Kubernetes 如何列出我当前所属的RBAC角色和组？

我已通过kubernetes群集的身份验证，如何查看附加到当前帐户的RBAC角色和组？

按照以下步骤操作

安装go并验证它是否存在

创建并验证

安装耙子

列出特定命名空间中的权限

找到更好的工具 此工具看起来比rakkess好得多
正是我想要的

在最简单的用例中，rbac查找将返回任何匹配的用户、服务帐户或组以及它所指定的角色

rbac-lookup rob

SUBJECT                   SCOPE             ROLE
rob@example.com           cluster-wide      ClusterRole/view
rob@example.com           nginx-ingress     ClusterRole/edit
The wide output option includes the kind of subject along with the source role binding.

---

Stack Overflow是一个关于编程和开发问题的网站。对于这个问题，您可能应该使用上的另一个站点。如果你觉得这个问题是关于主题的，那么请看。好的，这里有nice

kubectl

plugin-@jww为什么投票支持结束？他们有很多与此类似的问题，他们不会被选为完蛋谢谢你的回答！我已经查过Rakkes了，但这说明了我能做什么，动词，但如何列出附加到我身上的角色？没有直接的方法。选中此链接-->您可以通过

master $ mkdir -p $GOPATH/bin

curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.2.0/rakkess-linux-amd64.gz && \
  gunzip rakkess.gz && chmod +x rakkess \
  && mv rakkess $GOPATH/bin/

rakkess --namespace <namespace-name>

master $ rakkess -n kube-system
NAME                                            LIST  CREATE  UPDATE  DELETE
bindings                                              ✔
configmaps                                      ✔     ✔       ✔       ✔
controllerrevisions.apps                        ✔     ✔       ✔       ✔
cronjobs.batch                                  ✔     ✔       ✔       ✔
daemonsets.apps                                 ✔     ✔       ✔       ✔
daemonsets.extensions                           ✔     ✔       ✔       ✔
deployments.apps                                ✔     ✔       ✔       ✔
deployments.extensions                          ✔     ✔       ✔       ✔
endpoints                                       ✔     ✔       ✔       ✔
events                                          ✔     ✔       ✔       ✔
events.events.k8s.io                            ✔     ✔       ✔       ✔
horizontalpodautoscalers.autoscaling            ✔     ✔       ✔       ✔
ingresses.extensions                            ✔     ✔       ✔       ✔
jobs.batch                                      ✔     ✔       ✔       ✔
limitranges                                     ✔     ✔       ✔       ✔
localsubjectaccessreviews.authorization.k8s.io        ✔
networkpolicies.extensions                      ✔     ✔       ✔       ✔
networkpolicies.networking.k8s.io               ✔     ✔       ✔       ✔
persistentvolumeclaims                          ✔     ✔       ✔       ✔
poddisruptionbudgets.policy                     ✔     ✔       ✔       ✔
pods                                            ✔     ✔       ✔       ✔
podtemplates                                    ✔     ✔       ✔       ✔
replicasets.apps                                ✔     ✔       ✔       ✔
replicasets.extensions                          ✔     ✔       ✔       ✔
replicationcontrollers                          ✔     ✔       ✔       ✔
resourcequotas                                  ✔     ✔       ✔       ✔
rolebindings.rbac.authorization.k8s.io          ✔     ✔       ✔       ✔
roles.rbac.authorization.k8s.io                 ✔     ✔       ✔       ✔
secrets                                         ✔     ✔       ✔       ✔
serviceaccounts                                 ✔     ✔       ✔       ✔
services                                        ✔     ✔       ✔       ✔
statefulsets.apps                               ✔     ✔       ✔       ✔

rbac-lookup rob

SUBJECT                   SCOPE             ROLE
rob@example.com           cluster-wide      ClusterRole/view
rob@example.com           nginx-ingress     ClusterRole/edit
The wide output option includes the kind of subject along with the source role binding.

rbac-lookup ro --output wide

SUBJECT                   SCOPE             ROLE                SOURCE
User/rob@example.com      cluster-wide      ClusterRole/view    ClusterRoleBinding/rob-cluster-view
User/rob@example.com      nginx-ingress     ClusterRole/edit    RoleBinding/rob-edit
User/ron@example.com      web               ClusterRole/edit    RoleBinding/ron-edit
ServiceAccount/rops       infra             ClusterRole/admin   RoleBinding/rops-admin