RBACLens

---

RBACLens is a powerful CLI tool for auditing and analyzing Kubernetes RBAC (Role-Based Access Control) resources. It helps cluster administrators and security teams identify risky RBAC configurations, visualize permissions, and ensure best practices are followed.

Note

RBACLens is also great for anyone learning about Kubernetes RBAC rules!

Features

• Fetch RBAC resources: Retrieve Roles, ClusterRoles, RoleBindings, and ClusterRoleBindings from a Kubernetes cluster and save them to a JSON file for offline analysis.
• Audit for risky configurations: Analyze RBAC resources using built-in rules to detect overly permissive or dangerous settings.
• Flexible input: Audit live from a cluster or from previously saved JSON files.

---

Installation

Pre-built Binary (Recommended)Install via GoBuild from Source

1. Go to the GitHub Releases page
2. Download the appropriate binary for your OS and architecture.
3. Move the binary to a directory in your PATH (e.g., ~/bin, ~/.local/bin, or /usr/local/bin).
4. (Optional) Rename the binary to rbaclens for convenience. This makes it easier to run the tool from the terminal.

LinuxmacOSWindows (PowerShell)

mv RBACLens-linux-amd64 ~/bin/rbaclens
chmod +x ~/bin/rbaclens

mv RBACLens-darwin-amd64 /usr/local/bin/rbaclens
chmod +x /usr/local/bin/rbaclens

Rename-Item -Path .\RBACLens-windows-amd64.exe -NewName rbaclens.exe
Move-Item -Path .\rbaclens.exe -Destination $env:USERPROFILE\bin\rbaclens.exe

Tip

You can rename the binary to rbaclens (lowercase) for convenience, and ensure the directory is in your PATH so you can run rbaclens from anywhere.

go install github.com/flushthemoney/RBACLens@latest

Ensure $HOME/go/bin is in your PATH.

Fish shellBash / ZshSymlink for Convenience

set -U fish_user_paths $fish_user_paths $HOME/go/bin

Add this to your ~/.bashrc or ~/.zshrc:

export PATH="$PATH:$HOME/go/bin"

If the binary is named RBACLens, you may want to symlink it to rbaclens:

ln -sf "$HOME/go/bin/RBACLens" "$HOME/go/bin/rbaclens"

git clone https://github.com/flushthemoney/RBACLens.git
cd RBACLens
go build -o rbaclens main.go

---

Usage

RBACLens provides the following commands:

• Fetch RBAC Resources: rbaclens fetch
  See details →
• Audit RBAC Resources: rbaclens ruleaudit
  See details →

For advanced usage and all options, see the project README.

---

Documentation

• Fetch Command
• Rule Audit Command
• Project README

---

Info

You can contribute or report issues on GitHub