create

Create a pod using the data in pod.json

  1. kubectl create -f ./pod.json

Create a pod based on the JSON passed into stdin

  1. cat pod.json | kubectl create -f -

Edit the data in docker-registry.yaml in JSON then create the resource using the edited data

  1. kubectl create -f docker-registry.yaml --edit -o json

Create a resource from a file or from stdin.

JSON and YAML formats are accepted.

Usage

$ kubectl create -f FILENAME

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
editfalseEdit the API resource before creating
field-managerkubectl-createName of the manager used to track field ownership.
filenamef[]Filename, directory, or URL to files to use to create the resource
kustomizekProcess the kustomization directory. This flag can’t be used together with -f or -R.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
rawRaw URI to POST to the server. Uses the transport specified by the kubeconfig file.
recordfalseRecord current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
recursiveRfalseProcess the directory used in -f, —filename recursively. Useful when you want to manage related manifests organized within the same directory.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
selectorlSelector (label query) to filter on, supports ‘=’, ‘==’, and ‘!=’.(e.g. -l key1=value1,key2=value2)
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it
windows-line-endingsfalseOnly relevant if —edit=true. Defaults to the line ending native to your platform.

clusterrole

Create a cluster role named “pod-reader” that allows user to perform “get”, “watch” and “list” on pods

  1. kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods

Create a cluster role named “pod-reader” with ResourceName specified

  1. kubectl create clusterrole pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod

Create a cluster role named “foo” with API Group specified

  1. kubectl create clusterrole foo --verb=get,list,watch --resource=rs.extensions

Create a cluster role named “foo” with SubResource specified

  1. kubectl create clusterrole foo --verb=get,list,watch --resource=pods,pods/status

Create a cluster role name “foo” with NonResourceURL specified

  1. kubectl create clusterrole "foo" --verb=get --non-resource-url=/logs/*

Create a cluster role name “monitoring” with AggregationRule specified

  1. kubectl create clusterrole monitoring --aggregation-rule="rbac.example.com/aggregate-to-monitoring=true"

Create a cluster role.

Usage

$ kubectl create clusterrole NAME --verb=verb --resource=resource.group [--resource-name=resourcename] [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
aggregation-ruleAn aggregation label selector for combining ClusterRoles.
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
non-resource-url[]A partial url that user should have access to.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
resource[]Resource that the rule applies to
resource-name[]Resource in the white list that the rule applies to, repeat this flag for multiple items
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it
verb[]Verb that applies to the resources contained in the rule

clusterrolebinding

Create a cluster role binding for user1, user2, and group1 using the cluster-admin cluster role

  1. kubectl create clusterrolebinding cluster-admin --clusterrole=cluster-admin --user=user1 --user=user2 --group=group1

Create a cluster role binding for a particular cluster role.

Usage

$ kubectl create clusterrolebinding NAME --clusterrole=NAME [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
clusterroleClusterRole this ClusterRoleBinding should reference
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
group[]Groups to bind to the clusterrole
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
serviceaccount[]Service accounts to bind to the clusterrole, in the format <namespace>:<name>
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

configmap

Create a new config map named my-config based on folder bar

  1. kubectl create configmap my-config --from-file=path/to/bar

Create a new config map named my-config with specified keys instead of file basenames on disk

  1. kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt

Create a new config map named my-config with key1=config1 and key2=config2

  1. kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2

Create a new config map named my-config from the key=value pairs in the file

  1. kubectl create configmap my-config --from-file=path/to/bar

Create a new config map named my-config from an env file

  1. kubectl create configmap my-config --from-env-file=path/to/bar.env

Create a config map based on a file, directory, or specified literal value.

A single config map may package one or more key/value pairs.

When creating a config map based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key, you may specify an alternate key.

When creating a config map based on a directory, each file whose basename is a valid key in the directory will be packaged into the config map. Any directory entries except regular files are ignored (e.g. subdirectories, symlinks, devices, pipes, etc).

Usage

$ kubectl create configmap NAME [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
append-hashfalseAppend a hash of the configmap to its name.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
from-env-fileSpecify the path to a file to read lines of key=val pairs to create a configmap (i.e. a Docker .env file).
from-file[]Key file can be specified using its file path, in which case file basename will be used as configmap key, or optionally with a key and file path, in which case the given key will be used. Specifying a directory will iterate each named file in the directory whose basename is a valid configmap key.
from-literal[]Specify a key and literal value to insert in configmap (i.e. mykey=somevalue)
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

cronjob

Create a cron job

  1. kubectl create cronjob my-job --image=busybox --schedule="*/1 * * * *"

Create a cron job with a command

  1. kubectl create cronjob my-job --image=busybox --schedule="*/1 * * * *" -- date

Create a cron job with the specified name.

Usage

$ kubectl create cronjob NAME --image=image --schedule='0/5 * * * ?' -- [COMMAND] [args...]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
imageImage name to run.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
restartjob’s restart policy. supported values: OnFailure, Never
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
scheduleA schedule in the Cron format the job should be run with.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

deployment

Create a deployment named my-dep that runs the busybox image

  1. kubectl create deployment my-dep --image=busybox

Create a deployment with a command

  1. kubectl create deployment my-dep --image=busybox -- date

Create a deployment named my-dep that runs the nginx image with 3 replicas

  1. kubectl create deployment my-dep --image=nginx --replicas=3

Create a deployment named my-dep that runs the busybox image and expose port 5701

  1. kubectl create deployment my-dep --image=busybox --port=5701

Create a deployment with the specified name.

Usage

$ kubectl create deployment NAME --image=image -- [COMMAND] [args...]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
image[]Image names to run.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
port-1The port that this container exposes.
replicasr1Number of replicas to create. Default is 1.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

ingress

Create a single ingress called ‘simple’ that directs requests to foo.com/bar to svc # svc1:8080 with a tls secret “my-cert”

  1. kubectl create ingress simple --rule="foo.com/bar=svc1:8080,tls=my-cert"

Create a catch all ingress of “/path” pointing to service svc:port and Ingress Class as “otheringress”

  1. kubectl create ingress catch-all --class=otheringress --rule="/path=svc:port"

Create an ingress with two annotations: ingress.annotation1 and ingress.annotations2

  1. kubectl create ingress annotated --class=default --rule="foo.com/bar=svc:port" \
  2. --annotation ingress.annotation1=foo \
  3. --annotation ingress.annotation2=bla

Create an ingress with the same host and multiple paths

  1. kubectl create ingress multipath --class=default \
  2. --rule="foo.com/=svc:port" \
  3. --rule="foo.com/admin/=svcadmin:portadmin"

Create an ingress with multiple hosts and the pathType as Prefix

  1. kubectl create ingress ingress1 --class=default \
  2. --rule="foo.com/path*=svc:8080" \
  3. --rule="bar.com/admin*=svc2:http"

Create an ingress with TLS enabled using the default ingress certificate and different path types

  1. kubectl create ingress ingtls --class=default \
  2. --rule="foo.com/=svc:https,tls" \
  3. --rule="foo.com/path/subpath*=othersvc:8080"

Create an ingress with TLS enabled using a specific secret and pathType as Prefix

  1. kubectl create ingress ingsecret --class=default \
  2. --rule="foo.com/*=svc:8080,tls=secret1"

Create an ingress with a default backend

  1. kubectl create ingress ingdefault --class=default \
  2. --default-backend=defaultsvc:http \
  3. --rule="foo.com/*=svc:8080,tls=secret1"

Create an ingress with the specified name.

Usage

$ kubectl create ingress NAME --rule=host/path=service:port[,tls[=secret]]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
annotation[]Annotation to insert in the ingress object, in the format annotation=value
classIngress Class to be used
default-backendDefault service for backend, in format of svcname:port
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
rule[]Rule in format host/path=service:port[,tls=secretname]. Paths containing the leading character ‘*’ are considered pathType=Prefix. tls argument is optional.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

job

Create a job

  1. kubectl create job my-job --image=busybox

Create a job with a command

  1. kubectl create job my-job --image=busybox -- date

Create a job from a cron job named “a-cronjob”

  1. kubectl create job test-job --from=cronjob/a-cronjob

Create a job with the specified name.

Usage

$ kubectl create job NAME --image=image [--from=cronjob/name] -- [COMMAND] [args...]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
fromThe name of the resource to create a Job from (only cronjob is supported).
imageImage name to run.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

namespace

Create a new namespace named my-namespace

  1. kubectl create namespace my-namespace

Create a namespace with the specified name.

Usage

$ kubectl create namespace NAME [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

poddisruptionbudget

Create a pod disruption budget named my-pdb that will select all pods with the app=rails label # and require at least one of them being available at any point in time

  1. kubectl create poddisruptionbudget my-pdb --selector=app=rails --min-available=1

Create a pod disruption budget named my-pdb that will select all pods with the app=nginx label # and require at least half of the pods selected to be available at any point in time

  1. kubectl create pdb my-pdb --selector=app=nginx --min-available=50%

Create a pod disruption budget with the specified name, selector, and desired minimum available pods.

Usage

$ kubectl create poddisruptionbudget NAME --selector=SELECTOR --min-available=N [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
max-unavailableThe maximum number or percentage of unavailable pods this budget requires.
min-availableThe minimum number or percentage of available pods this budget requires.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
selectorA label selector to use for this budget. Only equality-based selector requirements are supported.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

priorityclass

Create a priority class named high-priority

  1. kubectl create priorityclass high-priority --value=1000 --description="high priority"

Create a priority class named default-priority that is considered as the global default priority

  1. kubectl create priorityclass default-priority --value=1000 --global-default=true --description="default priority"

Create a priority class named high-priority that cannot preempt pods with lower priority

  1. kubectl create priorityclass high-priority --value=1000 --description="high priority" --preemption-policy="Never"

Create a priority class with the specified name, value, globalDefault and description.

Usage

$ kubectl create priorityclass NAME --value=VALUE --global-default=BOOL [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
descriptiondescription is an arbitrary string that usually provides guidelines on when this priority class should be used.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
global-defaultfalseglobal-default specifies whether this PriorityClass should be considered as the default priority.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
preemption-policyPreemptLowerPrioritypreemption-policy is the policy for preempting pods with lower priority.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it
value0the value of this priority class.

quota

Create a new resource quota named my-quota

  1. kubectl create quota my-quota --hard=cpu=1,memory=1G,pods=2,services=3,replicationcontrollers=2,resourcequotas=1,secrets=5,persistentvolumeclaims=10

Create a new resource quota named best-effort

  1. kubectl create quota best-effort --hard=pods=100 --scopes=BestEffort

Create a resource quota with the specified name, hard limits, and optional scopes.

Usage

$ kubectl create quota NAME [--hard=key1=value1,key2=value2] [--scopes=Scope1,Scope2] [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
hardA comma-delimited set of resource=quantity pairs that define a hard limit.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
scopesA comma-delimited set of quota scopes that must all match each object tracked by the quota.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

role

Create a role named “pod-reader” that allows user to perform “get”, “watch” and “list” on pods

  1. kubectl create role pod-reader --verb=get --verb=list --verb=watch --resource=pods

Create a role named “pod-reader” with ResourceName specified

  1. kubectl create role pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod

Create a role named “foo” with API Group specified

  1. kubectl create role foo --verb=get,list,watch --resource=rs.extensions

Create a role named “foo” with SubResource specified

  1. kubectl create role foo --verb=get,list,watch --resource=pods,pods/status

Create a role with single rule.

Usage

$ kubectl create role NAME --verb=verb --resource=resource.group/subresource [--resource-name=resourcename] [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
resource[]Resource that the rule applies to
resource-name[]Resource in the white list that the rule applies to, repeat this flag for multiple items
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it
verb[]Verb that applies to the resources contained in the rule

rolebinding

Create a role binding for user1, user2, and group1 using the admin cluster role

  1. kubectl create rolebinding admin --clusterrole=admin --user=user1 --user=user2 --group=group1

Create a role binding for a particular role or cluster role.

Usage

$ kubectl create rolebinding NAME --clusterrole=NAME|--role=NAME [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
clusterroleClusterRole this RoleBinding should reference
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
group[]Groups to bind to the role
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
roleRole this RoleBinding should reference
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
serviceaccount[]Service accounts to bind to the role, in the format <namespace>:<name>
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

secret

Create a secret using specified subcommand.

Usage

$ kubectl create secret

secret docker-registry

If you don’t already have a .dockercfg file, you can create a dockercfg secret directly by using:

  1. kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL

Create a new secret named my-secret from ~/.docker/config.json

  1. kubectl create secret docker-registry my-secret --from-file=.dockerconfigjson=path/to/.docker/config.json

Create a new secret for use with Docker registries.

Dockercfg secrets are used to authenticate against Docker registries.

When using the Docker command line to push images, you can authenticate to a given registry by running: ‘$ docker login DOCKER_REGISTRY_SERVER —username=DOCKER_USER —password=DOCKER_PASSWORD —email=DOCKER_EMAIL’.

That produces a ~/.dockercfg file that is used by subsequent ‘docker push’ and ‘docker pull’ commands to authenticate to the registry. The email address is optional.

When creating applications, you may have a Docker registry that requires authentication. In order for the nodes to pull images on your behalf, they must have the credentials. You can provide this information by creating a dockercfg secret and attaching it to your service account.

Usage

$ kubectl create docker-registry NAME --docker-username=user --docker-password=password --docker-email=email [--docker-server=string] [--from-file=[key=]source] [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
append-hashfalseAppend a hash of the secret to its name.
docker-emailEmail for Docker registry
docker-passwordPassword for Docker registry authentication
docker-serverhttps://index.docker.io/v1/Server location for Docker registry
docker-usernameUsername for Docker registry authentication
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
from-file[]Key files can be specified using their file path, in which case a default name will be given to them, or optionally with a name and file path, in which case the given name will be used. Specifying a directory will iterate each named file in the directory that is a valid secret key.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

secret generic

Create a new secret named my-secret with keys for each file in folder bar

  1. kubectl create secret generic my-secret --from-file=path/to/bar

Create a new secret named my-secret with specified keys instead of names on disk

  1. kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-file=ssh-publickey=path/to/id_rsa.pub

Create a new secret named my-secret with key1=supersecret and key2=topsecret

  1. kubectl create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret

Create a new secret named my-secret using a combination of a file and a literal

  1. kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-literal=passphrase=topsecret

Create a new secret named my-secret from an env file

  1. kubectl create secret generic my-secret --from-env-file=path/to/bar.env

Create a secret based on a file, directory, or specified literal value.

A single secret may package one or more key/value pairs.

When creating a secret based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key or you wish to chose your own, you may specify an alternate key.

When creating a secret based on a directory, each file whose basename is a valid key in the directory will be packaged into the secret. Any directory entries except regular files are ignored (e.g. subdirectories, symlinks, devices, pipes, etc).

Usage

$ kubectl create generic NAME [--type=string] [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
append-hashfalseAppend a hash of the secret to its name.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
from-env-fileSpecify the path to a file to read lines of key=val pairs to create a secret (i.e. a Docker .env file).
from-file[]Key files can be specified using their file path, in which case a default name will be given to them, or optionally with a name and file path, in which case the given name will be used. Specifying a directory will iterate each named file in the directory that is a valid secret key.
from-literal[]Specify a key and literal value to insert in secret (i.e. mykey=somevalue)
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
typeThe type of secret to create
validatetrueIf true, use a schema to validate the input before sending it

secret tls

Create a new TLS secret named tls-secret with the given key pair

  1. kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key

Create a TLS secret from the given public/private key pair.

The public/private key pair must exist beforehand. The public key certificate must be .PEM encoded and match the given private key.

Usage

$ kubectl create tls NAME --cert=path/to/cert/file --key=path/to/key/file [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
append-hashfalseAppend a hash of the secret to its name.
certPath to PEM encoded public key certificate.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
keyPath to private key associated with given certificate.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

service

Create a service using a specified subcommand.

Usage

$ kubectl create service

service clusterip

Create a new ClusterIP service named my-cs

  1. kubectl create service clusterip my-cs --tcp=5678:8080

Create a new ClusterIP service named my-cs (in headless mode)

  1. kubectl create service clusterip my-cs --clusterip="None"

Create a ClusterIP service with the specified name.

Usage

$ kubectl create clusterip NAME [--tcp=<port>:<targetPort>] [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
clusteripAssign your own ClusterIP or set to ‘None’ for a ‘headless’ service (no loadbalancing).
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
tcp[]Port pairs can be specified as ‘<port>:<targetPort>’.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

service externalname

Create a new ExternalName service named my-ns

  1. kubectl create service externalname my-ns --external-name bar.com

Create an ExternalName service with the specified name.

ExternalName service references to an external DNS address instead of only pods, which will allow application authors to reference services that exist off platform, on other clusters, or locally.

Usage

$ kubectl create externalname NAME --external-name external.name [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
external-nameExternal name of service
field-managerkubectl-createName of the manager used to track field ownership.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
tcp[]Port pairs can be specified as ‘<port>:<targetPort>’.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

service loadbalancer

Create a new LoadBalancer service named my-lbs

  1. kubectl create service loadbalancer my-lbs --tcp=5678:8080

Create a LoadBalancer service with the specified name.

Usage

$ kubectl create loadbalancer NAME [--tcp=port:targetPort] [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
tcp[]Port pairs can be specified as ‘<port>:<targetPort>’.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

service nodeport

Create a new NodePort service named my-ns

  1. kubectl create service nodeport my-ns --tcp=5678:8080

Create a NodePort service with the specified name.

Usage

$ kubectl create nodeport NAME [--tcp=port:targetPort] [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
node-port0Port used to expose the service on each node in a cluster.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
tcp[]Port pairs can be specified as ‘<port>:<targetPort>’.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it

serviceaccount

Create a new service account named my-service-account

  1. kubectl create serviceaccount my-service-account

Create a service account with the specified name.

Usage

$ kubectl create serviceaccount NAME [--dry-run=server|client|none]

Flags

NameShorthandDefaultUsage
allow-missing-template-keystrueIf true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-runnoneMust be “none”, “server”, or “client”. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
field-managerkubectl-createName of the manager used to track field ownership.
outputoOutput format. One of: json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
save-configfalseIf true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-managed-fieldsfalseIf true, keep the managedFields when printing objects in JSON or YAML format.
templateTemplate string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validatetrueIf true, use a schema to validate the input before sending it