title: “Create SA and Token for Dashboard”
date: 2018-08-22T14:41:07
slug: create-sa-and-token-for-dashboard

Create Service Account

We are creating Service Account with name admin-user in namespace kube-system first.
Create Service Account

We are creating Service Account with name admin-user in namespace kube-system first.

apiVersion: v1
kind: ServiceAccount
metadata:
 name: admin-user
 namespace: kube-system

Create ClusterRoleBinding

In most cases after provisioning our cluster using kops or kubeadm or any other popular tool admin Role already exists in the cluster. We can use it and create only RoleBinding for our ServiceAccount.

NOTE: apiVersion of ClusterRoleBinding resource may differ between Kubernetes versions. Starting from v1.8 it was promoted to rbac.authorization.k8s.io/v1.

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
 name: admin-user
roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
 name: cluster-admin
subjects:
- kind: ServiceAccount
 name: admin-user
 namespace: kube-system

Bearer Token

Now we need to find token we can use to log in. Execute following command:

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')