Sign in Subscribe
Concepts

Kubectl User Management Basics

Andrios Robert

1 min read

The terminal blinks. Access control is the difference between order and chaos in your Kubernetes cluster. Kubectl, the command-line tool for Kubernetes, can do more than deploy services—it can define who runs them, who stops them, and who never touches them.

Kubectl User Management Basics
Kubectl itself does not store user accounts. Kubernetes uses authentication and authorization modules to manage users. To grant or limit access, you combine kubectl commands with Kubernetes RBAC (Role-Based Access Control).

Create Users
Users in Kubernetes are often managed by an external identity provider, client certificates, or service accounts. For local clusters, you can create user credentials with OpenSSL and bind them via kubeconfig:

# Generate a key
openssl genrsa -out username.key 2048

# Create CSR
openssl req -new -key username.key -out username.csr -subj "/CN=username/O=groupname"

# Sign certificate
openssl x509 -req -in username.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out username.crt -days 365

Update your kubeconfig file with the new user entry, then use kubectl config use-context to switch and test.

Assign Roles and Permissions
RBAC defines what actions a user can take. Use Role or ClusterRole to define permissions, then bind resources to users. Example:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
 namespace: dev
 name: read-pods
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list"]

Bind it with:

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
 name: read-pods-binding
 namespace: dev
subjects:
- kind: User
  name: username
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: read-pods
  apiGroup: rbac.authorization.k8s.io

Apply these with kubectl apply -f role.yaml and kubectl apply -f rolebinding.yaml.

Manage Contexts
Each user’s credentials and namespace are set in a context in kubeconfig. Context switching with kubectl config use-context ensures commands run under the correct identity without errors.

Audit and Remove Access
List role bindings with kubectl get rolebindings --all-namespaces. Remove unwanted bindings with kubectl delete rolebinding. Keep kubeconfig files clean—remove unused user entries to avoid stale or compromised credentials.

Precise user management with kubectl and RBAC keeps clusters secure, predictable, and scalable.

See this live in minutes with hoop.dev—connect, configure, and control your Kubernetes users without writing extra scripts.