1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl create clusterrolebinding - Create a cluster role binding for a
10 particular cluster role
11
15 kubectl create clusterrolebinding [OPTIONS]
16
20 Create a cluster role binding for a particular cluster role.
21
25 --allow-missing-template-keys=true If true, ignore any errors in
26 templates when a field or map key is missing in the template. Only ap‐
27 plies to golang and jsonpath output formats.
28 --clusterrole="" ClusterRole this ClusterRoleBinding should refer‐
31 ence
32 --dry-run="none" Must be "none", "server", or "client". If client
35 strategy, only print the object that would be sent, without sending it.
36 If server strategy, submit server-side request without persisting the
37 resource.
38 --field-manager="kubectl-create" Name of the manager used to track
41 field ownership.
42 --group=[] Groups to bind to the clusterrole
45 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
48 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
49 json, jsonpath-file).
50 --save-config=false If true, the configuration of current object
53 will be saved in its annotation. Otherwise, the annotation will be un‐
54 changed. This flag is useful when you want to perform kubectl apply on
55 this object in the future.
56 --serviceaccount=[] Service accounts to bind to the clusterrole,
59 in the format :
60 --show-managed-fields=false If true, keep the managedFields when
63 printing objects in JSON or YAML format.
64 --template="" Template string or path to template file to use when
67 -o=go-template, -o=go-template-file. The template format is golang tem‐
68 plates [http://golang.org/pkg/text/template/#pkg-overview].
69 --validate="strict" Must be one of: strict (or true), warn, ignore
72 (or false). "true" or "strict" will use a schema to validate
73 the input and fail the request if invalid. It will perform server side
74 validation if ServerSideFieldValidation is enabled on the api-server,
75 but will fall back to less reliable client-side validation if not.
76 "warn" will warn about unknown or duplicate fields without
77 blocking the request if server-side field validation is enabled on the
78 API server, and behave as "ignore" otherwise. "false" or
79 "ignore" will not perform any schema validation, silently dropping any
80 unknown or duplicate fields.
81
85 --as="" Username to impersonate for the operation. User could be a
86 regular user or a service account in a namespace.
87 --as-group=[] Group to impersonate for the operation, this flag
90 can be repeated to specify multiple groups.
91 --as-uid="" UID to impersonate for the operation.
94 --azure-container-registry-config="" Path to the file containing
97 Azure container registry configuration information.
98 --cache-dir="/builddir/.kube/cache" Default cache directory
101 --certificate-authority="" Path to a cert file for the certificate
104 authority
105 --client-certificate="" Path to a client certificate file for TLS
108 --client-key="" Path to a client key file for TLS
111 --cluster="" The name of the kubeconfig cluster to use
114 --context="" The name of the kubeconfig context to use
117 --insecure-skip-tls-verify=false If true, the server's certificate
120 will not be checked for validity. This will make your HTTPS connections
121 insecure
122 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
125 quests.
126 --match-server-version=false Require server version to match
129 client version
130 -n, --namespace="" If present, the namespace scope for this CLI
133 request
134 --password="" Password for basic authentication to the API server
137 --profile="none" Name of profile to capture. One of
140 (none|cpu|heap|goroutine|threadcreate|block|mutex)
141 --profile-output="profile.pprof" Name of the file to write the
144 profile to
145 --request-timeout="0" The length of time to wait before giving up
148 on a single server request. Non-zero values should contain a corre‐
149 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
150 out requests.
151 -s, --server="" The address and port of the Kubernetes API server
154 --tls-server-name="" Server name to use for server certificate
157 validation. If it is not provided, the hostname used to contact the
158 server is used
159 --token="" Bearer token for authentication to the API server
162 --user="" The name of the kubeconfig user to use
165 --username="" Username for basic authentication to the API server
168 --version=false Print version information and quit
171 --warnings-as-errors=false Treat warnings received from the server
174 as errors and exit with a non-zero exit code
175
179 # Create a cluster role binding for user1, user2, and group1 using the cluster-admin cluster role
180 kubectl create clusterrolebinding cluster-admin --clusterrole=cluster-admin --user=user1 --user=user2 --group=group1
181
186 kubectl-create(1),
187
191 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
192 com) based on the kubernetes source material, but hopefully they have
193 been automatically generated since!
194Manuals User KUBERNETES(1)(kubernetes)