so the first thing you need is no establish a list of user that have to acces
like this one
The main part is secure the acces to the cluster with auth mecanism
so we focus on bots admin and dev so humain and bots user
you can manage Service account directly inside the cluster with
#create
kubectl create serviceaccount test
#get
kubectl get serviceaccount
when you type a command like kubectl get node you command go inside the api
and its procces to an authentification before respond
so has see in the previous section that are 4 way to auth a user
if youre a monster you can create a csv with the list of user
password123,user1,u0001,group1
password123,user2,u0002,group2
password123,user3,u0003,group3
password123,user4,u0004,group3
password123,user5,u0005,group1
for apply the file in the kube-apiserver.service
--basic-auth-file=path/to/file
use it
curl -v -k https://localhost:6443/api/v1/pods -u "user1:password123"
plz don't do that its just not a recomandation
SOMETOKEN,user10,u0010,group1
SOMETOKEN,user12,u0012,group2
SOMETOKEN,user13,u0013,group3
SOMETOKEN,user14,u0014,group3
SOMETOKEN,user15,u0015,group1
for apply the file in the kube-apiserver.service
--token-auth-file=path/to/file
use it
curl -v -k https://localhost:6443/api/v1/pods -u "user12:THETOKEN"
same about previous section DON'T DO THAT