rbac-tool

Analyze and visualize Kubernetes RBAC policies

TLDR

Show who can perform an action on a resource

$ rbac-tool who-can [get] [pods]

Visualize RBAC as HTML

$ rbac-tool viz --outformat html > [rbac.html]

Look up permissions for a specific subject

$ rbac-tool lookup -e [user@example.com]

Generate RBAC policy from audit log

$ rbac-tool gen --from-audit [audit.log]

Audit RBAC for security issues

$ rbac-tool audit

DESCRIPTION

rbac-tool analyzes and visualizes Kubernetes RBAC (Role-Based Access Control) configurations. It helps understand permissions, find security issues, and generate policies.

$ # Who can delete pods?
rbac-tool who-can delete pods

# Who can access secrets?
rbac-tool who-can get secrets -n default

# Visualize RBAC as HTML
rbac-tool viz --outformat html > rbac.html

# Analyze cluster RBAC
rbac-tool analysis

# Audit for issues
rbac-tool audit

# Generate policy from audit log
rbac-tool gen --from-audit audit.log

CONFIGURATION

~/.kube/config

Default kubeconfig file specifying cluster connections and authentication. Used by rbac-tool to connect to the target cluster.

COMMANDS

analysis

Analyze RBAC configuration.

viz

Visualize RBAC.

who-can verb resource

Find subjects with permission.

gen

Generate RBAC policy.

audit

Audit permissions.

lookup

Lookup subject permissions.

rbac-tool

Analyze and visualize Kubernetes RBAC policies

TLDR

SYNOPSIS

DESCRIPTION

EXAMPLES

CONFIGURATION

COMMANDS

OUTPUT FORMATS

CAVEATS

HISTORY

SEE ALSO