Skip to content

Releases: alcideio/rbac-tool

v0.9.0

30 May 11:11
@github-actions github-actions
v0.9.0
3b08e35
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.9.0

rbac-tool

rbac-tool

A collection of Kubernetes RBAC tools to sugar coat Kubernetes RBAC complexity

Install

curl https://raw.githubusercontent.com/alcideio/rbac-tool/master/download.sh | bash

Command Line Examples

# Scan the cluster pointed by the kubeconfig context 'myctx'
rbac-tool viz --cluster-context myctx

# Scan and create a PNG image from the graph
rbac-tool viz --outformat dot --exclude-namespaces=soemns && cat rbac.dot | dot -Tpng > rbac.png && google-chrome rbac.png
# Render Online
https://dreampuf.github.io/GraphvizOnline

# Search All Service Accounts That Contains myname
rbac-tool lookup -e '.*myname.*'

# Lookup all accounts that DO NOT start with system: )
rbac-tool lookup -ne '^system:.*'

# List policy rules for users (or all of them)
rbac-tool policy-rules -e '^system:anonymous'

# Generate from Audit events & Visualize 
rbac-tool auditgen -f testdata  | rbac-tool viz   -f -

# Generate a `ClusterRole` policy that allows to read everything **except** *secrets* and *services*
rbac-tool  gen  --deny-resources=secrets.,services. --allowed-verbs=get,list
Assets 6
Loading

v0.8.0

26 May 11:19
@github-actions github-actions
v0.8.0
9c48aa2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.8.0

rbac-tool

rbac-tool

A collection of Kubernetes RBAC tools to sugar coat Kubernetes RBAC complexity

Install

curl https://raw.githubusercontent.com/alcideio/rbac-tool/master/download.sh | bash

Command Line Examples

# Scan the cluster pointed by the kubeconfig context 'myctx'
rbac-tool viz --cluster-context myctx

# Scan and create a PNG image from the graph
rbac-tool viz --outformat dot --exclude-namespaces=soemns && cat rbac.dot | dot -Tpng > rbac.png && google-chrome rbac.png
# Render Online
https://dreampuf.github.io/GraphvizOnline

# Search All Service Accounts That Contains myname
rbac-tool lookup -e '.*myname.*'

# Lookup all accounts that DO NOT start with system: )
rbac-tool lookup -ne '^system:.*'

# List policy rules for users (or all of them)
rbac-tool policy-rules -e '^system:anonymous'

# Generate a `ClusterRole` policy that allows to read everything **except** *secrets* and *services*
rbac-tool  gen  --deny-resources=secrets.,services. --allowed-verbs=get,list
Assets 6
Loading

v0.7.0

29 Apr 07:23
@github-actions github-actions
v0.7.0
f532018
Compare
Choose a tag to compare
v0.7.0

rbac-tool

rbac-tool

A collection of Kubernetes RBAC tools to sugar coat Kubernetes RBAC complexity

Install

curl https://raw.githubusercontent.com/alcideio/rbac-tool/master/download.sh | bash

Command Line Examples

# Scan the cluster pointed by the kubeconfig context 'myctx'
rbac-tool viz --cluster-context myctx

# Scan and create a PNG image from the graph
rbac-tool viz --outformat dot --exclude-namespaces=soemns && cat rbac.dot | dot -Tpng > rbac.png && google-chrome rbac.png
# Render Online
https://dreampuf.github.io/GraphvizOnline

# Search All Service Accounts That Contains myname
rbac-tool lookup -e '.*myname.*'

# Generate a `ClusterRole` policy that allows to read everything **except** *secrets* and *services*
rbac-tool  gen  --deny-resources=secrets.,services. --allowed-verbs=get,list
Assets 6
Loading

v0.6.2 🚀

25 Apr 08:56
@github-actions github-actions
v0.6.2
b0ddf3b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.6.2 🚀

Changes

  • Fixed Rule rendering in HTML

rbac-tool

A collection of Kubernetes RBAC tools to sugar coat Kubernetes RBAC complexity

Examples:

rbac-tool  lookup
rbac-tool  viz
rbac-tool  gen --generated-type=Role --deny-resources=secrets.,daemonsets.apps --allowed-verbs=get,list --allowed-groups=,apps,networking.k8s.io
Assets 6
Loading

v0.6.1 🚀

21 Apr 06:53
@github-actions github-actions
v0.6.1
2c0c371
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.6.1 🚀

Changes

rbac-tool

A collection of Kubernetes RBAC tools to sugar coat Kubernetes RBAC complexity

Examples:

rbac-tool  lookup
rbac-tool  viz
rbac-tool  gen --generated-type=Role --deny-resources=secrets.,daemonsets.apps --allowed-verbs=get,list --allowed-groups=,apps,networking.k8s.io
Assets 6
Loading

v0.6.0 🚀

31 Mar 16:56
@github-actions github-actions
v0.6.0
5e7c5b5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.6.0 🚀

Changes

rbac-tool

A collection of Kubernetes RBAC tools to sugar coat Kubernetes RBAC complexity

Examples:

$ rbac-tool  lookup
$ rbac-tool  viz 
$ rbac-tool viz --include-pods-only
$ rbac-tool viz --include-subjects="nginx-ingress"
rbac-tool  gen --generated-type=Role --deny-resources=secrets.,daemonsets.apps --allowed-verbs=get,list --allowed-groups=,apps,networking.k8s.io
Assets 6
Loading

v0.5.0

30 Mar 04:48
@github-actions github-actions
v0.5.0
d9d85d2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.5.0

Changes

  • Added rbac lookup roles/clusterroles used by user/group/serviceaccount @gadinaor (#4)
  • Added support to create RBAC graph from files and stdin

rbac-tool

Example:

rbac-tool  lookup
rbac-tool  viz
rbac-tool  gen --generated-type=Role --deny-resources=secrets.,daemonsets.apps --allowed-verbs=get,list --allowed-groups=,apps,networking.k8s.io
Assets 6
Loading

v0.4.0 🚀

26 Mar 22:07
@github-actions github-actions
v0.4.0
3da2254
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.4.0 🚀

Changes

rbac-tool

Generate Role or ClusterRole resource while reducing the use of wildcards.

rbac-tool read from the Kubernetes discovery API the available API Groups and resources,
and based on the command line options, generate an explicit Role/ClusterRole that avoid wildcards

Example:

rbac-tool  gen --generated-type=Role --deny-resources=secrets.,daemonsets.apps --allowed-verbs=get,list --allowed-groups=,apps,networking.k8s.io
Assets 6
Loading

v0.3.0

23 Mar 05:58
@github-actions github-actions
v0.3.0
b77dfd2
Compare
Choose a tag to compare
v0.3.0

Changes

  • initial release of rbac-tool gen

rbac-tool gen

Generate Role or ClusterRole resource while reducing the use of wildcards.

rbac-tool read from the Kubernetes discovery API the available API Groups and resources,
and based on the command line options, generate an explicit Role/ClusterRole that avoid wildcards

Example:

rbac-tool  gen --generated-type=Role --deny-resources=secrets.,daemonsets.apps --allowed-verbs=get,list --allowed-groups=,apps,networking.k8s.io
Assets 6
Loading

v0.1 - initial release

22 Mar 18:25
@gadinaor gadinaor
v0.1.0
42e80b3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1 - initial release Pre-release
Pre-release 
Merge pull request #1 from alcideio/initial-release

Merge initial release
Assets 2
Loading