Different ways to use rbac. How to limit the scope of a user in kubernetes namespace or give the user the whole cluster scope. Prerequisite [openssl]() [kubectl]() Have admin permission to create rbac role Create Specific Namespace Scoped Role First, needs to generate private key openssl genrsa -out <name>.pem 2048 Second, generate certificate signing request(.csr) openssl req -new -key <name>.pem -out <name>.csr -subj "/CN=<name>" Now, needs to file a signing request to kubernetes CA.