Create a User in Kubernetes

Getting an Overview

$ kubectl get clusterrole -o name
clusterrole.rbac.authorization.k8s.io/admin
[...]
clusterrole.rbac.authorization.k8s.io/cluster-admin
[...]
clusterrole.rbac.authorization.k8s.io/edit
[...]
clusterrole.rbac.authorization.k8s.io/system:basic-user
[...]
clusterrole.rbac.authorization.k8s.io/view
kubectl describe clusterrole.rbac.authorization.k8s.io/edit
# or in short
kubectl describe clusterrole edit
$ kubectl get role -o name
Name: edit
Labels: kubernetes.io/bootstrapping=rbac-defaults
rbac.authorization.k8s.io/aggregate-to-admin=true
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
-----------------------------------------------------
configmaps [] [] [] [create delete deletecollection patch update get list watch]
[...]

Lets get started!

$ kubectl create serviceaccount sa-dev
$ kubectl create clusterrolebinding sa-dev-edit --clusterrole edit --serviceaccount=default:sa-dev
$ kubectl describe sa sa-dev
Name: sa-dev
Namespace: default
[...]
Tokens: sa-dev-token-w285j
Events: <none>
$ kubectl describe secret sa-dev-token-w285
Name: sa-dev-token-w285j
Namespace: default
Labels: <none>
Annotations: kubernetes.io/service-account.name: sa-dev
kubernetes.io/service-account.uid: uid-uid-uid-8b89-uid
Type: kubernetes.io/service-account-tokenData
====
ca.crt: 1017 bytes
namespace: 7 bytes
token: <a very long token>
$ kubectl config set-cluster <MyClusterName> --server=https://<IPorDNS>:<access Port> --insecure-skip-tls-verify=<true/false>
$ kubectl config set-credentials sa-dev --token=<a very long token>
$ kubectl config set-context sa-dev --cluster=<MyClusterName> --user=sa-dev
$ kubectl config use-context sa-dev

Sumup

$ kubectl create serviceaccount <SA-Username>$ kubectl create clusterrolebinding <ClusterroleName> \
--clusterrole edit --serviceaccount=default:<SA-Username>
$ kubectl describe secret <SA-Username>-token-p7gpc$ kubectl config set-cluster <MyClusterName> \
--server=https://<MyClusterIPorDNSname>:<access Port> \
--insecure-skip-tls-verify=<true/false>
$ kubectl config set-credentials <SA-Username> \
--token=<Token>
$ kubectl config set-context <SA-Username> \
--cluster=<MyClusterName> \
--user=<SA-Username>
$ kubectl config use-context <SA-Username>

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store