The service exposes an HTTP server and currently only works with an in-cluster config.
Allows listing a namespace's RoleBindings based on their subject names either by exact value or a regular expression.
The endpoint requires a a namespace and one or more subjectNames either as alphanumeric strings (exact match)
or regular expressions which can be provided either as json or yaml depending on the Content-Type header.
The response will match the type of the request.
Content-Type: application/json
{
"namespace": "default",
"subjectNames": [
"subject1",
"subject2",
"subject[3,4]"
]
}Content-Type: application/x-yaml
namespace: default
subjectNames:
- subject1
- subject2
- subject[3,4]- Run
make build. Service binary will be./bin/go-kube-api.
- Run
make docker. Docker tag will bego-kube-api:dev.
-
Make sure you have a kubernetes with RBAC enabled.
-
If you are running kubernetes from the docker mac app, you will have to first remove the global role that gives everyone admin access.
kubectl delete ClusterRoleBinding docker-for-desktop-binding
-
Build the docker image.
make docker
-
Apply the kubernetes manifests.
kubectl apply -f deployment.yaml
-
Check the service is running as expected.
kubectl get deploy go-kube-api
-
Port forward the service to your local machine. (or access the service any other way you can).
kubectl port-forward service/go-kube-api 8080
-
Check the health endpoint of the service.
curl http://localhost:8080/healthz
-
Add some sample roles and bindings.
kubectl apply -f fixtures.yaml
-
Make a request to retrieve role bindings by subject name.
curl \ -d '{"namespace":"default","subjectNames":["subject[3,4]"]}' \ -H 'Content-Type: application/json' \ http://localhost:8080/v1/rbac/enumerateBySubjectNames