LinuxCommandLibrary

kubectl-auth

Configure kubectl authentication

TLDR

Check if the current user can perform all actions on all resources in a specific namespace

$ kubectl auth can-i '*' '*' [[-n|--namespace]] [namespace]
copy

Check if the current user can perform a specific verb on a specific resource
$ kubectl auth can-i [verb] [resource] [[-n|--namespace]] [namespace]
copy

Check if a specific user or service account can perform an action on a resource
$ kubectl auth can-i [verb] [resource] [[-n|--namespace]] [namespace] --as [user_or_sa]
copy

List all actions the current user is allowed to perform in a namespace
$ kubectl auth can-i --list [[-n|--namespace]] [namespace]
copy

SYNOPSIS

kubectl-auth [OPTIONS] [ARGS]

PARAMETERS

--help
    Show help for kubectl-auth

--kubeconfig
    Path to kubeconfig file

--context
    Kubernetes context name

--user
    Specific user to authenticate

--token
    Bearer token for auth

--verify
    Verify current authentication status

DESCRIPTION

'kubectl-auth' is not a standard Linux command or built-in kubectl subcommand in official Kubernetes distributions.

It may refer to a third-party plugin, custom script, or tool for managing Kubernetes authentication, such as handling kubeconfig, tokens, or OIDC flows. Standard kubectl authentication is managed via the kubeconfig file (~/.kube/config), service accounts, or plugins like kubelogin for Azure AD/OIDC.

Common auth-related tasks use:
- kubectl config for viewing/editing contexts, users, clusters.
- kubectl config use-context, set-credentials.
- Plugins: aws-iam-authenticator, gke-gcloud-auth-plugin.

If 'kubectl-auth' is from a specific project (e.g., GitHub repo or vendor tool), check its documentation. Without context, assume it's for reconciling or testing auth permissions, similar to kubectl auth can-i.

CAVEATS

Not part of core kubectl; may require installation via plugin manager like krew. Incompatible with standard auth without setup.
Errors if missing dependencies (e.g., OIDC client). Use kubectl krew install auth if plugin exists.

INSTALLATION

Typically via kubectl krew install auth or download binary from GitHub. Verify with kubectl krew plugins.

ALTERNATIVES

Use kubectl config view --minify for auth info; az aks get-credentials for Azure; eksctl for AWS.

HISTORY

Emerged in Kubernetes ecosystem ~2020s as custom auth helpers amid rise of cloud-native auth (OIDC, EKS, AKS). No official inclusion; community-driven for simplifying multi-cluster auth workflows.

SEE ALSO

kubectl(1), kubelogin(1), aws-iam-authenticator(1), kubectx(1)

Copied to clipboard