1KUBERNETES(1) Jan 2015 KUBERNETES(1)
2
3
4
6 kubectl create clusterrolebinding - Create a ClusterRoleBinding for a
7 particular ClusterRole
8
9
10
12 kubectl create clusterrolebinding [OPTIONS]
13
14
15
17 Create a ClusterRoleBinding for a particular ClusterRole.
18
19
20
22 --allow-missing-template-keys=true
23 If true, ignore any errors in templates when a field or map key is
24 missing in the template. Only applies to golang and jsonpath output
25 formats.
26
27
28 --clusterrole=""
29 ClusterRole this ClusterRoleBinding should reference
30
31
32 --dry-run=false
33 If true, only print the object that would be sent, without sending
34 it.
35
36
37 --generator="clusterrolebinding.rbac.authorization.k8s.io/v1alpha1"
38 The name of the API generator to use.
39
40
41 --group=[]
42 Groups to bind to the role
43
44
45 -o, --output=""
46 Output format. One of: json|yaml|name|template|go-template|go-tem‐
47 plate-file|templatefile|jsonpath|jsonpath-file.
48
49
50 --save-config=false
51 If true, the configuration of current object will be saved in its
52 annotation. Otherwise, the annotation will be unchanged. This flag is
53 useful when you want to perform kubectl apply on this object in the
54 future.
55
56
57 --serviceaccount=[]
58 Service accounts to bind to the role, in the format <names‐
59 pace>:<name>
60
61
62 --template=""
63 Template string or path to template file to use when -o=go-tem‐
64 plate, -o=go-template-file. The template format is golang templates [
65 ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
66
67
68 --validate=true
69 If true, use a schema to validate the input before sending it
70
71
72
74 --allow-verification-with-non-compliant-keys=false
75 Allow a SignatureVerifier to use keys which are technically
76 non-compliant with RFC6962.
77
78
79 --alsologtostderr=false
80 log to standard error as well as files
81
82
83 --application-metrics-count-limit=100
84 Max number of application metrics to store (per container)
85
86
87 --as=""
88 Username to impersonate for the operation
89
90
91 --as-group=[]
92 Group to impersonate for the operation, this flag can be repeated
93 to specify multiple groups.
94
95
96 --azure-container-registry-config=""
97 Path to the file containing Azure container registry configuration
98 information.
99
100
101 --boot-id-file="/proc/sys/kernel/random/boot_id"
102 Comma-separated list of files to check for boot-id. Use the first
103 one that exists.
104
105
106 --cache-dir="/builddir/.kube/http-cache"
107 Default HTTP cache directory
108
109
110 --certificate-authority=""
111 Path to a cert file for the certificate authority
112
113
114 --client-certificate=""
115 Path to a client certificate file for TLS
116
117
118 --client-key=""
119 Path to a client key file for TLS
120
121
122 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
123 CIDRs opened in GCE firewall for LB traffic proxy health checks
124
125
126 --cluster=""
127 The name of the kubeconfig cluster to use
128
129
130 --container-hints="/etc/cadvisor/container_hints.json"
131 location of the container hints file
132
133
134 --containerd="unix:///var/run/containerd.sock"
135 containerd endpoint
136
137
138 --context=""
139 The name of the kubeconfig context to use
140
141
142 --default-not-ready-toleration-seconds=300
143 Indicates the tolerationSeconds of the toleration for
144 notReady:NoExecute that is added by default to every pod that does not
145 already have such a toleration.
146
147
148 --default-unreachable-toleration-seconds=300
149 Indicates the tolerationSeconds of the toleration for unreach‐
150 able:NoExecute that is added by default to every pod that does not
151 already have such a toleration.
152
153
154 --docker="unix:///var/run/docker.sock"
155 docker endpoint
156
157
158 --docker-env-metadata-whitelist=""
159 a comma-separated list of environment variable keys that needs to
160 be collected for docker containers
161
162
163 --docker-only=false
164 Only report docker containers in addition to root stats
165
166
167 --docker-root="/var/lib/docker"
168 DEPRECATED: docker root is read from docker info (this is a fall‐
169 back, default: /var/lib/docker)
170
171
172 --docker-tls=false
173 use TLS to connect to docker
174
175
176 --docker-tls-ca="ca.pem"
177 path to trusted CA
178
179
180 --docker-tls-cert="cert.pem"
181 path to client certificate
182
183
184 --docker-tls-key="key.pem"
185 path to private key
186
187
188 --enable-load-reader=false
189 Whether to enable cpu load reader
190
191
192 --event-storage-age-limit="default=0"
193 Max length of time for which to store events (per type). Value is a
194 comma separated list of key values, where the keys are event types
195 (e.g.: creation, oom) or "default" and the value is a duration. Default
196 is applied to all non-specified event types
197
198
199 --event-storage-event-limit="default=0"
200 Max number of events to store (per type). Value is a comma sepa‐
201 rated list of key values, where the keys are event types (e.g.: cre‐
202 ation, oom) or "default" and the value is an integer. Default is
203 applied to all non-specified event types
204
205
206 --global-housekeeping-interval=1m0s
207 Interval between global housekeepings
208
209
210 --google-json-key=""
211 The Google Cloud Platform Service Account JSON Key to use for
212 authentication.
213
214
215 --housekeeping-interval=10s
216 Interval between container housekeepings
217
218
219 --insecure-skip-tls-verify=false
220 If true, the server's certificate will not be checked for validity.
221 This will make your HTTPS connections insecure
222
223
224 --kubeconfig=""
225 Path to the kubeconfig file to use for CLI requests.
226
227
228 --log-backtrace-at=:0
229 when logging hits line file:N, emit a stack trace
230
231
232 --log-cadvisor-usage=false
233 Whether to log the usage of the cAdvisor container
234
235
236 --log-dir=""
237 If non-empty, write log files in this directory
238
239
240 --log-flush-frequency=5s
241 Maximum number of seconds between log flushes
242
243
244 --logtostderr=true
245 log to standard error instead of files
246
247
248 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
249 Comma-separated list of files to check for machine-id. Use the
250 first one that exists.
251
252
253 --match-server-version=false
254 Require server version to match client version
255
256
257 --mesos-agent="127.0.0.1:5051"
258 Mesos agent address
259
260
261 --mesos-agent-timeout=10s
262 Mesos agent timeout
263
264
265 -n, --namespace=""
266 If present, the namespace scope for this CLI request
267
268
269 --request-timeout="0"
270 The length of time to wait before giving up on a single server
271 request. Non-zero values should contain a corresponding time unit (e.g.
272 1s, 2m, 3h). A value of zero means don't timeout requests.
273
274
275 -s, --server=""
276 The address and port of the Kubernetes API server
277
278
279 --stderrthreshold=2
280 logs at or above this threshold go to stderr
281
282
283 --storage-driver-buffer-duration=1m0s
284 Writes in the storage driver will be buffered for this duration,
285 and committed to the non memory backends as a single transaction
286
287
288 --storage-driver-db="cadvisor"
289 database name
290
291
292 --storage-driver-host="localhost:8086"
293 database host:port
294
295
296 --storage-driver-password="root"
297 database password
298
299
300 --storage-driver-secure=false
301 use secure connection with database
302
303
304 --storage-driver-table="stats"
305 table name
306
307
308 --storage-driver-user="root"
309 database username
310
311
312 --token=""
313 Bearer token for authentication to the API server
314
315
316 --user=""
317 The name of the kubeconfig user to use
318
319
320 -v, --v=0
321 log level for V logs
322
323
324 --version=false
325 Print version information and quit
326
327
328 --vmodule=
329 comma-separated list of pattern=N settings for file-filtered log‐
330 ging
331
332
333
335 # Create a ClusterRoleBinding for user1, user2, and group1 using the cluster-admin ClusterRole
336 kubectl create clusterrolebinding cluster-admin --clusterrole=cluster-admin --user=user1 --user=user2 --group=group1
337
338
339
340
342 kubectl-create(1),
343
344
345
347 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
348 com) based on the kubernetes source material, but hopefully they have
349 been automatically generated since!
350
351
352
353Eric Paris kubernetes User Manuals KUBERNETES(1)