kubectl-auth
checks authorization permissions
TLDR
Check if action is allowed
$ kubectl auth can-i [create] [pods]
Check as user$ kubectl auth can-i [delete] [deployments] --as [user@example.com]
Check in namespace$ kubectl auth can-i [get] [secrets] -n [namespace]
List all permissions$ kubectl auth can-i --list
Check all namespaces$ kubectl auth can-i [get] [pods] --all-namespaces
Reconcile RBAC$ kubectl auth reconcile -f [rbac.yaml]
SYNOPSIS
kubectl auth subcommand [options]
DESCRIPTION
kubectl auth checks authorization permissions. It verifies what actions are allowed for users and service accounts.
The command tests RBAC policies. It's useful for debugging access issues and auditing permissions.
PARAMETERS
can-i VERB RESOURCE
Check authorization.reconcile
Reconcile RBAC rules.--as USER
Impersonate user.--as-group GROUP
Impersonate group.--list
List all permissions.-n NAMESPACE
Target namespace.--help
Display help information.
CAVEATS
Subcommand of kubectl. Shows RBAC results. May not reflect all policies.
HISTORY
kubectl auth provides authorization checking for Kubernetes RBAC policies and access debugging.
SEE ALSO
kubectl(1), kubectl-config(1)