Kubernetes Security Operations

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

User Operations

User Operations

Service Account Operations

Service Account Operations

RBAC Operations

RBAC Operations

Authorization Check

kubectl auth

PodSecurityPolicy

This command allows to simulate the PodSecurityPolicy selection process performed by the PodSecurityPolicy admission controller:

kubectl --as=system:serviceaccount:<namespace>:<serviceaccount-name> -n <namespace> auth can-i use <pod-security-policy-name>
kubectl --as=system:serviceaccount:blue:blue-serviceaccount -n blue auth can-i use podsecuritypolicy/example