Permission Manager : Tool To Kubernetes RBAC And Users Management, Web UI FTW

Permission Manager is an application developed by SIGHUP that enables a super-easy and user-friendly RBAC management for Kubernetes. If you are looking for a simple and intuitive way of managing your users within a Kubernetes cluster, this is the right place.

With Permission Manager, you can create users, assign namespaces/permissions, and distribute Kubeconfig YAML files via a nice&easy web UI.

Screenshots

  • First Page
  • Creating a user
  • Creating a user – Summary
  • User’s Kubeconfig*

Installation

To deploy and run the Permission Manager on your cluster, follow the installation guide

Development Setup

We love contributions from the community ❤️.
Learn how-to-contribute

How it works?

The application allows us to define and select permission standard templates (those defining who can do what, within a namespace or globally) and associate them with all the users you might want to create.

The template system is an abstraction over Cluster-Roles, RoleBinding, and ClusterRolesBindigs.

Do we plan to use CRD’s and custom labels? Sure, it’s in the product roadmap.

What is a template?

A template is a ClusterRole with a prefix

template-namespaced-resources___

for example template-namespaced-resources___developer

Why a template is not a CRD?

When we started the development of this project, a template was one-to-one to a clusterrole, the usage of a CRD looked overkill. This will obviously change in future to avoid polluting clusterroles and will allow us to have a more precise encapsulation of what is owned by the permission manager.

How to add a new template?

Create a clusterrole starting with template-namespaced-resources___ and apply it.

Default templates

developer and operation default templates can be created by applying the manifest located at k8s/k8s-seeds/seed.yml

kubectl apply -f k8s/k8s-seeds

What is a user?

A user is a custom resource of kind permissionmanagerusers.permissionmanager.user

R K

Recent Posts

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

2 hours ago

Full Spectrum Event Tracing For Windows Detection In The kernel Against Rootkits

Sanctum EDR demonstrates a multi-layered approach to detecting and preventing Event Tracing for Windows (ETW)…

2 hours ago

SpyAI : Intelligent Malware With Advanced Capabilities

SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…

3 days ago

Proxmark3 : The Ultimate Tool For RFID Security And Analysis

The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…

3 days ago

Awesome Solana Security : Enhancing Program Development

The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…

3 days ago

IngressNightmare-POCs : Understanding The Vulnerability Exploitation Flow

The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…

3 days ago