1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7
9 kubectl create rolebinding - Create a role binding for a particular
10 role or cluster role
11
12
13
15 kubectl create rolebinding [OPTIONS]
16
17
18
20 Create a role binding for a particular role or cluster role.
21
22
23
25 --allow-missing-template-keys=true If true, ignore any errors in
26 templates when a field or map key is missing in the template. Only ap‐
27 plies to golang and jsonpath output formats.
28
29
30 --clusterrole="" ClusterRole this RoleBinding should reference
31
32
33 --dry-run="none" Must be "none", "server", or "client". If client
34 strategy, only print the object that would be sent, without sending it.
35 If server strategy, submit server-side request without persisting the
36 resource.
37
38
39 --field-manager="kubectl-create" Name of the manager used to track
40 field ownership.
41
42
43 --group=[] Groups to bind to the role. The flag can be repeated to
44 add multiple groups.
45
46
47 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
48 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
49 json, jsonpath-file).
50
51
52 --role="" Role this RoleBinding should reference
53
54
55 --save-config=false If true, the configuration of current object
56 will be saved in its annotation. Otherwise, the annotation will be un‐
57 changed. This flag is useful when you want to perform kubectl apply on
58 this object in the future.
59
60
61 --serviceaccount=[] Service accounts to bind to the role, in the
62 format :. The flag can be repeated to add multiple service accounts.
63
64
65 --show-managed-fields=false If true, keep the managedFields when
66 printing objects in JSON or YAML format.
67
68
69 --template="" Template string or path to template file to use when
70 -o=go-template, -o=go-template-file. The template format is golang tem‐
71 plates [http://golang.org/pkg/text/template/#pkg-overview].
72
73
74 --user=[] Usernames to bind to the role. The flag can be repeated
75 to add multiple users.
76
77
78 --validate="strict" Must be one of: strict (or true), warn, ignore
79 (or false). "true" or "strict" will use a schema to validate
80 the input and fail the request if invalid. It will perform server side
81 validation if ServerSideFieldValidation is enabled on the api-server,
82 but will fall back to less reliable client-side validation if not.
83 "warn" will warn about unknown or duplicate fields without
84 blocking the request if server-side field validation is enabled on the
85 API server, and behave as "ignore" otherwise. "false" or
86 "ignore" will not perform any schema validation, silently dropping any
87 unknown or duplicate fields.
88
89
90
92 --as="" Username to impersonate for the operation. User could be a
93 regular user or a service account in a namespace.
94
95
96 --as-group=[] Group to impersonate for the operation, this flag
97 can be repeated to specify multiple groups.
98
99
100 --as-uid="" UID to impersonate for the operation.
101
102
103 --azure-container-registry-config="" Path to the file containing
104 Azure container registry configuration information.
105
106
107 --cache-dir="/builddir/.kube/cache" Default cache directory
108
109
110 --certificate-authority="" Path to a cert file for the certificate
111 authority
112
113
114 --client-certificate="" Path to a client certificate file for TLS
115
116
117 --client-key="" Path to a client key file for TLS
118
119
120 --cluster="" The name of the kubeconfig cluster to use
121
122
123 --context="" The name of the kubeconfig context to use
124
125
126 --disable-compression=false If true, opt-out of response compres‐
127 sion for all requests to the server
128
129
130 --insecure-skip-tls-verify=false If true, the server's certificate
131 will not be checked for validity. This will make your HTTPS connections
132 insecure
133
134
135 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
136 quests.
137
138
139 --match-server-version=false Require server version to match
140 client version
141
142
143 -n, --namespace="" If present, the namespace scope for this CLI
144 request
145
146
147 --password="" Password for basic authentication to the API server
148
149
150 --profile="none" Name of profile to capture. One of
151 (none|cpu|heap|goroutine|threadcreate|block|mutex)
152
153
154 --profile-output="profile.pprof" Name of the file to write the
155 profile to
156
157
158 --request-timeout="0" The length of time to wait before giving up
159 on a single server request. Non-zero values should contain a corre‐
160 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
161 out requests.
162
163
164 -s, --server="" The address and port of the Kubernetes API server
165
166
167 --tls-server-name="" Server name to use for server certificate
168 validation. If it is not provided, the hostname used to contact the
169 server is used
170
171
172 --token="" Bearer token for authentication to the API server
173
174
175 --username="" Username for basic authentication to the API server
176
177
178 --version=false Print version information and quit
179
180
181 --warnings-as-errors=false Treat warnings received from the server
182 as errors and exit with a non-zero exit code
183
184
185
187 # Create a role binding for user1, user2, and group1 using the admin cluster role
188 kubectl create rolebinding admin --clusterrole=admin --user=user1 --user=user2 --group=group1
189
190 # Create a role binding for serviceaccount monitoring:sa-dev using the admin role
191 kubectl create rolebinding admin-binding --role=admin --serviceaccount=monitoring:sa-dev
192
193
194
195
197 kubectl-create(1),
198
199
200
202 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
203 com) based on the kubernetes source material, but hopefully they have
204 been automatically generated since!
205
206
207
208Manuals User KUBERNETES(1)(kubernetes)