Kubernetes Users

First thing first, there is no such object as a user in Kubernetes.
Certificates are used for authentification and authorization.

So a user in Kubernetes is represented as a certificate owner.

Untitled-2022-01-04-1425.png

In order to give access for a user (certificate owner) to your cluster a user's certificate should be signed by the certificate authority that your cluster trust.

A few steps are required in order to get a normal user to be able to authenticate and invoke an API. First, this user must have a certificate issued by the Kubernetes cluster, and then present that certificate to the Kubernetes API.

source: https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#normal-user