https://github.com/syself/readonly-kubernetes-service-account
Create a Readonly Kubernetes ServiceAccount
https://github.com/syself/readonly-kubernetes-service-account
Last synced: 2 months ago
JSON representation
Create a Readonly Kubernetes ServiceAccount
- Host: GitHub
- URL: https://github.com/syself/readonly-kubernetes-service-account
- Owner: syself
- License: apache-2.0
- Created: 2026-03-20T14:28:49.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2026-03-20T15:20:02.000Z (3 months ago)
- Last Synced: 2026-03-21T06:44:03.671Z (3 months ago)
- Language: Go
- Size: 25.4 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# readonly-kubernetes-service-account
Generate YAML for a readonly Kubernetes service account.
## Usage
```text
Usage: readonly-kubernetes-service-account [flags]
This tool creates YAML for a service account, which can read all resources, except secrets.
The SA gets access to all core resources (except secrets), and all non-core API groups.
This tool connects to your cluster, discovers which API resources and API groups exist,
and uses that information to generate a ClusterRole with readonly permissions.
It does not apply changes to the cluster.
By default it prints the YAML to stdout. With -o it writes the YAML to a file.
Flags:
--binding-name string name of the generated ClusterRoleBinding
(default: -)
-h, --help help for readonly-kubernetes-service-account
--namespace string namespace for the ServiceAccount subject
(default "default")
-o, --output string write YAML to file instead of stdout
--role-name string name of the generated ClusterRole (default
"read-all-except-secrets")
Run without installing:
go run github.com/syself/readonly-kubernetes-service-account@latest -o ro-sa.yaml ro-sa
```
## Feedback?
Please create an issue if you have an idea for how we could improve this tool.