-
Notifications
You must be signed in to change notification settings - Fork 81
/
.krew.yaml
97 lines (91 loc) · 3.32 KB
/
.krew.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
apiVersion: krew.googlecontainertools.github.com/v1alpha2
kind: Plugin
metadata:
name: who-can
spec:
version: "{{ .TagName }}"
homepage: https://github.com/aquasecurity/kubectl-who-can
shortDescription: >-
Shows who has RBAC permissions to access Kubernetes resources
description: |+2
Shows which subjects have RBAC permissions to VERB [TYPE | TYPE/NAME | NONRESOURCEURL]
VERB is a logical Kubernetes API verb like 'get', 'list', 'watch', 'delete', etc.
TYPE is a Kubernetes resource. Shortcuts and API groups will be resolved, e.g. 'po' or 'pod.metrics.k8s.io'.
NAME is the name of a particular Kubernetes resource.
NONRESOURCEURL is a partial URL that starts with "/".
For example, if you want to find all subjects who have permission to
delete pods in a particular namespace, or to delete nodes in the cluster
(dangerous!) you could run the following commands:
$ kubectl who-can delete pods --namespace foo
$ kubectl who-can delete nodes
For usage or examples, run:
$ kubectl who-can -h
caveats: |
The plugin requires the rights to list (Cluster)Role and (Cluster)RoleBindings.
platforms:
- selector:
matchLabels:
os: darwin
arch: amd64
{{addURIAndSha "https://github.com/aquasecurity/kubectl-who-can/releases/download/{{ .TagName }}/kubectl-who-can_darwin_x86_64.tar.gz" .TagName | indent 6}}
files:
- from: kubectl-who-can
to: .
- from: LICENSE
to: .
bin: kubectl-who-can
- selector:
matchLabels:
os: darwin
arch: arm64
{{addURIAndSha "https://github.com/aquasecurity/kubectl-who-can/releases/download/{{ .TagName }}/kubectl-who-can_darwin_arm64.tar.gz" .TagName | indent 6}}
files:
- from: kubectl-who-can
to: .
- from: LICENSE
to: .
bin: kubectl-who-can
- selector:
matchLabels:
os: linux
arch: amd64
{{addURIAndSha "https://github.com/aquasecurity/kubectl-who-can/releases/download/{{ .TagName }}/kubectl-who-can_linux_x86_64.tar.gz" .TagName | indent 6}}
files:
- from: kubectl-who-can
to: .
- from: LICENSE
to: .
bin: kubectl-who-can
- selector:
matchLabels:
os: linux
arch: arm64
{{addURIAndSha "https://github.com/aquasecurity/kubectl-who-can/releases/download/{{ .TagName }}/kubectl-who-can_linux_arm64.tar.gz" .TagName | indent 6}}
files:
- from: kubectl-who-can
to: .
- from: LICENSE
to: .
bin: kubectl-who-can
- selector:
matchLabels:
os: windows
arch: amd64
{{addURIAndSha "https://github.com/aquasecurity/kubectl-who-can/releases/download/{{ .TagName }}/kubectl-who-can_windows_x86_64.zip" .TagName | indent 6}}
files:
- from: kubectl-who-can.exe
to: .
- from: LICENSE
to: .
bin: kubectl-who-can.exe
- selector:
matchLabels:
os: windows
arch: arm64
{{addURIAndSha "https://github.com/aquasecurity/kubectl-who-can/releases/download/{{ .TagName }}/kubectl-who-can_windows_arm64.zip" .TagName | indent 6}}
files:
- from: kubectl-who-can.exe
to: .
- from: LICENSE
to: .
bin: kubectl-who-can.exe