rbac-police VS rbac-tool

This Trampoline pod affects all major cloud providers with the default behavior and, for this, escaping the container means managing the entire cluster. They shared the tool rbac-policy that was presented in KubeCon EU.

Link to GitHub Repository

A simpler alternative to Krane is rbac-tool, which can be installed as kubectl plugin. It can also analyze, audit, interrogate RBAC rules, but most importantly, it can visualize them:

Tool to create and visualize RBAC in cluster: https://github.com/alcideio/rbac-tool

Other tools that can also audit your existing RBAC permissions and Kubernetes setups are rbac-tool and rbac-audit.

And of course a quick google search shows that someone has already created something like that for RBAC: https://github.com/alcideio/rbac-tool

Role-Based Access Control (RBAC) should be configured for the Kubernetes cluster. Rights need to be assigned within the project namespace based on least privilege and separation of duties (RBAC-tool)

I've been tasked with defining and documenting some ClusterRoles with clear permissions that should (mostly) be enough for any kind of cluster. The idea is for admins (who don't necessarily do the devops behind) to be able to understand what each CR does, to assign these CRs to users on the fly, to update a user's access as their needs change, to view a list of policy rules, who can do what etc... For this maintenance and tracking part we use rbac-manager and rbac-tool, which are excellent tools imo.

I've just started using rbac-manager and rbac-tool to apply and track rbac on our clusters :)