List vs get vs watch in RBAC


here is an example of a role creation :

May I know what’s the difference between get, watch and list in verbs?


Hello @06ashishrawat
you can get all of the information you’d normally get out of get calls through list calls. However, having permission to list a resource doesn’t mean get calls will work. You still have to use list calls and extract the information that way.

watch is a special verb that gives you permission to see updates on resources in real time. Having watch access without list or get is not very helpful because you won’t be able to view the resource after it updates. Through kubectl, I was unable to watch a resource without having the get access to that resource.

kubectl get deployment --as list-only # Prints out nginx deployment
kubectl get deployment --as get-only # RBAC error
kubectl get deployment --as watch-only # RBAC error‏