Does the verb watch in account role give access to view logs on a pod ? Any docu . . .

Ravi Shanker:
Does the verb watch in account role give access to view logs on a pod ? Any documents which provides description and list of resources which can be used for role.

unnivkn:
Good question Ravi… please try this.

unnivkn:
kind: Role
apiVersion: http://rbac.authorization.k8s.io/v1|rbac.authorization.k8s.io/v1
metadata:
namespace: log-namespace
name: display-logs
rules:

  • apiGroups: [""]
    resources: [“pods”, “pods/log”, pods/portforward]
    verbs: [“get”, “list”, “create”]

Ravi Shanker:
Is there a document which showed the option “pods/log” ?

Ravi Shanker:
Thanks got it here https://kubernetes.io/docs/reference/access-authn-authz/rbac/