I have a secret which contains very sensitive information. I want to make sure that this secret can only be accessed by a certain service account and nobody else.
Using RBAC, I can tell which user can access which resources. But is there some way where I can tell that this secret can only be accessed by this user?
Chetan
On
It is possible to get it done with Validating webhook where the API request fields are parsed and checked for matching users. OPA can be used to do some heavy lifting.
Copyright © 2021 Jogjafile Inc.
as far as i know , There is no straight forward way to get that info (might require write a script to that iterates through rolebindings & clusterrolebindings).
Recently found a plugin called
kubectl who-canon kubectl-who-can that fetches those kind details with one command.