoints | X | X | X | |
events | X | X | X | |
extensions/daemonsets | X | X | X | |
extensions/deployments | X | X | X | |
extensions/deployments/scale | X | X | X | |
extensions/ingresses | X | X | X | |
extensions/networkpolicies | X | X | X | |
extensions/replicasets | X | X | X | |
extensions/replicasets/scale | X | X | X | |
extensions/replicationcontrollers/scale | X | X | X | |
image.openshift.io/imagestreamimages | X | X | X | |
image.openshift.io/imagestreammappings | X | X | X | |
image.openshift.io/imagestreams | X | X | X | |
image.openshift.io/imagestreamtags | X | X | X | |
image.openshift.io/imagestreams/layers | X | |||
image.openshift.io/imagestreams/status | X | X | X | |
limitranges | X | X | X | |
logging.openshift.io/clusterloggings | X | X | X | |
logging.openshift.io/elasticsearches | X | X | X | |
metrics.k8s.io/pods | X | X | X | |
monitoringcontroller.cloud.ibm.com/alertrules | X | X | X | |
monitoringcontroller.cloud.ibm.com/monitoringdashboards | X | X | X | |
namespaces | X | X | X | |
namespaces/status | X | X | X | |
networking.k8s.io/ingresses | X | X | X | |
networking.k8s.io/networkpolicies | X | X | X | |
operators.coreos.com/catalogsources | X | X | X | |
operators.coreos.com/clusterserviceversions | X | X | X | |
operators.coreos.com/installplans | X | X | X | |
operators.coreos.com/operatorgroups | X | X | X | |
operators.coreos.com/subscriptions | X | X | X | |
packages.operators.coreos.com/packagemanifests | X | X | X | |
packages.operators.coreos.com/packagemanifests/icon | X | X | X | |
persistentvolumeclaims | X | X | X | |
pods | X | X | X | |
pods/log | X | X | X | |
pods/status | X | X | X | |
policy/poddisruptionbudgets | X | X | X | |
project.openshift.io/projects | X | |||
quota.openshift.io/appliedclusterresourcequotas | X | X | X | |
replicationcontrollers | X | X | X | |
replicationcontrollers/scale | X | X | X | |
replicationcontrollers/status | X | X | X | |
resourcequotas | X | X | X | |
resourcequotas/status | X | X | X | |
resourcequotausages | X | X | X | |
route.openshift.io/routes | X | X | X | |
route.openshift.io/routes/status | X | X | X | |
serviceaccounts | X | X | X | |
services | X | X | X | |
template.openshift.io/processedtemplates | X | X | X | |
template.openshift.io/templates | X | X | X | |
template.openshift.io/templateconfigs | X | X | X | |
template.openshift.io/templateinstances | X | X | X |