auth


Check to see if I can list deployments in my current namespace

    Check to see if I can get the job named “bar” in namespace “foo”

    Check to see if I can access the URL /logs/

    1. kubectl auth can-i get /logs/

    Check whether an action is allowed.

    VERB is a logical Kubernetes API verb like ‘get’, ‘list’, ‘watch’, ‘delete’, etc. TYPE is a Kubernetes resource. Shortcuts and groups will be resolved. NONRESOURCEURL is a partial URL that starts with “/“. NAME is the name of a particular Kubernetes resource.


    reconcile

    1. kubectl auth reconcile -f my-rbac-rules.yaml

    Reconciles rules for RBAC role, role binding, cluster role, and cluster role binding objects.

    Missing objects are created, and the containing namespace is created for namespaced objects, if required.

    Existing roles are updated to include the permissions in the input objects, and remove extra permissions if —remove-extra-permissions is specified.

    Existing bindings are updated to include the subjects in the input objects, and remove extra subjects if —remove-extra-subjects is specified.

    This is preferred to ‘apply’ for RBAC resources so that semantically-aware merging of rules and subjects is done.

    NameShorthandDefaultUsage
    allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
    dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
    filenamef[]Filename, directory, or URL to files identifying the resource to reconcile.
    kustomizekProcess the kustomization directory. This flag can’t be used together with -f or -R.
    outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
    recursiveRfalseProcess the directory used in -f, —filename recursively. Useful when you want to manage related manifests organized within the same directory.
    remove-extra-permissionsfalseIf true, removes extra permissions added to roles
    remove-extra-subjectsfalseIf true, removes extra subjects added to rolebindings
    show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
    templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].