1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7
9 kubectl create role - Create a role with single rule
10
11
12
14 kubectl create role [OPTIONS]
15
16
17
19 Create a role with single rule.
20
21
22
24 --allow-missing-template-keys=true If true, ignore any errors in
25 templates when a field or map key is missing in the template. Only ap‐
26 plies to golang and jsonpath output formats.
27
28
29 --dry-run="none" Must be "none", "server", or "client". If client
30 strategy, only print the object that would be sent, without sending it.
31 If server strategy, submit server-side request without persisting the
32 resource.
33
34
35 --field-manager="kubectl-create" Name of the manager used to track
36 field ownership.
37
38
39 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
40 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
41 json, jsonpath-file).
42
43
44 --resource=[] Resource that the rule applies to
45
46
47 --resource-name=[] Resource in the white list that the rule ap‐
48 plies to, repeat this flag for multiple items
49
50
51 --save-config=false If true, the configuration of current object
52 will be saved in its annotation. Otherwise, the annotation will be un‐
53 changed. This flag is useful when you want to perform kubectl apply on
54 this object in the future.
55
56
57 --show-managed-fields=false If true, keep the managedFields when
58 printing objects in JSON or YAML format.
59
60
61 --template="" Template string or path to template file to use when
62 -o=go-template, -o=go-template-file. The template format is golang tem‐
63 plates [http://golang.org/pkg/text/template/#pkg-overview].
64
65
66 --validate="strict" Must be one of: strict (or true), warn, ignore
67 (or false). "true" or "strict" will use a schema to validate
68 the input and fail the request if invalid. It will perform server side
69 validation if ServerSideFieldValidation is enabled on the api-server,
70 but will fall back to less reliable client-side validation if not.
71 "warn" will warn about unknown or duplicate fields without
72 blocking the request if server-side field validation is enabled on the
73 API server, and behave as "ignore" otherwise. "false" or
74 "ignore" will not perform any schema validation, silently dropping any
75 unknown or duplicate fields.
76
77
78 --verb=[] Verb that applies to the resources contained in the rule
79
80
81
83 --as="" Username to impersonate for the operation. User could be a
84 regular user or a service account in a namespace.
85
86
87 --as-group=[] Group to impersonate for the operation, this flag
88 can be repeated to specify multiple groups.
89
90
91 --as-uid="" UID to impersonate for the operation.
92
93
94 --azure-container-registry-config="" Path to the file containing
95 Azure container registry configuration information.
96
97
98 --cache-dir="/builddir/.kube/cache" Default cache directory
99
100
101 --certificate-authority="" Path to a cert file for the certificate
102 authority
103
104
105 --client-certificate="" Path to a client certificate file for TLS
106
107
108 --client-key="" Path to a client key file for TLS
109
110
111 --cluster="" The name of the kubeconfig cluster to use
112
113
114 --context="" The name of the kubeconfig context to use
115
116
117 --insecure-skip-tls-verify=false If true, the server's certificate
118 will not be checked for validity. This will make your HTTPS connections
119 insecure
120
121
122 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
123 quests.
124
125
126 --match-server-version=false Require server version to match
127 client version
128
129
130 -n, --namespace="" If present, the namespace scope for this CLI
131 request
132
133
134 --password="" Password for basic authentication to the API server
135
136
137 --profile="none" Name of profile to capture. One of
138 (none|cpu|heap|goroutine|threadcreate|block|mutex)
139
140
141 --profile-output="profile.pprof" Name of the file to write the
142 profile to
143
144
145 --request-timeout="0" The length of time to wait before giving up
146 on a single server request. Non-zero values should contain a corre‐
147 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
148 out requests.
149
150
151 -s, --server="" The address and port of the Kubernetes API server
152
153
154 --tls-server-name="" Server name to use for server certificate
155 validation. If it is not provided, the hostname used to contact the
156 server is used
157
158
159 --token="" Bearer token for authentication to the API server
160
161
162 --user="" The name of the kubeconfig user to use
163
164
165 --username="" Username for basic authentication to the API server
166
167
168 --version=false Print version information and quit
169
170
171 --warnings-as-errors=false Treat warnings received from the server
172 as errors and exit with a non-zero exit code
173
174
175
177 # Create a role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
178 kubectl create role pod-reader --verb=get --verb=list --verb=watch --resource=pods
179
180 # Create a role named "pod-reader" with ResourceName specified
181 kubectl create role pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod
182
183 # Create a role named "foo" with API Group specified
184 kubectl create role foo --verb=get,list,watch --resource=rs.extensions
185
186 # Create a role named "foo" with SubResource specified
187 kubectl create role foo --verb=get,list,watch --resource=pods,pods/status
188
189
190
191
193 kubectl-create(1),
194
195
196
198 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
199 com) based on the kubernetes source material, but hopefully they have
200 been automatically generated since!
201
202
203
204Manuals User KUBERNETES(1)(kubernetes)