In the previous step we have created a cluster role binding for the service account default of the namespace kube-system. In this step we are going to create a kubernetes configuration file that is able to authenticate against the api with that serviceaccount.
To do this we will use a script that generates this file passing two arguments: the name of the service account and the namespace. Let's generate the configuration file and use it as an example.
$ helper/create_sa_kubeconfig.sh default kube-system
Creating target directory to hold files in /home/angel.barrera/personal/lab-microk8s-pod-security-policies...done
Creating a service account in kube-system namespace: default
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/default configured
Getting secret of service account default on kube-system
Secret name: default-token-cr954
Extracting ca.crt from secret...done
Getting user token from secret...done
Setting current context to: microk8s
Cluster name: microk8s-cluster
Endpoint: http://:8080
Preparing k8s-default-kube-system-conf
Setting a cluster entry in kubeconfig...Cluster "microk8s-cluster" set.
Setting token credentials entry in kubeconfig...User "default-kube-system-microk8s-cluster" set.
Setting a context entry in kubeconfig...Context "default-kube-system-microk8s-cluster" created.
Setting the current-context in the kubeconfig file...Switched to context "default-kube-system-microk8s-cluster".
All done! Test with:
KUBECONFIG=/home/angel.barrera/personal/lab-microk8s-pod-security-policies/.kube-default-kube-system-conf kubectl get pods
you should not have any permissions by default - you have just created the authentication part
You will need to create RBAC permissions
No resources found.At this point, we must have generated a file: .kube-default-kube-system-conf that contains the necessary configuration to interact with the cluster using the default service account of the namespace kube-system that has cluster-admin permissions.