How to use service account in kubeconfig file for authentication

Create a new service account in the kube-system namespace

kubectl -n kube-system create serviceaccount kubeconfig-sa

Create a new clusterrolebinding with cluster administration permissions and bind it to the service account

kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:kubeconfig-sa

Obtain the name of the service account authentication token and assign its value to an environment variable

TOKENNAME=`kubectl -n kube-system get serviceaccount/kubeconfig-sa -o jsonpath='{.secrets[0].name}'`

Obtain the value of the service account authentication token and assign its value (decoded from base64) to an environment variable

TOKEN=`kubectl -n kube-system get secret $TOKENNAME -o jsonpath='{.data.token}'| base64 --decode`

Add the service account (and its authentication token) as a new user definition in the kubeconfig file

kubectl config set-credentials kubeconfig-sa --token=$TOKEN

Set the user specified in the kubeconfig file for the current context to be the new service account user

kubectl config set-context --current --user=kubeconfig-sa