Kubernetes Security Operations: Difference between revisions
Jump to navigation
Jump to search
(Created page with "=Internal= * Kubernetes Operations =Service Account Operations= {{Internal|Kubernetes Service Account Operations|Service Account Operations}} =RBAC Operations= {{Internal...") |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=Internal= | =Internal= | ||
* [[Kubernetes Operations]] | * [[Kubernetes Operations]] | ||
* [[rbac-lookup]] | |||
=User Operations= | |||
{{Internal|Kubernetes User Operations|User Operations}} | |||
=Service Account Operations= | =Service Account Operations= | ||
| Line 6: | Line 10: | ||
=RBAC Operations= | =RBAC Operations= | ||
{{Internal|Kubernetes RBAC Operations|RBAC Operations}} | {{Internal|Kubernetes RBAC Operations|RBAC Operations}} | ||
=Authorization Check= | |||
{{Internal|Kubectl_auth|kubectl auth}} | |||
==PodSecurityPolicy== | |||
This command allows to simulate the PodSecurityPolicy selection process performed by the PodSecurityPolicy admission controller: | |||
<syntaxhighlight lang='bash'> | |||
kubectl --as=system:serviceaccount:<namespace>:<serviceaccount-name> -n <namespace> auth can-i use <pod-security-policy-name> | |||
kubectl --as=system:serviceaccount:blue:blue-serviceaccount -n blue auth can-i use podsecuritypolicy/example | |||
</syntaxhighlight> | |||
Latest revision as of 23:23, 1 October 2020
Internal
User Operations
Service Account Operations
RBAC Operations
Authorization Check
PodSecurityPolicy
This command allows to simulate the PodSecurityPolicy selection process performed by the PodSecurityPolicy admission controller:
kubectl --as=system:serviceaccount:<namespace>:<serviceaccount-name> -n <namespace> auth can-i use <pod-security-policy-name>
kubectl --as=system:serviceaccount:blue:blue-serviceaccount -n blue auth can-i use podsecuritypolicy/example