kubeconfig-sa-token.yaml

# Make sure this file exists in a directory where you can run kubectl against the desired cluster
# kubectl -n kube-system create serviceaccount utility-admin
# kubectl create clusterrolebinding utility-admin-binding --clusterrole=cluster-admin --serviceaccount=kube-system:utility-admin
# kubectl apply -f kubeconfig-sa-token.yaml
# kubectl describe secrets utility-admin-kubeconfig-sa-token -n kube-system
# kubectl -n kube-system get secret utility-admin-kubeconfig-sa-token -o jsonpath='{.data.token}'
# Set an environment variable to the Base64 decoded value from the above command
# TOKEN=<decoded string>
# kubectl config set-credentials utility-admin --token=$TOKEN
# Splice the resulting user entry into a regular kube config file with the cluster certificate and server URL
# Add it as a secret file to Jenkins and use it via withKubeConfig(credentialsId: 'test-kubeconfig') { ... }

apiVersion: v1
kind: Secret
metadata:
  name: utility-admin-kubeconfig-sa-token
  namespace: kube-system
  annotations:
    kubernetes.io/service-account.name: utility-admin
type: kubernetes.io/service-account-token