kubernetes-mcp-server
by containers
- kubernetes-mcp-server
- evals
- tasks
- create-simple-rbac
verify.sh•1.33 kB
#!/usr/bin/env bash
NAMESPACE="create-simple-rbac"
SERVICE_ACCOUNT="reader-sa"
SERVICE_ACCOUNT_USER="system:serviceaccount:${NAMESPACE}:${SERVICE_ACCOUNT}"
# Check for allowed permissions
if ! kubectl auth can-i get pods --as=$SERVICE_ACCOUNT_USER -n $NAMESPACE &> /dev/null; then
echo "ServiceAccount cannot 'get' pods."
exit 1
fi
if ! kubectl auth can-i list pods --as=$SERVICE_ACCOUNT_USER -n $NAMESPACE &> /dev/null; then
echo "ServiceAccount cannot 'list' pods."
exit 1
fi
# Check for denied permissions
if kubectl auth can-i delete pods --as=$SERVICE_ACCOUNT_USER -n $NAMESPACE &> /dev/null; then
echo "ServiceAccount has excessive permissions (can 'delete' pods)."
exit 1
fi
if kubectl auth can-i create pods --as=$SERVICE_ACCOUNT_USER -n $NAMESPACE &> /dev/null; then
echo "ServiceAccount has excessive permissions (can 'create' pods)."
exit 1
fi
if kubectl auth can-i create pods --as=$SERVICE_ACCOUNT_USER &> /dev/null; then
echo "ServiceAccount has excessive permissions (can 'create' pods in other namespace)."
exit 1
fi
if kubectl auth can-i list pods --as=$SERVICE_ACCOUNT_USER -A &> /dev/null; then
echo "ServiceAccount has excessive permissions (can 'list' pods in other namespace)."
exit 1
fi
echo "Verification successful: RBAC role and binding correctly configured."
exit 0
Latest Blog Posts
- MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic InfrastructureBy Om-Shree-0709 on .mcpanthropicLinux Foundation
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/containers/kubernetes-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server