kubernetes 如何列出我当前所属的RBAC角色和组?

bt1cpqcv  于 2023-08-03  发布在  Kubernetes
关注(0)|答案(3)|浏览(105)

我已经通过了kubernetes集群的身份验证,如何查看我的RBAC角色和绑定到我当前账户的组?

khbbv19g

khbbv19g1#

找到更好的工具

这个工具看起来比rakkess好得多
正是我想要的
https://github.com/reactiveops/rbac-lookup
在最简单的用例中,rbac-lookup将返回任何匹配的用户、服务帐户或组,沿着它被赋予的角色。

rbac-lookup rob

SUBJECT                   SCOPE             ROLE
rob@example.com           cluster-wide      ClusterRole/view
rob@example.com           nginx-ingress     ClusterRole/edit
The wide output option includes the kind of subject along with the source role binding.

个字符

2sbarzqh

2sbarzqh2#

按照以下步骤操作

1.安装go并验证它是否存在

master $ echo $GOPATH
/opt/go

字符串
1.创建和验证

master $ mkdir -p $GOPATH/bin


1.安装rakkess

curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.2.0/rakkess-linux-amd64.gz && \
  gunzip rakkess.gz && chmod +x rakkess \
  && mv rakkess $GOPATH/bin/


1.列出特定命名空间中的权限

rakkess --namespace <namespace-name>


1.您应该会看到以下格式的输出

master $ rakkess -n kube-system
NAME                                            LIST  CREATE  UPDATE  DELETE
bindings                                              ✔
configmaps                                      ✔     ✔       ✔       ✔
controllerrevisions.apps                        ✔     ✔       ✔       ✔
cronjobs.batch                                  ✔     ✔       ✔       ✔
daemonsets.apps                                 ✔     ✔       ✔       ✔
daemonsets.extensions                           ✔     ✔       ✔       ✔
deployments.apps                                ✔     ✔       ✔       ✔
deployments.extensions                          ✔     ✔       ✔       ✔
endpoints                                       ✔     ✔       ✔       ✔
events                                          ✔     ✔       ✔       ✔
events.events.k8s.io                            ✔     ✔       ✔       ✔
horizontalpodautoscalers.autoscaling            ✔     ✔       ✔       ✔
ingresses.extensions                            ✔     ✔       ✔       ✔
jobs.batch                                      ✔     ✔       ✔       ✔
limitranges                                     ✔     ✔       ✔       ✔
localsubjectaccessreviews.authorization.k8s.io        ✔
networkpolicies.extensions                      ✔     ✔       ✔       ✔
networkpolicies.networking.k8s.io               ✔     ✔       ✔       ✔
persistentvolumeclaims                          ✔     ✔       ✔       ✔
poddisruptionbudgets.policy                     ✔     ✔       ✔       ✔
pods                                            ✔     ✔       ✔       ✔
podtemplates                                    ✔     ✔       ✔       ✔
replicasets.apps                                ✔     ✔       ✔       ✔
replicasets.extensions                          ✔     ✔       ✔       ✔
replicationcontrollers                          ✔     ✔       ✔       ✔
resourcequotas                                  ✔     ✔       ✔       ✔
rolebindings.rbac.authorization.k8s.io          ✔     ✔       ✔       ✔
roles.rbac.authorization.k8s.io                 ✔     ✔       ✔       ✔
secrets                                         ✔     ✔       ✔       ✔
serviceaccounts                                 ✔     ✔       ✔       ✔
services                                        ✔     ✔       ✔       ✔
statefulsets.apps                               ✔     ✔       ✔       ✔

wqnecbli

wqnecbli3#

也许你的意思是?
kubectl get role -o yaml
kubectl get rolebinding -o yaml

相关问题