Create an Admin Type Service AccountΒΆ
An admin type user typically has full permissions to cluster-scoped resources as well as full permissions to all resources scoped to any namespaces.
About this task
A cluster-admin ClusterRole is defined by default for such a user. To create an admin service account with cluster-admin role, use the following procedure:
Note
It is recommended that you create and manage service accounts within the kube-system namespace.
Procedure
Create the user definition.
For example:
% cat <<EOF > admin-user.yaml apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kube-system --- apiVersion: v1 kind: Secret type: kubernetes.io/service-account-token metadata: name: admin-user-sa-token namespace: kube-system annotations: kubernetes.io/service-account.name: admin-user --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kube-system EOF
Apply the configuration.
% kubectl apply -f admin-user.yaml
Note
StarlingX can also use user accounts defined in an external Windows Active Directory to authenticate Kubernetes API, kubectl CLI or the Kubernetes Dashboard. For more information, see Configure OIDC Auth Applications.