1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl create rolebinding - Create a role binding for a particular
10 role or cluster role
11
15 kubectl create rolebinding [OPTIONS]
16
20 Create a role binding for a particular role or cluster role.
21
25 --allow-missing-template-keys=true If true, ignore any errors in
26 templates when a field or map key is missing in the template. Only ap‐
27 plies to golang and jsonpath output formats.
28 --clusterrole="" ClusterRole this RoleBinding should reference
31 --dry-run="none" Must be "none", "server", or "client". If client
34 strategy, only print the object that would be sent, without sending it.
35 If server strategy, submit server-side request without persisting the
36 resource.
37 --field-manager="kubectl-create" Name of the manager used to track
40 field ownership.
41 --group=[] Groups to bind to the role. The flag can be repeated to
44 add multiple groups.
45 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
48 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
49 json, jsonpath-file).
50 --role="" Role this RoleBinding should reference
53 --save-config=false If true, the configuration of current object
56 will be saved in its annotation. Otherwise, the annotation will be un‐
57 changed. This flag is useful when you want to perform kubectl apply on
58 this object in the future.
59 --serviceaccount=[] Service accounts to bind to the role, in the
62 format :. The flag can be repeated to add multiple service accounts.
63 --show-managed-fields=false If true, keep the managedFields when
66 printing objects in JSON or YAML format.
67 --template="" Template string or path to template file to use when
70 -o=go-template, -o=go-template-file. The template format is golang tem‐
71 plates [http://golang.org/pkg/text/template/#pkg-overview].
72 --validate="strict" Must be one of: strict (or true), warn, ignore
75 (or false). "true" or "strict" will use a schema to validate
76 the input and fail the request if invalid. It will perform server side
77 validation if ServerSideFieldValidation is enabled on the api-server,
78 but will fall back to less reliable client-side validation if not.
79 "warn" will warn about unknown or duplicate fields without
80 blocking the request if server-side field validation is enabled on the
81 API server, and behave as "ignore" otherwise. "false" or
82 "ignore" will not perform any schema validation, silently dropping any
83 unknown or duplicate fields.
84
88 --as="" Username to impersonate for the operation. User could be a
89 regular user or a service account in a namespace.
90 --as-group=[] Group to impersonate for the operation, this flag
93 can be repeated to specify multiple groups.
94 --as-uid="" UID to impersonate for the operation.
97 --azure-container-registry-config="" Path to the file containing
100 Azure container registry configuration information.
101 --cache-dir="/builddir/.kube/cache" Default cache directory
104 --certificate-authority="" Path to a cert file for the certificate
107 authority
108 --client-certificate="" Path to a client certificate file for TLS
111 --client-key="" Path to a client key file for TLS
114 --cluster="" The name of the kubeconfig cluster to use
117 --context="" The name of the kubeconfig context to use
120 --insecure-skip-tls-verify=false If true, the server's certificate
123 will not be checked for validity. This will make your HTTPS connections
124 insecure
125 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
128 quests.
129 --match-server-version=false Require server version to match
132 client version
133 -n, --namespace="" If present, the namespace scope for this CLI
136 request
137 --password="" Password for basic authentication to the API server
140 --profile="none" Name of profile to capture. One of
143 (none|cpu|heap|goroutine|threadcreate|block|mutex)
144 --profile-output="profile.pprof" Name of the file to write the
147 profile to
148 --request-timeout="0" The length of time to wait before giving up
151 on a single server request. Non-zero values should contain a corre‐
152 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
153 out requests.
154 -s, --server="" The address and port of the Kubernetes API server
157 --tls-server-name="" Server name to use for server certificate
160 validation. If it is not provided, the hostname used to contact the
161 server is used
162 --token="" Bearer token for authentication to the API server
165 --user="" The name of the kubeconfig user to use
168 --username="" Username for basic authentication to the API server
171 --version=false Print version information and quit
174 --warnings-as-errors=false Treat warnings received from the server
177 as errors and exit with a non-zero exit code
178
182 # Create a role binding for user1, user2, and group1 using the admin cluster role
183 kubectl create rolebinding admin --clusterrole=admin --user=user1 --user=user2 --group=group1
184
189 kubectl-create(1),
190
194 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
195 com) based on the kubernetes source material, but hopefully they have
196 been automatically generated since!
197Manuals User KUBERNETES(1)(kubernetes)