This guide will discuss how you can create an admin user who has access to all Kubernetes resources. The admin user can modify objects in all namespaces as well as administer any other components in a cluster.<\/p>\n\n\n\n
Create Admin service account<\/h2>\n\n\n\n
Let’s start by creating a Service Account manifest file. I’ll name the service account k8sadmin<\/em><\/strong>:<\/p>\n\n\n\n Where k8sadmin <\/strong>is the name of the service account to be created.<\/p>\n\n\n\n After creating a file, apply the manifest to create objects in your kubernetes cluster.<\/p>\n\n\n\n Next is to assign the service account created a cluster role binding of cluster-admin.<\/strong> <\/p>\n\n\n\n Replace k8sadmin <\/strong>with the name of the service account you created in step 1.<\/p>\n\n\n\n Apply the file.<\/p>\n\n\n\n You can print the generated token for a service account by using the kubectl <\/strong>command.<\/p>\n\n\n\n Set a variable to store the name of the service account.<\/p>\n\n\n\n Then run the command below to print the token for the admin user created.<\/p>\n\n\n\n Output:<\/p>\n\n\n\n Copy the contents in token<\/strong> key.<\/p>\n\n\n\n From Kubernetes 1.24<\/em><\/strong> on, the token is not automatically created anymore<\/a>. We’ll instead use TokenRequest API to create tokens.<\/p>\n\n\n\n Sample output:<\/p>\n\n\n\n To create a secret create a file.<\/p>\n\n\n\n Create object in kubernetes<\/p>\n\n\n\n You can then print the token.<\/p>\n\n\n\n Once the token is created, you can access your Kubernetes Dashboard with it. If using the NodePort<\/em> to access dashboard service, you can obtain port allocated by issuing the command.<\/p>\n\n\n\n For me I will access the Kubernetes dashboard on any cluster machine IP address on port 32254.<\/strong><\/p>\n\n\n\n Select Token<\/strong> authentication type and paste your token to access the dashboard.<\/p>\n\n\n\n We created an admin user account which has full access to cluster resources. If you would like to grant users access with limit to the namespace, refer to our previous guide below.<\/p>\n\n\n\n More guides on Kubernetes and containers:<\/p>\n\n\n\n Kubernetes dashboard is a web based user interface for deploying containerized applications to a Kubernetes cluster – Deployments, Jobs, StatefulSets, DaemonSets e.t.c, and managing cluster resources while being able to troubleshoot issues that may arise. You can use the Dashboard to get an overview of applications running on your cluster. Check our guide below on … Read more<\/a><\/p>\n","protected":false},"author":3,"featured_media":45731,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50,316,299,317],"tags":[218,217,318],"class_list":["post-45715","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux-tutorials","category-containers","category-how-to","category-kubernetes","tag-containers","tag-docker","tag-kubernetes"],"_links":{"self":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/45715","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/comments?post=45715"}],"version-history":[{"count":0,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/45715\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media\/45731"}],"wp:attachment":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media?parent=45715"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/categories?post=45715"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/tags?post=45715"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}$ vim admin-sa.yml<\/mark>\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: k8sadmin<\/mark>\n namespace: kube-system<\/code><\/pre>\n\n\n\n$ kubectl apply -f admin-sa.yml<\/mark>\nserviceaccount\/k8sadmin created\nclusterrolebinding.rbac.authorization.k8s.io\/k8sadmin created<\/code><\/pre>\n\n\n\nCreate a Cluster Role Binding<\/h2>\n\n\n\n
$ vim admin-rbac.yml<\/mark>\n---\napiVersion: rbac.authorization.k8s.io\/v1\nkind: ClusterRoleBinding\nmetadata:\n namespace: kube-system\n name: k8sadmin<\/mark>\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: cluster-admin\nsubjects:\n - kind: ServiceAccount\n name: k8sadmin<\/mark>\n namespace: kube-system<\/code><\/pre>\n\n\n\nkubectl apply -f admin-rbac.yml<\/code><\/pre>\n\n\n\nObtain admin user token<\/h2>\n\n\n\n
Kubernetes <=1.23.<\/h3>\n\n\n\n
SA_NAME=\"k8sadmin<\/mark>\"<\/code><\/pre>\n\n\n\nkubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep ${SA_NAME} | awk '{print $1}')<\/code><\/pre>\n\n\n\nName: k8sadmin-token-mm9jd\nNamespace: kube-system\nLabels: <none>\nAnnotations: kubernetes.io\/service-account.name: k8sadmin\n kubernetes.io\/service-account.uid: 80fade4b-4270-11ea-9fe4-005056ba45bd\n\nType: kubernetes.io\/service-account-token\n\nData\n====\ntoken: eyJhbGciOiJSUzI1NiIsImtpZCI9IiJ9.eyJpc7MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUxOiJqa211dGFpLWFkbWluLXRva2VuLW1tOWpkIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImprbXV0YWktYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI4MGZhZGU0Yi00MjcwLTExZWEtOWZlNC0wMDUwNTZiYTQ1YmQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06amttdXRhaS1hZG1pbiJ9.uMC2ydeHF4jVA5tnKFbBeHRvc4NWqL920jigk2FDeduUdBuFhsNyDcscmL-pBbWHG5KKwOAEuAAeyNaknaHsDadNnbLpp4AMZTTdr22FEp-_v7MfIEQm3QWmq-c0ykpdrzUzGmk5Q3JIpfqeorDI0lZd52-DF4IVMw3VtTNp6ZMHdieQUNRnCEyfs98raCTRAotiXZQaMvmRW5s9peu5hfxM71jufg-Qzmflr9nO-dY2dOHh1WZcKhJqfNfB73GYX2TQlUlurV4Oy0-2CpUUpJ1HAjcSHzKGuSrMUAMAhRwhbZZXhwvbQ6Ei_9Vv2PkD8_Pw9c-k9x-bblFSAqyFhA\nca.crt: 1025 bytes\nnamespace: 11 bytes<\/code><\/pre>\n\n\n\nKubernetes >=1.24<\/h3>\n\n\n\n
kubectl create token k8sadmin<\/mark><\/code><\/pre>\n\n\n\neyJhbGciOiJSUzI1NiIsImtpZCI6ImkyWUh6N01DaW9OUG40Uzk0NVVRdlZoZWV0TzQ5cTNOd21UcFQxdE5ud0UifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLms4cy5jbG91ZGxhYnNrZS5pbyJdLCJleHAiOjE2Nzg0NTY3MjEsImlhdCI6MTY3ODQ1MzEyMSwiaXNzIjoiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLms4cy5jbG91ZGxhYnNrZS5pbyIsImt1YmVybmV0ZXMuaW8iOnsibmFtZXNwYWNlIjoia3ViZS1zeXN0ZW0iLCJzZXJ2aWNlYWNjb3VudCI6eyJuYW1lIjoiamttdXRhaS1hZG1pbiIsInVpZCI6IjQxNGEzMDZkLTU3MjgtNGE3ZS1iZjhhLTdlNjZjNzc0M2I4OSJ9fSwibmJmIjoxNjc4NDUzMTIxLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06amttdXRhaS1hZG1pbiJ9.MnKpsXpj2xQcqJtx-KTrqpTnQ3l79jhjdHEjtSHvjV4F-Fkvj3YpqqfqQHmN5_WNKxrgxQNdbUEVLjBJmhYYrZEOiGRdtb7s5XKA6C4eY-mGr59UZvdNWyILHfoDCi8YT8IyUdu6wpAO_6zdHHh95F2g7mM0QZAgVHT5RR3hPCDRrUpYm1ZiDUohg-A6RnnSoDXKpHQ4Y9v_HQZWufdldfQ0XYwI47nDnKkimLyTcn-n9hWMBbUh6x79paL0Jf0QfBoFRtrzWlDMhyhPPxEehgwo8Qdmplz1vA6trBUl52gEz0E9iVyGsMz3bKhbk_-F-raTYhHlJx2iqdmnnON0uw<\/code><\/pre>\n\n\n\n$ vim k8sadmin-secret.yaml<\/mark>\napiVersion: v1\nkind: Secret\nmetadata:\n name: k8sadmin-token<\/mark>\n annotations:\n kubernetes.io\/service-account.name: k8sadmin<\/mark>\ntype: kubernetes.io\/service-account-token<\/code><\/pre>\n\n\n\nkubectl apply -f k8sadmin-secret.yaml<\/code><\/pre>\n\n\n\nexport NAMESPACE=\"kube-system<\/mark>\"\nexport K8S_USER=\"k8sadmin<\/mark>\"\nkubectl -n ${NAMESPACE} describe secret $(kubectl -n ${NAMESPACE} get secret | (grep ${K8S_USER} || echo \"$_\") | awk '{print $1}') | grep token: | awk '{print $2}'\\n<\/code><\/pre>\n\n\n\nAccessing Kubernetes Dashboard<\/h2>\n\n\n\n
$ kubectl get services -n <namespace> | grep dashboard<\/span>\nkubernetes-dashboard NodePort 10.111.76.69 <none> 443:32254\/TCP 414d<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2020\/01\/access-kubernetes-dashboard-01.png\" "\\"\\"")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2020\/01\/access-kubernetes-dashboard-02-1024x567.png\" "\\"\\"")
<\/figure>\n\n\n\nCreating non admin user account<\/h2>\n\n\n\n
\n
\n