Identity and Access Management (IAM)

This page provides an overview of Identity and Access Management (IAM) support in Kubernetes, and how to use it with Google Container Engine.

Introduction

Every Google Container Engine API call requires that the account making the request has the necessary IAM permissions. For example,

gcloud container clusters update cluster-1

will only succeed if the caller has container.clusters.update permission on cluster-1.

kubectl get pods

requires that the caller has container.pods.list permission on the cluster.

gcloud container clusters create cluster-1 --project project-123

requires that the caller have container.clusters.create permission on project-123 as well as iam.serviceAccounts.actAs on the default service account in project-123. This can be accomplished by assigning both the Container Engine Admin and Service Account Actor roles.

When to use IAM

Using Google identities allows each project member to use their own credentials tied to their own IAM permissions, instead of the shared cluster certificate. This provides revocable cluster access, and allows users to be given different levels of access (e.g. read-only access to cluster resources).

Authentication Modes

Container Engine users can authenticate to the Kubernetes API on their cluster using Google OAuth2 access tokens. When you create a new cluster, Container Engine configures kubectl to use Application Default Credentials to authenticate to the cluster. Authorization is then controlled through Identity and Access Management, and you can manage it using either the gcloud command-line tool or the Cloud Platform Console.

Container Engine clusters continue to accept both the cluster certificate and username/password. Requests with either of these methods have full authorization inside the cluster, and are not controlled by IAM.

If you would like to use the legacy cluster certificate or username and password authentication, you can set the container/use_client_certificate property to true using one of the following commands:

gcloud config set container/use_client_certificate True
export CLOUDSDK_CONTAINER_USE_CLIENT_CERTIFICATE=True

Then, calls to gcloud container clusters get-credentials CLUSTER will configure kubectl to use the legacy cluster certificate to authenticate to the cluster.

IAM Roles

With IAM, permissions are granted by binding users to roles. See Understanding Roles for details.

The following table lists the IAM roles available to Container Engine users.

Role Description Permissions
roles/container.admin Full management of Container Clusters and their Kubernetes API objects. container.*.*
roles/container.clusterAdmin Management of Container Clusters. container.clusters.{create|delete|get|list|update}
container.operations.*
roles/container.developer Full access to Kubernetes API objects inside Container Clusters. container.clusters.{get|list}
container.namespaces.*
container.bindings.*
container.componentStatuses.*
container.configMaps.*
container.daemonSets.*
container.deployments.*
container.endpoints.*
container.events.*
container.horizontalPodAutoscalers.*
container.ingresses.*
container.jobs.*
container.limitRanges.*
container.nodes.*
container.persistentVolumeClaims.*
container.persistentVolumes.*
container.pods.*
container.podTemplates.*
container.replicaSets.*
container.replicationControllers.*
container.resourceQuotas.*
container.secrets.*
container.serviceAccounts.*
container.services.*
container.thirdPartyResources.*
container.thirdPartyObjects.*
roles/container.viewer Read-only access to Container Engine resources. container.clusters.{get|list}
container.operations.{get|list}
container.namespaces.{get|list}
container.componentStatuses.{get|list}
container.configMaps.{get|list}
container.daemonSets.{get|list}
container.deployments.{get|list}
container.endpoints.{get|list}
container.events.{get|list}
container.horizontalPodAutoscalers.{get|list}
container.ingresses.{get|list}
container.jobs.{get|list}
container.limitRanges.{get|list}
container.nodes.{get|list}
container.persistentVolumeClaims.{get|list}
container.persistentVolumes.{get|list}
container.pods.{get|list}
container.podTemplates.{get|list}
container.replicaSets.{get|list}
container.replicationControllers.{get|list}
container.resourceQuotas.{get|list}
container.serviceAccounts.{get|list}
container.services.{get|list}
container.thirdPartyResources.{get|list}
container.thirdPartyObjects.{get|list}

IAM Permissions

The following table lists the required permissions for each Container Engine API method.

Method Required Permission(s)
projects.zones.clusters.create container.clusters.create on the containing Cloud project, and iam.serviceAccounts.actAs on the specified service account.
projects.zones.clusters.delete container.clusters.delete on the requested cluster.
projects.zones.clusters.get container.clusters.get on the requested cluster, and container.clusters.getCredentials to see the cluster's credentials.
projects.zones.clusters.list container.clusters.list on the requested Cloud project, and container.clusters.getCredentials to see each cluster's credentials.
projects.zones.clusters.update container.clusters.update on the requested cluster.
projects.zones.clusters.nodePools.create container.clusters.update on the requested cluster.
projects.zones.clusters.nodePools.delete container.clusters.update on the requested cluster.
projects.zones.clusters.nodePools.get container.clusters.get on the requested cluster.
projects.zones.clusters.nodePools.list container.clusters.get on the requested cluster.
projects.zones.operations.get container.operations.get on the requested operations.
projects.zones.operations.list container.operations.list on the requested Cloud project.

The following table lists the required permissions for each Kubernetes API method.

Method Required Permission(s)
GET /api/v1/componentstatuses container.componentStatuses.list on the requested cluster.
GET /api/v1/componentstatuses/{name} container.componentStatuses.get on the requested componentStatus.
GET /api/v1/configmaps container.configMaps.list on the requested cluster.
GET /api/v1/endpoints container.endpoints.list on the requested cluster.
GET /api/v1/events container.events.list on the requested cluster.
GET /api/v1/limitranges container.limitRanges.list on the requested cluster.
GET /api/v1/namespaces container.namespaces.list on the requested cluster.
DELETE /api/v1/namespaces container.namespaces.delete on the requested cluster.
POST /api/v1/namespaces container.namespaces.create on the requested cluster.
POST /api/v1/namespaces/{namespace}/bindings container.bindings.create on the requested cluster.
GET /api/v1/namespaces/{namespace}/configmaps container.configMaps.list on the requested namespace.
DELETE /api/v1/namespaces/{namespace}/configmaps container.configMaps.delete on the requested namespace.
POST /api/v1/namespaces/{namespace}/configmaps container.configMaps.create on the requested namespace.
GET /api/v1/namespaces/{namespace}/configmaps/{name} container.configMaps.get on the requested configMap.
PUT /api/v1/namespaces/{namespace}/configmaps/{name} container.configMaps.update on the requested configMap.
DELETE /api/v1/namespaces/{namespace}/configmaps/{name} container.configMaps.delete on the requested configMap.
PATCH /api/v1/namespaces/{namespace}/configmaps/{name} container.configMaps.update on the requested configMap.
GET /api/v1/namespaces/{namespace}/endpoints container.endpoints.list on the requested namespace.
DELETE /api/v1/namespaces/{namespace}/endpoints container.endpoints.delete on the requested namespace.
POST /api/v1/namespaces/{namespace}/endpoints container.endpoints.create on the requested namespace.
GET /api/v1/namespaces/{namespace}/endpoints/{name} container.endpoints.get on the requested endpoint.
PUT /api/v1/namespaces/{namespace}/endpoints/{name} container.endpoints.update on the requested endpoint.
DELETE /api/v1/namespaces/{namespace}/endpoints/{name} container.endpoints.delete on the requested endpoint.
PATCH /api/v1/namespaces/{namespace}/endpoints/{name} container.endpoints.update on the requested endpoint.
GET /api/v1/namespaces/{namespace}/events container.events.list on the requested namespace.
DELETE /api/v1/namespaces/{namespace}/events container.events.delete on the requested namespace.
POST /api/v1/namespaces/{namespace}/events container.events.create on the requested namespace.
GET /api/v1/namespaces/{namespace}/events/{name} container.events.get on the requested event.
PUT /api/v1/namespaces/{namespace}/events/{name} container.events.update on the requested event.
DELETE /api/v1/namespaces/{namespace}/events/{name} container.events.delete on the requested event.
PATCH /api/v1/namespaces/{namespace}/events/{name} container.events.update on the requested event.
GET /api/v1/namespaces/{namespace}/limitranges container.limitRanges.list on the requested namespace.
DELETE /api/v1/namespaces/{namespace}/limitranges container.limitRanges.delete on the requested namespace.
POST /api/v1/namespaces/{namespace}/limitranges container.limitRanges.create on the requested namespace.
GET /api/v1/namespaces/{namespace}/limitranges/{name} container.limitRanges.get on the requested limitRange.
PUT /api/v1/namespaces/{namespace}/limitranges/{name} container.limitRanges.update on the requested limitRange.
DELETE /api/v1/namespaces/{namespace}/limitranges/{name} container.limitRanges.delete on the requested limitRange.
PATCH /api/v1/namespaces/{namespace}/limitranges/{name} container.limitRanges.update on the requested limitRange.
GET /api/v1/namespaces/{namespace}
/persistentvolumeclaims
container.persistentVolumeClaims.list on the requested namespace.
DELETE /api/v1/namespaces/{namespace}
/persistentvolumeclaims
container.persistentVolumeClaims.delete on the requested namespace.
POST /api/v1/namespaces/{namespace}
/persistentvolumeclaims
container.persistentVolumeClaims.create on the requested namespace.
GET /api/v1/namespaces/{namespace}
/persistentvolumeclaims/{name}
container.persistentVolumeClaims.get on the requested persistentVolumeClaim.
PUT /api/v1/namespaces/{namespace}
/persistentvolumeclaims/{name}
container.persistentVolumeClaims.update on the requested persistentVolumeClaim.
DELETE /api/v1/namespaces/{namespace}
/persistentvolumeclaims/{name}
container.persistentVolumeClaims.delete on the requested persistentVolumeClaim.
PATCH /api/v1/namespaces/{namespace}
/persistentvolumeclaims/{name}
container.persistentVolumeClaims.update on the requested persistentVolumeClaim.
GET /api/v1/namespaces/{namespace}
/persistentvolumeclaims/{name}/status
container.persistentVolumeClaims.get on the requested persistentVolumeClaim.
PUT /api/v1/namespaces/{namespace}
/persistentvolumeclaims/{name}/status
container.persistentVolumeClaims.updateStatus on the requested persistentVolumeClaim.
PATCH /api/v1/namespaces/{namespace}
/persistentvolumeclaims/{name}/status
container.persistentVolumeClaims.updateStatus on the requested persistentVolumeClaim.
GET /api/v1/namespaces/{namespace}/pods container.pods.list on the requested namespace.
DELETE /api/v1/namespaces/{namespace}/pods container.pods.delete on the requested namespace.
POST /api/v1/namespaces/{namespace}/pods container.pods.create on the requested namespace.
GET /api/v1/namespaces/{namespace}/pods/{name} container.pods.get on the requested pod.
PUT /api/v1/namespaces/{namespace}/pods/{name} container.pods.update on the requested pod.
DELETE /api/v1/namespaces/{namespace}/pods/{name} container.pods.delete on the requested pod.
PATCH /api/v1/namespaces/{namespace}/pods/{name} container.pods.update on the requested pod.
GET /api/v1/namespaces/{namespace}/pods/{name}/attach container.pods.attach on the requested pod.
POST /api/v1/namespaces/{namespace}/pods/{name}/attach container.pods.attach on the requested pod.
POST /api/v1/namespaces/{namespace}/pods/{name}/binding container.bindings.create on the requested namespace.
GET /api/v1/namespaces/{namespace}/pods/{name}/exec container.pods.exec on the requested pod.
POST /api/v1/namespaces/{namespace}/pods/{name}/exec container.pods.exec on the requested pod.
GET /api/v1/namespaces/{namespace}/pods/{name}/log container.pods.getLogs on the requested pod.
GET /api/v1/namespaces/{namespace}/pods/{name}/portforward container.pods.portForward on the requested pod.
POST /api/v1/namespaces/{namespace}/pods/{name}/portforward container.pods.portForward on the requested pod.
GET /api/v1/namespaces/{namespace}/pods/{name}/proxy container.pods.proxy on the requested pod.
PUT /api/v1/namespaces/{namespace}/pods/{name}/proxy container.pods.proxy on the requested pod.
DELETE /api/v1/namespaces/{namespace}/pods/{name}/proxy container.pods.proxy on the requested pod.
POST /api/v1/namespaces/{namespace}/pods/{name}/proxy container.pods.proxy on the requested pod.
GET /api/v1/namespaces/{namespace}/pods/{name}/proxy/{path} container.pods.proxy on the requested pod.
PUT /api/v1/namespaces/{namespace}/pods/{name}/proxy/{path} container.pods.proxy on the requested pod.
DELETE /api/v1/namespaces/{namespace}/pods/{name}/proxy/{path} container.pods.proxy on the requested pod.
POST /api/v1/namespaces/{namespace}/pods/{name}/proxy/{path} container.pods.proxy on the requested pod.
GET /api/v1/namespaces/{namespace}/pods/{name}/status container.pods.get on the requested pod.
PUT /api/v1/namespaces/{namespace}/pods/{name}/status container.pods.updateStatus on the requested pod.
PATCH /api/v1/namespaces/{namespace}/pods/{name}/status container.pods.updateStatus on the requested pod.
GET /api/v1/namespaces/{namespace}/podtemplates container.podTemplates.list on the requested namespace.
DELETE /api/v1/namespaces/{namespace}/podtemplates container.podTemplates.delete on the requested namespace.
POST /api/v1/namespaces/{namespace}/podtemplates container.podTemplates.create on the requested namespace.
GET /api/v1/namespaces/{namespace}/podtemplates/{name} container.podTemplates.get on the requested podTemplate.
PUT /api/v1/namespaces/{namespace}/podtemplates/{name} container.podTemplates.update on the requested podTemplate.
DELETE /api/v1/namespaces/{namespace}/podtemplates/{name} container.podTemplates.delete on the requested podTemplate.
PATCH /api/v1/namespaces/{namespace}/podtemplates/{name} container.podTemplates.update on the requested podTemplate.
GET /api/v1/namespaces/{namespace}
/replicationcontrollers
container.replicationControllers.list on the requested namespace.
DELETE /api/v1/namespaces/{namespace}
/replicationcontrollers
container.replicationControllers.delete on the requested namespace.
POST /api/v1/namespaces/{namespace}
/replicationcontrollers
container.replicationControllers.create on the requested namespace.
GET /api/v1/namespaces/{namespace}
/replicationcontrollers/{name}
container.replicationControllers.get on the requested replicationController.
PUT /api/v1/namespaces/{namespace}
/replicationcontrollers/{name}
container.replicationControllers.update on the requested replicationController.
DELETE /api/v1/namespaces/{namespace}
/replicationcontrollers/{name}
container.replicationControllers.delete on the requested replicationController.
PATCH /api/v1/namespaces/{namespace}
/replicationcontrollers/{name}
container.replicationControllers.update on the requested replicationController.
GET /api/v1/namespaces/{namespace}
/replicationcontrollers/{name}/scale
container.replicationControllers.get on the requested replicationController.
PUT /api/v1/namespaces/{namespace}
/replicationcontrollers/{name}/scale
container.replicationControllers.update on the requested replicationController.
PATCH /api/v1/namespaces/{namespace}
/replicationcontrollers/{name}/scale
container.replicationControllers.update on the requested replicationController.
GET /api/v1/namespaces/{namespace}
/replicationcontrollers/{name}/status
container.replicationControllers.get on the requested replicationController.
PUT /api/v1/namespaces/{namespace}
/replicationcontrollers/{name}/status
container.replicationControllers.updateStatus on the requested replicationController.
PATCH /api/v1/namespaces/{namespace}
/replicationcontrollers/{name}/status
container.replicationControllers.updateStatus on the requested replicationController.
GET /api/v1/namespaces/{namespace}/resourcequotas container.resourceQuotas.list on the requested namespace.
DELETE /api/v1/namespaces/{namespace}/resourcequotas container.resourceQuotas.delete on the requested namespace.
POST /api/v1/namespaces/{namespace}/resourcequotas container.resourceQuotas.create on the requested namespace.
GET /api/v1/namespaces/{namespace}/resourcequotas/{name} container.resourceQuotas.get on the requested resourceQuota.
PUT /api/v1/namespaces/{namespace}/resourcequotas/{name} container.resourceQuotas.update on the requested resourceQuota.
DELETE /api/v1/namespaces/{namespace}/resourcequotas/{name} container.resourceQuotas.delete on the requested resourceQuota.
PATCH /api/v1/namespaces/{namespace}/resourcequotas/{name} container.resourceQuotas.update on the requested resourceQuota.
GET /api/v1/namespaces/{namespace}/resourcequotas/{name}/status container.resourceQuotas.get on the requested resourceQuota.
PUT /api/v1/namespaces/{namespace}/resourcequotas/{name}/status container.resourceQuotas.updateStatus on the requested resourceQuota.
PATCH /api/v1/namespaces/{namespace}/resourcequotas/{name}/status container.resourceQuotas.updateStatus on the requested resourceQuota.
GET /api/v1/namespaces/{namespace}/secrets container.secrets.list on the requested namespace.
DELETE /api/v1/namespaces/{namespace}/secrets container.secrets.delete on the requested namespace.
POST /api/v1/namespaces/{namespace}/secrets container.secrets.create on the requested namespace.
GET /api/v1/namespaces/{namespace}/secrets/{name} container.secrets.get on the requested secret.
PUT /api/v1/namespaces/{namespace}/secrets/{name} container.secrets.update on the requested secret.
DELETE /api/v1/namespaces/{namespace}/secrets/{name} container.secrets.delete on the requested secret.
PATCH /api/v1/namespaces/{namespace}/secrets/{name} container.secrets.update on the requested secret.
GET /api/v1/namespaces/{namespace}/serviceaccounts container.serviceAccounts.list on the requested namespace.
DELETE /api/v1/namespaces/{namespace}/serviceaccounts container.serviceAccounts.delete on the requested namespace.
POST /api/v1/namespaces/{namespace}/serviceaccounts container.serviceAccounts.create on the requested namespace.
GET /api/v1/namespaces/{namespace}/serviceaccounts/{name} container.serviceAccounts.get on the requested serviceAccount.
PUT /api/v1/namespaces/{namespace}/serviceaccounts/{name} container.serviceAccounts.update on the requested serviceAccount.
DELETE /api/v1/namespaces/{namespace}/serviceaccounts/{name} container.serviceAccounts.delete on the requested serviceAccount.
PATCH /api/v1/namespaces/{namespace}/serviceaccounts/{name} container.serviceAccounts.update on the requested serviceAccount.
GET /api/v1/namespaces/{namespace}/services container.services.list on the requested namespace.
POST /api/v1/namespaces/{namespace}/services container.services.create on the requested namespace.
GET /api/v1/namespaces/{namespace}/services/{name} container.services.get on the requested service.
PUT /api/v1/namespaces/{namespace}/services/{name} container.services.update on the requested service.
DELETE /api/v1/namespaces/{namespace}/services/{name} container.services.delete on the requested service.
PATCH /api/v1/namespaces/{namespace}/services/{name} container.services.update on the requested service.
GET /api/v1/namespaces/{namespace}/services/{name}/proxy container.services.proxy on the requested service.
PUT /api/v1/namespaces/{namespace}/services/{name}/proxy container.services.proxy on the requested service.
DELETE /api/v1/namespaces/{namespace}/services/{name}/proxy container.services.proxy on the requested service.
POST /api/v1/namespaces/{namespace}/services/{name}/proxy container.services.proxy on the requested service.
GET /api/v1/namespaces/{namespace}/services/{name}/proxy/{path} container.services.proxy on the requested service.
PUT /api/v1/namespaces/{namespace}/services/{name}/proxy/{path} container.services.proxy on the requested service.
DELETE /api/v1/namespaces/{namespace}/services/{name}/proxy/{path} container.services.proxy on the requested service.
POST /api/v1/namespaces/{namespace}/services/{name}/proxy/{path} container.services.proxy on the requested service.
GET /api/v1/namespaces/{namespace}/services/{name}/status container.services.get on the requested service.
PUT /api/v1/namespaces/{namespace}/services/{name}/status container.services.updateStatus on the requested service.
PATCH /api/v1/namespaces/{namespace}/services/{name}/status container.services.updateStatus on the requested service.
GET /api/v1/namespaces/{name} container.namespaces.get on the requested namespace.
PUT /api/v1/namespaces/{name} container.namespaces.update on the requested namespace.
DELETE /api/v1/namespaces/{name} container.namespaces.delete on the requested namespace.
PATCH /api/v1/namespaces/{name} container.namespaces.update on the requested namespace.
PATCH /api/v1/namespaces/{name}/finalize container.namespaces.update on the requested namespace.
GET /api/v1/namespaces/{name}/status container.namespaces.get on the requested namespace.
PUT /api/v1/namespaces/{name}/status container.namespaces.updateStatus on the requested namespace.
PATCH /api/v1/namespaces/{name}/status container.namespaces.updateStatus on the requested namespace.
GET /api/v1/nodes container.nodes.list on the requested cluster.
DELETE /api/v1/nodes container.nodes.delete on the requested cluster.
POST /api/v1/nodes container.nodes.create on the requested cluster.
GET /api/v1/nodes/{name} container.nodes.get on the requested node.
PUT /api/v1/nodes/{name} container.nodes.update on the requested node.
DELETE /api/v1/nodes/{name} container.nodes.delete on the requested node.
PATCH /api/v1/nodes/{name} container.nodes.update on the requested node.
GET /api/v1/nodes/{name}/proxy container.nodes.proxy on the requested node.
PUT /api/v1/nodes/{name}/proxy container.nodes.proxy on the requested node.
DELETE /api/v1/nodes/{name}/proxy container.nodes.proxy on the requested node.
POST /api/v1/nodes/{name}/proxy container.nodes.proxy on the requested node.
GET /api/v1/nodes/{name}/proxy/{path} container.nodes.proxy on the requested node.
PUT /api/v1/nodes/{name}/proxy/{path} container.nodes.proxy on the requested node.
DELETE /api/v1/nodes/{name}/proxy/{path} container.nodes.proxy on the requested node.
POST /api/v1/nodes/{name}/proxy/{path} container.nodes.proxy on the requested node.
GET /api/v1/nodes/{name}/status container.nodes.get on the requested node.
PUT /api/v1/nodes/{name}/status container.nodes.updateStatus on the requested node.
PATCH /api/v1/nodes/{name}/status container.nodes.updateStatus on the requested node.
GET /api/v1/persistentvolumes container.persistentVolumes.list on the requested cluster.
DELETE /api/v1/persistentvolumes container.persistentVolumes.delete on the requested cluster.
POST /api/v1/persistentvolumes container.persistentVolumes.create on the requested cluster.
GET /api/v1/persistentvolumes/{name} container.persistentVolumes.get on the requested persistentVolume.
PUT /api/v1/persistentvolumes/{name} container.persistentVolumes.update on the requested persistentVolume.
DELETE /api/v1/persistentvolumes/{name} container.persistentVolumes.delete on the requested persistentVolume.
PATCH /api/v1/persistentvolumes/{name} container.persistentVolumes.update on the requested persistentVolume.
GET /api/v1/persistentvolumes/{name}/status container.persistentVolumes.get on the requested persistentVolume.
PUT /api/v1/persistentvolumes/{name}/status container.persistentVolumes.updateStatus on the requested persistentVolume.
PATCH /api/v1/persistentvolumes/{name}/status container.persistentVolumes.updateStatus on the requested persistentVolume.
GET /api/v1/pods container.pods.list on the requested cluster.
GET /api/v1/podtemplates container.podTemplates.list on the requested cluster.
GET /api/v1/proxy/namespaces/{namespace}/pods/{name} container.pods.proxy on the requested pod.
PUT /api/v1/proxy/namespaces/{namespace}/pods/{name} container.pods.proxy on the requested pod.
DELETE /api/v1/proxy/namespaces/{namespace}/pods/{name} container.pods.proxy on the requested pod.
POST /api/v1/proxy/namespaces/{namespace}/pods/{name} container.pods.proxy on the requested pod.
GET /api/v1/proxy/namespaces/{namespace}/pods/{name}/{path} container.pods.proxy on the requested pod.
PUT /api/v1/proxy/namespaces/{namespace}/pods/{name}/{path} container.pods.proxy on the requested pod.
DELETE /api/v1/proxy/namespaces/{namespace}/pods/{name}/{path} container.pods.proxy on the requested pod.
POST /api/v1/proxy/namespaces/{namespace}/pods/{name}/{path} container.pods.proxy on the requested pod.
GET /api/v1/proxy/namespaces/{namespace}/services/{name} container.services.proxy on the requested service.
PUT /api/v1/proxy/namespaces/{namespace}/services/{name} container.services.proxy on the requested service.
DELETE /api/v1/proxy/namespaces/{namespace}/services/{name} container.services.proxy on the requested service.
POST /api/v1/proxy/namespaces/{namespace}/services/{name} container.services.proxy on the requested service.
GET /api/v1/proxy/namespaces/{namespace}/services/{name}/{path} container.services.proxy on the requested service.
PUT /api/v1/proxy/namespaces/{namespace}/services/{name}/{path} container.services.proxy on the requested service.
DELETE /api/v1/proxy/namespaces/{namespace}/services/{name}/{path} container.services.proxy on the requested service.
POST /api/v1/proxy/namespaces/{namespace}/services/{name}/{path} container.services.proxy on the requested service.
GET /api/v1/proxy/nodes/{name} container.nodes.proxy on the requested node.
PUT /api/v1/proxy/nodes/{name} container.nodes.proxy on the requested node.
DELETE /api/v1/proxy/nodes/{name} container.nodes.proxy on the requested node.
POST /api/v1/proxy/nodes/{name} container.nodes.proxy on the requested node.
GET /api/v1/proxy/nodes/{name}/{path} container.nodes.proxy on the requested node.
PUT /api/v1/proxy/nodes/{name}/{path} container.nodes.proxy on the requested node.
DELETE /api/v1/proxy/nodes/{name}/{path} container.nodes.proxy on the requested node.
POST /api/v1/proxy/nodes/{name}/{path} container.nodes.proxy on the requested node.
GET /api/v1/replicationcontrollers container.replicationControllers.list on the requested replicationController.
GET /api/v1/resourcequotas container.resourceQuotas.list on the requested resourceQuota.
GET /api/v1/secrets container.secrets.list on the requested secret.
GET /api/v1/serviceaccounts container.serviceAccounts.list on the requested serviceAccount.
GET /api/v1/services container.services.list on the requested service.
GET /api/v1/watch/configmaps container.configmaps.list on the requested cluster.
GET /api/v1/watch/endpoints container.endpoints.list on the requested cluster.
GET /api/v1/watch/events container.events.list on the requested cluster.
GET /api/v1/watch/limitranges container.limitRanges.list on the requested cluster.
GET /api/v1/watch/namespaces container.namespaces.list on the requested cluster.
GET /api/v1/watch/namespaces/{namespace}/configmaps container.configMaps.list on the requested namespace.
GET /api/v1/watch/namespaces/{namespace}/configmaps/{name} container.configMaps.get on the requested configMap.
GET /api/v1/watch/namespaces/{namespace}/endpoints container.endpoints.list on the requested namespace.
GET /api/v1/watch/namespaces/{namespace}/endpoints/{name} container.endpoints.get on the requested endpoint.
GET /api/v1/watch/namespaces/{namespace}/events container.events.list on the requested namespace.
GET /api/v1/watch/namespaces/{namespace}/events/{name} container.events.get on the requested event.
GET /api/v1/watch/namespaces/{namespace}/limitranges container.limitRanges.list on the requested namespace.
GET /api/v1/watch/namespaces/{namespace}/limitranges/{name} container.limitRanges.get on the requested limitRange.
GET /api/v1/watch/namespaces/{namespace}
/persistentvolumeclaims
container.persistentVolumeClaims.list on the requested namespace.
GET /api/v1/watch/namespaces/{namespace}
/persistentvolumeclaims/{name}
container.persistentVolumeClaims.get on the requested persistentVolumeClaim.
GET /api/v1/watch/namespaces/{namespace}/pods container.pods.list on the requested namespace.
GET /api/v1/watch/namespaces/{namespace}/pods/{name} container.pods.get on the requested pod.
GET /api/v1/watch/namespaces/{namespace}/podtemplates container.podTemplates.list on the requested namespace.
GET /api/v1/watch/namespaces/{namespace}/podtemplates/{name} container.podTemplates.get on the requested podTemplate.
GET /api/v1/watch/namespaces/{namespace}
/replicationcontrollers
container.replicationControllers.list on the requested namespace.
GET /api/v1/watch/namespaces/{namespace}
/replicationcontrollers/{name}
container.replicationControllers.get on the requested replicationController.
GET /api/v1/watch/namespaces/{namespace}/resourcequotas container.resourceQuotas.list on the requested namespace.
GET /api/v1/watch/namespaces/{namespace}/resourcequotas/{name} container.resourceQuotas.get on the requested resourceQuota.
GET /api/v1/watch/namespaces/{namespace}/secrets container.secrets.list on the requested namespace.
GET /api/v1/watch/namespaces/{namespace}/secrets/{name} container.secrets.get on the requested secret.
GET /api/v1/watch/namespaces/{namespace}/serviceaccounts container.serviceAccounts.list on the requested namespace.
GET /api/v1/watch/namespaces/{namespace}/serviceaccounts/{name} container.serviceAccounts.get on the requested serviceAccount.
GET /api/v1/watch/namespaces/{namespace}/services container.services.list on the requested namespace.
GET /api/v1/watch/namespaces/{namespace}/services/{name} container.services.get on the requested service.
GET /api/v1/watch/namespaces/{name} container.namespaces.get on the requested namespace.
GET /api/v1/watch/nodes container.nodes.list on the requested cluster.
GET /api/v1/watch/nodes/{name} container.nodes.get on the requested node.
GET /api/v1/watch/persistentvolumeclaims container.persistentVolumeClaims.list on the requested cluster.
GET /api/v1/watch/persistentvolumes container.persistentVolumes.list on the requested cluster.
GET /api/v1/watch/namespaces/{namespace}/persistentvolumes/{name} container.persistentVolumes.get on the requested persistentVolume.
GET /api/v1/watch/pods container.pods.list on the requested cluster.
GET /api/v1/watch/podtemplates container.podtemplates.list on the requested cluster.
GET /api/v1/watch/replicationcontrollers container.replicationControllers.list on the requested cluster.
GET /api/v1/watch/resourcequotas container.resourceQuotas.list on the requested cluster.
GET /api/v1/watch/secrets container.secrets.list on the requested cluster.
GET /api/v1/watch/serviceAccounts container.serviceAccounts.list on the requested cluster.
GET /api/v1/watch/services container.services.list on the requested cluster.
GET /apis/autoscaling/v1/horizontalpodautoscalers container.horizontalPodAutoscalers.list on the requested cluster.
GET /apis/autoscaling/v1/namespaces/{namespace}
/horizontalpodautoscalers
container.horizontalPodAutoscalers.list on the requested namespace.
DELETE /apis/autoscaling/v1/namespaces/{namespace}
/horizontalpodautoscalers
container.horizontalPodAutoscalers.delete on the requested namespace.
POST /apis/autoscaling/v1/namespaces/{namespace}
/horizontalpodautoscalers
container.horizontalPodAutoscalers.create on the requested namespace.
GET /apis/autoscaling/v1/namespaces/{namespace}
/horizontalpodautoscalers/{name}
container.horizontalPodAutoscalers.get on the requested horizontalPodAutoscaler.
PUT /apis/autoscaling/v1/namespaces/{namespace}
/horizontalpodautoscalers/{name}
container.horizontalPodAutoscalers.update on the requested horizontalPodAutoscaler.
DELETE /apis/autoscaling/v1/namespaces/{namespace}
/horizontalpodautoscalers/{name}
container.horizontalPodAutoscalers.delete on the requested horizontalPodAutoscaler.
PATCH /apis/autoscaling/v1/namespaces/{namespace}
/horizontalpodautoscalers/{name}
container.horizontalPodAutoscalers.update on the requested horizontalPodAutoscaler.
GET /apis/autoscaling/v1/namespaces/{namespace}
/horizontalpodautoscalers/{name}/status
container.horizontalPodAutoscalers.get on the requested horizontalPodAutoscaler.
PUT /apis/autoscaling/v1/namespaces/{namespace}
/horizontalpodautoscalers/{name}/status
container.horizontalPodAutoscalers.updateStatus on the requested horizontalPodAutoscaler.
PATCH /apis/autoscaling/v1/namespaces/{namespace}
/horizontalpodautoscalers/{name}/status
container.horizontalPodAutoscalers.updateStatus on the requested horizontalPodAutoscaler.
GET /apis/autoscaling/v1/watch/horizontalpodautoscalers container.horizontalPodAutoscalers.list on the requested cluster.
GET /apis/autoscaling/v1/watch/namespaces/{namespace}
/horizontalpodautoscalers
container.horizontalPodAutoscalers.list on the requested namespace.
GET /apis/autoscaling/v1/watch/namespaces/{namespace}
/horizontalpodautoscalers/{name}
container.horizontalPodAutoscalers.get on the requested horizontalPodAutoscaler.
GET /apis/batch/v1/jobs container.jobs.list on the requested cluster.
GET /apis/batch/v1/namespaces/{namespace}/jobs container.jobs.list on the requested namespace.
DELETE /apis/batch/v1/namespaces/{namespace}/jobs container.jobs.delete on the requested namespace.
POST /apis/batch/v1/namespaces/{namespace}/jobs container.jobs.create on the requested namespace.
GET /apis/batch/v1/namespaces/{namespace}/jobs/{name} container.jobs.get on the requested job.
PUT /apis/batch/v1/namespaces/{namespace}/jobs/{name} container.jobs.update on the requested job.
DELETE /apis/batch/v1/namespaces/{namespace}/jobs/{name} container.jobs.delete on the requested job.
PATCH /apis/batch/v1/namespaces/{namespace}/jobs/{name} container.jobs.update on the requested job.
GET /apis/batch/v1/namespaces/{namespace}/jobs/{name}/status container.jobs.get on the requested job.
PUT /apis/batch/v1/namespaces/{namespace}/jobs/{name}/status container.jobs.updateStatus on the requested job.
PATCH /apis/batch/v1/namespaces/{namespace}/jobs/{name}/status container.jobs.updateStatus on the requested job.
GET /apis/batch/v1/watch/jobs container.jobs.list on the requested cluster.
GET /apis/batch/v1/watch/namespaces/{namespace}/jobs container.jobs.list on the requested namespace.
GET /apis/batch/v1/watch/namespaces/{namespace}/jobs/{name} container.jobs.get on the requested job.
GET /apis/extensions/v1beta1/daemonsets container.daemonSets.list on the requested cluster.
GET /apis/extensions/v1beta1/deployments container.deployments.list on the requested cluster.
GET /apis/extensions/v1beta1/ingresses container.ingresses.list on the requested cluster.
GET /apis/extensions/v1beta1/namespaces/{namespace}
/daemonsets
container.daemonSets.list on the requested namespace.
DELETE /apis/extensions/v1beta1/namespaces/{namespace}
/daemonsets
container.daemonSets.delete on the requested namespace.
POST /apis/extensions/v1beta1/namespaces/{namespace}
/daemonsets
container.daemonSets.create on the requested namespace.
GET /apis/extensions/v1beta1/namespaces/{namespace}
/daemonsets/{name}
container.daemonSets.get on the requested daemonSet.
PUT /apis/extensions/v1beta1/namespaces/{namespace}
/daemonsets/{name}
container.daemonSets.update on the requested daemonSet.
DELETE /apis/extensions/v1beta1/namespaces/{namespace}
/daemonsets/{name}
container.daemonSets.delete on the requested daemonSet.
PATCH /apis/extensions/v1beta1/namespaces/{namespace}
/daemonsets/{name}
container.daemonSets.update on the requested daemonSet.
GET /apis/extensions/v1beta1/namespaces/{namespace}
/daemonsets/{name}/status
container.daemonSets.get on the requested daemonSet.
PUT /apis/extensions/v1beta1/namespaces/{namespace}
/daemonsets/{name}/status
container.daemonSets.updateStatus on the requested daemonSet.
PUT /apis/extensions/v1beta1/namespaces/{namespace}
/daemonsets/{name}/status
container.daemonSets.updateStatus on the requested daemonSet.
GET /apis/extensions/v1beta1/namespaces/{namespace}
/deployments
container.deployments.list on the requested namespace.
DELETE /apis/extensions/v1beta1/namespaces/{namespace}
/deployments
container.deployments.delete on the requested namespace.
POST /apis/extensions/v1beta1/namespaces/{namespace}
/deployments
container.deployments.create on the requested namespace.
GET /apis/extensions/v1beta1/namespaces/{namespace}
/deployments/{name}
container.deployments.get on the requested deployment.
PUT /apis/extensions/v1beta1/namespaces/{namespace}
/deployments/{name}
container.deployments.update on the requested deployment.
DELETE /apis/extensions/v1beta1/namespaces/{namespace}
/deployments/{name}
container.deployments.delete on the requested deployment.
PATCH /apis/extensions/v1beta1/namespaces/{namespace}
/deployments/{name}
container.deployments.update on the requested deployment.
GET /apis/extensions/v1beta1/namespaces/{namespace}
/deployments/{name}/status
container.deployments.get on the requested deployments.
PUT /apis/extensions/v1beta1/namespaces/{namespace}
/deployments/{name}/status
container.deployments.updateStatus on the requested deployment.
PUT /apis/extensions/v1beta1/namespaces/{namespace}
/deployments/{name}/status
container.deployments.updateStatus on the requested deployment.
GET /apis/extensions/v1beta1/namespaces/{namespace}
/ingresses
container.ingresses.list on the requested namespace.
DELETE /apis/extensions/v1beta1/namespaces/{namespace}
/ingresses
container.ingresses.delete on the requested namespace.
POST /apis/extensions/v1beta1/namespaces/{namespace}
/ingresses
container.ingresses.create on the requested namespace.
GET /apis/extensions/v1beta1/namespaces/{namespace}
/ingresses/{name}
container.ingresses.get on the requested ingress.
PUT /apis/extensions/v1beta1/namespaces/{namespace}
/ingresses/{name}
container.ingresses.update on the requested ingress.
DELETE /apis/extensions/v1beta1/namespaces/{namespace}
/ingresses/{name}
container.ingresses.delete on the requested ingress.
PATCH /apis/extensions/v1beta1/namespaces/{namespace}
/ingresses/{name}
container.ingresses.update on the requested ingress.
GET /apis/extensions/v1beta1/namespaces/{namespace}
/ingresses/{name}/status
container.ingresses.get on the requested ingress.
PUT /apis/extensions/v1beta1/namespaces/{namespace}
/ingresses/{name}/status
container.ingresses.updateStatus on the requested ingress.
PUT /apis/extensions/v1beta1/namespaces/{namespace}
/ingresses/{name}/status
container.ingresses.updateStatus on the requested ingress.
GET /apis/extensions/v1beta1/namespaces/{namespace}
/replicasets
container.replicaSets.list on the requested namespace.
DELETE /apis/extensions/v1beta1/namespaces/{namespace}
/replicasets
container.replicaSets.delete on the requested namespace.
POST /apis/extensions/v1beta1/namespaces/{namespace}
/replicasets
container.replicaSets.create on the requested namespace.
GET /apis/extensions/v1beta1/namespaces/{namespace}
/replicasets/{name}
container.replicaSets.get on the requested replicaSet.
PUT /apis/extensions/v1beta1/namespaces/{namespace}
/replicasets/{name}
container.replicaSets.update on the requested replicaSet.
DELETE /apis/extensions/v1beta1/namespaces/{namespace}
/replicasets/{name}
container.replicaSets.delete on the requested replicaSet.
PATCH /apis/extensions/v1beta1/namespaces/{namespace}
/replicasets/{name}
container.replicaSets.update on the requested replicaSet.
GET /apis/extensions/v1beta1/namespaces/{namespace}
/replicasets/{name}/scale
container.replicaSets.get on the requested replicaSet.
PUT /apis/extensions/v1beta1/namespaces/{namespace}
/replicasets/{name}/scale
container.replicaSets.update on the requested replicaSet.
PUT /apis/extensions/v1beta1/namespaces/{namespace}
/replicasets/{name}/scale
container.replicaSets.update on the requested replicaSet.
GET /apis/extensions/v1beta1/namespaces/{namespace}
/replicasets/{name}/status
container.replicaSets.get on the requested replicaSet.
PUT /apis/extensions/v1beta1/namespaces/{namespace}
/replicasets/{name}/status
container.replicaSets.updateStatus on the requested replicaSet.
PUT /apis/extensions/v1beta1/namespaces/{namespace}
/replicasets/{name}/status
container.replicaSets.updateStatus on the requested replicaSet.
GET /apis/extensions/v1beta1/replicasets container.replicaSets.list on the requested cluster.
GET /apis/extensions/v1beta1/thirdpartyresources container.thirdPartyResources.list on the requested cluster.
DELETE /apis/extensions/v1beta1/thirdpartyresources container.thirdPartyResources.delete on the requested cluster.
POST /apis/extensions/v1beta1/thirdpartyresources container.thirdPartyResources.create on the requested cluster.
GET /apis/extensions/v1beta1/thirdpartyresources/{name} container.thirdPartyResources.get on the requested thirdPartyResource.
PUT /apis/extensions/v1beta1/thirdpartyresources/{name} container.thirdPartyResources.update on the requested thirdPartyResource.
DELETE /apis/extensions/v1beta1/thirdpartyresources/{name} container.thirdPartyResources.delete on the requested thirdPartyResource.
PATCH /apis/extensions/v1beta1/thirdpartyresources/{name} container.thirdPartyResources.update on the requested thirdPartyResource.
GET /apis/extensions/v1beta1/watch/daemonsets container.daemonSets.list on the requested cluster.
GET /apis/extensions/v1beta1/watch/deployments container.deployments.list on the requested cluster.
GET /apis/extensions/v1beta1/watch/ingresses container.ingresses.list on the requested cluster.
GET /apis/extensions/v1beta1/watch/namespace/{namespace}
/daemonsets
container.daemonSets.list on the requested namespace.
GET /apis/extensions/v1beta1/watch/namespace/{namespace}
/daemonsets/{name}
container.daemonSets.get on the requested daemonSet.
GET /apis/extensions/v1beta1/watch/namespace/{namespace}
/deployments
container.deployments.list on the requested namespace.
GET /apis/extensions/v1beta1/watch/namespace/{namespace}
/deployments/{name}
container.deployments.get on the requested deployment.
GET /apis/extensions/v1beta1/watch/namespace/{namespace}
/ingresses
container.ingresses.list on the requested namespace.
GET /apis/extensions/v1beta1/watch/namespace/{namespace}
/ingresses/{name}
container.ingresses.get on the requested ingress.
GET /apis/extensions/v1beta1/watch/namespace/{namespace}
/replicasets
container.replicaSets.list on the requested namespace.
GET /apis/extensions/v1beta1/watch/namespace/{namespace}
/replicasets/{name}
container.replicaSets.get on the requested replicaSet.
GET /apis/extensions/v1beta1/watch/replicasets container.replicaSets.list on the requested cluster.
GET /apis/extensions/v1beta1/watch/thirdpartyresources container.thirdPartyResources.list on the requested cluster.
GET /apis/extensions/v1beta1/watch/thirdpartyresources/{name} container.thirdPartyResources.get on the requested thirdPartyResource.

Monitor your resources on the go

Get the Google Cloud Console app to help you manage your projects.

Send feedback about...

Container Engine