1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl create token - Request a service account token
10
14 kubectl create token [OPTIONS]
15
19 Request a service account token.
20
24 --allow-missing-template-keys=true If true, ignore any errors in
25 templates when a field or map key is missing in the template. Only ap‐
26 plies to golang and jsonpath output formats.
27 --audience=[] Audience of the requested token. If unset, defaults
30 to requesting a token for use with the Kubernetes API server. May be
31 repeated to request a token valid for multiple audiences.
32 --bound-object-kind="" Kind of an object to bind the token to.
35 Supported kinds are Pod, Secret. If set, --bound-object-name must be
36 provided.
37 --bound-object-name="" Name of an object to bind the token to. The
40 token will expire when the object is deleted. Requires --bound-object-
41 kind.
42 --bound-object-uid="" UID of an object to bind the token to. Re‐
45 quires --bound-object-kind and --bound-object-name. If unset, the UID
46 of the existing object is used.
47 --duration=0s Requested lifetime of the issued token. The server
50 may return a token with a longer or shorter lifetime.
51 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
54 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
55 json, jsonpath-file).
56 --show-managed-fields=false If true, keep the managedFields when
59 printing objects in JSON or YAML format.
60 --template="" Template string or path to template file to use when
63 -o=go-template, -o=go-template-file. The template format is golang tem‐
64 plates [http://golang.org/pkg/text/template/#pkg-overview].
65
69 --as="" Username to impersonate for the operation. User could be a
70 regular user or a service account in a namespace.
71 --as-group=[] Group to impersonate for the operation, this flag
74 can be repeated to specify multiple groups.
75 --as-uid="" UID to impersonate for the operation.
78 --azure-container-registry-config="" Path to the file containing
81 Azure container registry configuration information.
82 --cache-dir="/builddir/.kube/cache" Default cache directory
85 --certificate-authority="" Path to a cert file for the certificate
88 authority
89 --client-certificate="" Path to a client certificate file for TLS
92 --client-key="" Path to a client key file for TLS
95 --cluster="" The name of the kubeconfig cluster to use
98 --context="" The name of the kubeconfig context to use
101 --disable-compression=false If true, opt-out of response compres‐
104 sion for all requests to the server
105 --insecure-skip-tls-verify=false If true, the server's certificate
108 will not be checked for validity. This will make your HTTPS connections
109 insecure
110 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
113 quests.
114 --match-server-version=false Require server version to match
117 client version
118 -n, --namespace="" If present, the namespace scope for this CLI
121 request
122 --password="" Password for basic authentication to the API server
125 --profile="none" Name of profile to capture. One of
128 (none|cpu|heap|goroutine|threadcreate|block|mutex)
129 --profile-output="profile.pprof" Name of the file to write the
132 profile to
133 --request-timeout="0" The length of time to wait before giving up
136 on a single server request. Non-zero values should contain a corre‐
137 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
138 out requests.
139 -s, --server="" The address and port of the Kubernetes API server
142 --tls-server-name="" Server name to use for server certificate
145 validation. If it is not provided, the hostname used to contact the
146 server is used
147 --token="" Bearer token for authentication to the API server
150 --user="" The name of the kubeconfig user to use
153 --username="" Username for basic authentication to the API server
156 --version=false Print version information and quit
159 --warnings-as-errors=false Treat warnings received from the server
162 as errors and exit with a non-zero exit code
163
167 # Request a token to authenticate to the kube-apiserver as the service account "myapp" in the current namespace
168 kubectl create token myapp
169 # Request a token for a service account in a custom namespace
171 kubectl create token myapp --namespace myns
172 # Request a token with a custom expiration
174 kubectl create token myapp --duration 10m
175 # Request a token with a custom audience
177 kubectl create token myapp --audience https://example.com
178 # Request a token bound to an instance of a Secret object
180 kubectl create token myapp --bound-object-kind Secret --bound-object-name mysecret
181 # Request a token bound to an instance of a Secret object with a specific uid
183 kubectl create token myapp --bound-object-kind Secret --bound-object-name mysecret --bound-object-uid 0d4691ed-659b-4935-a832-355f77ee47cc
184
189 kubectl-create(1),
190
194 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
195 com) based on the kubernetes source material, but hopefully they have
196 been automatically generated since!
197Manuals User KUBERNETES(1)(kubernetes)