-
Notifications
You must be signed in to change notification settings - Fork 923
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
when you has a default kubeconfig ,using kubectl auth can-i --list --token still get the kubeconfig privielge #1657
Comments
This issue is currently awaiting triage. SIG CLI takes a lead on issue triage for this repo, but any Kubernetes member can accept issues by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
what i am doing is do some fix in ToRESTConfig function in clientset.go
func (f *MatchVersionFlags) ToRESTConfig() (*rest.Config, error) {
} |
First of all flags should not be located before the command. In that case; kubectl auth can-i --server=https://192.168.26.65:6443 --insecure-skip-tls-verify --token=$TOKEN **--list** should be used like this.
Are you saying that when token is used, certdata in kubeconfig should be used? |
i mean ,when you use command
and if you have kubeconfig ,it also use kubeconfig,not use this token to auth apiserver |
I think, running this command with |
What would you like to be added:
if you are using command like this
and you have a default kubeconfig in admin.conf,kubectl also will use the kubeconfig certdata but not use the token,i think if you use --token that mean you want to get is what the token priviege is not the kubeconfig
Why is this needed:
easy and fast to know the what the sa can do
The text was updated successfully, but these errors were encountered: