how to check whether RBAC is enabled, using kubectl

falsePockets picture falsePockets · Jul 9, 2018 · Viewed 23.6k times · Source

I'm trying to install a helm package on a kubernetes cluster which allegedly has RBAC disabled. I'm getting a permission error mentioning clusterroles.rbac.authorization.k8s.io, which is what I'd expect if RBAC was enabled.

Is there a way to check with kubectl whether RBAC really is disabled?

What I've tried:

  • kubectl describe nodes --all-namespaces | grep -i rbac : nothing comes up
  • kubectl describe rbac --all-namespaces | grep -i rbac : nothing comes up
  • kubectl config get-contexts | grep -i rbac : nothing comes up
  • k get clusterroles it says "No resources found", not an error message. So does that mean that RBAC is enabled?
  • kuebctl describe cluster isn't a thing

I'm aware that maybe this is the x-y problem because it's possible the helm package I'm installing is expecting RBAC to be enabled. But still, I'd like to know how to check whether or not it is enabled/disabled.

Answer

danielepolencic picture danielepolencic · Nov 7, 2018

You can check this by executing the command kubectl api-versions; if RBAC is enabled you should see the API version .rbac.authorization.k8s.io/v1.

In AKS, the best way is to check the cluster's resource details at resources.azure.com. If you can spot "enableRBAC": true, your cluster has RBAC enabled. Please note that existing non-RBAC enabled AKS clusters cannot currently be updated for RBAC use. (thanks @DennisAmeling for the clarification)