Kubectl command to return a list of all user accounts from Rancher - *security/accounts/users

I am looking to output a comma-separated list of all user accounts from Kubernetes.

I understand that one can return a list of namespaces, pods, and so on from Kubernetes using the ‘kubectl get namespace’ and ‘kubectl get pods’ command. However, is there an equivalent for returning a list of Kubernetes users?

Currently, I can see a list of all of the user account and their respective names, emails, and IDs from within Kubernetes via our management platform Rancher but, the problem is, I can’t seem to find a way to return a comma-separated list of these users via the command line through Kubectl or Powershell.

Users live in the ‘management’ cluster (usually called local), not in the individual downstream clusters you are managing. kubectl get users.management.cattle.io (pointed at the local cluster).

Users are tied to an external system via the principalIds field, which depending on the provider you use might just be a random uuid, an email, an LDAP DN, etc.

1 Like

Hi Vincent, thanks for your reply. I didn’t know that about the user live within the ‘management’ clusters - very helpful.

Yes, for us, users are tied to an external system. And, without going into too much detail, there is a way where we can map the Rancher ID to the internal users’ LDAP account and return the result we are looking for. However, this method requires some scripting effort so, I thought there might be an easier way.

Essentially, I am looking to retrieve a comma separate list of everything local here; https://[company-rancher-url].com/g/security/accounts/users with columns; rancher ID, display name, and email address.

Is there a way to achieve that through a kubectl query or, something similar?

What you see from kubectl get users.management.cattle.io -o yaml is what’s persisted. If you don’t see what you want then it’s looked up by talking to the configured auth provider and not something you can get from kubectl.

1 Like

Thanks for your reply, @vincent. I have a workaround now using a script that returns the user’s AD account (user name and email address) through passing the Rancher ID returned from kubectl query.