1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl create role - Create a role with single rule
10
11
12

SYNOPSIS

14       kubectl create role [OPTIONS]
15
16
17

DESCRIPTION

19       Create a role with single rule.
20
21
22

OPTIONS

24       --allow-missing-template-keys=true       If  true, ignore any errors in
25       templates when a field or map key is missing in the template. Only  ap‐
26       plies to golang and jsonpath output formats.
27
28
29       --dry-run="none"       Must be "none", "server", or "client". If client
30       strategy, only print the object that would be sent, without sending it.
31       If  server  strategy, submit server-side request without persisting the
32       resource.
33
34
35       --field-manager="kubectl-create"      Name of the manager used to track
36       field ownership.
37
38
39       -o,  --output=""      Output format. One of: (json, yaml, name, go-tem‐
40       plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
41       json, jsonpath-file).
42
43
44       --resource=[]      Resource that the rule applies to
45
46
47       --resource-name=[]       Resource  in  the white list that the rule ap‐
48       plies to, repeat this flag for multiple items
49
50
51       --save-config=false      If true, the configuration of  current  object
52       will  be saved in its annotation. Otherwise, the annotation will be un‐
53       changed. This flag is useful when you want to perform kubectl apply  on
54       this object in the future.
55
56
57       --show-managed-fields=false       If  true, keep the managedFields when
58       printing objects in JSON or YAML format.
59
60
61       --template=""      Template string or path to template file to use when
62       -o=go-template, -o=go-template-file. The template format is golang tem‐
63       plates [http://golang.org/pkg/text/template/#pkg-overview].
64
65
66       --validate="strict"      Must be one of: strict (or true), warn, ignore
67       (or false).            "true" or "strict" will use a schema to validate
68       the input and fail the request if invalid. It will perform server  side
69       validation  if  ServerSideFieldValidation is enabled on the api-server,
70       but will fall back to less  reliable  client-side  validation  if  not.
71                 "warn"  will  warn  about unknown or duplicate fields without
72       blocking the request if server-side field validation is enabled on  the
73       API  server,  and  behave  as "ignore" otherwise.            "false" or
74       "ignore" will not perform any schema validation, silently dropping  any
75       unknown or duplicate fields.
76
77
78       --verb=[]      Verb that applies to the resources contained in the rule
79
80
81

OPTIONS INHERITED FROM PARENT COMMANDS

83       --as=""      Username to impersonate for the operation. User could be a
84       regular user or a service account in a namespace.
85
86
87       --as-group=[]      Group to impersonate for the  operation,  this  flag
88       can be repeated to specify multiple groups.
89
90
91       --as-uid=""      UID to impersonate for the operation.
92
93
94       --azure-container-registry-config=""       Path  to the file containing
95       Azure container registry configuration information.
96
97
98       --cache-dir="/builddir/.kube/cache"      Default cache directory
99
100
101       --certificate-authority=""      Path to a cert file for the certificate
102       authority
103
104
105       --client-certificate=""      Path to a client certificate file for TLS
106
107
108       --client-key=""      Path to a client key file for TLS
109
110
111       --cluster=""      The name of the kubeconfig cluster to use
112
113
114       --context=""      The name of the kubeconfig context to use
115
116
117       --insecure-skip-tls-verify=false      If true, the server's certificate
118       will not be checked for validity. This will make your HTTPS connections
119       insecure
120
121
122       --kubeconfig=""       Path  to  the  kubeconfig file to use for CLI re‐
123       quests.
124
125
126       --match-server-version=false       Require  server  version  to   match
127       client version
128
129
130       -n,  --namespace=""       If  present, the namespace scope for this CLI
131       request
132
133
134       --password=""      Password for basic authentication to the API server
135
136
137       --profile="none"        Name   of   profile   to   capture.   One    of
138       (none|cpu|heap|goroutine|threadcreate|block|mutex)
139
140
141       --profile-output="profile.pprof"       Name  of  the  file to write the
142       profile to
143
144
145       --request-timeout="0"      The length of time to wait before giving  up
146       on  a  single  server  request. Non-zero values should contain a corre‐
147       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
148       out requests.
149
150
151       -s, --server=""      The address and port of the Kubernetes API server
152
153
154       --tls-server-name=""       Server  name  to  use for server certificate
155       validation. If it is not provided, the hostname  used  to  contact  the
156       server is used
157
158
159       --token=""      Bearer token for authentication to the API server
160
161
162       --user=""      The name of the kubeconfig user to use
163
164
165       --username=""      Username for basic authentication to the API server
166
167
168       --version=false      Print version information and quit
169
170
171       --warnings-as-errors=false      Treat warnings received from the server
172       as errors and exit with a non-zero exit code
173
174
175

EXAMPLE

177                # Create a role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
178                kubectl create role pod-reader --verb=get --verb=list --verb=watch --resource=pods
179
180                # Create a role named "pod-reader" with ResourceName specified
181                kubectl create role pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod
182
183                # Create a role named "foo" with API Group specified
184                kubectl create role foo --verb=get,list,watch --resource=rs.extensions
185
186                # Create a role named "foo" with SubResource specified
187                kubectl create role foo --verb=get,list,watch --resource=pods,pods/status
188
189
190
191

SEE ALSO

193       kubectl-create(1),
194
195
196

HISTORY

198       January 2015, Originally compiled by Eric Paris (eparis at  redhat  dot
199       com)  based  on the kubernetes source material, but hopefully they have
200       been automatically generated since!
201
202
203
204Manuals                              User            KUBERNETES(1)(kubernetes)
Impressum