Create a User in Kubernetes

Getting an Overview

Print the Clusterroles existing on the Kubernetes Cluster

$ kubectl get clusterrole -o name
kubectl describe
# or in short
kubectl describe clusterrole edit

Show all roles are defined in the current Namespace (NS)

$ kubectl get role -o name
Name: edit
Annotations: true
Resources Non-Resource URLs Resource Names Verbs
configmaps [] [] [] [create delete deletecollection patch update get list watch]

Lets get started!

Create a Serviceaccount in the current Namespace

$ kubectl create serviceaccount sa-dev

Bind a Clusterrole to a Serviceaccount

$ kubectl create clusterrolebinding sa-dev-edit --clusterrole edit --serviceaccount=default:sa-dev

Extending the Context file using kubectl

$ kubectl describe sa sa-dev
Name: sa-dev
Namespace: default
Tokens: sa-dev-token-w285j
Events: <none>
$ kubectl describe secret sa-dev-token-w285
Name: sa-dev-token-w285j
Namespace: default
Labels: <none>
Annotations: sa-dev uid-uid-uid-8b89-uid
ca.crt: 1017 bytes
namespace: 7 bytes
token: <a very long token>

Setting Kubernetes Cluster parameters

$ kubectl config set-cluster <MyClusterName> --server=https://<IPorDNS>:<access Port> --insecure-skip-tls-verify=<true/false>

Adding the token of the user to the context

$ kubectl config set-credentials sa-dev --token=<a very long token>

Creating the Serviceaccount as User in the context

$ kubectl config set-context sa-dev --cluster=<MyClusterName> --user=sa-dev

Switch the Context to your newly created user-context

$ kubectl config use-context sa-dev


  1. First of all we’ve created a Serviceaccount and a Clusterrolebinding.
  2. After that we added a Clusterrolebinding (edit) to the Serviceaccount.
  3. Then we got the access-token of the Serviceaccount and added it to our KUBECONFIG or context-file.
  4. At last we switched the user in our context files and connected to the Cluster using our new Service Account
$ kubectl create serviceaccount <SA-Username>$ kubectl create clusterrolebinding <ClusterroleName> \
--clusterrole edit --serviceaccount=default:<SA-Username>
$ kubectl describe secret <SA-Username>-token-p7gpc$ kubectl config set-cluster <MyClusterName> \
--server=https://<MyClusterIPorDNSname>:<access Port> \
$ kubectl config set-credentials <SA-Username> \
$ kubectl config set-context <SA-Username> \
--cluster=<MyClusterName> \
$ kubectl config use-context <SA-Username>




Working as a IT-Operations engineer at NeXenio, a spin-off by Hasso-Plattner-Institute for products around a digitial workspace.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Explore the File System with netrw


Wordpress og tags Scrtip no need to use third party plugins

Performance Implications of Immutability

15.3 Sharing Your Artistic Vision with the World

OCSP Stapling with relayd

Reactive Programming — Welcome to high-performance non-blocking API Development

Python functional programming processing functions: map () , Filter () , reduce ()

SQL 기초 공부일지_sparta coding club 4주차

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
D. Heinrich

D. Heinrich

Working as a IT-Operations engineer at NeXenio, a spin-off by Hasso-Plattner-Institute for products around a digitial workspace.

More from Medium

Introduction to Policy as Code

Virtual Network Functions aka VNF — In an Easy Way


Terraform doesn’t wanna know