Credentials

Create ServiceAccount

kubectl create serviceaccount jenkins-sa

Retrieve (decoded) token from secret created for ServiceAccount

kubectl get secret jenkins-sa-token-vnp5k -o jsonpath={.data.token} | base64 -d

Create ~/.kube/config with CA & ServiceAccount Token

~/.kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: <insert plain text CA>
server: https://<api endpoint>
name: <cluster name>
contexts: - context:
cluster: <cluster name>
namespace: default
user: default
name: <cluster name>
current-context: <cluster name>
kind: Config
preferences: {}
users:
- name: default
user:
as-user-extra: {}
token: <insert base64 decoded token from service account user>
kubectl config set-credentials sa-user \
--token=$(kubectl get secret <secret_name> -o jsonpath={.data.token} | base64 -d)

Creating a Cluster Admin Binding

kubectl create clusterrolebinding jenkins-sa-binding \
--clusterrole=cluster-admin \
--user="system:serviceaccount:default:jenkins-sa"

‚Äč