User with cluster-admin role and remote access to cluster


I followed the Kubernetes Docs to create a user with a private key and certificate, then I defined a ClusterRoleBinding for this user with the cluster-admin ClusterRole that is supposed to give him full access to all rights in the cluster, for all namespaces.

I configured my local kubeconfig with the user access to my cluster, and when I use kubectl to access my cluster, the certificate is accepted but I have a forbidden access error on all the commands.

My ClusterRoleBinding manifest is

kind: ClusterRoleBinding
  name: clusterrole-[USERNAME]
  kind: ClusterRole
  name: cluster-admin
- apiGroup:
  kind: User
  name: [USERNAME]

I thought that the cluster-admin role was enough to grant all access to the user, but it seems I missed something. Any idea ?

Cluster information:

Kubernetes version: 1.27.3
Cloud being used: bare-metal
Installation method: K3S
Host OS: Debian 12
CNI and version: Flannel
CRI and version: Containerd