1 개요[ | ]
- k8s SelfSubjectAccessReview
- 현재 사용자가 작업을 수행할 수 있는지 여부를 확인한다.
- spec.namespace를 채우지 않으면 "모든 네임스페이스에서"를 의미한다.
yaml
Copy
apiVersion: authorization.k8s.io/v1
kind: SelfSubjectAccessReview
spec:
resourceAttributes:
group: apps
resource: deployments
verb: create
namespace: dev
yaml
Copy
apiVersion: authorization.k8s.io/v1
kind: SelfSubjectAccessReview
metadata:
creationTimestamp: null
spec:
resourceAttributes:
group: apps
resource: deployments
namespace: dev
verb: create
status:
allowed: true
denied: false
yaml
Copy
kind: SelfSubjectAccessReview
apiVersion: authorization.k8s.io/v1
metadata:
creationTimestamp:
managedFields:
- manager: kubectl
operation: Update
apiVersion: authorization.k8s.io/v1
time: '2023-10-07T17:01:47Z'
fieldsType: FieldsV1
fieldsV1:
f:spec:
f:resourceAttributes:
".": {}
f:name: {}
f:namespace: {}
f:resource: {}
f:verb: {}
spec:
resourceAttributes:
namespace: default
verb: get
resource: pods
name: exec
status:
allowed: true
yaml
Copy
kind: SelfSubjectAccessReview
apiVersion: authorization.k8s.io/v1
metadata:
creationTimestamp:
managedFields:
- manager: kubectl
operation: Update
apiVersion: authorization.k8s.io/v1
time: '2023-10-07T17:00:40Z'
fieldsType: FieldsV1
fieldsV1:
f:spec:
f:resourceAttributes:
".": {}
f:name: {}
f:namespace: {}
f:resource: {}
f:verb: {}
spec:
resourceAttributes:
namespace: default
verb: get
resource: pods
name: exec
status:
allowed: true
reason: 'RBAC: allowed by ClusterRoleBinding "cluster-admin" of ClusterRole "cluster-admin" to User "testuser@example.com"'
2 같이 보기[ | ]
3 참고[ | ]
편집자 Jmnote
로그인하시면 댓글을 쓸 수 있습니다.