How to Create Kubernetes Dashboard Tokens for Namespace‑Specific and Cluster‑Wide Access

Creating a token that can only manage a specific namespace

All commands are executed on the Kubernetes master node.

Create a lucky namespace and a service account lucky-admin in it:

kubectl create namespace lucky

kubectl create serviceaccount lucky-admin -n lucky

Bind the service account to the cluster-admin role (limited to the lucky namespace):

kubectl create rolebinding lucky-admin -n lucky --clusterrole=cluster-admin --serviceaccount=lucky:lucky-admin

List the secrets in the namespace and retrieve the token secret:

kubectl get secret -n lucky

kubectl describe secret lucky-admin-token-xxxx -n lucky

Copy the token value (the long JWT string) and paste it into the dashboard’s token authentication field; the UI will only show resources in the lucky namespace.

Creating a token that can manage all namespaces

List secrets in the kubernetes-dashboard namespace: kubectl get secret -n kubernetes-dashboard Identify the secret named kubernetes-dashboard-token-* and describe it to obtain the token:

kubectl describe secret kubernetes-dashboard-token-ngcmg -n kubernetes-dashboard

Copy the displayed token and use it to log into the dashboard; you will see all namespaces.

Creating an administrator token with full cluster permissions

kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard

Repeat the secret‑listing steps for the kubernetes-dashboard namespace, retrieve the new token, and log in; the dashboard will now display and allow operations on resources across any namespace.

Images in the original article illustrate the login screens before and after applying each token.