You can use kubectl auth can-i --list instead of this.
Example:
$ kubectl auth can-i --list
Resources Non-Resource URLs Resource Names Verbs
*.* [] [] [*]
[*] [] [*]
selfsubjectaccessreviews.authorization.k8s.io [] [] [create]
selfsubjectrulesreviews.authorization.k8s.io [] [] [create]
[/api/*] [] [get]
[/api] [] [get]
[/apis/*] [] [get]
[/apis] [] [get]
[/healthz] [] [get]
[/healthz] [] [get]
[/livez] [] [get]
[/livez] [] [get]
[/openapi/*] [] [get]
[/openapi] [] [get]
[/readyz] [] [get]
[/readyz] [] [get]
[/version/] [] [get]
[/version/] [] [get]
[/version] [] [get]
[/version] [] [get]
This project is a learning exercise to use the Kubernetes API in Rust.
It will show you what the current user (from kubeconfig or service account) can do with the K8s cluster.
The default settings of this tool use native-tls. However, the current implementation of native-tls does not support TLS 1.3
There is a feature to activate rustls-tls which uses TLS 1.3 and performs better.
However it curently does not support validation of certificate presenting an IP address. So be aware that using rustls-tls feature will fail when your kubernetes API server certificate presents an IP address.
If you want to use rustls, build the project with:
cargo build --release --no-default-features --features rustls-tlsInspired by rakkess