Kubernetes RBAC User Creation Step:

#1 Creating Certificate for John:

$ openssl genrsa -out john.key 2048
$ openssl req -new -key john.key -subj “/CN=john/O=developers” -out john.csr

#2 Create CertificateSigningRequest.

cat <<EOF | kubectl apply -f -
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: john
spec:
groups:
— system:authenticated
request: $(cat john.csr | base64 | tr -d ‘\n’)
signerName: kubernetes.io/kube-apiserver-client
usages:
— client auth
EOF

kubectl certificate approve john
kubectl get csr john -o jsonpath=’{.status.certificate}’ | base64 — decode > john.crt

#3 Create John User and Move Certificates:

useradd -m john -s /bin/bash
cp john.crt john.key /home/john
cp /etc/kubernetes/pki/ca.crt /home/john
chown -R john.john /home/john

kubectl get pods — server=https://192.168.1.9:6443 — client-certificate /home/john/john.crt — certificate-authority /home/john/ca.crt — client-key /home/john/john.key

Replace the above IP Address within the — server block.
#4: Create Kubeconfig file for John:

$su — john
$export SERVER_IP=

kubectl config set-cluster kubeadm \
— certificate-authority=/home/john/ca.crt \
— embed-certs=true \
— server=https://${SERVER_IP}:6443 \
— kubeconfig=john.kubeconfig

kubectl config set-credentials john \
— client-certificate=john.crt \
— client-key=john.key \
— embed-certs=true \
— kubeconfig=john.kubeconfig

kubectl config set-context default \
— cluster=kubeadm \
— user=john \
— kubeconfig=john.kubeconfig

$ kubectl config use-context default — kubeconfig=john.kubeconfig
$ kubectl get pods — kubeconfig=john.kubeconfig
$ cp john.kubeconfig ~/.kube/config