Testing Kubernetes RBAC

Tom Gallacher
Oct 16, 2018 · 4 min read
“blue locked door” by Chris Barbalis on Unsplash

Our Scenario

Can I?

kubectl auth can-i create pods
kubectl auth can-i create pods --as=me

Automation

#!/usr/bin/env bats@test "Team namespaces can scale deployments within their own namespace" {
run kubectl auth can-i update deployments.apps --subresource="scale" --as-group="$group" --as="$user" -n $ns
[ "$status" -eq 0 ]
[ "$output" == "yes" ]
done
}

rules:
- apiGroups:
- authorization.k8s.io
resources:
- selfsubjectaccessreviews
- selfsubjectrulesreviews
verbs:
- create


YLD Blog

YLD's latest thoughts on Software Engineering, Design and Digital Products

Tom Gallacher

Written by

🏎️🛣️🚴👨‍💻🍺. Linux performance privateer & DevOps extraordinaire, Often seen happily writing code without any knowledge of his surroundings. @YLDio

YLD Blog

YLD Blog

YLD's latest thoughts on Software Engineering, Design and Digital Products