[英]How to debug or analyze Kubernetes RBAC rule verbs and Api Groups
How can I debug all Rules
with their Verbs
and ApiGroups
for a kubernetes ServiceAccount
?如何使用 kubernetes
ServiceAccount
的Verbs
和ApiGroups
调试所有Rules
?
kubectl
supports testing the RBAC rights for a particular Service Account with the auth can-i
sub-command. kubectl
支持使用auth can-i
子命令测试特定服务帐户的 RBAC 权限。 The syntax looks as follows:语法如下所示:
kubectl auth can-i -n --as system:serviceaccount:<namespace>:<serviceaccount> <verb> <resource>
For example:例如:
kubectl auth can-i --as system:serviceaccount:default:my-serviceaccount create deployments
k9s offer some nice views for this task: k9s为这个任务提供了一些不错的视图:
1. Find Role Bindings 1.查找角色绑定
First you have to find the ClusterRoleBindings or RoleBindings for a ServiceAccount:首先,您必须找到 ServiceAccount 的 ClusterRoleBindings 或 RoleBindings:
:
and clusterrolebindings
or rolebindings
:
和clusterrolebindings
或rolebindings
/
and name of ServiceAccount (eg monitor-kube-prometheus-st-operator
)/
和 ServiceAccount 的名称搜索您的 ServiceAccount(例如monitor-kube-prometheus-st-operator
)(Cluster)RoleBindings
(Cluster)RoleBindings
2. Display Role Bindings 2.显示角色绑定
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.