1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7
9 kubectl auth reconcile - Reconciles rules for RBAC role, role binding,
10 cluster role, and cluster role binding objects
11
12
13
15 kubectl auth reconcile [OPTIONS]
16
17
18
20 Reconciles rules for RBAC role, role binding, cluster role, and cluster
21 role binding objects.
22
23
24 Missing objects are created, and the containing namespace is created
25 for namespaced objects, if required.
26
27
28 Existing roles are updated to include the permissions in the input ob‐
29 jects, and remove extra permissions if --remove-extra-permissions is
30 specified.
31
32
33 Existing bindings are updated to include the subjects in the input ob‐
34 jects, and remove extra subjects if --remove-extra-subjects is speci‐
35 fied.
36
37
38 This is preferred to 'apply' for RBAC resources so that semantically-
39 aware merging of rules and subjects is done.
40
41
42
44 --allow-missing-template-keys=true If true, ignore any errors in
45 templates when a field or map key is missing in the template. Only ap‐
46 plies to golang and jsonpath output formats.
47
48
49 --dry-run="none" Must be "none", "server", or "client". If client
50 strategy, only print the object that would be sent, without sending it.
51 If server strategy, submit server-side request without persisting the
52 resource.
53
54
55 -f, --filename=[] Filename, directory, or URL to files identifying
56 the resource to reconcile.
57
58
59 -k, --kustomize="" Process the kustomization directory. This flag
60 can't be used together with -f or -R.
61
62
63 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
64 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
65 json, jsonpath-file).
66
67
68 -R, --recursive=false Process the directory used in -f, --filename
69 recursively. Useful when you want to manage related manifests organized
70 within the same directory.
71
72
73 --remove-extra-permissions=false If true, removes extra permis‐
74 sions added to roles
75
76
77 --remove-extra-subjects=false If true, removes extra subjects
78 added to rolebindings
79
80
81 --show-managed-fields=false If true, keep the managedFields when
82 printing objects in JSON or YAML format.
83
84
85 --template="" Template string or path to template file to use when
86 -o=go-template, -o=go-template-file. The template format is golang tem‐
87 plates [http://golang.org/pkg/text/template/#pkg-overview].
88
89
90
92 --as="" Username to impersonate for the operation. User could be a
93 regular user or a service account in a namespace.
94
95
96 --as-group=[] Group to impersonate for the operation, this flag
97 can be repeated to specify multiple groups.
98
99
100 --as-uid="" UID to impersonate for the operation.
101
102
103 --azure-container-registry-config="" Path to the file containing
104 Azure container registry configuration information.
105
106
107 --cache-dir="/builddir/.kube/cache" Default cache directory
108
109
110 --certificate-authority="" Path to a cert file for the certificate
111 authority
112
113
114 --client-certificate="" Path to a client certificate file for TLS
115
116
117 --client-key="" Path to a client key file for TLS
118
119
120 --cluster="" The name of the kubeconfig cluster to use
121
122
123 --context="" The name of the kubeconfig context to use
124
125
126 --insecure-skip-tls-verify=false If true, the server's certificate
127 will not be checked for validity. This will make your HTTPS connections
128 insecure
129
130
131 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
132 quests.
133
134
135 --match-server-version=false Require server version to match
136 client version
137
138
139 -n, --namespace="" If present, the namespace scope for this CLI
140 request
141
142
143 --password="" Password for basic authentication to the API server
144
145
146 --profile="none" Name of profile to capture. One of
147 (none|cpu|heap|goroutine|threadcreate|block|mutex)
148
149
150 --profile-output="profile.pprof" Name of the file to write the
151 profile to
152
153
154 --request-timeout="0" The length of time to wait before giving up
155 on a single server request. Non-zero values should contain a corre‐
156 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
157 out requests.
158
159
160 -s, --server="" The address and port of the Kubernetes API server
161
162
163 --tls-server-name="" Server name to use for server certificate
164 validation. If it is not provided, the hostname used to contact the
165 server is used
166
167
168 --token="" Bearer token for authentication to the API server
169
170
171 --user="" The name of the kubeconfig user to use
172
173
174 --username="" Username for basic authentication to the API server
175
176
177 --version=false Print version information and quit
178
179
180 --warnings-as-errors=false Treat warnings received from the server
181 as errors and exit with a non-zero exit code
182
183
184
186 # Reconcile RBAC resources from a file
187 kubectl auth reconcile -f my-rbac-rules.yaml
188
189
190
191
193 kubectl-auth(1),
194
195
196
198 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
199 com) based on the kubernetes source material, but hopefully they have
200 been automatically generated since!
201
202
203
204Manuals User KUBERNETES(1)(kubernetes)