From ff132fd728d76bb516089690c30e2cf500e09471 Mon Sep 17 00:00:00 2001 From: Jerome Petazzoni Date: Thu, 31 Oct 2019 17:26:01 -0500 Subject: [PATCH] Add mention to Review Access / rakkess --- slides/k8s/authn-authz.md | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/slides/k8s/authn-authz.md b/slides/k8s/authn-authz.md index a2c0c431..57f2c965 100644 --- a/slides/k8s/authn-authz.md +++ b/slides/k8s/authn-authz.md @@ -667,17 +667,12 @@ class: extra-details - For auditing purposes, sometimes we want to know who can perform an action -- There is a proof-of-concept tool by Aqua Security which does exactly that: +- There are a few tools to help us with that - https://github.com/aquasecurity/kubectl-who-can + - [kubectl-who-can](https://github.com/aquasecurity/kubectl-who-can) by Aqua Security -- This is one way to install it: - ```bash - docker run --rm -v /usr/local/bin:/go/bin golang \ - go get -v github.com/aquasecurity/kubectl-who-can - ``` + - [Review Access (aka Rakkess)](https://github.com/corneliusweig/rakkess) -- This is one way to use it: - ```bash - kubectl-who-can create pods - ``` +- Both are available as standalone programs, or as plugins for `kubectl` + + (`kubectl` plugins can be installed and managed with `krew`)