← All one-liners·#050·Security·llm cli·expert

Audit Kubernetes RBAC Roles with Claude

Extract Kubernetes cluster roles and use Claude to identify overly permissive grants or wildcard security risks.

Setup
  • → kubectl configured with cluster-admin access
  • → claude CLI installed and authenticated
Cost per run
Claude API token costs (varies by cluster size)
The one-liner
$ kubectl get clusterroles,roles -A -o yaml | claude -p "Audit this Kubernetes RBAC configuration. Flag any overly permissive roles, wildcard permissions ('*'), or privilege escalation risks. Output a concise markdown security report."
What each stage does
  1. [01] kubectlkubectl get clusterroles,roles -A -o yaml
    Fetches all ClusterRoles and namespace-scoped Roles across the entire cluster in YAML format.
  2. [02] claude| claude -p
    Pipes the raw YAML output into the Claude CLI tool, using the prompt flag to define the analysis task.
  3. [03] claude"Audit this Kubernetes RBAC configuration... output a concise markdown security …
    Instructs the LLM to specifically look for wildcard permissions, privilege escalation risks, and format the findings as markdown.
Expected output (sample)
# Kubernetes RBAC Security Audit
⚠️ **CRITICAL RISKS DETECTED**
- Wildcard permissions: Role `dev-full-access` in `default` has `resources: ["*"]`.
- Privilege escalation: `edit-secrets` role allows reading all cluster secrets.
**Recommendations:**
1. Scope down `dev-full-access` to specific resources.
2. Restrict secret access to specific service accounts.
Caveats & tips
  • Footgun: Sending full RBAC configurations to an external LLM API exposes infrastructure details; ensure compliance with your organization's data policies.
  • Cost: Large clusters will generate massive YAML payloads, consuming significant input tokens and potentially costing several dollars per run.