CONTEXT=$(kubectl config current-context)
- Create the required service account and cluster role binding :
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-service-account
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-service-account
namespace: kube-system
# This service account uses the ClusterAdmin role -- this is not necessary,
# more restrictive roles can by applied.
kubectl apply --context $CONTEXT \
-f service-account.yml
- Get the TOKEN for the account :
TOKEN=$(kubectl get secret --context $CONTEXT \
$(kubectl get serviceaccount admin-service-account \
--context $CONTEXT \
-n kube-system \
-o jsonpath='{.secrets[0].name}') \
-n kube-system \
-o jsonpath='{.data.token}' | base64 --decode)
kubectl config set-credentials ${CONTEXT}-token-user --token $TOKEN
kubectl config set-context $CONTEXT --user ${CONTEXT}-token-user
