发表新帖
发表新帖

how to check whether RBAC is enabled, using kubectl

前端 未结
关注
6 1198
北恋
北恋 2020-12-13 12:33

I\'m trying to install a helm package on a kubernetes cluster which allegedly has RBAC disabled. I\'m getting a permission error mentioning clusterroles.rbac.authoriza

相关标签:
6条回答
  • 失恋的感觉
    2020-12-13 12:47

    You can check this by executing the command kubectl api-versions; if RBAC is enabled you should see the API version .rbac.authorization.k8s.io/v1.

    In AKS, the best way is to check the cluster's resource details at resources.azure.com. If you can spot "enableRBAC": true, your cluster has RBAC enabled. Please note that existing non-RBAC enabled AKS clusters cannot currently be updated for RBAC use. (thanks @DennisAmeling for the clarification)

    0 讨论(0)
  • 执笔经年
    2020-12-13 12:56

    For Azure (AKS) I think Azure CLI works well.

    az resource show -g <resource group name> -n <cluster name> --resource-type Microsoft.ContainerService/ManagedClusters --query properties.enableRBAC

    It is basically the same thing as using resources.azure.com, but I find it quicker to use the Azure CLI

    0 讨论(0)
  • 野性不改
    2020-12-13 13:01

    ps -aef | grep -i apiserver is the easiest way to find out.

    0 讨论(0)
  • 囚心锁ツ
    2020-12-13 13:03

    I wish there was a better way but what I use is:

    $ kubectl cluster-info dump | grep authorization-mode

    If you can execute it you should either see RBAC listed there or not, and if you don't have the permissions to do it, well, chances are that RBAC is enabled.

    0 讨论(0)
  • 半阙折子戏
    2020-12-13 13:04

    Option #1: If you have access to master node then login into and check below

    ps -aef | grep -i apiserver
The options should have --authorization-mode=RBAC otherwise RBAC not enabled.

    Option #2:

    kubectl get clusterroles | grep -i rbac

    Hope this helps

    Rgds Sudhakar

    0 讨论(0)
  • 滥情空心
    2020-12-13 13:06

    For Azure (AKS) this is a bit more tricky. While the kubectl api-versions command indeed returns rbac.authorization.k8s.io/v1, the kubectl get clusterroles command doesn't return the default system: prefixed roles.

    The best way to check for AKS is to check the cluster's resource details, e.g. at resources.azure.com. If "enableRBAC": true, your cluster has RBAC enabled. Existing non-RBAC enabled AKS clusters cannot currently be updated for RBAC use. So if you want to enable RBAC on AKS, you'll have to create a new cluster.

    0 讨论(0)
 看不清?
提交回复
热议问题