Providing the right access to administer your Kubernetes cluster is crucial. It reduces exposure and vulnerability but is hard to manage and visualize with 'kubectl' and the Kubernetes API directly. There are certain best practices to be applied, but those are typically not imposed by the default Kubernetes cluster deployments.
In this webinar we're going to show you an open source tool developed at Aqua, a 'kubectl' plugin called 'who-can', for auditing your cluster's RBAC configuration to find some of the vulnerabilities.