# Advanced Requests

This topic describes how to perform advanced Kubernetes cluster access requests using P0's Slack bot. It contains the following sections:

* [Prerequisites](#prerequisites)
* [Request Admin Access to all Kubernetes Resources](#request-admin-access-to-all-kubernetes-resources)
* [Request Elevated Access for Port-Forwarding to a pod](#request-elevated-access-for-port-forwarding-to-a-pod)
* [Request Elevated Access for a Shell to a Running Container](#request-elevated-access-for-a-shell-to-a-running-container)

{% hint style="info" %}
Each section shows how to make a request using both the request modal and direct Slack commands.
{% endhint %}

## Prerequisites

Before continuing, ensure you're familiar with basic Kubernetes access requests. See [Requesting Access](https://docs.p0.dev/integrations/resource-integrations/kubernetes/requesting-access) for more information.

## Request Admin Access to all Kubernetes Resources

The following steps show how to request admin access to all Kubernetes resources:

### Use the Request Modal

1. Send `/p0 request` as a Slack message in any direct message (DM) or Slack channel.
2. Configure the request modal fields and click **Request**:
   * **Resource:** Select **Kubernetes**
   * **Access type:** Select **Kubernetes resource**
   * **Cluster:** Select your Kubernetes cluster name
   * **Resource:** Leave as the default (**All Kinds / All namespaces / All resources**)\
     \ <img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-c1227369aa687c38ff67cbd189fb3c73fa8ab16c%2FPicture1.png?alt=media" alt="P0 request modal Resource field showing All Kinds, All namespaces, All resources selected" data-size="original">
   * **Role:** Enter `admin` to display available roles and select **ClusterRole / admin** from the dropdown\
     \ <img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-20ae863d312c045fde66584306c9223855c5339a%2FPicture2.png?alt=media" alt="P0 request modal Role dropdown with ClusterRole / admin selected" data-size="original">
   * **Reason:** Enter the reason for your access request
3. Wait for the approver to approve your request.

### Use the Command

Alternatively, specify the entire request via a command with the following arguments:

`/p0 request k8s resource --cluster {cluster ID} --role "ClusterRole / {role}" --reason {reason}`

For example:

`/p0 request k8s resource --cluster EKS-demo-cluster --role "ClusterRole / admin" --reason "Check cluster health"`

## Request Elevated Access for Port-Forwarding to a pod

[Port-forwarding](https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/) with `kubectl port-forward` is a common operation that requires elevated access. Instead of requesting a general `edit` or `admin` role, you can use P0's curated port-forward role which contains the following rules:

````yaml
```
- apiGroups: [""]
 resources: ["pods"]
 verbs: ["get", "list", "watch"]
- apiGroups: [""]
 resources: ["pods/portforward"]
 verbs: ["get", "create"]
```
````

### Use the Request Modal

1. Send `/p0 request` as a Slack message in any DM or Slack channel.
2. Configure the request modal fields and click **Request**:
   * **Resource:** Select **Kubernetes**
   * **Access Type:** Select **Kubernetes resource**
   * **Cluster:** Select your Kubernetes cluster name
   * **Resource:** Enter pod to display the available pod resources, and select the pod you want to port forward from the dropdown\
     \
     ![P0 request modal Resource dropdown showing pod search results with nginx deployment pods](https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-8c8d6e42a6ceb1f74f3aab86afbcd64b727c071b%2FPicture3.png?alt=media)
   * **Role:** Enter port and select **CuratedRole / port-forward** from the dropdown\
     ![P0 request modal Role dropdown with CuratedRole / port-forward selected](https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-40a0090fe0eb8c7c4ec84fbf70a6230abf23b51d%2FPicture4.png?alt=media)
   * **Reason:** Enter the reason for your access request
3. Wait for the approver to approve your request.

### Use the Command

Alternatively, specify the entire request via a command with the following arguments:

`/p0 request k8s resource --cluster {cluster ID} --locator {locator} --role "CuratedRole / {role}" --reason {reason}`

The following example allows port-forwarding to one nginx pod in the default namespace:

`/p0 request k8s resource --cluster EKS-demo-cluster --locator "Pod / default / nginx-deployment-cbdccf466-k9f89" --role "CuratedRole / port-forward" --reason "Debug API""`

## Request Elevated Access for a Shell to a Running Container

[Shell access to a running container](https://kubernetes.io/docs/tasks/debug/debug-application/get-shell-running-container/) with `kubectl exec` is an operation that requires elevated access. Instead of requesting a general `edit` or `admin` role you can use P0's curated `exec` role which contains the following rules:

````yaml
```
- apiGroups: [""]
 resources: ["pods"]
 verbs: ["get", "list", "watch"]
- apiGroups: [""]
 resources: ["pods/exec"]
 verbs: ["create"]
```
````

### Use the Request Modal

1. Send `/p0 request` as a Slack message in any DM or Slack channel.
2. Configure the request modal fields and click **Request**:
   * **Resource:** Select **Kubernetes**
   * **Access Type:** Select **Kubernetes resource**
   * **Cluster:** Select your Kubernetes cluster name
   * **Resource:** Enter `pod` to display the available pod resources, and select the pod you want to access from the dropdown\
     ![P0 request modal Resource dropdown showing pod search results with nginx deployment pods](https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-b54da5f9c46f7b743eda7fdf548b92e53d6f86cf%2FPicture1.png?alt=media)
   * **Role:** Enter exe and select CuratedRole / exec from the dropdown\
     ![P0 request modal Role dropdown with CuratedRole / exec selected](https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-9410418ccda1923b18be0d94675e0e56c998b2b8%2FPicture2.png?alt=media)
   * **Reason:** Enter the reason for your access request
3. Wait for the approver to approve your request.

### Use the Command

Alternatively, specify the entire request via a command with the following arguments:

`/p0 request k8s resource --cluster {cluster ID} --locator {locator} --role "CuratedRole / {role}" --reason {reason}`

The following example requests elevated access for one nginx pod in the `default` namespace:\
\
`/p0 request k8s resource --cluster EKS-demo-cluster --locator "Pod / default / nginx-deployment-cbdccf466-k9f89" --role "CuratedRole / exec" --reason "Debug environment variables"`