1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl create clusterrole - Create a cluster role
10
11
12

SYNOPSIS

14       kubectl create clusterrole [OPTIONS]
15
16
17

DESCRIPTION

19       Create a cluster role.
20
21
22

OPTIONS

24       --aggregation-rule=       An  aggregation  label selector for combining
25       ClusterRoles.
26
27
28       --allow-missing-template-keys=true      If true, ignore any  errors  in
29       templates  when a field or map key is missing in the template. Only ap‐
30       plies to golang and jsonpath output formats.
31
32
33       --dry-run="none"      Must be "none", "server", or "client". If  client
34       strategy, only print the object that would be sent, without sending it.
35       If server strategy, submit server-side request without  persisting  the
36       resource.
37
38
39       --field-manager="kubectl-create"      Name of the manager used to track
40       field ownership.
41
42
43       --non-resource-url=[]      A partial url that user should  have  access
44       to.
45
46
47       -o,  --output=""      Output format. One of: (json, yaml, name, go-tem‐
48       plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
49       json, jsonpath-file).
50
51
52       --resource=[]      Resource that the rule applies to
53
54
55       --resource-name=[]       Resource  in  the white list that the rule ap‐
56       plies to, repeat this flag for multiple items
57
58
59       --save-config=false      If true, the configuration of  current  object
60       will  be saved in its annotation. Otherwise, the annotation will be un‐
61       changed. This flag is useful when you want to perform kubectl apply  on
62       this object in the future.
63
64
65       --show-managed-fields=false       If  true, keep the managedFields when
66       printing objects in JSON or YAML format.
67
68
69       --template=""      Template string or path to template file to use when
70       -o=go-template, -o=go-template-file. The template format is golang tem‐
71       plates [http://golang.org/pkg/text/template/#pkg-overview].
72
73
74       --validate="strict"      Must be one of: strict (or true), warn, ignore
75       (or false).            "true" or "strict" will use a schema to validate
76       the input and fail the request if invalid. It will perform server  side
77       validation  if  ServerSideFieldValidation is enabled on the api-server,
78       but will fall back to less  reliable  client-side  validation  if  not.
79                 "warn"  will  warn  about unknown or duplicate fields without
80       blocking the request if server-side field validation is enabled on  the
81       API  server,  and  behave  as "ignore" otherwise.            "false" or
82       "ignore" will not perform any schema validation, silently dropping  any
83       unknown or duplicate fields.
84
85
86       --verb=[]      Verb that applies to the resources contained in the rule
87
88
89

OPTIONS INHERITED FROM PARENT COMMANDS

91       --as=""      Username to impersonate for the operation. User could be a
92       regular user or a service account in a namespace.
93
94
95       --as-group=[]      Group to impersonate for the  operation,  this  flag
96       can be repeated to specify multiple groups.
97
98
99       --as-uid=""      UID to impersonate for the operation.
100
101
102       --azure-container-registry-config=""       Path  to the file containing
103       Azure container registry configuration information.
104
105
106       --cache-dir="/builddir/.kube/cache"      Default cache directory
107
108
109       --certificate-authority=""      Path to a cert file for the certificate
110       authority
111
112
113       --client-certificate=""      Path to a client certificate file for TLS
114
115
116       --client-key=""      Path to a client key file for TLS
117
118
119       --cluster=""      The name of the kubeconfig cluster to use
120
121
122       --context=""      The name of the kubeconfig context to use
123
124
125       --disable-compression=false       If true, opt-out of response compres‐
126       sion for all requests to the server
127
128
129       --insecure-skip-tls-verify=false      If true, the server's certificate
130       will not be checked for validity. This will make your HTTPS connections
131       insecure
132
133
134       --kubeconfig=""      Path to the kubeconfig file to  use  for  CLI  re‐
135       quests.
136
137
138       --match-server-version=false        Require  server  version  to  match
139       client version
140
141
142       -n, --namespace=""      If present, the namespace scope  for  this  CLI
143       request
144
145
146       --password=""      Password for basic authentication to the API server
147
148
149       --profile="none"         Name   of   profile   to   capture.   One   of
150       (none|cpu|heap|goroutine|threadcreate|block|mutex)
151
152
153       --profile-output="profile.pprof"      Name of the  file  to  write  the
154       profile to
155
156
157       --request-timeout="0"       The length of time to wait before giving up
158       on a single server request. Non-zero values  should  contain  a  corre‐
159       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
160       out requests.
161
162
163       -s, --server=""      The address and port of the Kubernetes API server
164
165
166       --tls-server-name=""      Server name to  use  for  server  certificate
167       validation.  If  it  is  not provided, the hostname used to contact the
168       server is used
169
170
171       --token=""      Bearer token for authentication to the API server
172
173
174       --user=""      The name of the kubeconfig user to use
175
176
177       --username=""      Username for basic authentication to the API server
178
179
180       --version=false      Print version information and quit
181
182
183       --warnings-as-errors=false      Treat warnings received from the server
184       as errors and exit with a non-zero exit code
185
186
187

EXAMPLE

189                # Create a cluster role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
190                kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods
191
192                # Create a cluster role named "pod-reader" with ResourceName specified
193                kubectl create clusterrole pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod
194
195                # Create a cluster role named "foo" with API Group specified
196                kubectl create clusterrole foo --verb=get,list,watch --resource=rs.apps
197
198                # Create a cluster role named "foo" with SubResource specified
199                kubectl create clusterrole foo --verb=get,list,watch --resource=pods,pods/status
200
201                # Create a cluster role name "foo" with NonResourceURL specified
202                kubectl create clusterrole "foo" --verb=get --non-resource-url=/logs/*
203
204                # Create a cluster role name "monitoring" with AggregationRule specified
205                kubectl create clusterrole monitoring --aggregation-rule="rbac.example.com/aggregate-to-monitoring=true"
206
207
208
209

SEE ALSO

211       kubectl-create(1),
212
213
214

HISTORY

216       January  2015,  Originally compiled by Eric Paris (eparis at redhat dot
217       com) based on the kubernetes source material, but hopefully  they  have
218       been automatically generated since!
219
220
221
222Manuals                              User            KUBERNETES(1)(kubernetes)