You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Show which users/groups/service accounts are allowed to read secrets in the cluster pointed by kubeconfig
rbac-tool who-can get secrets
# Scan the cluster pointed by the kubeconfig context 'myctx'
rbac-tool viz --cluster-context myctx
# Scan and create a PNG image from the graph
rbac-tool viz --outformat dot --exclude-namespaces=soemns && cat rbac.dot | dot -Tpng > rbac.png && google-chrome rbac.png
# Render Online
https://dreampuf.github.io/GraphvizOnline
# Search All Service Accounts That Contains myname
rbac-tool lookup -e '.*myname.*'# Lookup all accounts that DO NOT start with system: )
rbac-tool lookup -ne '^system:.*'# List policy rules for users (or all of them)
rbac-tool policy-rules -e '^system:anonymous'# Generate from Audit events & Visualize
rbac-tool auditgen -f testdata | rbac-tool viz -f -
# Generate a `ClusterRole` policy that allows to read everything **except** *secrets* and *services*
rbac-tool gen --deny-resources=secrets.,services. --allowed-verbs=get,list
This discussion was created from the release v1.1.0.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
rbac-tool
A collection of Kubernetes RBAC tools to sugar coat Kubernetes RBAC complexity
Install
curl https://raw.githubusercontent.com/alcideio/rbac-tool/master/download.sh | bash
Command Line Examples
This discussion was created from the release v1.1.0.
Beta Was this translation helpful? Give feedback.
All reactions