1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl expose - Take a replication controller, service, deployment or
10 pod and expose it as a new Kubernetes Service
11
15 kubectl expose [OPTIONS]
16
20 Expose a resource as a new Kubernetes service.
21 Looks up a deployment, service, replica set, replication controller or
24 pod by name and uses the selector for that resource as the selector for
25 a new service on the specified port. A deployment or replica set will
26 be exposed as a service only if its selector is convertible to a selec‐
27 tor that service supports, i.e. when the selector contains only the
28 matchLabels component. Note that if no port is specified via --port and
29 the exposed resource has multiple ports, all will be re-used by the new
30 service. Also if no labels are specified, the new service will re-use
31 the labels from the resource it exposes.
32 Possible resources include (case insensitive):
35 pod (po), service (svc), replicationcontroller (rc), deployment (de‐
38 ploy), replicaset (rs)
39
43 --allow-missing-template-keys=true If true, ignore any errors in
44 templates when a field or map key is missing in the template. Only ap‐
45 plies to golang and jsonpath output formats.
46 --cluster-ip="" ClusterIP to be assigned to the service. Leave
49 empty to auto-allocate, or set to 'None' to create a headless service.
50 --container-port="" Synonym for --target-port
53 --dry-run="none" Must be "none", "server", or "client". If client
56 strategy, only print the object that would be sent, without sending it.
57 If server strategy, submit server-side request without persisting the
58 resource.
59 --external-ip="" Additional external IP address (not managed by
62 Kubernetes) to accept for the service. If this IP is routed to a node,
63 the service can be accessed by this IP in addition to its generated
64 service IP.
65 --field-manager="kubectl-expose" Name of the manager used to track
68 field ownership.
69 -f, --filename=[] Filename, directory, or URL to files identifying
72 the resource to expose a service
73 --generator="service/v2" The name of the API generator to use.
76 There are 2 generators: 'service/v1' and 'service/v2'. The only differ‐
77 ence between them is that service port in v1 is named 'default', while
78 it is left unnamed in v2. Default is 'service/v2'.
79 -k, --kustomize="" Process the kustomization directory. This flag
82 can't be used together with -f or -R.
83 -l, --labels="" Labels to apply to the service created by this
86 call.
87 --load-balancer-ip="" IP to assign to the LoadBalancer. If empty,
90 an ephemeral IP will be created and used (cloud-provider specific).
91 --name="" The name for the newly created object.
94 -o, --output="" Output format. One of: json|yaml|name|go-tem‐
97 plate|go-template-file|template|templatefile|jsonpath|json‐
98 path-as-json|jsonpath-file.
99 --overrides="" An inline JSON override for the generated object.
102 If this is non-empty, it is used to override the generated object. Re‐
103 quires that the object supply a valid apiVersion field.
104 --port="" The port that the service should serve on. Copied from
107 the resource being exposed, if unspecified
108 --protocol="" The network protocol for the service to be created.
111 Default is 'TCP'.
112 --record=false Record current kubectl command in the resource an‐
115 notation. If set to false, do not record the command. If set to true,
116 record the command. If not set, default to updating the existing anno‐
117 tation value only if one already exists.
118 -R, --recursive=false Process the directory used in -f, --filename
121 recursively. Useful when you want to manage related manifests organized
122 within the same directory.
123 --save-config=false If true, the configuration of current object
126 will be saved in its annotation. Otherwise, the annotation will be un‐
127 changed. This flag is useful when you want to perform kubectl apply on
128 this object in the future.
129 --selector="" A label selector to use for this service. Only
132 equality-based selector requirements are supported. If empty (the de‐
133 fault) infer the selector from the replication controller or replica
134 set.)
135 --session-affinity="" If non-empty, set the session affinity for
138 the service to this; legal values: 'None', 'ClientIP'
139 --target-port="" Name or number for the port on the container that
142 the service should direct traffic to. Optional.
143 --template="" Template string or path to template file to use when
146 -o=go-template, -o=go-template-file. The template format is golang tem‐
147 plates [http://golang.org/pkg/text/template/#pkg-overview].
148 --type="" Type for this service: ClusterIP, NodePort, LoadBal‐
151 ancer, or ExternalName. Default is 'ClusterIP'.
152
156 --add-dir-header=false If true, adds the file directory to the
157 header of the log messages
158 --alsologtostderr=false log to standard error as well as files
161 --application-metrics-count-limit=100 Max number of application
164 metrics to store (per container)
165 --as="" Username to impersonate for the operation
168 --as-group=[] Group to impersonate for the operation, this flag
171 can be repeated to specify multiple groups.
172 --azure-container-registry-config="" Path to the file containing
175 Azure container registry configuration information.
176 --boot-id-file="/proc/sys/kernel/random/boot_id" Comma-separated
179 list of files to check for boot-id. Use the first one that exists.
180 --cache-dir="/builddir/.kube/cache" Default cache directory
183 --certificate-authority="" Path to a cert file for the certificate
186 authority
187 --client-certificate="" Path to a client certificate file for TLS
190 --client-key="" Path to a client key file for TLS
193 --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
196 CIDRs opened in GCE firewall for L7 LB traffic proxy health
197 checks
198 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
201 CIDRs opened in GCE firewall for L4 LB traffic proxy health
202 checks
203 --cluster="" The name of the kubeconfig cluster to use
206 --container-hints="/etc/cadvisor/container_hints.json" location of
209 the container hints file
210 --containerd="/run/containerd/containerd.sock" containerd endpoint
213 --containerd-namespace="k8s.io" containerd namespace
216 --context="" The name of the kubeconfig context to use
219 --default-not-ready-toleration-seconds=300 Indicates the tolera‐
222 tionSeconds of the toleration for notReady:NoExecute that is added by
223 default to every pod that does not already have such a toleration.
224 --default-unreachable-toleration-seconds=300 Indicates the tolera‐
227 tionSeconds of the toleration for unreachable:NoExecute that is added
228 by default to every pod that does not already have such a toleration.
229 --disable-root-cgroup-stats=false Disable collecting root Cgroup
232 stats
233 --docker="unix:///var/run/docker.sock" docker endpoint
236 --docker-env-metadata-whitelist="" a comma-separated list of envi‐
239 ronment variable keys matched with specified prefix that needs to be
240 collected for docker containers
241 --docker-only=false Only report docker containers in addition to
244 root stats
245 --docker-root="/var/lib/docker" DEPRECATED: docker root is read
248 from docker info (this is a fallback, default: /var/lib/docker)
249 --docker-tls=false use TLS to connect to docker
252 --docker-tls-ca="ca.pem" path to trusted CA
255 --docker-tls-cert="cert.pem" path to client certificate
258 --docker-tls-key="key.pem" path to private key
261 --enable-load-reader=false Whether to enable cpu load reader
264 --event-storage-age-limit="default=0" Max length of time for which
267 to store events (per type). Value is a comma separated list of key val‐
268 ues, where the keys are event types (e.g.: creation, oom) or "default"
269 and the value is a duration. Default is applied to all non-specified
270 event types
271 --event-storage-event-limit="default=0" Max number of events to
274 store (per type). Value is a comma separated list of key values, where
275 the keys are event types (e.g.: creation, oom) or "default" and the
276 value is an integer. Default is applied to all non-specified event
277 types
278 --global-housekeeping-interval=1m0s Interval between global house‐
281 keepings
282 --housekeeping-interval=10s Interval between container housekeep‐
285 ings
286 --insecure-skip-tls-verify=false If true, the server's certificate
289 will not be checked for validity. This will make your HTTPS connections
290 insecure
291 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
294 quests.
295 --log-backtrace-at=:0 when logging hits line file:N, emit a stack
298 trace
299 --log-cadvisor-usage=false Whether to log the usage of the cAdvi‐
302 sor container
303 --log-dir="" If non-empty, write log files in this directory
306 --log-file="" If non-empty, use this log file
309 --log-file-max-size=1800 Defines the maximum size a log file can
312 grow to. Unit is megabytes. If the value is 0, the maximum file size is
313 unlimited.
314 --log-flush-frequency=5s Maximum number of seconds between log
317 flushes
318 --logtostderr=true log to standard error instead of files
321 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
324 Comma-separated list of files to check for machine-id. Use the
325 first one that exists.
326 --match-server-version=false Require server version to match
329 client version
330 -n, --namespace="" If present, the namespace scope for this CLI
333 request
334 --one-output=false If true, only write logs to their native sever‐
337 ity level (vs also writing to each lower severity level
338 --password="" Password for basic authentication to the API server
341 --profile="none" Name of profile to capture. One of
344 (none|cpu|heap|goroutine|threadcreate|block|mutex)
345 --profile-output="profile.pprof" Name of the file to write the
348 profile to
349 --referenced-reset-interval=0 Reset interval for referenced bytes
352 (container_referenced_bytes metric), number of measurement cycles after
353 which referenced bytes are cleared, if set to 0 referenced bytes are
354 never cleared (default: 0)
355 --request-timeout="0" The length of time to wait before giving up
358 on a single server request. Non-zero values should contain a corre‐
359 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
360 out requests.
361 -s, --server="" The address and port of the Kubernetes API server
364 --skip-headers=false If true, avoid header prefixes in the log
367 messages
368 --skip-log-headers=false If true, avoid headers when opening log
371 files
372 --stderrthreshold=2 logs at or above this threshold go to stderr
375 --storage-driver-buffer-duration=1m0s Writes in the storage driver
378 will be buffered for this duration, and committed to the non memory
379 backends as a single transaction
380 --storage-driver-db="cadvisor" database name
383 --storage-driver-host="localhost:8086" database host:port
386 --storage-driver-password="root" database password
389 --storage-driver-secure=false use secure connection with database
392 --storage-driver-table="stats" table name
395 --storage-driver-user="root" database username
398 --tls-server-name="" Server name to use for server certificate
401 validation. If it is not provided, the hostname used to contact the
402 server is used
403 --token="" Bearer token for authentication to the API server
406 --update-machine-info-interval=5m0s Interval between machine info
409 updates.
410 --user="" The name of the kubeconfig user to use
413 --username="" Username for basic authentication to the API server
416 -v, --v=0 number for the log level verbosity
419 --version=false Print version information and quit
422 --vmodule= comma-separated list of pattern=N settings for
425 file-filtered logging
426 --warnings-as-errors=false Treat warnings received from the server
429 as errors and exit with a non-zero exit code
430
434 # Create a service for a replicated nginx, which serves on port 80 and connects to the containers on port 8000.
435 kubectl expose rc nginx --port=80 --target-port=8000
436 # Create a service for a replication controller identified by type and name specified in "nginx-controller.yaml", which serves on port 80 and connects to the containers on port 8000.
438 kubectl expose -f nginx-controller.yaml --port=80 --target-port=8000
439 # Create a service for a pod valid-pod, which serves on port 444 with the name "frontend"
441 kubectl expose pod valid-pod --port=444 --name=frontend
442 # Create a second service based on the above service, exposing the container port 8443 as port 443 with the name "nginx-https"
444 kubectl expose service nginx --port=443 --target-port=8443 --name=nginx-https
445 # Create a service for a replicated streaming application on port 4100 balancing UDP traffic and named 'video-stream'.
447 kubectl expose rc streamer --port=4100 --protocol=UDP --name=video-stream
448 # Create a service for a replicated nginx using replica set, which serves on port 80 and connects to the containers on port 8000.
450 kubectl expose rs nginx --port=80 --target-port=8000
451 # Create a service for an nginx deployment, which serves on port 80 and connects to the containers on port 8000.
453 kubectl expose deployment nginx --port=80 --target-port=8000
454
459 kubectl(1),
460
464 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
465 com) based on the kubernetes source material, but hopefully they have
466 been automatically generated since!
467Manuals User KUBERNETES(1)(kubernetes)