Version: 0.7

kore assume

kore assume#

Escalates your privileges for a short-lived time


By default users are not assigned long-lived permissions to clusters or the Kore API. Instead they can assume permissions by requesting access to a plan (set of permissions). Assuming they meet the any constriants placed on acquiring the role their permissions will be evalvated for a period of time, after which the permissions rollback.

kore assume [flags]


# Assume namespace admin in a cluster
$ kore assume namespace.admin
# You skip the prompts by supplying the known parameters
$ kore assume namespace.admin --cluster <name> --namespace <namespace>
# Use the paramater flag to fill in the option
$ kore assume namespace.admin --param=cluster=<name> --parma=namespace=<name>
# Policies which target clusters can take a second or so for the policy
# to propagate - the default behaviour is to always wait, this can be changed with
$ kore assume --no-wait
# Note, any clusters already in the team are automatically provisioned in your
# kubeconfig (unless --disable-kubeconfig=true is set). You can access the cluster
# via
$ kubectl --context <team>.<cluster> [commands]


--cluster string cluster name you wish to assume
--disable-kubeconfig indicates we should not automatically update kubeconfig
--dry-run shows the resource but does not apply or create
--expire duration expiration of the role assumption (default 1h0m0s)
-h, --help help for assume
--namespace string namespace you wish to assume into
-p, --param strings parameter supplied to the plan

Options inherited from parent commands#

--debug indicates we should use debug / trace logging (defaults: false)
--force is used to force an operation to happen (defaults: false)
--no-wait indicates if we should wait for resources to provision
-o, --output string the output format of the resource (json,yaml,table,template) (default "table")
--profile string allows you to explicitly set the selected profile
--show-headers indicates we should display headers on table out (default true)
-t, --team string the team you are operating within
--verbose enables verbose logging for debugging purposes (defaults: false)


  • kore - kore provides a cli for the Kore