1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7
9 kubectl create clusterrole - Create a cluster role
10
11
12
14 kubectl create clusterrole [OPTIONS]
15
16
17
19 Create a cluster role.
20
21
22
24 --aggregation-rule= An aggregation label selector for combining
25 ClusterRoles.
26
27
28 --allow-missing-template-keys=true If true, ignore any errors in
29 templates when a field or map key is missing in the template. Only ap‐
30 plies to golang and jsonpath output formats.
31
32
33 --dry-run="none" Must be "none", "server", or "client". If client
34 strategy, only print the object that would be sent, without sending it.
35 If server strategy, submit server-side request without persisting the
36 resource.
37
38
39 --field-manager="kubectl-create" Name of the manager used to track
40 field ownership.
41
42
43 --non-resource-url=[] A partial url that user should have access
44 to.
45
46
47 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
48 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
49 json, jsonpath-file).
50
51
52 --resource=[] Resource that the rule applies to
53
54
55 --resource-name=[] Resource in the white list that the rule ap‐
56 plies to, repeat this flag for multiple items
57
58
59 --save-config=false If true, the configuration of current object
60 will be saved in its annotation. Otherwise, the annotation will be un‐
61 changed. This flag is useful when you want to perform kubectl apply on
62 this object in the future.
63
64
65 --show-managed-fields=false If true, keep the managedFields when
66 printing objects in JSON or YAML format.
67
68
69 --template="" Template string or path to template file to use when
70 -o=go-template, -o=go-template-file. The template format is golang tem‐
71 plates [http://golang.org/pkg/text/template/#pkg-overview].
72
73
74 --validate="strict" Must be one of: strict (or true), warn, ignore
75 (or false). "true" or "strict" will use a schema to validate
76 the input and fail the request if invalid. It will perform server side
77 validation if ServerSideFieldValidation is enabled on the api-server,
78 but will fall back to less reliable client-side validation if not.
79 "warn" will warn about unknown or duplicate fields without
80 blocking the request if server-side field validation is enabled on the
81 API server, and behave as "ignore" otherwise. "false" or
82 "ignore" will not perform any schema validation, silently dropping any
83 unknown or duplicate fields.
84
85
86 --verb=[] Verb that applies to the resources contained in the rule
87
88
89
91 --as="" Username to impersonate for the operation. User could be a
92 regular user or a service account in a namespace.
93
94
95 --as-group=[] Group to impersonate for the operation, this flag
96 can be repeated to specify multiple groups.
97
98
99 --as-uid="" UID to impersonate for the operation.
100
101
102 --azure-container-registry-config="" Path to the file containing
103 Azure container registry configuration information.
104
105
106 --cache-dir="/builddir/.kube/cache" Default cache directory
107
108
109 --certificate-authority="" Path to a cert file for the certificate
110 authority
111
112
113 --client-certificate="" Path to a client certificate file for TLS
114
115
116 --client-key="" Path to a client key file for TLS
117
118
119 --cluster="" The name of the kubeconfig cluster to use
120
121
122 --context="" The name of the kubeconfig context to use
123
124
125 --insecure-skip-tls-verify=false If true, the server's certificate
126 will not be checked for validity. This will make your HTTPS connections
127 insecure
128
129
130 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
131 quests.
132
133
134 --match-server-version=false Require server version to match
135 client version
136
137
138 -n, --namespace="" If present, the namespace scope for this CLI
139 request
140
141
142 --password="" Password for basic authentication to the API server
143
144
145 --profile="none" Name of profile to capture. One of
146 (none|cpu|heap|goroutine|threadcreate|block|mutex)
147
148
149 --profile-output="profile.pprof" Name of the file to write the
150 profile to
151
152
153 --request-timeout="0" The length of time to wait before giving up
154 on a single server request. Non-zero values should contain a corre‐
155 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
156 out requests.
157
158
159 -s, --server="" The address and port of the Kubernetes API server
160
161
162 --tls-server-name="" Server name to use for server certificate
163 validation. If it is not provided, the hostname used to contact the
164 server is used
165
166
167 --token="" Bearer token for authentication to the API server
168
169
170 --user="" The name of the kubeconfig user to use
171
172
173 --username="" Username for basic authentication to the API server
174
175
176 --version=false Print version information and quit
177
178
179 --warnings-as-errors=false Treat warnings received from the server
180 as errors and exit with a non-zero exit code
181
182
183
185 # Create a cluster role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
186 kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods
187
188 # Create a cluster role named "pod-reader" with ResourceName specified
189 kubectl create clusterrole pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod
190
191 # Create a cluster role named "foo" with API Group specified
192 kubectl create clusterrole foo --verb=get,list,watch --resource=rs.apps
193
194 # Create a cluster role named "foo" with SubResource specified
195 kubectl create clusterrole foo --verb=get,list,watch --resource=pods,pods/status
196
197 # Create a cluster role name "foo" with NonResourceURL specified
198 kubectl create clusterrole "foo" --verb=get --non-resource-url=/logs/*
199
200 # Create a cluster role name "monitoring" with AggregationRule specified
201 kubectl create clusterrole monitoring --aggregation-rule="rbac.example.com/aggregate-to-monitoring=true"
202
203
204
205
207 kubectl-create(1),
208
209
210
212 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
213 com) based on the kubernetes source material, but hopefully they have
214 been automatically generated since!
215
216
217
218Manuals User KUBERNETES(1)(kubernetes)