I suppose the admin user has been created (silently) by microk8s installer.
Q1. Is that admin user manageable? For example, is there a way to change the pwd?
Q2. Can you give an example where we would need to refer to that admin user? I don’t know if I am doing the right thing. Currently to use kubectl outside of the cluster (on a machine in the same subnet), I added that user by kubectl config set-credentials
Q3. Like Q2, using kubectl from outside the cluster, instead of using the admin user. I’d like to use another user. That new user can create/delete resources but not admin tasks on the microk8s cluster. How should I create that user?
The admin user is created during installation. That user is authenticated through a token as described in [1]. To change the token you will need to edit the /var/snap/microk8s/current/credentials/known_tokens.csv file.
That is fine. Another popular approach is to have multiple kubeconfig files (even merged) and select the one you want as described in [2]
You would first need to create a new user. There are a few authentication mechanisms described in [1]. MicroK8s comes with the static-tokens-file and X509 Client Certs enabled by default. The easiest is to edit the known_tokens.csv to add a new user. You should appoint that user to some groups (also in the known_tokens.csv file). Afterwards you will need to enable RBAC [3] to restrict the permissions of that user. Enabling RBAC is done with microk8s enable rbac.