I have a secret which contains very sensitive information. I want to make sure that this secret can only be accessed by a certain service account and nobody else.
Using RBAC, I can tell which user can access which resources. But is there some way where I can tell that this secret can only be accessed by this user?
as far as i know , There is no straight forward way to get that info (might require write a script to that iterates through rolebindings & clusterrolebindings).
Recently found a plugin called
kubectl who-can
on kubectl-who-can that fetches those kind details with one command.