I'm currently trying to figure out the best way, as a Kubernetes admin, to make users and give them access to kubectl. Originally, I was going to use serviceAccounts, but it seems that that should not be used as authentication for users. I have been reading over this: https://kubernetes.io/docs/admin/authentication/#users-in-kubernetes but there are so many different ways to authenticate I was not sure what the best practices are for my use case. Thanks for any help!
I ended up using OpenID Connect Authentication using Google. I followed this guide to set it up: https://www.skuid.com/blog/reduce-administrative-toil-with-kubernetes-1-3/.
i would go the cert route. I believe that what most people use for production and its what we currently use. I included a link to the hard way which has a better description on making certs.
good luck