krane VS rbac-tool

If you are deploying simple manifests (not helm-stuff), try shopify's [krane](https://github.com/Shopify/krane). I build a [deploy-container](https://github.com/strowi/deploy/) for use with gitlabs ci-stages a while back.

If you have the flexibility to use a different tool https://github.com/Shopify/krane is a great one which among other things does compare what's on the cluster vs what's applied and can prune resources accordingly

Link to GitHub Repository

A simpler alternative to Krane is rbac-tool, which can be installed as kubectl plugin. It can also analyze, audit, interrogate RBAC rules, but most importantly, it can visualize them:

Tool to create and visualize RBAC in cluster: https://github.com/alcideio/rbac-tool

Other tools that can also audit your existing RBAC permissions and Kubernetes setups are rbac-tool and rbac-audit.

And of course a quick google search shows that someone has already created something like that for RBAC: https://github.com/alcideio/rbac-tool

Role-Based Access Control (RBAC) should be configured for the Kubernetes cluster. Rights need to be assigned within the project namespace based on least privilege and separation of duties (RBAC-tool)

I've been tasked with defining and documenting some ClusterRoles with clear permissions that should (mostly) be enough for any kind of cluster. The idea is for admins (who don't necessarily do the devops behind) to be able to understand what each CR does, to assign these CRs to users on the fly, to update a user's access as their needs change, to view a list of policy rules, who can do what etc... For this maintenance and tracking part we use rbac-manager and rbac-tool, which are excellent tools imo.

I've just started using rbac-manager and rbac-tool to apply and track rbac on our clusters :)