From 2b980b8c01dfa17c08a4357b185b684bf69aa86f Mon Sep 17 00:00:00 2001 From: Thomas Guettler Date: Sun, 29 Jan 2023 19:39:58 +0100 Subject: [PATCH] Extend example to contain --as==... --- staging/src/k8s.io/kubectl/pkg/cmd/auth/cani.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/staging/src/k8s.io/kubectl/pkg/cmd/auth/cani.go b/staging/src/k8s.io/kubectl/pkg/cmd/auth/cani.go index cf6f76bd7d1..f81f341789d 100644 --- a/staging/src/k8s.io/kubectl/pkg/cmd/auth/cani.go +++ b/staging/src/k8s.io/kubectl/pkg/cmd/auth/cani.go @@ -83,6 +83,11 @@ var ( # Check to see if I can list deployments in my current namespace kubectl auth can-i list deployments.apps + # Check to see if service account "foo" of namespace "dev" can list pods + # in the namespace "prod". + # You must be allowed to use impersonation for the global option "--as". + kubectl auth can-i list pods --as=system:serviceaccount:dev:foo -n prod + # Check to see if I can do everything in my current namespace ("*" means all) kubectl auth can-i '*' '*'