How to Create a Namespace‑Restricted kubeconfig to Access the Kubernetes Dashboard

To log into the Kubernetes dashboard using a token‑based kubeconfig, follow these steps on the master node.

Create a namespace‑restricted kubeconfig

1. Define the cluster entry

kubectl config set-cluster kubernetes \
  --certificate-authority=./ca.crt \
  --server="https://192.168.0.6:6443" \
  --embed-certs=true \
  --kubeconfig=/root/lucky-admin.conf

2. Retrieve the service‑account token

kubectl get secret -n lucky

DEF_NS_ADMIN_TOKEN=$(kubectl get secret lucky-admin-token-2pm2l -n lucky -o jsonpath={.data.token}|base64 -d)

3. Set the credentials using the token

kubectl config set-credentials lucky \
  --token=$DEF_NS_ADMIN_TOKEN \
  --kubeconfig=/root/lucky-admin.conf

4. Create a context that binds the user to the cluster

kubectl config set-context lucky@kubernetes \
  --cluster=kubernetes \
  --user=lucky \
  --kubeconfig=/root/lucky-admin.conf

5. Switch to the new context

kubectl config use-context lucky@kubernetes \
  --kubeconfig=/root/lucky-admin.conf

After these commands, copy /root/lucky-admin.conf to your local machine (e.g., the desktop). In the dashboard web UI, import this kubeconfig file; the dashboard will authenticate using the token and grant access only to the specified namespace.

Create a cluster‑wide kubeconfig (optional)

The same steps can be repeated without restricting the namespace, allowing management of all namespaces. Adjust the secret name and namespace accordingly, then follow steps 1‑5 to generate a full‑access kubeconfig.

Both kubeconfig files can be shared with teammates; they provide a convenient, secure way to access the dashboard without exposing the master’s admin credentials.