Kube.netes 仪表板访问具有相同令牌或配置文件的命名空间

Question

I want to create a kube.netes user who can access k8s dashboard to only few namespaces(let's assume 3 namespaces) using same token or config file and user should be able to use kubectl to get information from cluster with config file. Is this something achievable?

I tried creating Role and Rolebinding for user but with this, user can access from the command line interface but not from dashboard because token is not generated. Followed this process https://www.openlogic.com/blog/granting-user-access-your-kube.netes-cluster

Other option I tried is to create a user as service account in each namespace and I could able to generate dashboard token, but the problem is user will have separate token for each namespace and separate config file for each namespace. Every time user has to logout from dashboard to switch between namespaces, this works but very inconvenient for developers.

Is there any better option? my requirement is 1. Create a user who can access k8s cluster from command line and also dashboard to only few namespaces access with single config file and single dashboard token.

Answer 1

If you define a clusterrole such a way that it gives permission to few namespaces and create a clusterrolebinding to bind that clusterrole to the service account then the same token will effectively have permission to all those namespaces.