Skip to content
Review Access - kubectl plugin to show an access matrix for all available resources
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github/ISSUE_TEMPLATE
cmd Create tag v0.2.0 Mar 4, 2019
doc
hack
pkg/rakkess
.gitattributes
.gitignore Ignore out directory Feb 25, 2019
.travis.yml
CONTRIBUTING.md Add project infrastructure Feb 22, 2019
Dockerfile
LICENSE Initial commit Feb 22, 2019
Makefile
README.md Create tag v0.2.0 Mar 4, 2019
go.mod Explicitly enable color escape sequences on windows Mar 3, 2019
go.sum
main.go Support all auth plugins (oidc, azure, gcp, openstack) Feb 27, 2019

README.md

rakkess

Review Access - kubectl plugin to show an access matrix for all available resources

Intro

Have you ever wondered what access rights you have on a provided kubernetes cluster? For single resources you can use kubectl auth can-i list deployments, but maybe you are looking for a complete overview? This is what rakkess is for. It lists access rights for the current user for all server resources.

Demo

rakkess demo

Examples

Show access for all resources

  • ... at cluster scope

    rakkess
  • ... in some namespace

    rakkess --namespace default
  • ... with verbs

    rakkess --verbs get,delete,watch,proxy
  • ... for another user

    rakkess --as other-user
  • ... and combine with common kubectl parameters

    KUBECONFIG=otherconfig rakkess --context other-context

Also see Usage.

Installation

There are several ways to install rakkess. The recommended installation method is via krew.

Via krew

Krew is a kubectl plugin manager. If you have not yet installed krew, get it at https://github.com/GoogleContainerTools/krew. Then installation is as simple as

kubectl krew install access-matrix

The plugin will be available as kubectl access-matrix, see doc/USAGE for further details.

Binaries

When using the binaries for installation, also have a look at doc/USAGE.

Linux

curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.2.0/rakkess-linux-amd64.gz && \
  gunzip rakkess.gz && chmod +x rakkess && mv rakkess $GOPATH/bin/

OSX

curl -Lo rakkess.gz https://github.com/corneliusweig/rakkess/releases/download/v0.2.0/rakkess-darwin-amd64.gz && \
  gunzip rakkess.gz && chmod +x rakkess && mv rakkess $GOPATH/bin/

Windows

https://github.com/corneliusweig/rakkess/releases/download/v0.2.0/rakkess-windows-amd64.zip

From source

Build on host

Requirements:

  • go 1.11 or newer
  • GNU make
  • git

Compiling:

export PLATFORMS=$(go env GOOS)
make all   # binaries will be placed in out/

Build in docker

Requirements:

  • docker

Compiling:

mkdir rakkess && chdir rakkess
curl -Lo Dockerfile https://raw.githubusercontent.com/corneliusweig/rakkess/master/Dockerfile
docker build . -t rakkess-builder
docker run --rm -v $PWD:/go/bin/ --env PLATFORMS=$(go env GOOS) rakkess
docker rmi rakkess-builder

Binaries will be placed in the current directory.

Users

What are others saying about rakkess?
“Well, that looks handy! rakkess, a kubectl plugin to show an access matrix for all available resources.”@mhausenblas
“that's indeed pretty helpful. rakkess --as system:serviceaccount:my-ns:my-sa -n my-ns prints the access matrix of a service account in a namespace”@fakod
“THE BOMB. Love it.”@ralph_squillace
“This made my day. Well, not actually today but I definitively will use it a lot.”@Soukron
You can’t perform that action at this time.