Add example for querying SA permissions
Add example for querying SA permissions Add missing example for querying the API authorization layer for checking the permissions of a Service Account Add missing SA identifying prefix Improve suggested text to align with current content Co-authored-by: Sam Roth <2413031+sejr@users.noreply.github.com> Improve suggested text to align with current content Co-authored-by: Sam Roth <2413031+sejr@users.noreply.github.com>
This commit is contained in:
parent
b7a6f0e532
commit
dc326f0389
|
@ -134,6 +134,21 @@ The output is similar to this:
|
||||||
no
|
no
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Similarly, to check whether a Service Account named `dev-sa` in Namespace `dev`
|
||||||
|
can list Pods in the Namespace `target`:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
kubectl auth can-i list pods \
|
||||||
|
--namespace target \
|
||||||
|
--as system:serviceaccount:dev:dev-sa
|
||||||
|
```
|
||||||
|
|
||||||
|
The output is similar to this:
|
||||||
|
|
||||||
|
```
|
||||||
|
yes
|
||||||
|
```
|
||||||
|
|
||||||
`SelfSubjectAccessReview` is part of the `authorization.k8s.io` API group, which
|
`SelfSubjectAccessReview` is part of the `authorization.k8s.io` API group, which
|
||||||
exposes the API server authorization to external services. Other resources in
|
exposes the API server authorization to external services. Other resources in
|
||||||
this group include:
|
this group include:
|
||||||
|
|
Loading…
Reference in New Issue