Kubernetes 如何列出我当前所属的RBAC角色和组?
我已通过kubernetes群集的身份验证,如何查看附加到当前帐户的RBAC角色和组?按照以下步骤操作Kubernetes 如何列出我当前所属的RBAC角色和组?,kubernetes,rbac,Kubernetes,Rbac,我已通过kubernetes群集的身份验证,如何查看附加到当前帐户的RBAC角色和组?按照以下步骤操作 安装go并验证它是否存在 创建并验证 安装耙子 列出特定命名空间中的权限 找到更好的工具 此工具看起来比rakkess好得多 正是我想要的 在最简单的用例中,rbac查找将返回任何匹配的用户、服务帐户或组以及它所指定的角色 rbac-lookup rob SUBJECT SCOPE ROLE rob@example.com
正是我想要的 在最简单的用例中,rbac查找将返回任何匹配的用户、服务帐户或组以及它所指定的角色
rbac-lookup rob
SUBJECT SCOPE ROLE
rob@example.com cluster-wide ClusterRole/view
rob@example.com nginx-ingress ClusterRole/edit
The wide output option includes the kind of subject along with the source role binding.
Stack Overflow是一个关于编程和开发问题的网站。对于这个问题,您可能应该使用上的另一个站点。如果你觉得这个问题是关于主题的,那么请看。好的,这里有nice
kubectl
plugin-@jww为什么投票支持结束?他们有很多与此类似的问题,他们不会被选为完蛋谢谢你的回答!我已经查过Rakkes了,但这说明了我能做什么,动词,但如何列出附加到我身上的角色?没有直接的方法。选中此链接-->您可以通过
master $ mkdir -p $GOPATH/bin
curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.2.0/rakkess-linux-amd64.gz && \
gunzip rakkess.gz && chmod +x rakkess \
&& mv rakkess $GOPATH/bin/
rakkess --namespace <namespace-name>
master $ rakkess -n kube-system
NAME LIST CREATE UPDATE DELETE
bindings ✔
configmaps ✔ ✔ ✔ ✔
controllerrevisions.apps ✔ ✔ ✔ ✔
cronjobs.batch ✔ ✔ ✔ ✔
daemonsets.apps ✔ ✔ ✔ ✔
daemonsets.extensions ✔ ✔ ✔ ✔
deployments.apps ✔ ✔ ✔ ✔
deployments.extensions ✔ ✔ ✔ ✔
endpoints ✔ ✔ ✔ ✔
events ✔ ✔ ✔ ✔
events.events.k8s.io ✔ ✔ ✔ ✔
horizontalpodautoscalers.autoscaling ✔ ✔ ✔ ✔
ingresses.extensions ✔ ✔ ✔ ✔
jobs.batch ✔ ✔ ✔ ✔
limitranges ✔ ✔ ✔ ✔
localsubjectaccessreviews.authorization.k8s.io ✔
networkpolicies.extensions ✔ ✔ ✔ ✔
networkpolicies.networking.k8s.io ✔ ✔ ✔ ✔
persistentvolumeclaims ✔ ✔ ✔ ✔
poddisruptionbudgets.policy ✔ ✔ ✔ ✔
pods ✔ ✔ ✔ ✔
podtemplates ✔ ✔ ✔ ✔
replicasets.apps ✔ ✔ ✔ ✔
replicasets.extensions ✔ ✔ ✔ ✔
replicationcontrollers ✔ ✔ ✔ ✔
resourcequotas ✔ ✔ ✔ ✔
rolebindings.rbac.authorization.k8s.io ✔ ✔ ✔ ✔
roles.rbac.authorization.k8s.io ✔ ✔ ✔ ✔
secrets ✔ ✔ ✔ ✔
serviceaccounts ✔ ✔ ✔ ✔
services ✔ ✔ ✔ ✔
statefulsets.apps ✔ ✔ ✔ ✔
rbac-lookup rob
SUBJECT SCOPE ROLE
rob@example.com cluster-wide ClusterRole/view
rob@example.com nginx-ingress ClusterRole/edit
The wide output option includes the kind of subject along with the source role binding.
rbac-lookup ro --output wide
SUBJECT SCOPE ROLE SOURCE
User/rob@example.com cluster-wide ClusterRole/view ClusterRoleBinding/rob-cluster-view
User/rob@example.com nginx-ingress ClusterRole/edit RoleBinding/rob-edit
User/ron@example.com web ClusterRole/edit RoleBinding/ron-edit
ServiceAccount/rops infra ClusterRole/admin RoleBinding/rops-admin