rbac-lookup
rbac-manager
rbac-lookup | rbac-manager | |
---|---|---|
3 | 4 | |
838 | 1,408 | |
1.2% | 0.7% | |
3.7 | 5.5 | |
9 days ago | 10 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rbac-lookup
-
Is there a way to see exactly what permissions the built-in group "system:readonly" has?
try using a tool such as rbac-lookup to find roles attached to a principal name https://github.com/FairwindsOps/rbac-lookup
-
Kubernetes Hardening Tutorial Part 3: Authn, Authz, Logging & Auditing
RBAC Lookup is a CLI that allows you to easily find Kubernetes roles and cluster roles bound to any user, service account, or group name. It helps to provide visibility into Kubernetes auth.
-
Making Kubernetes Operations Easy with kubectl Plugins
rbac-lookup - Similar to the first plugin we mentioned, this plugin also helps with RBAC in your cluster. This can be used to perform reverse lookup of roles, giving you a list of roles that user, service account or group has assigned. For example, to find roles bound to service account named my-sa you use the following - kubectl rbac-lookup my-sa --kind serviceaccount --output wide.
rbac-manager
- rbac with denies
-
Multi-Tenant Kubernetes Clusters: Challenges and Useful Tooling
While RBAC is not particularly the toughest aspect of multi-tenancy, there are tools to help you with it. RBAC Manager was developed by Fairwinds to make security just a bit easier.
- RBAC and limited namespace access
-
RBAC for dynamic namespaces?
We have a use case similar to this and we use rbac-manager. If you can have something externally provision the namespaces with labels, I think it might work for you. If not, maybe some combination with OPA Gatekeeper could do the trick?
What are some alternatives?
k9s - 🐶 Kubernetes CLI To Manage Your Clusters In Style!
cert-manager - Automatically provision and manage TLS certificates in Kubernetes
kubectl-kubesec - Security risk analysis for Kubernetes resources
audit2rbac - Autogenerate RBAC policies based on Kubernetes audit logs
rakkess - Review Access - kubectl plugin to show an access matrix for k8s server resources
hierarchical-namespaces - Home of the Hierarchical Namespace Controller (HNC). Adds hierarchical policies and delegated creation to Kubernetes namespaces for improved in-cluster multitenancy.
kubectl-dig - Deep kubernetes visibility from the kubectl
pluto - A cli tool to help discover deprecated apiVersions in Kubernetes
kubelogin - kubectl plugin for Kubernetes OpenID Connect authentication (kubectl oidc-login)
Gravitational Teleport - The easiest, and most secure way to access and protect all of your infrastructure.
ksniff - Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark
rback - RBAC in Kubernetes visualizer