注册
登录
k8s/Kubernetes
如何列出我当前的RBAC角色和组?
返回
如何列出我当前的RBAC角色和组?
作者:
枫
发布时间:
2024-06-18 08:10:12 (1月前)
转自:
<div class =“excerpt”> 我对kubernetes集群进行了身份验证,如何查看附加到当前帐户的RBAC角色和组? </DIV>
收藏
举报
3 条回复
0#
回复此人
我头上有犄角
|
2019-08-31 10-32
<div class =“post-text”itemprop =“text”> <H1> 找到更好的工具 </H1> <P> 这个工具看起来比rakkess更好 <BR/> 正是我在寻找的东西 </p> <P> <a href="https://github.com/reactiveops/rbac-lookup" rel="nofollow noreferrer"> https://github.com/reactiveops/rbac-lookup </A> </p> <P> 在最简单的用例中,rbac-lookup将返回任何匹配的用户,服务帐户或组以及它所提供的角色。 </p> <pre> <code> rbac-lookup rob SUBJECT SCOPE ROLE rob@example.com cluster-wide ClusterRole/view rob@example.com nginx-ingress ClusterRole/edit The wide output option includes the kind of subject along with the source role binding. </code> </pre> <pre> <code> rbac-lookup ro --output wide SUBJECT SCOPE ROLE SOURCE User/rob@example.com cluster-wide ClusterRole/view ClusterRoleBinding/rob-cluster-view User/rob@example.com nginx-ingress ClusterRole/edit RoleBinding/rob-edit User/ron@example.com web ClusterRole/edit RoleBinding/ron-edit ServiceAccount/rops infra ClusterRole/admin RoleBinding/rops-admin </code> </pre> </DIV>
编辑
1#
回复此人
筱梨
|
2019-08-31 10-32
<div class =“post-text”itemprop =“text”> <H1> 请按照以下步骤操作 </H1> <OL> <LI> 安装go并验证它是否存在 </LI> </醇> <pre> <code> master $ echo $GOPATH /opt/go </code> </pre> <ol start =“2”> <LI> 创建和验证 </LI> </醇> <pre> <code> master $ mkdir -p $GOPATH/bin </code> </pre> <ol start =“3”> <LI> 安装rakkess </LI> </醇> <pre> <code> curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.2.0/rakkess-linux-amd64.gz && \ gunzip rakkess.gz && chmod +x rakkess \ && mv rakkess $GOPATH/bin/ </code> </pre> <ol start =“4”> <LI> 列出特定命名空间中的权限 </LI> </醇> <pre> <code> rakkess --namespace <namespace-name> </code> </pre> <ol start =“5”> <LI> 您应该看到以下格式的输出 </LI> </醇> <pre> <code> master $ rakkess -n kube-system NAME LIST CREATE UPDATE DELETE bindings 鉁擻nconfigmaps 鉁� 鉁� 鉁� 鉁擻ncontrollerrevisions.apps 鉁� 鉁� 鉁� 鉁擻ncronjobs.batch 鉁� 鉁� 鉁� 鉁擻ndaemonsets.apps 鉁� 鉁� 鉁� 鉁擻ndaemonsets.extensions 鉁� 鉁� 鉁� 鉁擻ndeployments.apps 鉁� 鉁� 鉁� 鉁擻ndeployments.extensions 鉁� 鉁� 鉁� 鉁擻nendpoints 鉁� 鉁� 鉁� 鉁擻nevents 鉁� 鉁� 鉁� 鉁擻nevents.events.k8s.io 鉁� 鉁� 鉁� 鉁擻nhorizontalpodautoscalers.autoscaling 鉁� 鉁� 鉁� 鉁擻ningresses.extensions 鉁� 鉁� 鉁� 鉁擻njobs.batch 鉁� 鉁� 鉁� 鉁擻nlimitranges 鉁� 鉁� 鉁� 鉁擻nlocalsubjectaccessreviews.authorization.k8s.io 鉁擻nnetworkpolicies.extensions 鉁� 鉁� 鉁� 鉁擻nnetworkpolicies.networking.k8s.io 鉁� 鉁� 鉁� 鉁擻npersistentvolumeclaims 鉁� 鉁� 鉁� 鉁擻npoddisruptionbudgets.policy 鉁� 鉁� 鉁� 鉁擻npods 鉁� 鉁� 鉁� 鉁擻npodtemplates 鉁� 鉁� 鉁� 鉁擻nreplicasets.apps 鉁� 鉁� 鉁� 鉁擻nreplicasets.extensions 鉁� 鉁� 鉁� 鉁擻nreplicationcontrollers 鉁� 鉁� 鉁� 鉁擻nresourcequotas 鉁� 鉁� 鉁� 鉁擻nrolebindings.rbac.authorization.k8s.io 鉁� 鉁� 鉁� 鉁擻nroles.rbac.authorization.k8s.io 鉁� 鉁� 鉁� 鉁擻nsecrets 鉁� 鉁� 鉁� 鉁擻nserviceaccounts 鉁� 鉁� 鉁� 鉁擻nservices 鉁� 鉁� 鉁� 鉁擻nstatefulsets.apps 鉁� 鉁� 鉁� 鉁擻n </code> </pre> </DIV>
编辑
登录
后才能参与评论
