1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl apply - Apply a configuration to a resource by filename or
10 stdin
11
15 kubectl apply [OPTIONS]
16
20 Apply a configuration to a resource by filename or stdin. The resource
21 name must be specified. This resource will be created if it doesn't ex‐
22 ist yet. To use 'apply', always create the resource initially with ei‐
23 ther 'apply' or 'create --save-config'.
24 JSON and YAML formats are accepted.
27 Alpha Disclaimer: the --prune functionality is not yet complete. Do not
30 use unless you are aware of what the current state is. See https://is‐
31 sues.k8s.io/34274.
32
36 --all=false Select all resources in the namespace of the specified
37 resource types.
38 --allow-missing-template-keys=true If true, ignore any errors in
41 templates when a field or map key is missing in the template. Only ap‐
42 plies to golang and jsonpath output formats.
43 --cascade="background" Must be "background", "orphan", or "fore‐
46 ground". Selects the deletion cascading strategy for the dependents
47 (e.g. Pods created by a ReplicationController). Defaults to background.
48 --dry-run="none" Must be "none", "server", or "client". If client
51 strategy, only print the object that would be sent, without sending it.
52 If server strategy, submit server-side request without persisting the
53 resource.
54 --field-manager="kubectl-client-side-apply" Name of the manager
57 used to track field ownership.
58 -f, --filename=[] that contains the configuration to apply
61 --force=false If true, immediately remove resources from API and
64 bypass graceful deletion. Note that immediate deletion of some re‐
65 sources may result in inconsistency or data loss and requires confirma‐
66 tion.
67 --force-conflicts=false If true, server-side apply will force the
70 changes against conflicts.
71 --grace-period=-1 Period of time in seconds given to the resource
74 to terminate gracefully. Ignored if negative. Set to 1 for immediate
75 shutdown. Can only be set to 0 when --force is true (force deletion).
76 -k, --kustomize="" Process a kustomization directory. This flag
79 can't be used together with -f or -R.
80 --openapi-patch=true If true, use openapi to calculate diff when
83 the openapi presents and the resource can be found in the openapi spec.
84 Otherwise, fall back to use baked-in types.
85 -o, --output="" Output format. One of: json|yaml|name|go-tem‐
88 plate|go-template-file|template|templatefile|jsonpath|json‐
89 path-as-json|jsonpath-file.
90 --overwrite=true Automatically resolve conflicts between the modi‐
93 fied and live configuration by using values from the modified configu‐
94 ration
95 --prune=false Automatically delete resource objects, including the
98 uninitialized ones, that do not appear in the configs and are created
99 by either apply or create --save-config. Should be used with either -l
100 or --all.
101 --prune-whitelist=[] Overwrite the default whitelist with for
104 --prune
105 --record=false Record current kubectl command in the resource an‐
108 notation. If set to false, do not record the command. If set to true,
109 record the command. If not set, default to updating the existing anno‐
110 tation value only if one already exists.
111 -R, --recursive=false Process the directory used in -f, --filename
114 recursively. Useful when you want to manage related manifests organized
115 within the same directory.
116 -l, --selector="" Selector (label query) to filter on, supports
119 '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
120 --server-side=false If true, apply runs in the server instead of
123 the client.
124 --template="" Template string or path to template file to use when
127 -o=go-template, -o=go-template-file. The template format is golang tem‐
128 plates [http://golang.org/pkg/text/template/#pkg-overview].
129 --timeout=0s The length of time to wait before giving up on a
132 delete, zero means determine a timeout from the size of the object
133 --validate=true If true, use a schema to validate the input before
136 sending it
137 --wait=false If true, wait for resources to be gone before return‐
140 ing. This waits for finalizers.
141
145 --add-dir-header=false If true, adds the file directory to the
146 header of the log messages
147 --alsologtostderr=false log to standard error as well as files
150 --application-metrics-count-limit=100 Max number of application
153 metrics to store (per container)
154 --as="" Username to impersonate for the operation
157 --as-group=[] Group to impersonate for the operation, this flag
160 can be repeated to specify multiple groups.
161 --azure-container-registry-config="" Path to the file containing
164 Azure container registry configuration information.
165 --boot-id-file="/proc/sys/kernel/random/boot_id" Comma-separated
168 list of files to check for boot-id. Use the first one that exists.
169 --cache-dir="/builddir/.kube/cache" Default cache directory
172 --certificate-authority="" Path to a cert file for the certificate
175 authority
176 --client-certificate="" Path to a client certificate file for TLS
179 --client-key="" Path to a client key file for TLS
182 --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
185 CIDRs opened in GCE firewall for L7 LB traffic proxy health
186 checks
187 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
190 CIDRs opened in GCE firewall for L4 LB traffic proxy health
191 checks
192 --cluster="" The name of the kubeconfig cluster to use
195 --container-hints="/etc/cadvisor/container_hints.json" location of
198 the container hints file
199 --containerd="/run/containerd/containerd.sock" containerd endpoint
202 --containerd-namespace="k8s.io" containerd namespace
205 --context="" The name of the kubeconfig context to use
208 --default-not-ready-toleration-seconds=300 Indicates the tolera‐
211 tionSeconds of the toleration for notReady:NoExecute that is added by
212 default to every pod that does not already have such a toleration.
213 --default-unreachable-toleration-seconds=300 Indicates the tolera‐
216 tionSeconds of the toleration for unreachable:NoExecute that is added
217 by default to every pod that does not already have such a toleration.
218 --disable-root-cgroup-stats=false Disable collecting root Cgroup
221 stats
222 --docker="unix:///var/run/docker.sock" docker endpoint
225 --docker-env-metadata-whitelist="" a comma-separated list of envi‐
228 ronment variable keys matched with specified prefix that needs to be
229 collected for docker containers
230 --docker-only=false Only report docker containers in addition to
233 root stats
234 --docker-root="/var/lib/docker" DEPRECATED: docker root is read
237 from docker info (this is a fallback, default: /var/lib/docker)
238 --docker-tls=false use TLS to connect to docker
241 --docker-tls-ca="ca.pem" path to trusted CA
244 --docker-tls-cert="cert.pem" path to client certificate
247 --docker-tls-key="key.pem" path to private key
250 --enable-load-reader=false Whether to enable cpu load reader
253 --event-storage-age-limit="default=0" Max length of time for which
256 to store events (per type). Value is a comma separated list of key val‐
257 ues, where the keys are event types (e.g.: creation, oom) or "default"
258 and the value is a duration. Default is applied to all non-specified
259 event types
260 --event-storage-event-limit="default=0" Max number of events to
263 store (per type). Value is a comma separated list of key values, where
264 the keys are event types (e.g.: creation, oom) or "default" and the
265 value is an integer. Default is applied to all non-specified event
266 types
267 --global-housekeeping-interval=1m0s Interval between global house‐
270 keepings
271 --housekeeping-interval=10s Interval between container housekeep‐
274 ings
275 --insecure-skip-tls-verify=false If true, the server's certificate
278 will not be checked for validity. This will make your HTTPS connections
279 insecure
280 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
283 quests.
284 --log-backtrace-at=:0 when logging hits line file:N, emit a stack
287 trace
288 --log-cadvisor-usage=false Whether to log the usage of the cAdvi‐
291 sor container
292 --log-dir="" If non-empty, write log files in this directory
295 --log-file="" If non-empty, use this log file
298 --log-file-max-size=1800 Defines the maximum size a log file can
301 grow to. Unit is megabytes. If the value is 0, the maximum file size is
302 unlimited.
303 --log-flush-frequency=5s Maximum number of seconds between log
306 flushes
307 --logtostderr=true log to standard error instead of files
310 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
313 Comma-separated list of files to check for machine-id. Use the
314 first one that exists.
315 --match-server-version=false Require server version to match
318 client version
319 -n, --namespace="" If present, the namespace scope for this CLI
322 request
323 --one-output=false If true, only write logs to their native sever‐
326 ity level (vs also writing to each lower severity level
327 --password="" Password for basic authentication to the API server
330 --profile="none" Name of profile to capture. One of
333 (none|cpu|heap|goroutine|threadcreate|block|mutex)
334 --profile-output="profile.pprof" Name of the file to write the
337 profile to
338 --referenced-reset-interval=0 Reset interval for referenced bytes
341 (container_referenced_bytes metric), number of measurement cycles after
342 which referenced bytes are cleared, if set to 0 referenced bytes are
343 never cleared (default: 0)
344 --request-timeout="0" The length of time to wait before giving up
347 on a single server request. Non-zero values should contain a corre‐
348 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
349 out requests.
350 -s, --server="" The address and port of the Kubernetes API server
353 --skip-headers=false If true, avoid header prefixes in the log
356 messages
357 --skip-log-headers=false If true, avoid headers when opening log
360 files
361 --stderrthreshold=2 logs at or above this threshold go to stderr
364 --storage-driver-buffer-duration=1m0s Writes in the storage driver
367 will be buffered for this duration, and committed to the non memory
368 backends as a single transaction
369 --storage-driver-db="cadvisor" database name
372 --storage-driver-host="localhost:8086" database host:port
375 --storage-driver-password="root" database password
378 --storage-driver-secure=false use secure connection with database
381 --storage-driver-table="stats" table name
384 --storage-driver-user="root" database username
387 --tls-server-name="" Server name to use for server certificate
390 validation. If it is not provided, the hostname used to contact the
391 server is used
392 --token="" Bearer token for authentication to the API server
395 --update-machine-info-interval=5m0s Interval between machine info
398 updates.
399 --user="" The name of the kubeconfig user to use
402 --username="" Username for basic authentication to the API server
405 -v, --v=0 number for the log level verbosity
408 --version=false Print version information and quit
411 --vmodule= comma-separated list of pattern=N settings for
414 file-filtered logging
415 --warnings-as-errors=false Treat warnings received from the server
418 as errors and exit with a non-zero exit code
419
423 # Apply the configuration in pod.json to a pod.
424 kubectl apply -f ./pod.json
425 # Apply resources from a directory containing kustomization.yaml - e.g. dir/kustomization.yaml.
427 kubectl apply -k dir/
428 # Apply the JSON passed into stdin to a pod.
430 cat pod.json | kubectl apply -f -
431 # Note: --prune is still in Alpha
433 # Apply the configuration in manifest.yaml that matches label app=nginx and delete all the other resources that are not in the file and match label app=nginx.
434 kubectl apply --prune -f manifest.yaml -l app=nginx
435 # Apply the configuration in manifest.yaml and delete all the other configmaps that are not in the file.
437 kubectl apply --prune -f manifest.yaml --all --prune-whitelist=core/v1/ConfigMap
438
443 kubectl(1), kubectl-apply-edit-last-applied(1), kubectl-ap‐
444 ply-set-last-applied(1), kubectl-apply-view-last-applied(1),
445
449 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
450 com) based on the kubernetes source material, but hopefully they have
451 been automatically generated since!
452Manuals User KUBERNETES(1)(kubernetes)