Rakkess – Show Access Matrix for Kubernetes

Rakkess is a kubectl plugin to show an access matrix for server resources. Have you ever wondered what access rights you have on a provided kubernetes cluster? For single resources you can use kubectl auth can-i list deployments, but maybe you are looking for a complete overview? This is what rakkess is for. It lists access rights for the current user and all server resources, similar to kubectl auth can-i --list.

It is also useful to find out who may interact with some server resource.

Rakkess - Plugin to Show Access Matrix for Kubernets
Rakkess – Plugin to Show Access Matrix for Kubernets

There are several options to run the plugin and display the information. any user may select the required options he need to verify the access matrix. here are the available options:

  • Show access for all resources at cluster scope
  • Show access for all resources in some namespace
  • Show access for all resources with verbs
  • Show access for all resources for another user
  • Show access for all resources for another service-account
  • Show access for all resources and combine with common kubectl parameters
  • Show access for all resources globally in all namespaces (only considers ClusterRoleBindings)
  • Show access for all resources in a given namespace (considers RoleBindings and ClusterRoleBindings)
  • Show access for all resources with shorthand notation
  • Show access for all resources with custom verbs

You can read more and download this tool over here: https://github.com/corneliusweig/rakkess

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments