"Get" vs "List" in K8s RBAC

# "Get" vs "List" in K8s RBAC ```bash! # 1. Create an app namespace $ kubectl create ns app # 2. Run a test Pods $ kubectl -n app run nginx --image=nginx # 3. Check Pods Status $ kubectl -n app get pods NAME READY STATUS RESTARTS AGE nginx 1/1 Running 0 18m # 4. Create a role which only can list Pods $ kubectl -n app create role only-list --verb=get --resource=Pods # 5. Create a rolebinding to bind "only-get" role with "only-get" user $ kubectl -n app create rolebinding only-get --role=only-get --user=only-get # 6. Use kubectl to list Pods $ kubectl -n app get pods --as only-get Error from server (Forbidden): pods is forbidden: User "only-get" cannot list resource "pods" in API group "" in the namespace "app" # 7. Use kubectl to get Pods $ kubectl -n app get pod nginx --as only-get NAME READY STATUS RESTARTS AGE nginx 1/1 Running 0 43m # 8. View Get API Call $ kubectl -v 10 2>&1 -n app get pod nginx --as only-list | grep 'curl -v -XGET' | tail -1 curl -v -XGET ...省略'https://127.0.0.1:43213/api/v1/namespaces/app/pods/nginx' # 9. Create a role which only can get Pods $ kubectl -n app create role only-list --verb=list --resource=Pods # 10. Create a rolebinding to bind "only-list" role with "only-list" user $ kubectl -n app create rolebinding only-list --role=only-list --user=only-list # 11. Use kubectl to list Pods $ kubectl -n app get pod --as only-list NAME READY STATUS RESTARTS AGE nginx 1/1 Running 0 14m # 12. Use kubectl to get Pods $ kubectl -n app get pod nginx --as only-list Error from server (Forbidden): pods "nginx" is forbidden: User "only-list" cannot get resource "pods" in API group "" in the namespace "app" # 13. View List API Call $ kubectl -v 10 2>&1 -n app get pods --as only-list | grep 'curl -v -XGET' | tail -1 curl -v -XGET ...省略 'https://127.0.0.1:43213/api/v1/namespaces/app/pods?limit=500' ```