Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 

A site dedicated to good practices and tooling around Kubernetes RBAC. Both pull requests and issues are welcome.

For recipes, tips and tricks around RBAC see recipes.rbac.dev.

Official Kubernetes docs

Talks and articles

Tooling

  • cyberark/KubiScan: a tool by Eviatar Gerzi to scan Kubernetes cluster for risky RBAC permissions
  • appvia/krane: a Kubernetes RBAC static analysis and visualisation tool
  • alcideio/rbac-tool: Collection of Kubernetes RBAC power toys - Visualize, Generate & Query by Alcide

Generators and operators

  • liggitt/audit2rbac: takes a Kubernetes audit log and username as input, and generates RBAC role and binding objects that cover all the API requests made by that user.
  • fairwindsops/rbac-manager: operator that supports declarative configuration for RBAC with new custom resources.

Interactive queries

  • corneliusweig/rakkess: show an access matrix for server resources.
  • fairwindsops/rbac-lookup: allows you to easily find Kubernetes roles and cluster roles bound to any user, service account, or group name.
  • sbueringer/kubernetes-rbacq: simplifies querying Subjects and Rights specified in Kubernetes through Roles/ClusterRoles and RoleBindings/ClusterRoleBindings.
  • Ladicle/kubectl-bindrole: finding Kubernetes roles bound to a specified service account, group or user.
  • aquasecurity/kubectl-who-can: show all the subjects who have permission to perform a given verb on specified resources, for example, find all the subjects who can create pods in a given namespace, or who can delete nodes in the cluster.
  • mhausenblas/rbIAM: a unified AWS IAM & Kubernetes RBAC access control exploration tool.

Visualization

  • jasonrichardsmith/rbac-view: visualizes RBAC permissions in tabular format in your browser.
  • team-soteria/rback: generates a graph representation (in Graphviz dot format) of a Kubernetes cluster's RBAC settings.
  • sighupio/permission-manager: super-easy and user-friendly RBAC management for Kubernetes. You can create users, assign namespaces/permissions, and distribute Kubeconfig YAML files via a nice and easy web UI.

About

A collection of good practices and tools for Kubernetes RBAC

Topics

Resources

License

Releases

No releases published

Packages

No packages published