Our great sponsors
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
rbac-lookup
Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster
git clone https://github.com/IronCore864/k8s-security-demo.git git fetch origin pull/12/head git checkout -b aws_eks FETCH_HEAD cd k8s-security-demo # edit the config.tf and update the AWS region accordingly # configure your aws_access_key_id and aws_secret_access_key terraform init terraform apply
It's an open-source project by Aqua Security and you might have already known them because of their other project trivy which is a scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues.
The easiest way to install kubectl-who-can is by Krew, which is the plugin manager for kubectl CLI tool. Assuming you have already installed krew, you can simply run:
RBAC Lookup is a CLI that allows you to easily find Kubernetes roles and cluster roles bound to any user, service account, or group name. It helps to provide visibility into Kubernetes auth.
Related posts
- [open-source] Validkube - Validate, Clean and Secure your K8s YAML
- ☸️ Kubernetes: A Pragmatic Kubectl Aliases Collection
- The StackRox Kubernetes Security Platform is now open source
- Self-hosted Secrets Manager (or something alike)
- How to scan and control the K8 objects are being created against security threats?