forked from alcideio/rbac-tool
-
Notifications
You must be signed in to change notification settings - Fork 0
/
krew.yaml
57 lines (49 loc) · 1.99 KB
/
krew.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
apiVersion: krew.googlecontainertools.github.com/v1alpha2
kind: Plugin
metadata:
name: rbac-tool
spec:
version: {{ .TagName }}
platforms:
- bin: rbac-tool
{{addURIAndSha "https://github.com/alcideio/rbac-tool/releases/download/{{ .TagName }}/rbac-tool_{{ .TagName }}_linux_amd64.tar.gz" .TagName }}
selector:
matchLabels:
os: linux
arch: amd64
- bin: rbac-tool
{{addURIAndSha "https://github.com/alcideio/rbac-tool/releases/download/{{ .TagName }}/rbac-tool_{{ .TagName }}_linux_arm64.tar.gz" .TagName }}
selector:
matchLabels:
os: linux
arch: arm64
- bin: rbac-tool
{{addURIAndSha "https://github.com/alcideio/rbac-tool/releases/download/{{ .TagName }}/rbac-tool_{{ .TagName }}_darwin_amd64.tar.gz" .TagName }}
selector:
matchLabels:
os: darwin
arch: amd64
- bin: rbac-tool
{{addURIAndSha "https://github.com/alcideio/rbac-tool/releases/download/{{ .TagName }}/rbac-tool_{{ .TagName }}_darwin_arm64.tar.gz" .TagName }}
selector:
matchLabels:
os: darwin
arch: arm64
- bin: rbac-tool.exe
{{addURIAndSha "https://github.com/alcideio/rbac-tool/releases/download/{{ .TagName }}/rbac-tool_{{ .TagName }}_windows_amd64.tar.gz" .TagName }}
selector:
matchLabels:
os: windows
arch: amd64
shortDescription: Plugin to analyze RBAC permissions and generate policies
homepage: https://github.com/alcideio/rbac-tool
description: |
This plugin is a collection of RBAC tools to simplify analysis and configuration.
You can visualize, analyze, query permissions as well as generate policies in multiple ways.
Examples:
# Generate HTML visualzation of your RBAC permissions
kubectl rbac-tool viz
# Query who can read secrets
kubectl rbac-tool who-can get secret
# Generate a ClusterRole policy that allows to read everything except secrets and services
kubectl rbac-tool gen --deny-resources=secrets.,services. --allowed-verbs=get,list