> For the complete documentation index, see [llms.txt](https://docs.p0.dev/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.p0.dev/integrations/resource-integrations/kubernetes/advanced-requests.md).

# Advanced requests

This topic describes how to perform advanced Kubernetes cluster access requests using P0's Slack bot. It contains the following sections:

* [Prerequisites](#prerequisites)
* [Request Admin Access to all Kubernetes Resources](#request-admin-access-to-all-kubernetes-resources)
* [Request Elevated Access for Port-Forwarding to a pod](#request-elevated-access-for-port-forwarding-to-a-pod)
* [Request Elevated Access for a Shell to a Running Container](#request-elevated-access-for-a-shell-to-a-running-container)

{% hint style="info" %}
Each section shows how to make a request using both the request modal and direct Slack commands.
{% endhint %}

## Prerequisites

Before continuing, ensure you're familiar with basic Kubernetes access requests. See [Requesting Access](/integrations/resource-integrations/kubernetes/requesting-access.md) for more information.

## Request Admin Access to all Kubernetes Resources

The following steps show how to request admin access to all Kubernetes resources:

### Use the Request Modal

1. Send `/p0 request` as a Slack message in any direct message (DM) or Slack channel.
2. Configure the request modal fields and click **Request**:
   * **Resource:** Select **Kubernetes**
   * **Access type:** Select **Kubernetes resource**
   * **Cluster:** Select your Kubernetes cluster name
   * **Resource:** Leave as the default (**All Kinds / All namespaces / All resources**)\
     \ <img src="/files/91L7v1sswyUEW4ea2vX7" alt="P0 request modal Resource field showing All Kinds, All namespaces, All resources selected" data-size="original">
   * **Role:** Enter `admin` to display available roles and select **ClusterRole / admin** from the dropdown\
     \ <img src="/files/bfuPhcpiKyQxt4EistDO" alt="P0 request modal Role dropdown with ClusterRole / admin selected" data-size="original">
   * **Reason:** Enter the reason for your access request
3. Wait for the approver to approve your request.

### Use the Command

Alternatively, specify the entire request via a command with the following arguments:

`/p0 request k8s resource --cluster {cluster ID} --role "ClusterRole / {role}" --reason {reason}`

For example:

`/p0 request k8s resource --cluster EKS-demo-cluster --role "ClusterRole / admin" --reason "Check cluster health"`

## Request Elevated Access for Port-Forwarding to a pod

[Port-forwarding](https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/) with `kubectl port-forward` is a common operation that requires elevated access. Instead of requesting a general `edit` or `admin` role, you can use P0's curated port-forward role which contains the following rules:

````yaml
```
- apiGroups: [""]
 resources: ["pods"]
 verbs: ["get", "list", "watch"]
- apiGroups: [""]
 resources: ["pods/portforward"]
 verbs: ["get", "create"]
```
````

### Use the Request Modal

1. Send `/p0 request` as a Slack message in any DM or Slack channel.
2. Configure the request modal fields and click **Request**:
   * **Resource:** Select **Kubernetes**
   * **Access Type:** Select **Kubernetes resource**
   * **Cluster:** Select your Kubernetes cluster name
   * **Resource:** Enter pod to display the available pod resources, and select the pod you want to port forward from the dropdown\
     \
     ![P0 request modal Resource dropdown showing pod search results with nginx deployment pods](/files/p15usyAjP9k3ulRFpEtp)
   * **Role:** Enter port and select **CuratedRole / port-forward** from the dropdown\
     ![P0 request modal Role dropdown with CuratedRole / port-forward selected](/files/nso0htcZJPhGFbfGJdbg)
   * **Reason:** Enter the reason for your access request
3. Wait for the approver to approve your request.

### Use the Command

Alternatively, specify the entire request via a command with the following arguments:

`/p0 request k8s resource --cluster {cluster ID} --locator {locator} --role "CuratedRole / {role}" --reason {reason}`

The following example allows port-forwarding to one nginx pod in the default namespace:

`/p0 request k8s resource --cluster EKS-demo-cluster --locator "Pod / default / nginx-deployment-cbdccf466-k9f89" --role "CuratedRole / port-forward" --reason "Debug API""`

## Request Elevated Access for a Shell to a Running Container

[Shell access to a running container](https://kubernetes.io/docs/tasks/debug/debug-application/get-shell-running-container/) with `kubectl exec` is an operation that requires elevated access. Instead of requesting a general `edit` or `admin` role you can use P0's curated `exec` role which contains the following rules:

````yaml
```
- apiGroups: [""]
 resources: ["pods"]
 verbs: ["get", "list", "watch"]
- apiGroups: [""]
 resources: ["pods/exec"]
 verbs: ["create"]
```
````

### Use the Request Modal

1. Send `/p0 request` as a Slack message in any DM or Slack channel.
2. Configure the request modal fields and click **Request**:
   * **Resource:** Select **Kubernetes**
   * **Access Type:** Select **Kubernetes resource**
   * **Cluster:** Select your Kubernetes cluster name
   * **Resource:** Enter `pod` to display the available pod resources, and select the pod you want to access from the dropdown\
     ![P0 request modal Resource dropdown showing pod search results with nginx deployment pods](/files/C8m9FMnoiZmBs31Rl9rv)
   * **Role:** Enter exe and select CuratedRole / exec from the dropdown\
     ![P0 request modal Role dropdown with CuratedRole / exec selected](/files/1g3WciFdTldLKdXJ4Hi2)
   * **Reason:** Enter the reason for your access request
3. Wait for the approver to approve your request.

### Use the Command

Alternatively, specify the entire request via a command with the following arguments:

`/p0 request k8s resource --cluster {cluster ID} --locator {locator} --role "CuratedRole / {role}" --reason {reason}`

The following example requests elevated access for one nginx pod in the `default` namespace:\
\
`/p0 request k8s resource --cluster EKS-demo-cluster --locator "Pod / default / nginx-deployment-cbdccf466-k9f89" --role "CuratedRole / exec" --reason "Debug environment variables"`


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.p0.dev/integrations/resource-integrations/kubernetes/advanced-requests.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.