I am looking for a way to create/retrieve/update/delete a user in Kubernetes, such that I can allow him certain stuff via RoleBindings.
Everything I have found is more or less manual work on the master node. However, I imagine a service deployed in Kubernetes I could call via an API to do the magic for me without doing any manual work. Is such a thing available?
From https://kubernetes.io/docs/reference/access-authn-authz/authentication/#users-in-kubernetes
All Kubernetes clusters have two categories of users: service accounts managed by Kubernetes, and normal users.
Kubernetes does not have objects which represent normal user accounts. Normal users cannot be added to a cluster through an API call.
Even though a normal user cannot be added via an API call, any user that presents a valid certificate signed by the cluster's certificate authority (CA) is considered authenticated.
So there is no API call to create normal user. However you can create service accounts that can have RoleBindings bound to them.
Another possibility is to create TLS certificate, sign it with Kubernetes cluster CA (using CSRs) and use it as a "normal user".