1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl create role - Create a role with single rule
10
11
12

SYNOPSIS

14       kubectl create role [OPTIONS]
15
16
17

DESCRIPTION

19       Create a role with single rule.
20
21
22

OPTIONS

24       --allow-missing-template-keys=true       If  true, ignore any errors in
25       templates when a field or map key is missing in the template. Only  ap‐
26       plies to golang and jsonpath output formats.
27
28
29       --dry-run="none"       Must be "none", "server", or "client". If client
30       strategy, only print the object that would be sent, without sending it.
31       If  server  strategy, submit server-side request without persisting the
32       resource.
33
34
35       --field-manager="kubectl-create"      Name of the manager used to track
36       field ownership.
37
38
39       -o,  --output=""      Output format. One of: (json, yaml, name, go-tem‐
40       plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
41       json, jsonpath-file).
42
43
44       --resource=[]      Resource that the rule applies to
45
46
47       --resource-name=[]       Resource  in  the white list that the rule ap‐
48       plies to, repeat this flag for multiple items
49
50
51       --save-config=false      If true, the configuration of  current  object
52       will  be saved in its annotation. Otherwise, the annotation will be un‐
53       changed. This flag is useful when you want to perform kubectl apply  on
54       this object in the future.
55
56
57       --show-managed-fields=false       If  true, keep the managedFields when
58       printing objects in JSON or YAML format.
59
60
61       --template=""      Template string or path to template file to use when
62       -o=go-template, -o=go-template-file. The template format is golang tem‐
63       plates [http://golang.org/pkg/text/template/#pkg-overview].
64
65
66       --validate="strict"      Must be one of: strict (or true), warn, ignore
67       (or false).            "true" or "strict" will use a schema to validate
68       the input and fail the request if invalid. It will perform server  side
69       validation  if  ServerSideFieldValidation is enabled on the api-server,
70       but will fall back to less  reliable  client-side  validation  if  not.
71                 "warn"  will  warn  about unknown or duplicate fields without
72       blocking the request if server-side field validation is enabled on  the
73       API  server,  and  behave  as "ignore" otherwise.            "false" or
74       "ignore" will not perform any schema validation, silently dropping  any
75       unknown or duplicate fields.
76
77
78       --verb=[]      Verb that applies to the resources contained in the rule
79
80
81

OPTIONS INHERITED FROM PARENT COMMANDS

83       --as=""      Username to impersonate for the operation. User could be a
84       regular user or a service account in a namespace.
85
86
87       --as-group=[]      Group to impersonate for the  operation,  this  flag
88       can be repeated to specify multiple groups.
89
90
91       --as-uid=""      UID to impersonate for the operation.
92
93
94       --azure-container-registry-config=""       Path  to the file containing
95       Azure container registry configuration information.
96
97
98       --cache-dir="/builddir/.kube/cache"      Default cache directory
99
100
101       --certificate-authority=""      Path to a cert file for the certificate
102       authority
103
104
105       --client-certificate=""      Path to a client certificate file for TLS
106
107
108       --client-key=""      Path to a client key file for TLS
109
110
111       --cluster=""      The name of the kubeconfig cluster to use
112
113
114       --context=""      The name of the kubeconfig context to use
115
116
117       --disable-compression=false       If true, opt-out of response compres‐
118       sion for all requests to the server
119
120
121       --insecure-skip-tls-verify=false      If true, the server's certificate
122       will not be checked for validity. This will make your HTTPS connections
123       insecure
124
125
126       --kubeconfig=""      Path to the kubeconfig file to  use  for  CLI  re‐
127       quests.
128
129
130       --match-server-version=false        Require  server  version  to  match
131       client version
132
133
134       -n, --namespace=""      If present, the namespace scope  for  this  CLI
135       request
136
137
138       --password=""      Password for basic authentication to the API server
139
140
141       --profile="none"         Name   of   profile   to   capture.   One   of
142       (none|cpu|heap|goroutine|threadcreate|block|mutex)
143
144
145       --profile-output="profile.pprof"      Name of the  file  to  write  the
146       profile to
147
148
149       --request-timeout="0"       The length of time to wait before giving up
150       on a single server request. Non-zero values  should  contain  a  corre‐
151       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
152       out requests.
153
154
155       -s, --server=""      The address and port of the Kubernetes API server
156
157
158       --tls-server-name=""      Server name to  use  for  server  certificate
159       validation.  If  it  is  not provided, the hostname used to contact the
160       server is used
161
162
163       --token=""      Bearer token for authentication to the API server
164
165
166       --user=""      The name of the kubeconfig user to use
167
168
169       --username=""      Username for basic authentication to the API server
170
171
172       --version=false      Print version information and quit
173
174
175       --warnings-as-errors=false      Treat warnings received from the server
176       as errors and exit with a non-zero exit code
177
178
179

EXAMPLE

181                # Create a role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
182                kubectl create role pod-reader --verb=get --verb=list --verb=watch --resource=pods
183
184                # Create a role named "pod-reader" with ResourceName specified
185                kubectl create role pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod
186
187                # Create a role named "foo" with API Group specified
188                kubectl create role foo --verb=get,list,watch --resource=rs.apps
189
190                # Create a role named "foo" with SubResource specified
191                kubectl create role foo --verb=get,list,watch --resource=pods,pods/status
192
193
194
195

SEE ALSO

197       kubectl-create(1),
198
199
200

HISTORY

202       January  2015,  Originally compiled by Eric Paris (eparis at redhat dot
203       com) based on the kubernetes source material, but hopefully  they  have
204       been automatically generated since!
205
206
207
208Manuals                              User            KUBERNETES(1)(kubernetes)
Impressum