1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl auth reconcile - Reconciles rules for RBAC role, role binding,
10 cluster role, and cluster role binding objects
11
15 kubectl auth reconcile [OPTIONS]
16
20 Reconciles rules for RBAC role, role binding, cluster role, and cluster
21 role binding objects.
22 Missing objects are created, and the containing namespace is created
25 for namespaced objects, if required.
26 Existing roles are updated to include the permissions in the input ob‐
29 jects, and remove extra permissions if --remove-extra-permissions is
30 specified.
31 Existing bindings are updated to include the subjects in the input ob‐
34 jects, and remove extra subjects if --remove-extra-subjects is speci‐
35 fied.
36 This is preferred to 'apply' for RBAC resources so that semantically-
39 aware merging of rules and subjects is done.
40
44 --allow-missing-template-keys=true If true, ignore any errors in
45 templates when a field or map key is missing in the template. Only ap‐
46 plies to golang and jsonpath output formats.
47 --dry-run="none" Must be "none", "server", or "client". If client
50 strategy, only print the object that would be sent, without sending it.
51 If server strategy, submit server-side request without persisting the
52 resource.
53 -f, --filename=[] Filename, directory, or URL to files identifying
56 the resource to reconcile.
57 -k, --kustomize="" Process the kustomization directory. This flag
60 can't be used together with -f or -R.
61 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
64 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
65 json, jsonpath-file).
66 -R, --recursive=false Process the directory used in -f, --filename
69 recursively. Useful when you want to manage related manifests organized
70 within the same directory.
71 --remove-extra-permissions=false If true, removes extra permis‐
74 sions added to roles
75 --remove-extra-subjects=false If true, removes extra subjects
78 added to rolebindings
79 --show-managed-fields=false If true, keep the managedFields when
82 printing objects in JSON or YAML format.
83 --template="" Template string or path to template file to use when
86 -o=go-template, -o=go-template-file. The template format is golang tem‐
87 plates [http://golang.org/pkg/text/template/#pkg-overview].
88
92 --as="" Username to impersonate for the operation. User could be a
93 regular user or a service account in a namespace.
94 --as-group=[] Group to impersonate for the operation, this flag
97 can be repeated to specify multiple groups.
98 --as-uid="" UID to impersonate for the operation.
101 --azure-container-registry-config="" Path to the file containing
104 Azure container registry configuration information.
105 --cache-dir="/builddir/.kube/cache" Default cache directory
108 --certificate-authority="" Path to a cert file for the certificate
111 authority
112 --client-certificate="" Path to a client certificate file for TLS
115 --client-key="" Path to a client key file for TLS
118 --cluster="" The name of the kubeconfig cluster to use
121 --context="" The name of the kubeconfig context to use
124 --insecure-skip-tls-verify=false If true, the server's certificate
127 will not be checked for validity. This will make your HTTPS connections
128 insecure
129 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
132 quests.
133 --match-server-version=false Require server version to match
136 client version
137 -n, --namespace="" If present, the namespace scope for this CLI
140 request
141 --password="" Password for basic authentication to the API server
144 --profile="none" Name of profile to capture. One of
147 (none|cpu|heap|goroutine|threadcreate|block|mutex)
148 --profile-output="profile.pprof" Name of the file to write the
151 profile to
152 --request-timeout="0" The length of time to wait before giving up
155 on a single server request. Non-zero values should contain a corre‐
156 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
157 out requests.
158 -s, --server="" The address and port of the Kubernetes API server
161 --tls-server-name="" Server name to use for server certificate
164 validation. If it is not provided, the hostname used to contact the
165 server is used
166 --token="" Bearer token for authentication to the API server
169 --user="" The name of the kubeconfig user to use
172 --username="" Username for basic authentication to the API server
175 --version=false Print version information and quit
178 --warnings-as-errors=false Treat warnings received from the server
181 as errors and exit with a non-zero exit code
182
186 # Reconcile RBAC resources from a file
187 kubectl auth reconcile -f my-rbac-rules.yaml
188
193 kubectl-auth(1),
194
198 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
199 com) based on the kubernetes source material, but hopefully they have
200 been automatically generated since!
201Manuals User KUBERNETES(1)(kubernetes)