how to check whether RBAC is enabled, using kubectl
I'm trying to install a helm package on a kubernetes cluster which allegedly has RBAC disabled.
I'm getting a permission error mentioning clusterroles.rbac.authorization.k8s.io, which is what I'd expect if RBAC was enabled.
Is there a way to check with kubectl whether RBAC really is disabled?
What I've tried:
kubectl describe nodes --all-namespaces | grep -i rbac: nothing comes upkubectl describe rbac --all-namespaces | grep -i rbac: nothing comes upkubectl config get-contexts | grep -i rbac: nothing comes upk get clusterrolesit says "No resources found", not an error message. So does that mean that RBAC is enabled?kuebctl describe clusterisn't a thing
I'm aware that maybe this is the x-y problem because it's possible the helm package I'm installing is expecting RBAC to be enabled. But still, I'd like to know how to check whether or not it is enabled/disabled.
Answer
You can check this by executing the command kubectl api-versions; if RBAC is enabled you should see the API version .rbac.authorization.k8s.io/v1.
In AKS, the best way is to check the cluster's resource details at resources.azure.com.
If you can spot "enableRBAC": true, your cluster has RBAC enabled.
Please note that existing non-RBAC enabled AKS clusters cannot currently be updated for RBAC use. (thanks @DennisAmeling for the clarification)