$ kubectl rback rolebinding my-role-binding $ kubectl rback clusterrole my-cluster-role Instead of ServiceAccounts, you can also focus on Roles, RoleBindings, ClusterRoles or ClusterRoleBindings: $ kubectl rback role my-role This makes the specified ServiceAccount the focal point of the graph, meaning that only it and directly-related RBAC resources are shown. If you're particularly interested in a single ServiceAccount, you can run: $ kubectl rback serviceaccount my-service-account $ kubectl rback -n my-namespace1,my-namespace2 The switch supports multiple namespaces as well: $ kubectl rback -n my-namespace More usage examplesīy default, rback shows all RBAC resources in your cluster, but you can also focus on a single namespace by using the -n switch. We welcome contributions to make the plugin work in other environments. dot file, render it using GraphViz (must be installed on your system) and open the rendered image using xgd-open. Then, you'll be able to simply run: $ kubectl rback Add the file to your path, ensure it is executable and modify it to suit your environment. There is also a very crude first version of a kubectl plugin in. Then you can do the following (on macOS): $ kubectl get sa,roles,rolebindings,clusterroles,clusterrolebindings -all-namespaces -o json | rback | dot -Tpng > /tmp/rback.png & open /tmp/rback.png
#Docker for mac kubernetes rbac install
Install Graphviz, for example, on macOS you can do brew install graphviz. Head over there and paste the output of rback into it. There are plenty of Graphviz ( dot) online visualization tools available, for example, use /graphviz-visual-editor/ for interaction or the simpler /GraphvizOnline. Now that you have result.dot, you can render the graph either online or locally.
dot file like shown in the following: $ kubectl get sa,roles,rolebindings,clusterroles,clusterrolebindings -all-namespaces -o json | rback > result.dot Run rback locally against the target cluster and store its output in a. You can also build it from source, with Go 1.12 like so: $ git clone & cd rback To install it for Linux, do: $ curl -sL -o rback $ chmod +x rback & sudo mv rback /usr/local/bin To install it for macOS, do: $ curl -sL -o rback Or locally (k3s, kind, Minikube, Docker for Desktop) as well as kubectl installed and configured, locally. Rback depends on you having access to a Kubernetes cluster, either in the cloud (like Amazon EKS) See for more details the examples directory … Install Here in action in the Katacoda Kubernetes playground: No matter how complex the setup, rback queries all RBAC related information of an Kubernetes cluster in constant time and generates a graph representation of service accounts, (cluster) roles, and the respective access rules in dot format.įor example, here is an Amazon EKS cluster as seen by rback:Īnother example would be a local K3S cluster: A simple "RBAC in Kubernetes" visualizer.
0 kommentar(er)
