# Kubernetes - User Creation with RBAC

This guide shows how to create a user authenticated with a client certificate, bind one of
\
Kubernetes' built-in RBAC roles, generate a kubeconfig, and revoke access later.

{% hint style="info" %}
This is a how-to guide, not a general reference for every Kubernetes authentication
\
method
{% endhint %}

{% hint style="warning" %}
Kubernetes does not maintain a built-in user database. This workflow assumes your
\
cluster accepts X.509 client certificates and that you will issue the certificate through the
\
Kubernetes CSR API
{% endhint %}

## Scope

* Users authenticated with client certificates
* Built-in RBAC roles: `cluster-admin, admin, edit, view`
* Access revocation for bindings created for those users

{% hint style="info" %}
For applications and automation, prefer `ServiceAccount`  identities instead of long-lived client certificates
{% endhint %}

## Prerequisites

* `kubectl` configured with cluster-admin access to the target cluster
* `openssl` installed
* `base64` available (Linux or macOS)
* Your current kubeconfig points at the target cluster

## Placeholders

Replace these placeholders before running any command :

| Placeholder    | Meaning                                       | Example       |
| -------------- | --------------------------------------------- | ------------- |
| `<USERNAME>`   | Kubernetes username from the certificate `CN` | `alice`       |
| `<GROUP>`      | Optional group from the certificate `0`       | `developers`  |
| `<NAMESPACE>`  | Target namespace                              | `production`  |
| `<NAMESPACE1>` | First target namespace                        | `development` |
| `<NAMESPACE2>` | Second target namespace                       | `staging`     |


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudeka.ai/guidance-for-individual/reference/kubernetes-user-creation-with-rbac.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.