rbac-lookup 是一个CLI 命令行工具,用于轻松找到与 Kubernetes 角色和集群角色绑定的 user、service account 或 group name。
安装
Homebrew
代码语言:javascript复制brew install FairwindsOps/tap/rbac-lookup
ASDF
代码语言:javascript复制asdf plugin add rbac-lookup
asdf install rbac-lookup latest
asdf global rbac-lookup latest
使用
轻松查 user、 service account 或 group 匹配的 ROLE
代码语言:javascript复制rbac-lookup rob
SUBJECT SCOPE ROLE
rob@example.com cluster-wide ClusterRole/view
rob@example.com nginx-ingress ClusterRole/edit
通过 --output wide 可以查看 SOURCE
rbac-lookup rob --output wide
SUBJECT SCOPE ROLE SOURCE
User/rob@example.com cluster-wide ClusterRole/view ClusterRoleBinding/rob-cluster-view
User/rob@example.com nginx-ingress ClusterRole/edit RoleBinding/rob-edit
User/ron@example.com web ClusterRole/edit RoleBinding/ron-edit
ServiceAccount/rops infra ClusterRole/admin RoleBinding/rops-admin
使用 --kind flag 来过滤 RBAC 指定类似类型
rbac-lookup ro --output wide --kind user
SUBJECT SCOPE ROLE SOURCE
User/rob@example.com cluster-wide ClusterRole/view ClusterRoleBinding/rob-cluster-view
User/rob@example.com nginx-ingress ClusterRole/edit RoleBinding/rob-edit
User/ron@example.com web ClusterRole/edit RoleBinding/ron-edit
其他 flag
代码语言:javascript复制 --context string context to use for Kubernetes config
--gke enable GKE integration
-h, --help help for rbac-lookup
-k, --kind string filter by this RBAC subject kind (user, group, serviceaccount)
--kubeconfig string config file location
-o, --output string output format (normal, wide)
