animekun
Reputation: 1869
How to list my current RBAC roles and groups I belong to?
I authenticated to kubernetes cluster, how can I view my RBAC roles and groups attached to my current account?
Upvotes: 4
Views: 7691
Answers (3)
Lavie
Reputation: 1
Maybe you meant?
kubectl get role -o yaml
kubectl get rolebinding -o yaml
Upvotes: 0
animekun
Reputation: 1869
Found better tool
this tool looks way better than rakkess
exactly what I was looking for
https://github.com/reactiveops/rbac-lookup
In the simplest use case, rbac-lookup will return any matching user, service account, or group along with the roles it has been given.
rbac-lookup rob
SUBJECT SCOPE ROLE
[email protected] cluster-wide ClusterRole/view
[email protected] nginx-ingress ClusterRole/edit
The wide output option includes the kind of subject along with the source role binding.
rbac-lookup ro --output wide
SUBJECT SCOPE ROLE SOURCE
User/[email protected] cluster-wide ClusterRole/view ClusterRoleBinding/rob-cluster-view
User/[email protected] nginx-ingress ClusterRole/edit RoleBinding/rob-edit
User/[email protected] web ClusterRole/edit RoleBinding/ron-edit
ServiceAccount/rops infra ClusterRole/admin RoleBinding/rops-admin
Upvotes: 5
P Ekambaram
Reputation: 17623
Follow the below steps
- Install go and verify that it is present
master $ echo $GOPATH
/opt/go
- Create and Verify
master $ mkdir -p $GOPATH/bin
- Install rakkess
curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.2.0/rakkess-linux-amd64.gz && \
gunzip rakkess.gz && chmod +x rakkess \
&& mv rakkess $GOPATH/bin/
- List the privileges in a specific namespace
rakkess --namespace <namespace-name>
- You should see the output in the below format
master $ rakkess -n kube-system
NAME LIST CREATE UPDATE DELETE
bindings ✔
configmaps ✔ ✔ ✔ ✔
controllerrevisions.apps ✔ ✔ ✔ ✔
cronjobs.batch ✔ ✔ ✔ ✔
daemonsets.apps ✔ ✔ ✔ ✔
daemonsets.extensions ✔ ✔ ✔ ✔
deployments.apps ✔ ✔ ✔ ✔
deployments.extensions ✔ ✔ ✔ ✔
endpoints ✔ ✔ ✔ ✔
events ✔ ✔ ✔ ✔
events.events.k8s.io ✔ ✔ ✔ ✔
horizontalpodautoscalers.autoscaling ✔ ✔ ✔ ✔
ingresses.extensions ✔ ✔ ✔ ✔
jobs.batch ✔ ✔ ✔ ✔
limitranges ✔ ✔ ✔ ✔
localsubjectaccessreviews.authorization.k8s.io ✔
networkpolicies.extensions ✔ ✔ ✔ ✔
networkpolicies.networking.k8s.io ✔ ✔ ✔ ✔
persistentvolumeclaims ✔ ✔ ✔ ✔
poddisruptionbudgets.policy ✔ ✔ ✔ ✔
pods ✔ ✔ ✔ ✔
podtemplates ✔ ✔ ✔ ✔
replicasets.apps ✔ ✔ ✔ ✔
replicasets.extensions ✔ ✔ ✔ ✔
replicationcontrollers ✔ ✔ ✔ ✔
resourcequotas ✔ ✔ ✔ ✔
rolebindings.rbac.authorization.k8s.io ✔ ✔ ✔ ✔
roles.rbac.authorization.k8s.io ✔ ✔ ✔ ✔
secrets ✔ ✔ ✔ ✔
serviceaccounts ✔ ✔ ✔ ✔
services ✔ ✔ ✔ ✔
statefulsets.apps ✔ ✔ ✔ ✔
Upvotes: 4
Related Questions
- How to view Roles and ClusterRoles details in kubernetes dashboard
- Create user group using RBAC API?
- how to retrieve current user granted RBAC with kubectl
- How to view the permissions/roles associated with a specific service account in k8s?
- How to bind roles with service accounts - Kubernetes
- What is the easiest way to refer to groups, resources and verbs to create k8s roles
- Kubernetes RBAC roles with resourceName and listing objects
- How to get list of all roles assignments using RBAC API
- How to find which role or clusterrole binded to a service account in Kubernetes?
- Kubernetes RBAC apiGroup field in RoleBinding and ClusterRoleBinding