1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7
9 kubectl create rolebinding - Create a RoleBinding for a particular Role
10 or ClusterRole
11
12
13
15 kubectl create rolebinding [OPTIONS]
16
17
18
20 Create a RoleBinding for a particular Role or ClusterRole.
21
22
23
25 --allow-missing-template-keys=true If true, ignore any errors in
26 templates when a field or map key is missing in the template. Only ap‐
27 plies to golang and jsonpath output formats.
28
29
30 --clusterrole="" ClusterRole this RoleBinding should reference
31
32
33 --dry-run="none" Must be "none", "server", or "client". If client
34 strategy, only print the object that would be sent, without sending it.
35 If server strategy, submit server-side request without persisting the
36 resource.
37
38
39 --field-manager="kubectl-create" Name of the manager used to track
40 field ownership.
41
42
43 --group=[] Groups to bind to the role
44
45
46 -o, --output="" Output format. One of: json|yaml|name|go-tem‐
47 plate|go-template-file|template|templatefile|jsonpath|json‐
48 path-as-json|jsonpath-file.
49
50
51 --role="" Role this RoleBinding should reference
52
53
54 --save-config=false If true, the configuration of current object
55 will be saved in its annotation. Otherwise, the annotation will be un‐
56 changed. This flag is useful when you want to perform kubectl apply on
57 this object in the future.
58
59
60 --serviceaccount=[] Service accounts to bind to the role, in the
61 format :
62
63
64 --template="" Template string or path to template file to use when
65 -o=go-template, -o=go-template-file. The template format is golang tem‐
66 plates [http://golang.org/pkg/text/template/#pkg-overview].
67
68
69 --validate=true If true, use a schema to validate the input before
70 sending it
71
72
73
75 --add-dir-header=false If true, adds the file directory to the
76 header of the log messages
77
78
79 --alsologtostderr=false log to standard error as well as files
80
81
82 --application-metrics-count-limit=100 Max number of application
83 metrics to store (per container)
84
85
86 --as="" Username to impersonate for the operation
87
88
89 --as-group=[] Group to impersonate for the operation, this flag
90 can be repeated to specify multiple groups.
91
92
93 --azure-container-registry-config="" Path to the file containing
94 Azure container registry configuration information.
95
96
97 --boot-id-file="/proc/sys/kernel/random/boot_id" Comma-separated
98 list of files to check for boot-id. Use the first one that exists.
99
100
101 --cache-dir="/builddir/.kube/cache" Default cache directory
102
103
104 --certificate-authority="" Path to a cert file for the certificate
105 authority
106
107
108 --client-certificate="" Path to a client certificate file for TLS
109
110
111 --client-key="" Path to a client key file for TLS
112
113
114 --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
115 CIDRs opened in GCE firewall for L7 LB traffic proxy health
116 checks
117
118
119 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
120 CIDRs opened in GCE firewall for L4 LB traffic proxy health
121 checks
122
123
124 --cluster="" The name of the kubeconfig cluster to use
125
126
127 --container-hints="/etc/cadvisor/container_hints.json" location of
128 the container hints file
129
130
131 --containerd="/run/containerd/containerd.sock" containerd endpoint
132
133
134 --containerd-namespace="k8s.io" containerd namespace
135
136
137 --context="" The name of the kubeconfig context to use
138
139
140 --default-not-ready-toleration-seconds=300 Indicates the tolera‐
141 tionSeconds of the toleration for notReady:NoExecute that is added by
142 default to every pod that does not already have such a toleration.
143
144
145 --default-unreachable-toleration-seconds=300 Indicates the tolera‐
146 tionSeconds of the toleration for unreachable:NoExecute that is added
147 by default to every pod that does not already have such a toleration.
148
149
150 --disable-root-cgroup-stats=false Disable collecting root Cgroup
151 stats
152
153
154 --docker="unix:///var/run/docker.sock" docker endpoint
155
156
157 --docker-env-metadata-whitelist="" a comma-separated list of envi‐
158 ronment variable keys matched with specified prefix that needs to be
159 collected for docker containers
160
161
162 --docker-only=false Only report docker containers in addition to
163 root stats
164
165
166 --docker-root="/var/lib/docker" DEPRECATED: docker root is read
167 from docker info (this is a fallback, default: /var/lib/docker)
168
169
170 --docker-tls=false use TLS to connect to docker
171
172
173 --docker-tls-ca="ca.pem" path to trusted CA
174
175
176 --docker-tls-cert="cert.pem" path to client certificate
177
178
179 --docker-tls-key="key.pem" path to private key
180
181
182 --enable-load-reader=false Whether to enable cpu load reader
183
184
185 --event-storage-age-limit="default=0" Max length of time for which
186 to store events (per type). Value is a comma separated list of key val‐
187 ues, where the keys are event types (e.g.: creation, oom) or "default"
188 and the value is a duration. Default is applied to all non-specified
189 event types
190
191
192 --event-storage-event-limit="default=0" Max number of events to
193 store (per type). Value is a comma separated list of key values, where
194 the keys are event types (e.g.: creation, oom) or "default" and the
195 value is an integer. Default is applied to all non-specified event
196 types
197
198
199 --global-housekeeping-interval=1m0s Interval between global house‐
200 keepings
201
202
203 --housekeeping-interval=10s Interval between container housekeep‐
204 ings
205
206
207 --insecure-skip-tls-verify=false If true, the server's certificate
208 will not be checked for validity. This will make your HTTPS connections
209 insecure
210
211
212 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
213 quests.
214
215
216 --log-backtrace-at=:0 when logging hits line file:N, emit a stack
217 trace
218
219
220 --log-cadvisor-usage=false Whether to log the usage of the cAdvi‐
221 sor container
222
223
224 --log-dir="" If non-empty, write log files in this directory
225
226
227 --log-file="" If non-empty, use this log file
228
229
230 --log-file-max-size=1800 Defines the maximum size a log file can
231 grow to. Unit is megabytes. If the value is 0, the maximum file size is
232 unlimited.
233
234
235 --log-flush-frequency=5s Maximum number of seconds between log
236 flushes
237
238
239 --logtostderr=true log to standard error instead of files
240
241
242 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
243 Comma-separated list of files to check for machine-id. Use the
244 first one that exists.
245
246
247 --match-server-version=false Require server version to match
248 client version
249
250
251 -n, --namespace="" If present, the namespace scope for this CLI
252 request
253
254
255 --one-output=false If true, only write logs to their native sever‐
256 ity level (vs also writing to each lower severity level
257
258
259 --password="" Password for basic authentication to the API server
260
261
262 --profile="none" Name of profile to capture. One of
263 (none|cpu|heap|goroutine|threadcreate|block|mutex)
264
265
266 --profile-output="profile.pprof" Name of the file to write the
267 profile to
268
269
270 --referenced-reset-interval=0 Reset interval for referenced bytes
271 (container_referenced_bytes metric), number of measurement cycles after
272 which referenced bytes are cleared, if set to 0 referenced bytes are
273 never cleared (default: 0)
274
275
276 --request-timeout="0" The length of time to wait before giving up
277 on a single server request. Non-zero values should contain a corre‐
278 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
279 out requests.
280
281
282 -s, --server="" The address and port of the Kubernetes API server
283
284
285 --skip-headers=false If true, avoid header prefixes in the log
286 messages
287
288
289 --skip-log-headers=false If true, avoid headers when opening log
290 files
291
292
293 --stderrthreshold=2 logs at or above this threshold go to stderr
294
295
296 --storage-driver-buffer-duration=1m0s Writes in the storage driver
297 will be buffered for this duration, and committed to the non memory
298 backends as a single transaction
299
300
301 --storage-driver-db="cadvisor" database name
302
303
304 --storage-driver-host="localhost:8086" database host:port
305
306
307 --storage-driver-password="root" database password
308
309
310 --storage-driver-secure=false use secure connection with database
311
312
313 --storage-driver-table="stats" table name
314
315
316 --storage-driver-user="root" database username
317
318
319 --tls-server-name="" Server name to use for server certificate
320 validation. If it is not provided, the hostname used to contact the
321 server is used
322
323
324 --token="" Bearer token for authentication to the API server
325
326
327 --update-machine-info-interval=5m0s Interval between machine info
328 updates.
329
330
331 --user="" The name of the kubeconfig user to use
332
333
334 --username="" Username for basic authentication to the API server
335
336
337 -v, --v=0 number for the log level verbosity
338
339
340 --version=false Print version information and quit
341
342
343 --vmodule= comma-separated list of pattern=N settings for
344 file-filtered logging
345
346
347 --warnings-as-errors=false Treat warnings received from the server
348 as errors and exit with a non-zero exit code
349
350
351
353 # Create a RoleBinding for user1, user2, and group1 using the admin ClusterRole
354 kubectl create rolebinding admin --clusterrole=admin --user=user1 --user=user2 --group=group1
355
356
357
358
360 kubectl-create(1),
361
362
363
365 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
366 com) based on the kubernetes source material, but hopefully they have
367 been automatically generated since!
368
369
370
371Manuals User KUBERNETES(1)(kubernetes)