1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl set subject - Update the user, group, or service account in a
10 role binding or cluster role binding
11
15 kubectl set subject [OPTIONS]
16
20 Update the user, group, or service account in a role binding or cluster
21 role binding.
22
26 --all=false Select all resources, in the namespace of the speci‐
27 fied resource types
28 --allow-missing-template-keys=true If true, ignore any errors in
31 templates when a field or map key is missing in the template. Only ap‐
32 plies to golang and jsonpath output formats.
33 --dry-run="none" Must be "none", "server", or "client". If client
36 strategy, only print the object that would be sent, without sending it.
37 If server strategy, submit server-side request without persisting the
38 resource.
39 --field-manager="kubectl-set" Name of the manager used to track
42 field ownership.
43 -f, --filename=[] Filename, directory, or URL to files the re‐
46 source to update the subjects
47 --group=[] Groups to bind to the role
50 -k, --kustomize="" Process the kustomization directory. This flag
53 can't be used together with -f or -R.
54 --local=false If true, set subject will NOT contact api-server but
57 run locally.
58 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
61 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
62 json, jsonpath-file).
63 -R, --recursive=false Process the directory used in -f, --filename
66 recursively. Useful when you want to manage related manifests organized
67 within the same directory.
68 -l, --selector="" Selector (label query) to filter on, supports
71 '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects
72 must satisfy all of the specified label constraints.
73 --serviceaccount=[] Service accounts to bind to the role
76 --show-managed-fields=false If true, keep the managedFields when
79 printing objects in JSON or YAML format.
80 --template="" Template string or path to template file to use when
83 -o=go-template, -o=go-template-file. The template format is golang tem‐
84 plates [http://golang.org/pkg/text/template/#pkg-overview].
85
89 --as="" Username to impersonate for the operation. User could be a
90 regular user or a service account in a namespace.
91 --as-group=[] Group to impersonate for the operation, this flag
94 can be repeated to specify multiple groups.
95 --as-uid="" UID to impersonate for the operation.
98 --azure-container-registry-config="" Path to the file containing
101 Azure container registry configuration information.
102 --cache-dir="/builddir/.kube/cache" Default cache directory
105 --certificate-authority="" Path to a cert file for the certificate
108 authority
109 --client-certificate="" Path to a client certificate file for TLS
112 --client-key="" Path to a client key file for TLS
115 --cluster="" The name of the kubeconfig cluster to use
118 --context="" The name of the kubeconfig context to use
121 --insecure-skip-tls-verify=false If true, the server's certificate
124 will not be checked for validity. This will make your HTTPS connections
125 insecure
126 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
129 quests.
130 --match-server-version=false Require server version to match
133 client version
134 -n, --namespace="" If present, the namespace scope for this CLI
137 request
138 --password="" Password for basic authentication to the API server
141 --profile="none" Name of profile to capture. One of
144 (none|cpu|heap|goroutine|threadcreate|block|mutex)
145 --profile-output="profile.pprof" Name of the file to write the
148 profile to
149 --request-timeout="0" The length of time to wait before giving up
152 on a single server request. Non-zero values should contain a corre‐
153 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
154 out requests.
155 -s, --server="" The address and port of the Kubernetes API server
158 --tls-server-name="" Server name to use for server certificate
161 validation. If it is not provided, the hostname used to contact the
162 server is used
163 --token="" Bearer token for authentication to the API server
166 --user="" The name of the kubeconfig user to use
169 --username="" Username for basic authentication to the API server
172 --version=false Print version information and quit
175 --warnings-as-errors=false Treat warnings received from the server
178 as errors and exit with a non-zero exit code
179
183 # Update a cluster role binding for serviceaccount1
184 kubectl set subject clusterrolebinding admin --serviceaccount=namespace:serviceaccount1
185 # Update a role binding for user1, user2, and group1
187 kubectl set subject rolebinding admin --user=user1 --user=user2 --group=group1
188 # Print the result (in YAML format) of updating rolebinding subjects from a local, without hitting the server
190 kubectl create rolebinding admin --role=admin --user=admin -o yaml --dry-run=client | kubectl set subject --local -f - --user=foo -o yaml
191
196 kubectl-set(1),
197
201 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
202 com) based on the kubernetes source material, but hopefully they have
203 been automatically generated since!
204Manuals User KUBERNETES(1)(kubernetes)