Authorization

auth

Inspect authorization

Usage can-i

Check whether an action is allowed.

VERB is a logical Kubernetes API verb like ‘get’, ’list’, ‘watch’, ‘delete’, etc. TYPE is a Kubernetes resource. Shortcuts and groups will be resolved. NONRESOURCEURL is a partial URL starts with “/”. NAME is the name of a particular Kubernetes resource.

Usage

kubectl auth can-i VERB [TYPE | TYPE/NAME | NONRESOURCEURL]

Check to see if I can create pods in any namespace

kubectl auth can-i create pods --all-namespaces

Check to see if I can list deployments in my current namespace

kubectl auth can-i list deployments.apps

Check to see if I can do everything in my current namespace ("*" means all)

kubectl auth can-i '*' '*'

Source:
https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands

Last updated on 18 May 2023
Published on 18 Mar 2021
Edit on GitHub