1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl create clusterrole - Create a cluster role
10
11
12

SYNOPSIS

14       kubectl create clusterrole [OPTIONS]
15
16
17

DESCRIPTION

19       Create a cluster role.
20
21
22

OPTIONS

24       --aggregation-rule=       An  aggregation  label selector for combining
25       ClusterRoles.
26
27
28       --allow-missing-template-keys=true      If true, ignore any  errors  in
29       templates  when a field or map key is missing in the template. Only ap‐
30       plies to golang and jsonpath output formats.
31
32
33       --dry-run="none"      Must be "none", "server", or "client". If  client
34       strategy, only print the object that would be sent, without sending it.
35       If server strategy, submit server-side request without  persisting  the
36       resource.
37
38
39       --field-manager="kubectl-create"      Name of the manager used to track
40       field ownership.
41
42
43       --non-resource-url=[]      A partial url that user should  have  access
44       to.
45
46
47       -o,  --output=""      Output format. One of: (json, yaml, name, go-tem‐
48       plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
49       json, jsonpath-file).
50
51
52       --resource=[]      Resource that the rule applies to
53
54
55       --resource-name=[]       Resource  in  the white list that the rule ap‐
56       plies to, repeat this flag for multiple items
57
58
59       --save-config=false      If true, the configuration of  current  object
60       will  be saved in its annotation. Otherwise, the annotation will be un‐
61       changed. This flag is useful when you want to perform kubectl apply  on
62       this object in the future.
63
64
65       --show-managed-fields=false       If  true, keep the managedFields when
66       printing objects in JSON or YAML format.
67
68
69       --template=""      Template string or path to template file to use when
70       -o=go-template, -o=go-template-file. The template format is golang tem‐
71       plates [http://golang.org/pkg/text/template/#pkg-overview].
72
73
74       --validate="strict"      Must be one of: strict (or true), warn, ignore
75       (or false).            "true" or "strict" will use a schema to validate
76       the input and fail the request if invalid. It will perform server  side
77       validation  if  ServerSideFieldValidation is enabled on the api-server,
78       but will fall back to less  reliable  client-side  validation  if  not.
79                 "warn"  will  warn  about unknown or duplicate fields without
80       blocking the request if server-side field validation is enabled on  the
81       API  server,  and  behave  as "ignore" otherwise.            "false" or
82       "ignore" will not perform any schema validation, silently dropping  any
83       unknown or duplicate fields.
84
85
86       --verb=[]      Verb that applies to the resources contained in the rule
87
88
89

OPTIONS INHERITED FROM PARENT COMMANDS

91       --as=""      Username to impersonate for the operation. User could be a
92       regular user or a service account in a namespace.
93
94
95       --as-group=[]      Group to impersonate for the  operation,  this  flag
96       can be repeated to specify multiple groups.
97
98
99       --as-uid=""      UID to impersonate for the operation.
100
101
102       --azure-container-registry-config=""       Path  to the file containing
103       Azure container registry configuration information.
104
105
106       --cache-dir="/builddir/.kube/cache"      Default cache directory
107
108
109       --certificate-authority=""      Path to a cert file for the certificate
110       authority
111
112
113       --client-certificate=""      Path to a client certificate file for TLS
114
115
116       --client-key=""      Path to a client key file for TLS
117
118
119       --cluster=""      The name of the kubeconfig cluster to use
120
121
122       --context=""      The name of the kubeconfig context to use
123
124
125       --insecure-skip-tls-verify=false      If true, the server's certificate
126       will not be checked for validity. This will make your HTTPS connections
127       insecure
128
129
130       --kubeconfig=""       Path  to  the  kubeconfig file to use for CLI re‐
131       quests.
132
133
134       --match-server-version=false       Require  server  version  to   match
135       client version
136
137
138       -n,  --namespace=""       If  present, the namespace scope for this CLI
139       request
140
141
142       --password=""      Password for basic authentication to the API server
143
144
145       --profile="none"        Name   of   profile   to   capture.   One    of
146       (none|cpu|heap|goroutine|threadcreate|block|mutex)
147
148
149       --profile-output="profile.pprof"       Name  of  the  file to write the
150       profile to
151
152
153       --request-timeout="0"      The length of time to wait before giving  up
154       on  a  single  server  request. Non-zero values should contain a corre‐
155       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
156       out requests.
157
158
159       -s, --server=""      The address and port of the Kubernetes API server
160
161
162       --tls-server-name=""       Server  name  to  use for server certificate
163       validation. If it is not provided, the hostname  used  to  contact  the
164       server is used
165
166
167       --token=""      Bearer token for authentication to the API server
168
169
170       --user=""      The name of the kubeconfig user to use
171
172
173       --username=""      Username for basic authentication to the API server
174
175
176       --version=false      Print version information and quit
177
178
179       --warnings-as-errors=false      Treat warnings received from the server
180       as errors and exit with a non-zero exit code
181
182
183

EXAMPLE

185                # Create a cluster role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
186                kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods
187
188                # Create a cluster role named "pod-reader" with ResourceName specified
189                kubectl create clusterrole pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod
190
191                # Create a cluster role named "foo" with API Group specified
192                kubectl create clusterrole foo --verb=get,list,watch --resource=rs.apps
193
194                # Create a cluster role named "foo" with SubResource specified
195                kubectl create clusterrole foo --verb=get,list,watch --resource=pods,pods/status
196
197                # Create a cluster role name "foo" with NonResourceURL specified
198                kubectl create clusterrole "foo" --verb=get --non-resource-url=/logs/*
199
200                # Create a cluster role name "monitoring" with AggregationRule specified
201                kubectl create clusterrole monitoring --aggregation-rule="rbac.example.com/aggregate-to-monitoring=true"
202
203
204
205

SEE ALSO

207       kubectl-create(1),
208
209
210

HISTORY

212       January 2015, Originally compiled by Eric Paris (eparis at  redhat  dot
213       com)  based  on the kubernetes source material, but hopefully they have
214       been automatically generated since!
215
216
217
218Manuals                              User            KUBERNETES(1)(kubernetes)
Impressum