这个工具看起来比rakkess更好 正是我在寻找的东西
https://github.com/reactiveops/rbac-lookup
在最简单的用例中,rbac-lookup将返回任何匹配的用户,服务帐户或组以及它所提供的角色。
rbac-lookup rob SUBJECT SCOPE ROLE rob@example.com cluster-wide ClusterRole/view rob@example.com nginx-ingress ClusterRole/edit The wide output option includes the kind of subject along with the source role binding.
rbac-lookup ro --output wide SUBJECT SCOPE ROLE SOURCE User/rob@example.com cluster-wide ClusterRole/view ClusterRoleBinding/rob-cluster-view User/rob@example.com nginx-ingress ClusterRole/edit RoleBinding/rob-edit User/ron@example.com web ClusterRole/edit RoleBinding/ron-edit ServiceAccount/rops infra ClusterRole/admin RoleBinding/rops-admin
master $ echo $GOPATH /opt/go
master $ mkdir -p $GOPATH/bin
curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.2.0/rakkess-linux-amd64.gz && \ gunzip rakkess.gz && chmod +x rakkess \ && mv rakkess $GOPATH/bin/
rakkess --namespace <namespace-name>
master $ rakkess -n kube-system NAME LIST CREATE UPDATE DELETE bindings 鉁擻nconfigmaps 鉁� 鉁� 鉁� 鉁擻ncontrollerrevisions.apps 鉁� 鉁� 鉁� 鉁擻ncronjobs.batch 鉁� 鉁� 鉁� 鉁擻ndaemonsets.apps 鉁� 鉁� 鉁� 鉁擻ndaemonsets.extensions 鉁� 鉁� 鉁� 鉁擻ndeployments.apps 鉁� 鉁� 鉁� 鉁擻ndeployments.extensions 鉁� 鉁� 鉁� 鉁擻nendpoints 鉁� 鉁� 鉁� 鉁擻nevents 鉁� 鉁� 鉁� 鉁擻nevents.events.k8s.io 鉁� 鉁� 鉁� 鉁擻nhorizontalpodautoscalers.autoscaling 鉁� 鉁� 鉁� 鉁擻ningresses.extensions 鉁� 鉁� 鉁� 鉁擻njobs.batch 鉁� 鉁� 鉁� 鉁擻nlimitranges 鉁� 鉁� 鉁� 鉁擻nlocalsubjectaccessreviews.authorization.k8s.io 鉁擻nnetworkpolicies.extensions 鉁� 鉁� 鉁� 鉁擻nnetworkpolicies.networking.k8s.io 鉁� 鉁� 鉁� 鉁擻npersistentvolumeclaims 鉁� 鉁� 鉁� 鉁擻npoddisruptionbudgets.policy 鉁� 鉁� 鉁� 鉁擻npods 鉁� 鉁� 鉁� 鉁擻npodtemplates 鉁� 鉁� 鉁� 鉁擻nreplicasets.apps 鉁� 鉁� 鉁� 鉁擻nreplicasets.extensions 鉁� 鉁� 鉁� 鉁擻nreplicationcontrollers 鉁� 鉁� 鉁� 鉁擻nresourcequotas 鉁� 鉁� 鉁� 鉁擻nrolebindings.rbac.authorization.k8s.io 鉁� 鉁� 鉁� 鉁擻nroles.rbac.authorization.k8s.io 鉁� 鉁� 鉁� 鉁擻nsecrets 鉁� 鉁� 鉁� 鉁擻nserviceaccounts 鉁� 鉁� 鉁� 鉁擻nservices 鉁� 鉁� 鉁� 鉁擻nstatefulsets.apps 鉁� 鉁� 鉁� 鉁擻n