1. Create the linux account in your host.
2. Create TLS certification for the account.

openssl genrsa -out ${account-name}-key.pem 2048 
openssl req -new -sha256 -key ${account-name}-key.pem -out ${account-name}.csr -subj "/CN=${account-name}"
openssl x509 -req -sha256 -in ${account-name}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out ${account-name}.pem -days 365

3. Create kubeconfig to connect to the apiserver with the TLS certifications. something like:

apiVersion: v1
kind: Config
clusters:
- cluster:
    certificate-authority: /home/account-name/ssl/ca.pem
    server: https://master-ip
  name: k8s
contexts:
- context:
    cluster: k8s
    user: account-name
  name: admin
current-context: admin
users:
- name: account-name
  user:
    client-certificate: /home/account-name/ssl/account-name.pem
    client-key: /home/account-name/ssl/account-name-key.pem

4. Give the user proper priviledge with RBAC, like full priviledge to a namespace:

   apiVersion: rbac.authorization.k8s.io/v1beta1
   kind: RoleBinding
   metadata:
     name: account-name-admin
     namespace: namespace-name
   roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
     name: edit
   subjects:
   - apiGroup: rbac.authorization.k8s.io
     kind: User
     name: account-name