1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl create clusterrolebinding - Create a cluster role binding for a
10 particular cluster role
11
15 kubectl create clusterrolebinding [OPTIONS]
16
20 Create a cluster role binding for a particular cluster role.
21
25 --allow-missing-template-keys=true If true, ignore any errors in
26 templates when a field or map key is missing in the template. Only ap‐
27 plies to golang and jsonpath output formats.
28 --clusterrole="" ClusterRole this ClusterRoleBinding should refer‐
31 ence
32 --dry-run="none" Must be "none", "server", or "client". If client
35 strategy, only print the object that would be sent, without sending it.
36 If server strategy, submit server-side request without persisting the
37 resource.
38 --field-manager="kubectl-create" Name of the manager used to track
41 field ownership.
42 --group=[] Groups to bind to the clusterrole. The flag can be re‐
45 peated to add multiple groups.
46 -o, --output="" Output format. One of: (json, yaml, name, go-tem‐
49 plate, go-template-file, template, templatefile, jsonpath, jsonpath-as-
50 json, jsonpath-file).
51 --save-config=false If true, the configuration of current object
54 will be saved in its annotation. Otherwise, the annotation will be un‐
55 changed. This flag is useful when you want to perform kubectl apply on
56 this object in the future.
57 --serviceaccount=[] Service accounts to bind to the clusterrole,
60 in the format :. The flag can be repeated to add multiple service ac‐
61 counts.
62 --show-managed-fields=false If true, keep the managedFields when
65 printing objects in JSON or YAML format.
66 --template="" Template string or path to template file to use when
69 -o=go-template, -o=go-template-file. The template format is golang tem‐
70 plates [http://golang.org/pkg/text/template/#pkg-overview].
71 --user=[] Usernames to bind to the clusterrole. The flag can be
74 repeated to add multiple users.
75 --validate="strict" Must be one of: strict (or true), warn, ignore
78 (or false). "true" or "strict" will use a schema to validate
79 the input and fail the request if invalid. It will perform server side
80 validation if ServerSideFieldValidation is enabled on the api-server,
81 but will fall back to less reliable client-side validation if not.
82 "warn" will warn about unknown or duplicate fields without
83 blocking the request if server-side field validation is enabled on the
84 API server, and behave as "ignore" otherwise. "false" or
85 "ignore" will not perform any schema validation, silently dropping any
86 unknown or duplicate fields.
87
91 --as="" Username to impersonate for the operation. User could be a
92 regular user or a service account in a namespace.
93 --as-group=[] Group to impersonate for the operation, this flag
96 can be repeated to specify multiple groups.
97 --as-uid="" UID to impersonate for the operation.
100 --azure-container-registry-config="" Path to the file containing
103 Azure container registry configuration information.
104 --cache-dir="/builddir/.kube/cache" Default cache directory
107 --certificate-authority="" Path to a cert file for the certificate
110 authority
111 --client-certificate="" Path to a client certificate file for TLS
114 --client-key="" Path to a client key file for TLS
117 --cluster="" The name of the kubeconfig cluster to use
120 --context="" The name of the kubeconfig context to use
123 --disable-compression=false If true, opt-out of response compres‐
126 sion for all requests to the server
127 --insecure-skip-tls-verify=false If true, the server's certificate
130 will not be checked for validity. This will make your HTTPS connections
131 insecure
132 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
135 quests.
136 --match-server-version=false Require server version to match
139 client version
140 -n, --namespace="" If present, the namespace scope for this CLI
143 request
144 --password="" Password for basic authentication to the API server
147 --profile="none" Name of profile to capture. One of
150 (none|cpu|heap|goroutine|threadcreate|block|mutex)
151 --profile-output="profile.pprof" Name of the file to write the
154 profile to
155 --request-timeout="0" The length of time to wait before giving up
158 on a single server request. Non-zero values should contain a corre‐
159 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
160 out requests.
161 -s, --server="" The address and port of the Kubernetes API server
164 --tls-server-name="" Server name to use for server certificate
167 validation. If it is not provided, the hostname used to contact the
168 server is used
169 --token="" Bearer token for authentication to the API server
172 --username="" Username for basic authentication to the API server
175 --version=false Print version information and quit
178 --warnings-as-errors=false Treat warnings received from the server
181 as errors and exit with a non-zero exit code
182
186 # Create a cluster role binding for user1, user2, and group1 using the cluster-admin cluster role
187 kubectl create clusterrolebinding cluster-admin --clusterrole=cluster-admin --user=user1 --user=user2 --group=group1
188
193 kubectl-create(1),
194
198 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
199 com) based on the kubernetes source material, but hopefully they have
200 been automatically generated since!
201Manuals User KUBERNETES(1)(kubernetes)