Kubernetes
Kubernetes RBAC Policy Checker
Paste a Kubernetes Role or ClusterRole YAML to validate structure, detect wildcard privilege escalation, and check least-privilege compliance.
No data is transmitted โ everything runs locallyTool
About this tool
Kubernetes RBAC Policy Checker
The Kubernetes RBAC Policy Checker validates Role and ClusterRole YAML structure, detects wildcard escalation patterns, and flags overbroad permissions on sensitive resources.
โข Validate a new RBAC role before applying to a production cluster
โข Detect wildcard verbs on sensitive resources like secrets
โข Check whether a role binding grants more privilege than intended
โข Audit RBAC policies during a Kubernetes security review
Affiliate disclosure
Uptime, incident, and on-call management. Better Stack provides status pages, incident management, and on-call scheduling for engineering teams.
View the credentials behind your RBAC roles โ 1Password Teams
External site ยท Independent provider ยท We may receive a commission ยท Not a recommendation
FAQ
What does this tool tell you?
The Kubernetes RBAC Policy Checker validates Role and ClusterRole YAML structure, detects wildcard escalation patterns, and flags overbroad permissions on sensitive resources.
What affects the result most?
Validates Kubernetes RBAC Role/ClusterRole YAML: apiGroups, resources, verbs structure. Wildcard escalation detection: verbs: ['*'] on resources: ['*'] grants cluster-admin equivalent. apiGroups mapping: '' (core), 'apps', 'batch', 'extensions', 'rbac.authorization.k8s.io'.
How should I use the result?
Treat the tool's output as a first-pass check, not a proof of correctness. A clean pass means no issues in the patterns this tool recognizes; a failure points to a specific problem you can investigate in your source. The underlying spec is the authoritative source for edge cases.