How to restrict a user to one namespace on kubernetes Dashboard?

General Discussions
,
1

Asking for help? Comment out what you need so we can get more information to help you!

Cluster information:

Kubernetes version:

$ kubectl version --short
Client Version: v1.19.4
Server Version: v1.19.4

Cloud being used: (put bare-metal if not on a public cloud)
bare-metal

Installation method:
By source (manually)

Host OS:

$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.9 (Maipo)

CNI and version:

$ ls /etc/cni/net.d
10-calico.conflist  calico-kubeconfig

$ cat /etc/cni/net.d/10-calico.conflist
    {
      "name": "k8s-pod-network",
      "cniVersion": "0.3.1",
      "plugins": [
        {
          "type": "calico",
          "log_level": "info",
          "log_file_path": "/var/log/calico/cni/cni.log",
          "datastore_type": "kubernetes",
          "nodename": "host.my.domain",
          "mtu": 1440,
          "ipam": {
              "type": "calico-ipam"
          },
          "policy": {
              "type": "k8s"
          },
          "kubernetes": {
              "kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
          }
        },
        {
          "type": "portmap",
          "snat": true,
          "capabilities": {"portMappings": true}
        },
        {
          "type": "bandwidth",
          "capabilities": {"bandwidth": true}
        }
      ]
    }

CRI and version:

$ crio -version
crio version 1.18.4
Version:       1.18.4
GitCommit:     aba91e59ec78e3299e443a7364e2cf8909af4606
GitTreeState:  clean
BuildDate:     2020-10-23T16:39:10Z
GoVersion:     go1.14
Compiler:      gc
Platform:      linux/amd64
Linkmode:      static

I am new to kubernetes. I am able to create a user and restrict the user to only one namespace I am not able to do the same on the Dashboard.

I am able to create a sample user based on the documentation Creating sample user but I am not able to understand how can I restrict my service-account user to a specific namespace.

Sample of code:

apiVersion: v1
kind: Namespace
metadata:
  name: namespace-green
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: green
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: role-green
  namespace: namespace-green
rules:
- apiGroups: ["", "extensions", "apps"]
  resources: ["*"]
  verbs: ["*"]
- apiGroups: ["batch"]
  resources:
  - jobs
  - cronjobs
  verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: rolebinding-green
subjects:
- kind: ServiceAccount
  name: green
  namespace: kubernetes-dashboard
roleRef:
  kind: ClusterRole
  name: edit
  apiGroup: rbac.authorization.k8s.io