TIL: kubectl auth can-i <verb> <resource> 🔥 Now I know how to check: 1) If a user can perform an action on a resource: `kubectl auth can-i get pods -n kube-system` 2) List all allowed actions for a user: `kubectl auth can-i --list`

@iximiuz Yeah these are cool....But we've been looking for a kubectl get subjects to get a list of ueers/groups. Anyone know any way to enumerate these?

@codezeroio I think it's impossible to enumerate users - a user can be anyone with a trusted cert or any other valid authN means. I.e., users aren't stored anyhow. For RBAC, you could probably enumerate all subjects by looking at role bindings. But I'm not sure how ABAC fits in.