a1490926d6
Automatic merge from submit-queue (batch tested with PRs 41814, 41922, 41957, 41406, 41077) add kubectl can-i to see if you can perform an action Adds `kubectl auth can-i <verb> <resource> [<name>]` so that a user can see if they are allowed to perform an action. @kubernetes/sig-cli-pr-reviews @fabianofranz This particular command satisfies the immediate need of knowing if you can perform an action without trying that action. When using RBAC in a script that is adding permissions, there is a lag between adding the permission and the permission being realized in the RBAC cache. As a user on the CLI, you almost never see it, but as a script adding a binding and then using that new power, you hit it quite often. There are natural follow-ons to the same area (hence the `auth` subcommand) to figure out if someone else can perform an action, what actions you can perform in total, and who can perform a given action. Someone else is an API we have already, what-can-i-do was a proposed API a while back and a very useful one for interfaces, and who-can is common question if someone is administering a namespace.
Kubernetes Documentation: releases.k8s.io/HEAD
-
The User's guide is for anyone who wants to run programs and services on an existing Kubernetes cluster.
-
The Cluster Admin's guide is for anyone setting up a Kubernetes cluster or administering it.
-
The Developer guide is for anyone wanting to write programs that access the Kubernetes API, write plugins or extensions, or modify the core code of Kubernetes.
-
The Kubectl Command Line Interface is a detailed reference on the
kubectlCLI. -
The API object documentation is a detailed description of all fields found in core API objects.
-
An overview of the Design of Kubernetes
-
There are example files and walkthroughs in the examples folder.
-
If something went wrong, see the troubleshooting guide for how to debug. You should also check the known issues for the release you're using.
-
To report a security issue, see Reporting a Security Issue.