1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl  apply  -  Apply  a  configuration to a resource by filename or
10       stdin
11
12
13

SYNOPSIS

15       kubectl apply [OPTIONS]
16
17
18

DESCRIPTION

20       Apply a configuration to a resource by filename or stdin. The  resource
21       name must be specified. This resource will be created if it doesn't ex‐
22       ist yet. To use 'apply', always create the resource initially with  ei‐
23       ther 'apply' or 'create --save-config'.
24
25
26       JSON and YAML formats are accepted.
27
28
29       Alpha Disclaimer: the --prune functionality is not yet complete. Do not
30       use unless you are aware of what the current state is. See  https://is
31       sues.k8s.io/34274.
32
33
34

OPTIONS

36       --all=false      Select all resources in the namespace of the specified
37       resource types.
38
39
40       --allow-missing-template-keys=true      If true, ignore any  errors  in
41       templates  when a field or map key is missing in the template. Only ap‐
42       plies to golang and jsonpath output formats.
43
44
45       --cascade="background"      Must be "background", "orphan",  or  "fore‐
46       ground".  Selects  the  deletion  cascading strategy for the dependents
47       (e.g. Pods created by a ReplicationController). Defaults to background.
48
49
50       --dry-run="none"      Must be "none", "server", or "client". If  client
51       strategy, only print the object that would be sent, without sending it.
52       If server strategy, submit server-side request without  persisting  the
53       resource.
54
55
56       --field-manager="kubectl-client-side-apply"       Name  of  the manager
57       used to track field ownership.
58
59
60       -f, --filename=[]      that contains the configuration to apply
61
62
63       --force=false      If true, immediately remove resources from  API  and
64       bypass  graceful  deletion.  Note  that  immediate deletion of some re‐
65       sources may result in inconsistency or data loss and requires confirma‐
66       tion.
67
68
69       --force-conflicts=false       If true, server-side apply will force the
70       changes against conflicts.
71
72
73       --grace-period=-1      Period of time in seconds given to the  resource
74       to  terminate  gracefully.  Ignored if negative. Set to 1 for immediate
75       shutdown. Can only be set to 0 when --force is true (force deletion).
76
77
78       -k, --kustomize=""      Process a kustomization  directory.  This  flag
79       can't be used together with -f or -R.
80
81
82       --openapi-patch=true       If  true, use openapi to calculate diff when
83       the openapi presents and the resource can be found in the openapi spec.
84       Otherwise, fall back to use baked-in types.
85
86
87       -o,  --output=""       Output  format.  One  of: json|yaml|name|go-tem‐
88       plate|go-template-file|template|templatefile|jsonpath|json‐
89       path-as-json|jsonpath-file.
90
91
92       --overwrite=true      Automatically resolve conflicts between the modi‐
93       fied and live configuration by using values from the modified  configu‐
94       ration
95
96
97       --prune=false      Automatically delete resource objects, including the
98       uninitialized ones, that do not appear in the configs and  are  created
99       by  either apply or create --save-config. Should be used with either -l
100       or --all.
101
102
103       --prune-whitelist=[]      Overwrite the  default  whitelist  with   for
104       --prune
105
106
107       --record=false       Record current kubectl command in the resource an‐
108       notation. If set to false, do not record the command. If set  to  true,
109       record  the command. If not set, default to updating the existing anno‐
110       tation value only if one already exists.
111
112
113       -R, --recursive=false      Process the directory used in -f, --filename
114       recursively. Useful when you want to manage related manifests organized
115       within the same directory.
116
117
118       -l, --selector=""      Selector (label query) to  filter  on,  supports
119       '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
120
121
122       --server-side=false       If  true, apply runs in the server instead of
123       the client.
124
125
126       --template=""      Template string or path to template file to use when
127       -o=go-template, -o=go-template-file. The template format is golang tem‐
128       plates [http://golang.org/pkg/text/template/#pkg-overview].
129
130
131       --timeout=0s      The length of time to wait  before  giving  up  on  a
132       delete, zero means determine a timeout from the size of the object
133
134
135       --validate=true      If true, use a schema to validate the input before
136       sending it
137
138
139       --wait=false      If true, wait for resources to be gone before return‐
140       ing. This waits for finalizers.
141
142
143

OPTIONS INHERITED FROM PARENT COMMANDS

145       --add-dir-header=false       If  true,  adds  the file directory to the
146       header of the log messages
147
148
149       --alsologtostderr=false      log to standard error as well as files
150
151
152       --application-metrics-count-limit=100      Max  number  of  application
153       metrics to store (per container)
154
155
156       --as=""      Username to impersonate for the operation
157
158
159       --as-group=[]       Group  to  impersonate for the operation, this flag
160       can be repeated to specify multiple groups.
161
162
163       --azure-container-registry-config=""      Path to the  file  containing
164       Azure container registry configuration information.
165
166
167       --boot-id-file="/proc/sys/kernel/random/boot_id"        Comma-separated
168       list of files to check for boot-id. Use the first one that exists.
169
170
171       --cache-dir="/builddir/.kube/cache"      Default cache directory
172
173
174       --certificate-authority=""      Path to a cert file for the certificate
175       authority
176
177
178       --client-certificate=""      Path to a client certificate file for TLS
179
180
181       --client-key=""      Path to a client key file for TLS
182
183
184       --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
185            CIDRs opened in GCE firewall for  L7  LB  traffic  proxy    health
186       checks
187
188
189       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
190            CIDRs opened in GCE firewall for  L4  LB  traffic  proxy    health
191       checks
192
193
194       --cluster=""      The name of the kubeconfig cluster to use
195
196
197       --container-hints="/etc/cadvisor/container_hints.json"      location of
198       the container hints file
199
200
201       --containerd="/run/containerd/containerd.sock"      containerd endpoint
202
203
204       --containerd-namespace="k8s.io"      containerd namespace
205
206
207       --context=""      The name of the kubeconfig context to use
208
209
210       --default-not-ready-toleration-seconds=300      Indicates  the  tolera‐
211       tionSeconds  of  the toleration for notReady:NoExecute that is added by
212       default to every pod that does not already have such a toleration.
213
214
215       --default-unreachable-toleration-seconds=300      Indicates the tolera‐
216       tionSeconds  of  the toleration for unreachable:NoExecute that is added
217       by default to every pod that does not already have such a toleration.
218
219
220       --disable-root-cgroup-stats=false      Disable collecting  root  Cgroup
221       stats
222
223
224       --docker="unix:///var/run/docker.sock"      docker endpoint
225
226
227       --docker-env-metadata-whitelist=""      a comma-separated list of envi‐
228       ronment variable keys matched with specified prefix that  needs  to  be
229       collected for docker containers
230
231
232       --docker-only=false       Only  report docker containers in addition to
233       root stats
234
235
236       --docker-root="/var/lib/docker"      DEPRECATED: docker  root  is  read
237       from docker info (this is a fallback, default: /var/lib/docker)
238
239
240       --docker-tls=false      use TLS to connect to docker
241
242
243       --docker-tls-ca="ca.pem"      path to trusted CA
244
245
246       --docker-tls-cert="cert.pem"      path to client certificate
247
248
249       --docker-tls-key="key.pem"      path to private key
250
251
252       --enable-load-reader=false      Whether to enable cpu load reader
253
254
255       --event-storage-age-limit="default=0"      Max length of time for which
256       to store events (per type). Value is a comma separated list of key val‐
257       ues,  where the keys are event types (e.g.: creation, oom) or "default"
258       and the value is a duration. Default is applied  to  all  non-specified
259       event types
260
261
262       --event-storage-event-limit="default=0"       Max  number  of events to
263       store (per type). Value is a comma separated list of key values,  where
264       the  keys  are  event  types (e.g.: creation, oom) or "default" and the
265       value is an integer. Default is  applied  to  all  non-specified  event
266       types
267
268
269       --global-housekeeping-interval=1m0s      Interval between global house‐
270       keepings
271
272
273       --housekeeping-interval=10s      Interval between container  housekeep‐
274       ings
275
276
277       --insecure-skip-tls-verify=false      If true, the server's certificate
278       will not be checked for validity. This will make your HTTPS connections
279       insecure
280
281
282       --kubeconfig=""       Path  to  the  kubeconfig file to use for CLI re‐
283       quests.
284
285
286       --log-backtrace-at=:0      when logging hits line file:N, emit a  stack
287       trace
288
289
290       --log-cadvisor-usage=false       Whether to log the usage of the cAdvi‐
291       sor container
292
293
294       --log-dir=""      If non-empty, write log files in this directory
295
296
297       --log-file=""      If non-empty, use this log file
298
299
300       --log-file-max-size=1800      Defines the maximum size a log  file  can
301       grow to. Unit is megabytes. If the value is 0, the maximum file size is
302       unlimited.
303
304
305       --log-flush-frequency=5s      Maximum number  of  seconds  between  log
306       flushes
307
308
309       --logtostderr=true      log to standard error instead of files
310
311
312       --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
313            Comma-separated list of files to check  for  machine-id.  Use  the
314       first one that exists.
315
316
317       --match-server-version=false        Require  server  version  to  match
318       client version
319
320
321       -n, --namespace=""      If present, the namespace scope  for  this  CLI
322       request
323
324
325       --one-output=false      If true, only write logs to their native sever‐
326       ity level (vs also writing to each lower severity level
327
328
329       --password=""      Password for basic authentication to the API server
330
331
332       --profile="none"        Name   of   profile   to   capture.   One    of
333       (none|cpu|heap|goroutine|threadcreate|block|mutex)
334
335
336       --profile-output="profile.pprof"       Name  of  the  file to write the
337       profile to
338
339
340       --referenced-reset-interval=0      Reset interval for referenced  bytes
341       (container_referenced_bytes metric), number of measurement cycles after
342       which referenced bytes are cleared, if set to 0  referenced  bytes  are
343       never cleared (default: 0)
344
345
346       --request-timeout="0"       The length of time to wait before giving up
347       on a single server request. Non-zero values  should  contain  a  corre‐
348       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
349       out requests.
350
351
352       -s, --server=""      The address and port of the Kubernetes API server
353
354
355       --skip-headers=false      If true, avoid header  prefixes  in  the  log
356       messages
357
358
359       --skip-log-headers=false       If  true, avoid headers when opening log
360       files
361
362
363       --stderrthreshold=2      logs at or above this threshold go to stderr
364
365
366       --storage-driver-buffer-duration=1m0s      Writes in the storage driver
367       will  be  buffered  for  this duration, and committed to the non memory
368       backends as a single transaction
369
370
371       --storage-driver-db="cadvisor"      database name
372
373
374       --storage-driver-host="localhost:8086"      database host:port
375
376
377       --storage-driver-password="root"      database password
378
379
380       --storage-driver-secure=false      use secure connection with database
381
382
383       --storage-driver-table="stats"      table name
384
385
386       --storage-driver-user="root"      database username
387
388
389       --tls-server-name=""      Server name to  use  for  server  certificate
390       validation.  If  it  is  not provided, the hostname used to contact the
391       server is used
392
393
394       --token=""      Bearer token for authentication to the API server
395
396
397       --update-machine-info-interval=5m0s      Interval between machine  info
398       updates.
399
400
401       --user=""      The name of the kubeconfig user to use
402
403
404       --username=""      Username for basic authentication to the API server
405
406
407       -v, --v=0      number for the log level verbosity
408
409
410       --version=false      Print version information and quit
411
412
413       --vmodule=        comma-separated   list   of  pattern=N  settings  for
414       file-filtered logging
415
416
417       --warnings-as-errors=false      Treat warnings received from the server
418       as errors and exit with a non-zero exit code
419
420
421

EXAMPLE

423                # Apply the configuration in pod.json to a pod.
424                kubectl apply -f ./pod.json
425
426                # Apply resources from a directory containing kustomization.yaml - e.g. dir/kustomization.yaml.
427                kubectl apply -k dir/
428
429                # Apply the JSON passed into stdin to a pod.
430                cat pod.json | kubectl apply -f -
431
432                # Note: --prune is still in Alpha
433                # Apply the configuration in manifest.yaml that matches label app=nginx and delete all the other resources that are not in the file and match label app=nginx.
434                kubectl apply --prune -f manifest.yaml -l app=nginx
435
436                # Apply the configuration in manifest.yaml and delete all the other configmaps that are not in the file.
437                kubectl apply --prune -f manifest.yaml --all --prune-whitelist=core/v1/ConfigMap
438
439
440
441

SEE ALSO

443       kubectl(1),       kubectl-apply-edit-last-applied(1),       kubectl-ap‐
444       ply-set-last-applied(1), kubectl-apply-view-last-applied(1),
445
446
447

HISTORY

449       January 2015, Originally compiled by Eric Paris (eparis at  redhat  dot
450       com)  based  on the kubernetes source material, but hopefully they have
451       been automatically generated since!
452
453
454
455Manuals                              User            KUBERNETES(1)(kubernetes)
Impressum