Service accounts to bind to the clusterrole, in the format. The flag can be repeated to add multiple groups. $ kubectl create clusterrolebinding NAME -clusterrole=NAME Flags NameĬlusterRole this ClusterRoleBinding should reference Verb that applies to the resources contained in the ruleĬreate a cluster role binding for user1, user2, and group1 using the cluster-admin cluster role kubectl create clusterrolebinding cluster-admin -clusterrole=cluster-admin -user=user1 -user=user2 -group=group1Ĭreate a cluster role binding for a particular cluster role. Resource in the white list that the rule applies to, repeat this flag for multiple items $ kubectl create clusterrole NAME -verb=verb -resource=oup Flags NameĪn aggregation label selector for combining ClusterRoles.Ī partial url that user should have access to. Defaults to the line ending native to your platform.Ĭreate a cluster role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods kubectl create clusterrole pod-reader -verb=get,list,watch -resource=podsĬreate a cluster role named "pod-reader" with ResourceName specified kubectl create clusterrole pod-reader -verb=get -resource=pods -resource-name=readablepod -resource-name=anotherpodĬreate a cluster role named "foo" with API Group specified kubectl create clusterrole foo -verb=get,list,watch -resource=rs.appsĬreate a cluster role named "foo" with SubResource specified kubectl create clusterrole foo -verb=get,list,watch -resource=pods,pods/statusĬreate a cluster role name "foo" with NonResourceURL specified kubectl create clusterrole "foo" -verb=get -non-resource-url=/logs/*Ĭreate a cluster role name "monitoring" with AggregationRule specified kubectl create clusterrole monitoring -aggregation-rule="/aggregate-to-monitoring=true" "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "true" or "strict" will use a schema to validate the input and fail the request if invalid. Must be one of: strict (or true), warn, ignore (or false). Template string or path to template file to use when -o=go-template, -o=go-template-file. If true, keep the managedFields when printing objects in JSON or YAML format. Matching objects must satisfy all of the specified label constraints. Selector (label query) to filter on, supports '=', '=', and '!='.(e.g. This flag is useful when you want to perform kubectl apply on this object in the future. Otherwise, the annotation will be unchanged. If true, the configuration of current object will be saved in its annotation. Useful when you want to manage related manifests organized within the same directory. Process the directory used in -f, -filename recursively. If not set, default to updating the existing annotation value only if one already exists. If set to false, do not record the command. Record current kubectl command in the resource annotation. Uses the transport specified by the kubeconfig file. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file). This flag can't be used together with -f or -R. Name of the manager used to track field ownership.įilename, directory, or URL to files to use to create the resource If server strategy, submit server-side request without persisting the resource. If client strategy, only print the object that would be sent, without sending it. Only applies to golang and jsonpath output formats. If true, ignore any errors in templates when a field or map key is missing in the template. pod.jsonĬreate a pod based on the JSON passed into stdin cat pod.json | kubectl create -f -Įdit the data in registry.yaml in JSON then create the resource using the edited data kubectl create -f registry.yaml - edit -o jsonĬreate a resource from a file or from stdin. Once your workloads are running, you can use the commands in theĬreate a pod using the data in pod.json kubectl create -f. expose will load balance traffic across the running instances, and can create a HA proxy for accessing the containers from outside the cluster.run will start running 1 or more instances of a container image on your cluster. This section contains the most basic commands for getting a workload
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |