Create a User in Kubernetes

Getting an Overview

Print the Clusterroles existing on the Kubernetes Cluster

$ kubectl get clusterrole -o name
clusterrole.rbac.authorization.k8s.io/admin
[...]
clusterrole.rbac.authorization.k8s.io/cluster-admin
[...]
clusterrole.rbac.authorization.k8s.io/edit
[...]
clusterrole.rbac.authorization.k8s.io/system:basic-user
[...]
clusterrole.rbac.authorization.k8s.io/view
kubectl describe clusterrole.rbac.authorization.k8s.io/edit
# or in short
kubectl describe clusterrole edit

Show all roles are defined in the current Namespace (NS)

$ kubectl get role -o name
Name: edit
Labels: kubernetes.io/bootstrapping=rbac-defaults
rbac.authorization.k8s.io/aggregate-to-admin=true
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
-----------------------------------------------------
configmaps [] [] [] [create delete deletecollection patch update get list watch]
[...]

Lets get started!

Create a Serviceaccount in the current Namespace

$ kubectl create serviceaccount sa-dev

Bind a Clusterrole to a Serviceaccount

$ kubectl create clusterrolebinding sa-dev-edit --clusterrole edit --serviceaccount=default:sa-dev

Extending the Context file using kubectl

$ kubectl describe sa sa-dev
Name: sa-dev
Namespace: default
[...]
Tokens: sa-dev-token-w285j
Events: <none>
$ kubectl describe secret sa-dev-token-w285
Name: sa-dev-token-w285j
Namespace: default
Labels: <none>
Annotations: kubernetes.io/service-account.name: sa-dev
kubernetes.io/service-account.uid: uid-uid-uid-8b89-uid
Type: kubernetes.io/service-account-tokenData
====
ca.crt: 1017 bytes
namespace: 7 bytes
token: <a very long token>

Setting Kubernetes Cluster parameters

$ kubectl config set-cluster <MyClusterName> --server=https://<IPorDNS>:<access Port> --insecure-skip-tls-verify=<true/false>

Adding the token of the user to the context

$ kubectl config set-credentials sa-dev --token=<a very long token>

Creating the Serviceaccount as User in the context

$ kubectl config set-context sa-dev --cluster=<MyClusterName> --user=sa-dev

Switch the Context to your newly created user-context

$ kubectl config use-context sa-dev

Sumup

  1. First of all we’ve created a Serviceaccount and a Clusterrolebinding.
  2. After that we added a Clusterrolebinding (edit) to the Serviceaccount.
  3. Then we got the access-token of the Serviceaccount and added it to our KUBECONFIG or context-file.
  4. At last we switched the user in our context files and connected to the Cluster using our new Service Account
$ kubectl create serviceaccount <SA-Username>$ kubectl create clusterrolebinding <ClusterroleName> \
--clusterrole edit --serviceaccount=default:<SA-Username>
$ kubectl describe secret <SA-Username>-token-p7gpc$ kubectl config set-cluster <MyClusterName> \
--server=https://<MyClusterIPorDNSname>:<access Port> \
--insecure-skip-tls-verify=<true/false>
$ kubectl config set-credentials <SA-Username> \
--token=<Token>
$ kubectl config set-context <SA-Username> \
--cluster=<MyClusterName> \
--user=<SA-Username>
$ kubectl config use-context <SA-Username>

--

--

--

Working as a IT-Operations engineer at NeXenio, a spin-off by Hasso-Plattner-Institute for products around a digitial workspace.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

CS371p Fall 2020: Roman Kuhn

Pros & Cons Of Flutter Mobile App Development

Web-based Layouts: Past & Future?

Create an Amazon ES Public Domain

Selenium Instagram-followers and following list

Why Scrum Values Are Underrated But Essential

Flutter Themes In 15 Minutes

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
D. Heinrich

D. Heinrich

Working as a IT-Operations engineer at NeXenio, a spin-off by Hasso-Plattner-Institute for products around a digitial workspace.

More from Medium

GitOps — simplifying deployments and delivery

GitOps

Install Openshift CRC on your Laptop/Desktop/Workstation — RHEL8/RockyLinux8

Install Openshift CRC on your Laptop/Desktop/Workstation - RHEL8/RockyLinux8

Continuous Deployment in Client-Server Architecture

How to handle Deployments Using Kubernetes Engine on Google Cloud Platform