kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add example for querying SA permissions 

Add example for querying SA permissions

Add missing example for querying the API authorization layer for checking the permissions of a Service Account

Add missing SA identifying prefix

Improve suggested text to align with current content

Co-authored-by: Sam Roth <2413031+sejr@users.noreply.github.com>

Improve suggested text to align with current content

Co-authored-by: Sam Roth <2413031+sejr@users.noreply.github.com>
This commit is contained in:
Chiranga Alwis 2021-10-10 02:14:43 +05:30 committed by chirangaalwis
parent b7a6f0e532
commit dc326f0389
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
content/en/docs/reference/access-authn-authz/authorization.md
View File

@ -134,6 +134,21 @@ The output is similar to this:
no
```
Similarly, to check whether a Service Account named `dev-sa` in Namespace `dev`
can list Pods in the Namespace `target`:
```bash
kubectl auth can-i list pods \
--namespace target \
--as system:serviceaccount:dev:dev-sa
```
The output is similar to this:
```
yes
```
`SelfSubjectAccessReview` is part of the `authorization.k8s.io` API group, which
exposes the API server authorization to external services. Other resources in
this group include: