我的书签
添加书签
移除书签kubectl set subject
更新RoleBinding / ClusterRoleBinding中User、Group 或 ServiceAccount。
语法
- $ subject (-f FILENAME | TYPE NAME) [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run]
示例
更新一个ClusterRoleBinding 的 serviceaccount1
- kubectl set subject clusterrolebinding admin --serviceaccount=namespace:serviceaccount1
更新RoleBinding的user1,user2和group1
- kubectl set subject rolebinding admin --user=user1 --user=user2 --group=group1
Flags
| Name | Shorthand | Default | Usage | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| all | false | select all resources in the namespace of the specified resource types | ||||||||||
| allow-missing-template-keys | true | If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. | ||||||||||
| dry-run | false | If true, only print the object that would be sent, without sending it. | ||||||||||
| filename | f | [] | Filename, directory, or URL to files the resource to update the subjects | |||||||||
| group | [] | groups to bind to the role | ||||||||||
| local | false | If true, set resources will NOT contact api-server but run locally. | ||||||||||
| no-headers | false | When using the default or custom-column output format, don't print headers (default print headers). | ||||||||||
| output | o | Output format. One of: json | yaml | wide | name | custom-columns=… | custom-columns-file=… | go-template=… | go-template-file=… | jsonpath=… | jsonpath-file=… See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath]. | |
| output-version | DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob'). | |||||||||||
| recursive | R | false | Process the directory used in -f, —filename recursively. Useful when you want to manage related manifests organized within the same directory. | |||||||||
| selector | l | Selector (label query) to filter on, supports '=', '==', and '!='. | ||||||||||
| serviceaccount | [] | service accounts to bind to the role | ||||||||||
| show-all | a | false | When printing, show all resources (default hide terminated pods.) | |||||||||
| show-labels | false | When printing, show all labels as the last column (default hide labels column) | ||||||||||
| sort-by | If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string. | |||||||||||
| template | Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview]. | |||||||||||
| user | [] | usernames to bind to the role |
