rback

command module
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 31, 2019 License: Apache-2.0 Imports: 7 Imported by: 0

README

rback

A simple "RBAC in Kubernetes" visualizer. No matter how complex the setup, rback queries all RBAC related information of an Kubernetes cluster in constant time and generates a graph representation of service accounts, (cluster) roles, and the respective access rules in dot format.

For example, here is an Amazon EKS cluster as seen by rback:

EKS cluster

Another example would be a local K3S cluster:

K3S cluster

Here in action in the Katacoda Kubernetes playground:

Katacoda

See for more details the examples/ directory …

Install

rback depends on you having access to a Kubernetes cluster, either in the cloud (like Amazon EKS) or locally (k3s, kind, Minikube, Docker for Desktop) as well as kubectl installed and configured, locally.

To install it for macOS, do:

$ curl -sL https://github.com/mhausenblas/rback/releases/download/v0.2.0/macos_rback -o rback
$ chmod +x rback && sudo mv rback /usr/local/bin

To install it for Linux, do:

$ curl -sL https://github.com/mhausenblas/rback/releases/download/v0.2.0/linux_rback -o rback
$ chmod +x rback && sudo mv rback /usr/local/bin

You can also build it from source, with Go 1.12 like so:

$ git clone https://github.com/mhausenblas/rback.git && cd rback
$ go build

Usage

Run rback locally against the target cluster and store its output in a .dot file like shown in the following:

$ rback > result.dot

Now that you have result.dot, you can render the graph either online or locally.

Render online

There are plenty of Graphviz (dot) online visualization tools available, for example, use magjac.com/graphviz-visual-editor/ for interaction or the simpler dreampuf.github.io/GraphvizOnline. Head over there and paste the output of rback into it.

Render locally

Install Graphviz, for example, on macOS you can do brew install graphviz. Then you can do the following (on macOS):

$ rback | dot -Tpng  > /tmp/rback.png && open /tmp/rback.png

Background

How it works is that rback issues the following five queries by shelling out to kubectl:

kubectl get sa --all-namespaces --output json
kubectl get roles --all-namespaces --output json
kubectl get rolebindings --all-namespaces --output json
kubectl get clusterroles --output json
kubectl get clusterrolebindings --output json

Then, based on this information, the graphs are created using the github.com/emicklei/dot package.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.