Kubernetes Authorization

• https://kubernetes.io/docs/reference/access-authn-authz/authorization/

• kubectl auth can-i create deployments --namespace dev

Attributes

https://kubernetes.io/docs/reference/access-authn-authz/authorization/#review-your-request-attributes

user - The user string provided during authentication.
group - The list of group names to which the authenticated user belongs.
extra - A map of arbitrary string keys to string values, provided by the authentication layer.
API - Indicates whether the request is for an API resource.
Request path - Path to miscellaneous non-resource endpoints like /api or /healthz.
API request verb - API verbs like get, list, create, update, patch, watch, delete, and deletecollection are used for resource requests. To 
determine the request verb for a resource API endpoint, see Determine the request verb.
HTTP request verb - Lowercased HTTP methods like get, post, put, and delete are used for non-resource requests.
Resource - The ID or name of the resource that is being accessed (for resource requests only) -- For resource requests using get, update, patch, 
and delete verbs, you must provide the resource name.
Subresource - The subresource that is being accessed (for resource requests only).
Namespace - The namespace of the object that is being accessed (for namespaced resource requests only).
API group - The API Group being accessed (for resource requests only). An empty string designates the core API group.

Related

• Amazon EKS authorization

See also

• Kubernetes Authorization, kubectl auth can-i
• Kubernetes service account, ServiceAccount:, kubectl get serviceaccounts, kubectl create serviceaccount, kubectl describe serviceaccount, kubernetes.io/service-account-token, Kubernetes users, Kubernetes groups, Kubernetes roles, ServiceAccountTokenNodeBinding
• Kubernetes Authentication, kubectl create serviceaccount, kubectl get serviceaccounts, CertificateSigningRequest, aws-auth, bearer tokens, EKS Authentication