Kubernetes RBAC can get quite complicated, and I'm looking for simple ways to quickly find answers to questions like:
- Who has what permissions?
- Are there any users with excessive permissions?
- Who has access to secrets?
I'd love to hear about any lightweight tools, whether graphical interfaces or command-line options. Do teams typically rely on kubectl and manifests for this, or do they use other solutions?
4 Answers
I don't know of any straightforward tools, but writing a custom script for your needs could be a good solution. Once you establish good practices, you might find that you don't need to monitor it constantly. If ongoing monitoring is a concern, consider security tools like OPA or Kyverno.
If you're looking for alerts on overly permissive roles, check out the Trivy-Operator. It doesn’t go deeply into bindings but does help identify risky roles.
You can definitely use kubectl for basic checks, but for easier visibility, you might want to try something like k9s. It's pretty user-friendly for managing your clusters.
Have you looked into the rbac-tool kubectl plugin? It could help with visibility and might simplify your RBAC management.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures