该命令可以校验用户或者serviceaccount是否有对应的权限
[root@yyzc-zjjcs01 ~]# /opt/kubernetes/bin/kubectl --kubeconfig /opt/kubernetes/conf/default-admin.kubeconfig auth --help
Inspect authorization
Available Commands:
can-i Check whether an action is allowed
reconcile Reconciles rules for RBAC Role, RoleBinding, ClusterRole, and ClusterRoleBinding objects
Usage:
kubectl auth [flags] [options]
Use “kubectl --help” for more information about a given command.
Use “kubectl options” for a list of global command-line options (applies to all commands).
[root@yyzc-zjjcs01 ~]# /opt/kubernetes/bin/kubectl --kubeconfig /opt/kubernetes/conf/default-admin.kubeconfig auth can-i --help
Check whether an action is allowed.
VERB is a logical Kubernetes API verb like ‘get’, ‘list’, ‘watch’, ‘delete’, etc. TYPE is a Kubernetes resource.
Shortcuts and groups will be resolved. NONRESOURCEURL is a partial URL