1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7
9 kubectl expose - Take a replication controller, service, deployment or
10 pod and expose it as a new Kubernetes Service
11
12
13
15 kubectl expose [OPTIONS]
16
17
18
20 Expose a resource as a new Kubernetes service.
21
22
23 Looks up a deployment, service, replica set, replication controller or
24 pod by name and uses the selector for that resource as the selector for
25 a new service on the specified port. A deployment or replica set will
26 be exposed as a service only if its selector is convertible to a selec‐
27 tor that service supports, i.e. when the selector contains only the
28 matchLabels component. Note that if no port is specified via --port and
29 the exposed resource has multiple ports, all will be re-used by the new
30 service. Also if no labels are specified, the new service will re-use
31 the labels from the resource it exposes.
32
33
34 Possible resources include (case insensitive):
35
36
37 pod (po), service (svc), replicationcontroller (rc), deployment (de‐
38 ploy), replicaset (rs)
39
40
41
43 --allow-missing-template-keys=true If true, ignore any errors in
44 templates when a field or map key is missing in the template. Only ap‐
45 plies to golang and jsonpath output formats.
46
47
48 --cluster-ip="" ClusterIP to be assigned to the service. Leave
49 empty to auto-allocate, or set to 'None' to create a headless service.
50
51
52 --container-port="" Synonym for --target-port
53
54
55 --dry-run="none" Must be "none", "server", or "client". If client
56 strategy, only print the object that would be sent, without sending it.
57 If server strategy, submit server-side request without persisting the
58 resource.
59
60
61 --external-ip="" Additional external IP address (not managed by
62 Kubernetes) to accept for the service. If this IP is routed to a node,
63 the service can be accessed by this IP in addition to its generated
64 service IP.
65
66
67 --field-manager="kubectl-expose" Name of the manager used to track
68 field ownership.
69
70
71 -f, --filename=[] Filename, directory, or URL to files identifying
72 the resource to expose a service
73
74
75 --generator="service/v2" The name of the API generator to use.
76 There are 2 generators: 'service/v1' and 'service/v2'. The only differ‐
77 ence between them is that service port in v1 is named 'default', while
78 it is left unnamed in v2. Default is 'service/v2'.
79
80
81 -k, --kustomize="" Process the kustomization directory. This flag
82 can't be used together with -f or -R.
83
84
85 -l, --labels="" Labels to apply to the service created by this
86 call.
87
88
89 --load-balancer-ip="" IP to assign to the LoadBalancer. If empty,
90 an ephemeral IP will be created and used (cloud-provider specific).
91
92
93 --name="" The name for the newly created object.
94
95
96 -o, --output="" Output format. One of: json|yaml|name|go-tem‐
97 plate|go-template-file|template|templatefile|jsonpath|json‐
98 path-as-json|jsonpath-file.
99
100
101 --overrides="" An inline JSON override for the generated object.
102 If this is non-empty, it is used to override the generated object. Re‐
103 quires that the object supply a valid apiVersion field.
104
105
106 --port="" The port that the service should serve on. Copied from
107 the resource being exposed, if unspecified
108
109
110 --protocol="" The network protocol for the service to be created.
111 Default is 'TCP'.
112
113
114 --record=false Record current kubectl command in the resource an‐
115 notation. If set to false, do not record the command. If set to true,
116 record the command. If not set, default to updating the existing anno‐
117 tation value only if one already exists.
118
119
120 -R, --recursive=false Process the directory used in -f, --filename
121 recursively. Useful when you want to manage related manifests organized
122 within the same directory.
123
124
125 --save-config=false If true, the configuration of current object
126 will be saved in its annotation. Otherwise, the annotation will be un‐
127 changed. This flag is useful when you want to perform kubectl apply on
128 this object in the future.
129
130
131 --selector="" A label selector to use for this service. Only
132 equality-based selector requirements are supported. If empty (the de‐
133 fault) infer the selector from the replication controller or replica
134 set.)
135
136
137 --session-affinity="" If non-empty, set the session affinity for
138 the service to this; legal values: 'None', 'ClientIP'
139
140
141 --show-managed-fields=false If true, keep the managedFields when
142 printing objects in JSON or YAML format.
143
144
145 --target-port="" Name or number for the port on the container that
146 the service should direct traffic to. Optional.
147
148
149 --template="" Template string or path to template file to use when
150 -o=go-template, -o=go-template-file. The template format is golang tem‐
151 plates [http://golang.org/pkg/text/template/#pkg-overview].
152
153
154 --type="" Type for this service: ClusterIP, NodePort, LoadBal‐
155 ancer, or ExternalName. Default is 'ClusterIP'.
156
157
158
160 --add-dir-header=false If true, adds the file directory to the
161 header of the log messages
162
163
164 --alsologtostderr=false log to standard error as well as files
165
166
167 --application-metrics-count-limit=100 Max number of application
168 metrics to store (per container)
169
170
171 --as="" Username to impersonate for the operation
172
173
174 --as-group=[] Group to impersonate for the operation, this flag
175 can be repeated to specify multiple groups.
176
177
178 --azure-container-registry-config="" Path to the file containing
179 Azure container registry configuration information.
180
181
182 --boot-id-file="/proc/sys/kernel/random/boot_id" Comma-separated
183 list of files to check for boot-id. Use the first one that exists.
184
185
186 --cache-dir="/builddir/.kube/cache" Default cache directory
187
188
189 --certificate-authority="" Path to a cert file for the certificate
190 authority
191
192
193 --client-certificate="" Path to a client certificate file for TLS
194
195
196 --client-key="" Path to a client key file for TLS
197
198
199 --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
200 CIDRs opened in GCE firewall for L7 LB traffic proxy health
201 checks
202
203
204 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
205 CIDRs opened in GCE firewall for L4 LB traffic proxy health
206 checks
207
208
209 --cluster="" The name of the kubeconfig cluster to use
210
211
212 --container-hints="/etc/cadvisor/container_hints.json" location of
213 the container hints file
214
215
216 --containerd="/run/containerd/containerd.sock" containerd endpoint
217
218
219 --containerd-namespace="k8s.io" containerd namespace
220
221
222 --context="" The name of the kubeconfig context to use
223
224
225 --default-not-ready-toleration-seconds=300 Indicates the tolera‐
226 tionSeconds of the toleration for notReady:NoExecute that is added by
227 default to every pod that does not already have such a toleration.
228
229
230 --default-unreachable-toleration-seconds=300 Indicates the tolera‐
231 tionSeconds of the toleration for unreachable:NoExecute that is added
232 by default to every pod that does not already have such a toleration.
233
234
235 --disable-root-cgroup-stats=false Disable collecting root Cgroup
236 stats
237
238
239 --docker="unix:///var/run/docker.sock" docker endpoint
240
241
242 --docker-env-metadata-whitelist="" a comma-separated list of envi‐
243 ronment variable keys matched with specified prefix that needs to be
244 collected for docker containers
245
246
247 --docker-only=false Only report docker containers in addition to
248 root stats
249
250
251 --docker-root="/var/lib/docker" DEPRECATED: docker root is read
252 from docker info (this is a fallback, default: /var/lib/docker)
253
254
255 --docker-tls=false use TLS to connect to docker
256
257
258 --docker-tls-ca="ca.pem" path to trusted CA
259
260
261 --docker-tls-cert="cert.pem" path to client certificate
262
263
264 --docker-tls-key="key.pem" path to private key
265
266
267 --enable-load-reader=false Whether to enable cpu load reader
268
269
270 --event-storage-age-limit="default=0" Max length of time for which
271 to store events (per type). Value is a comma separated list of key val‐
272 ues, where the keys are event types (e.g.: creation, oom) or "default"
273 and the value is a duration. Default is applied to all non-specified
274 event types
275
276
277 --event-storage-event-limit="default=0" Max number of events to
278 store (per type). Value is a comma separated list of key values, where
279 the keys are event types (e.g.: creation, oom) or "default" and the
280 value is an integer. Default is applied to all non-specified event
281 types
282
283
284 --global-housekeeping-interval=1m0s Interval between global house‐
285 keepings
286
287
288 --housekeeping-interval=10s Interval between container housekeep‐
289 ings
290
291
292 --insecure-skip-tls-verify=false If true, the server's certificate
293 will not be checked for validity. This will make your HTTPS connections
294 insecure
295
296
297 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
298 quests.
299
300
301 --log-backtrace-at=:0 when logging hits line file:N, emit a stack
302 trace
303
304
305 --log-cadvisor-usage=false Whether to log the usage of the cAdvi‐
306 sor container
307
308
309 --log-dir="" If non-empty, write log files in this directory
310
311
312 --log-file="" If non-empty, use this log file
313
314
315 --log-file-max-size=1800 Defines the maximum size a log file can
316 grow to. Unit is megabytes. If the value is 0, the maximum file size is
317 unlimited.
318
319
320 --log-flush-frequency=5s Maximum number of seconds between log
321 flushes
322
323
324 --logtostderr=true log to standard error instead of files
325
326
327 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
328 Comma-separated list of files to check for machine-id. Use the
329 first one that exists.
330
331
332 --match-server-version=false Require server version to match
333 client version
334
335
336 -n, --namespace="" If present, the namespace scope for this CLI
337 request
338
339
340 --one-output=false If true, only write logs to their native sever‐
341 ity level (vs also writing to each lower severity level)
342
343
344 --password="" Password for basic authentication to the API server
345
346
347 --profile="none" Name of profile to capture. One of
348 (none|cpu|heap|goroutine|threadcreate|block|mutex)
349
350
351 --profile-output="profile.pprof" Name of the file to write the
352 profile to
353
354
355 --referenced-reset-interval=0 Reset interval for referenced bytes
356 (container_referenced_bytes metric), number of measurement cycles after
357 which referenced bytes are cleared, if set to 0 referenced bytes are
358 never cleared (default: 0)
359
360
361 --request-timeout="0" The length of time to wait before giving up
362 on a single server request. Non-zero values should contain a corre‐
363 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
364 out requests.
365
366
367 -s, --server="" The address and port of the Kubernetes API server
368
369
370 --skip-headers=false If true, avoid header prefixes in the log
371 messages
372
373
374 --skip-log-headers=false If true, avoid headers when opening log
375 files
376
377
378 --stderrthreshold=2 logs at or above this threshold go to stderr
379
380
381 --storage-driver-buffer-duration=1m0s Writes in the storage driver
382 will be buffered for this duration, and committed to the non memory
383 backends as a single transaction
384
385
386 --storage-driver-db="cadvisor" database name
387
388
389 --storage-driver-host="localhost:8086" database host:port
390
391
392 --storage-driver-password="root" database password
393
394
395 --storage-driver-secure=false use secure connection with database
396
397
398 --storage-driver-table="stats" table name
399
400
401 --storage-driver-user="root" database username
402
403
404 --tls-server-name="" Server name to use for server certificate
405 validation. If it is not provided, the hostname used to contact the
406 server is used
407
408
409 --token="" Bearer token for authentication to the API server
410
411
412 --update-machine-info-interval=5m0s Interval between machine info
413 updates.
414
415
416 --user="" The name of the kubeconfig user to use
417
418
419 --username="" Username for basic authentication to the API server
420
421
422 -v, --v=0 number for the log level verbosity
423
424
425 --version=false Print version information and quit
426
427
428 --vmodule= comma-separated list of pattern=N settings for
429 file-filtered logging
430
431
432 --warnings-as-errors=false Treat warnings received from the server
433 as errors and exit with a non-zero exit code
434
435
436
438 # Create a service for a replicated nginx, which serves on port 80 and connects to the containers on port 8000.
439 kubectl expose rc nginx --port=80 --target-port=8000
440
441 # Create a service for a replication controller identified by type and name specified in "nginx-controller.yaml", which serves on port 80 and connects to the containers on port 8000.
442 kubectl expose -f nginx-controller.yaml --port=80 --target-port=8000
443
444 # Create a service for a pod valid-pod, which serves on port 444 with the name "frontend"
445 kubectl expose pod valid-pod --port=444 --name=frontend
446
447 # Create a second service based on the above service, exposing the container port 8443 as port 443 with the name "nginx-https"
448 kubectl expose service nginx --port=443 --target-port=8443 --name=nginx-https
449
450 # Create a service for a replicated streaming application on port 4100 balancing UDP traffic and named 'video-stream'.
451 kubectl expose rc streamer --port=4100 --protocol=UDP --name=video-stream
452
453 # Create a service for a replicated nginx using replica set, which serves on port 80 and connects to the containers on port 8000.
454 kubectl expose rs nginx --port=80 --target-port=8000
455
456 # Create a service for an nginx deployment, which serves on port 80 and connects to the containers on port 8000.
457 kubectl expose deployment nginx --port=80 --target-port=8000
458
459
460
461
463 kubectl(1),
464
465
466
468 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
469 com) based on the kubernetes source material, but hopefully they have
470 been automatically generated since!
471
472
473
474Manuals User KUBERNETES(1)(kubernetes)