1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl auth reconcile - Reconciles rules for RBAC role, role binding,
10 cluster role, and cluster role binding objects
11
15 kubectl auth reconcile [OPTIONS]
16
20 Reconciles rules for RBAC role, role binding, cluster role, and cluster
21 role binding objects.
22 Missing objects are created, and the containing namespace is created
25 for namespaced objects, if required.
26 Existing roles are updated to include the permissions in the input ob‐
29 jects, and remove extra permissions if --remove-extra-permissions is
30 specified.
31 Existing bindings are updated to include the subjects in the input ob‐
34 jects, and remove extra subjects if --remove-extra-subjects is speci‐
35 fied.
36 This is preferred to 'apply' for RBAC resources so that semantically-
39 aware merging of rules and subjects is done.
40
44 --allow-missing-template-keys=true If true, ignore any errors in
45 templates when a field or map key is missing in the template. Only ap‐
46 plies to golang and jsonpath output formats.
47 --dry-run="none" Must be "none", "server", or "client". If client
50 strategy, only print the object that would be sent, without sending it.
51 If server strategy, submit server-side request without persisting the
52 resource.
53 -f, --filename=[] Filename, directory, or URL to files identifying
56 the resource to reconcile.
57 -k, --kustomize="" Process the kustomization directory. This flag
60 can't be used together with -f or -R.
61 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
64 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
65 json, jsonpath-file).
66 -R, --recursive=false Process the directory used in -f, --filename
69 recursively. Useful when you want to manage related manifests organized
70 within the same directory.
71 --remove-extra-permissions=false If true, removes extra permis‐
74 sions added to roles
75 --remove-extra-subjects=false If true, removes extra subjects
78 added to rolebindings
79 --show-managed-fields=false If true, keep the managedFields when
82 printing objects in JSON or YAML format.
83 --template="" Template string or path to template file to use when
86 -o=go-template, -o=go-template-file. The template format is golang tem‐
87 plates [http://golang.org/pkg/text/template/#pkg-overview].
88
92 --as="" Username to impersonate for the operation. User could be a
93 regular user or a service account in a namespace.
94 --as-group=[] Group to impersonate for the operation, this flag
97 can be repeated to specify multiple groups.
98 --as-uid="" UID to impersonate for the operation.
101 --azure-container-registry-config="" Path to the file containing
104 Azure container registry configuration information.
105 --cache-dir="/builddir/.kube/cache" Default cache directory
108 --certificate-authority="" Path to a cert file for the certificate
111 authority
112 --client-certificate="" Path to a client certificate file for TLS
115 --client-key="" Path to a client key file for TLS
118 --cluster="" The name of the kubeconfig cluster to use
121 --context="" The name of the kubeconfig context to use
124 --disable-compression=false If true, opt-out of response compres‐
127 sion for all requests to the server
128 --insecure-skip-tls-verify=false If true, the server's certificate
131 will not be checked for validity. This will make your HTTPS connections
132 insecure
133 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
136 quests.
137 --match-server-version=false Require server version to match
140 client version
141 -n, --namespace="" If present, the namespace scope for this CLI
144 request
145 --password="" Password for basic authentication to the API server
148 --profile="none" Name of profile to capture. One of
151 (none|cpu|heap|goroutine|threadcreate|block|mutex)
152 --profile-output="profile.pprof" Name of the file to write the
155 profile to
156 --request-timeout="0" The length of time to wait before giving up
159 on a single server request. Non-zero values should contain a corre‐
160 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
161 out requests.
162 -s, --server="" The address and port of the Kubernetes API server
165 --tls-server-name="" Server name to use for server certificate
168 validation. If it is not provided, the hostname used to contact the
169 server is used
170 --token="" Bearer token for authentication to the API server
173 --user="" The name of the kubeconfig user to use
176 --username="" Username for basic authentication to the API server
179 --version=false Print version information and quit
182 --warnings-as-errors=false Treat warnings received from the server
185 as errors and exit with a non-zero exit code
186
190 # Reconcile RBAC resources from a file
191 kubectl auth reconcile -f my-rbac-rules.yaml
192
197 kubectl-auth(1),
198
202 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
203 com) based on the kubernetes source material, but hopefully they have
204 been automatically generated since!
205Manuals User KUBERNETES(1)(kubernetes)