For configuration, kubectl looks for a file named config in the $HOME/.kube directory. You can specify other kubeconfig files by setting the KUBECONFIG environment variable or by setting the --kubeconfig flag.

This overview covers kubectl syntax, describes the command operations, and provides common examples. For details about each command, including all the supported flags and subcommands, see the kubectl reference documentation.

For installation instructions, see Installing kubectl; for a quick guide, see the cheat sheet. If you're used to using the docker command-line tool, kubectl for Docker Users explains some equivalent commands for Kubernetes.

Syntax

Use the following syntax to run kubectl commands from your terminal window:

kubectl [command] [TYPE] [NAME] [flags]

where command, TYPE, NAME, and flags are:

command: Specifies the operation that you want to perform on one or more resources, for example create, get, describe, delete.
TYPE: Specifies the resource type. Resource types are case-insensitive and you can specify the singular, plural, or abbreviated forms. For example, the following commands produce the same output:
```
kubectl get pod pod1
kubectl get pods pod1
kubectl get po pod1
```
NAME: Specifies the name of the resource. Names are case-sensitive. If the name is omitted, details for all resources are displayed, for example kubectl get pods.

When performing an operation on multiple resources, you can specify each resource by type and name or specify one or more files:
- To specify resources by type and name:
  - To group resources if they are all the same type: TYPE1 name1 name2 name<#>.
    Example: kubectl get pod example-pod1 example-pod2
  - To specify multiple resource types individually: TYPE1/name1 TYPE1/name2 TYPE2/name3 TYPE<#>/name<#>.
    Example: kubectl get pod/example-pod1 replicationcontroller/example-rc1
- To specify resources with one or more files: -f file1 -f file2 -f file<#>
  - Use YAML rather than JSON since YAML tends to be more user-friendly, especially for configuration files.
    Example: kubectl get -f ./pod.yaml
flags: Specifies optional flags. For example, you can use the -s or --server flags to specify the address and port of the Kubernetes API server.

Caution: Flags that you specify from the command line override default values and any corresponding environment variables.

If you need help, run kubectl help from the terminal window.

In-cluster authentication and namespace overrides

By default kubectl will first determine if it is running within a pod, and thus in a cluster. It starts by checking for the KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT environment variables and the existence of a service account token file at /var/run/secrets/kubernetes.io/serviceaccount/token. If all three are found in-cluster authentication is assumed.

To maintain backwards compatibility, if the POD_NAMESPACE environment variable is set during in-cluster authentication it will override the default namespace from the service account token. Any manifests or tools relying on namespace defaulting will be affected by this.

POD_NAMESPACE environment variable

If the POD_NAMESPACE environment variable is set, cli operations on namespaced resources will default to the variable value. For example, if the variable is set to seattle, kubectl get pods would return pods in the seattle namespace. This is because pods are a namespaced resource, and no namespace was provided in the command. Review the output of kubectl api-resources to determine if a resource is namespaced.

Explicit use of --namespace <value> overrides this behavior.

How kubectl handles ServiceAccount tokens

If:

there is Kubernetes service account token file mounted at /var/run/secrets/kubernetes.io/serviceaccount/token, and
the KUBERNETES_SERVICE_HOST environment variable is set, and
the KUBERNETES_SERVICE_PORT environment variable is set, and
you don't explicitly specify a namespace on the kubectl command line

then kubectl assumes it is running in your cluster. The kubectl tool looks up the namespace of that ServiceAccount (this is the same as the namespace of the Pod) and acts against that namespace. This is different from what happens outside of a cluster; when kubectl runs outside a cluster and you don't specify a namespace, the kubectl command acts against the namespace set for the current context in your client configuration. To change the default namespace for your kubectl you can use the following command:

kubectl config set-context --current --namespace=<namespace-name>

Operations

The following table includes short descriptions and the general syntax for all of the kubectl operations:

Operation	Syntax	Description
`alpha`	`kubectl alpha SUBCOMMAND [flags]`	List the available commands that correspond to alpha features, which are not enabled in Kubernetes clusters by default.
`annotate`	`kubectl annotate (-f FILENAME \| TYPE NAME \| TYPE/NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--overwrite] [--all] [--resource-version=version] [flags]`	Add or update the annotations of one or more resources.
`api-resources`	`kubectl api-resources [flags]`	List the API resources that are available.
`api-versions`	`kubectl api-versions [flags]`	List the API versions that are available.
`apply`	`kubectl apply -f FILENAME [flags]`	Apply a configuration change to a resource from a file or stdin.
`attach`	`kubectl attach POD -c CONTAINER [-i] [-t] [flags]`	Attach to a running container either to view the output stream or interact with the container (stdin).
`auth`	`kubectl auth [flags] [options]`	Inspect authorization.
`autoscale`	`kubectl autoscale (-f FILENAME \| TYPE NAME \| TYPE/NAME) [--min=MINPODS] --max=MAXPODS [--cpu-percent=CPU] [flags]`	Automatically scale the set of pods that are managed by a replication controller.
`certificate`	`kubectl certificate SUBCOMMAND [options]`	Modify certificate resources.
`cluster-info`	`kubectl cluster-info [flags]`	Display endpoint information about the master and services in the cluster.
`completion`	`kubectl completion SHELL [options]`	Output shell completion code for the specified shell (bash or zsh).
`config`	`kubectl config SUBCOMMAND [flags]`	Modifies kubeconfig files. See the individual subcommands for details.
`convert`	`kubectl convert -f FILENAME [options]`	Convert config files between different API versions. Both YAML and JSON formats are accepted. Note - requires `kubectl-convert` plugin to be installed.
`cordon`	`kubectl cordon NODE [options]`	Mark node as unschedulable.
`cp`	`kubectl cp <file-spec-src> <file-spec-dest> [options]`	Copy files and directories to and from containers.
`create`	`kubectl create -f FILENAME [flags]`	Create one or more resources from a file or stdin.
`delete`	`kubectl delete (-f FILENAME \| TYPE [NAME \| /NAME \| -l label \| --all]) [flags]`	Delete resources either from a file, stdin, or specifying label selectors, names, resource selectors, or resources.
`describe`	`kubectl describe (-f FILENAME \| TYPE [NAME_PREFIX \| /NAME \| -l label]) [flags]`	Display the detailed state of one or more resources.
`diff`	`kubectl diff -f FILENAME [flags]`	Diff file or stdin against live configuration.
`drain`	`kubectl drain NODE [options]`	Drain node in preparation for maintenance.
`edit`	`kubectl edit (-f FILENAME \| TYPE NAME \| TYPE/NAME) [flags]`	Edit and update the definition of one or more resources on the server by using the default editor.
`events`	`kubectl events`	List events
`exec`	`kubectl exec POD [-c CONTAINER] [-i] [-t] [flags] [-- COMMAND [args...]]`	Execute a command against a container in a pod.
`explain`	`kubectl explain TYPE [--recursive=false] [flags]`	Get documentation of various resources. For instance pods, nodes, services, etc.
`expose`	`kubectl expose (-f FILENAME \| TYPE NAME \| TYPE/NAME) [--port=port] [--protocol=TCP\|UDP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type] [flags]`	Expose a replication controller, service, or pod as a new Kubernetes service.
`get`	`kubectl get (-f FILENAME \| TYPE [NAME \| /NAME \| -l label]) [--watch] [--sort-by=FIELD] [[-o \| --output]=OUTPUT_FORMAT] [flags]`	List one or more resources.
`kustomize`	`kubectl kustomize <dir> [flags] [options]`	List a set of API resources generated from instructions in a kustomization.yaml file. The argument must be the path to the directory containing the file, or a git repository URL with a path suffix specifying same with respect to the repository root.
`label`	`kubectl label (-f FILENAME \| TYPE NAME \| TYPE/NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--overwrite] [--all] [--resource-version=version] [flags]`	Add or update the labels of one or more resources.
`logs`	`kubectl logs POD [-c CONTAINER] [--follow] [flags]`	Print the logs for a container in a pod.
`options`	`kubectl options`	List of global command-line options, which apply to all commands.
`patch`	`kubectl patch (-f FILENAME \| TYPE NAME \| TYPE/NAME) --patch PATCH [flags]`	Update one or more fields of a resource by using the strategic merge patch process.
`plugin`	`kubectl plugin [flags] [options]`	Provides utilities for interacting with plugins.
`port-forward`	`kubectl port-forward POD [LOCAL_PORT:]REMOTE_PORT [...[LOCAL_PORT_N:]REMOTE_PORT_N] [flags]`	Forward one or more local ports to a pod.
`proxy`	`kubectl proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-prefix=prefix] [flags]`	Run a proxy to the Kubernetes API server.
`replace`	`kubectl replace -f FILENAME`	Replace a resource from a file or stdin.
`rollout`	`kubectl rollout SUBCOMMAND [options]`	Manage the rollout of a resource. Valid resource types include: deployments, daemonsets and statefulsets.
`run`	`kubectl run NAME --image=image [--env="key=value"] [--port=port] [--dry-run=server\|client\|none] [--overrides=inline-json] [flags]`	Run a specified image on the cluster.
`scale`	`kubectl scale (-f FILENAME \| TYPE NAME \| TYPE/NAME) --replicas=COUNT [--resource-version=version] [--current-replicas=count] [flags]`	Update the size of the specified replication controller.
`set`	`kubectl set SUBCOMMAND [options]`	Configure application resources.
`taint`	`kubectl taint NODE NAME KEY_1=VAL_1:TAINT_EFFECT_1 ... KEY_N=VAL_N:TAINT_EFFECT_N [options]`	Update the taints on one or more nodes.
`top`	`kubectl top (POD \| NODE) [flags] [options]`	Display Resource (CPU/Memory/Storage) usage of pod or node.
`uncordon`	`kubectl uncordon NODE [options]`	Mark node as schedulable.
`version`	`kubectl version [--client] [flags]`	Display the Kubernetes version running on the client and server.
`wait`	`kubectl wait ([-f FILENAME] \| resource.group/resource.name \| resource.group [(-l label \| --all)]) [--for=delete\|--for condition=available] [options]`	Experimental: Wait for a specific condition on one or many resources.

To learn more about command operations, see the kubectl reference documentation.

Resource types

The following table includes a list of all the supported resource types and their abbreviated aliases.

(This output can be retrieved from kubectl api-resources, and was accurate as of Kubernetes 1.25.0)

NAME	SHORTNAMES	APIVERSION	NAMESPACED	KIND
`bindings`		v1	true	Binding
`componentstatuses`	`cs`	v1	false	ComponentStatus
`configmaps`	`cm`	v1	true	ConfigMap
`endpoints`	`ep`	v1	true	Endpoints
`events`	`ev`	v1	true	Event
`limitranges`	`limits`	v1	true	LimitRange
`namespaces`	`ns`	v1	false	Namespace
`nodes`	`no`	v1	false	Node
`persistentvolumeclaims`	`pvc`	v1	true	PersistentVolumeClaim
`persistentvolumes`	`pv`	v1	false	PersistentVolume
`pods`	`po`	v1	true	Pod
`podtemplates`		v1	true	PodTemplate
`replicationcontrollers`	`rc`	v1	true	ReplicationController
`resourcequotas`	`quota`	v1	true	ResourceQuota
`secrets`		v1	true	Secret
`serviceaccounts`	`sa`	v1	true	ServiceAccount
`services`	`svc`	v1	true	Service
`mutatingwebhookconfigurations`		admissionregistration.k8s.io/v1	false	MutatingWebhookConfiguration
`validatingwebhookconfigurations`		admissionregistration.k8s.io/v1	false	ValidatingWebhookConfiguration
`customresourcedefinitions`	`crd,crds`	apiextensions.k8s.io/v1	false	CustomResourceDefinition
`apiservices`		apiregistration.k8s.io/v1	false	APIService
`controllerrevisions`		apps/v1	true	ControllerRevision
`daemonsets`	`ds`	apps/v1	true	DaemonSet
`deployments`	`deploy`	apps/v1	true	Deployment
`replicasets`	`rs`	apps/v1	true	ReplicaSet
`statefulsets`	`sts`	apps/v1	true	StatefulSet
`tokenreviews`		authentication.k8s.io/v1	false	TokenReview
`localsubjectaccessreviews`		authorization.k8s.io/v1	true	LocalSubjectAccessReview
`selfsubjectaccessreviews`		authorization.k8s.io/v1	false	SelfSubjectAccessReview
`selfsubjectrulesreviews`		authorization.k8s.io/v1	false	SelfSubjectRulesReview
`subjectaccessreviews`		authorization.k8s.io/v1	false	SubjectAccessReview
`horizontalpodautoscalers`	`hpa`	autoscaling/v2	true	HorizontalPodAutoscaler
`cronjobs`	`cj`	batch/v1	true	CronJob
`jobs`		batch/v1	true	Job
`certificatesigningrequests`	`csr`	certificates.k8s.io/v1	false	CertificateSigningRequest
`leases`		coordination.k8s.io/v1	true	Lease
`endpointslices`		discovery.k8s.io/v1	true	EndpointSlice
`events`	`ev`	events.k8s.io/v1	true	Event
`flowschemas`		flowcontrol.apiserver.k8s.io/v1beta2	false	FlowSchema
`prioritylevelconfigurations`		flowcontrol.apiserver.k8s.io/v1beta2	false	PriorityLevelConfiguration
`ingressclasses`		networking.k8s.io/v1	false	IngressClass
`ingresses`	`ing`	networking.k8s.io/v1	true	Ingress
`networkpolicies`	`netpol`	networking.k8s.io/v1	true	NetworkPolicy
`runtimeclasses`		node.k8s.io/v1	false	RuntimeClass
`poddisruptionbudgets`	`pdb`	policy/v1	true	PodDisruptionBudget
`podsecuritypolicies`	`psp`	policy/v1beta1	false	PodSecurityPolicy
`clusterrolebindings`		rbac.authorization.k8s.io/v1	false	ClusterRoleBinding
`clusterroles`		rbac.authorization.k8s.io/v1	false	ClusterRole
`rolebindings`		rbac.authorization.k8s.io/v1	true	RoleBinding
`roles`		rbac.authorization.k8s.io/v1	true	Role
`priorityclasses`	`pc`	scheduling.k8s.io/v1	false	PriorityClass
`csidrivers`		storage.k8s.io/v1	false	CSIDriver
`csinodes`		storage.k8s.io/v1	false	CSINode
`csistoragecapacities`		storage.k8s.io/v1	true	CSIStorageCapacity
`storageclasses`	`sc`	storage.k8s.io/v1	false	StorageClass
`volumeattachments`		storage.k8s.io/v1	false	VolumeAttachment

Output options

Use the following sections for information about how you can format or sort the output of certain commands. For details about which commands support the various output options, see the kubectl reference documentation.

Formatting output

The default output format for all kubectl commands is the human readable plain-text format. To output details to your terminal window in a specific format, you can add either the -o or --output flags to a supported kubectl command.

Syntax

kubectl [command] [TYPE] [NAME] -o <output_format>

Depending on the kubectl operation, the following output formats are supported:

Output format	Description
`-o custom-columns=<spec>`	Print a table using a comma separated list of custom columns.
`-o custom-columns-file=<filename>`	Print a table using the custom columns template in the `<filename>` file.
`-o json`	Output a JSON formatted API object.
`-o jsonpath=<template>`	Print the fields defined in a jsonpath expression.
`-o jsonpath-file=<filename>`	Print the fields defined by the jsonpath expression in the `<filename>` file.
`-o name`	Print only the resource name and nothing else.
`-o wide`	Output in the plain-text format with any additional information. For pods, the node name is included.
`-o yaml`	Output a YAML formatted API object.

Example

In this example, the following command outputs the details for a single pod as a YAML formatted object:

kubectl get pod web-pod-13je7 -o yaml

Remember: See the kubectl reference documentation for details about which output format is supported by each command.

Custom columns

To define custom columns and output only the details that you want into a table, you can use the custom-columns option. You can choose to define the custom columns inline or use a template file: -o custom-columns=<spec> or -o custom-columns-file=<filename>.

Examples

Inline:

kubectl get pods <pod-name> -o custom-columns=NAME:.metadata.name,RSRC:.metadata.resourceVersion

Template file:

kubectl get pods <pod-name> -o custom-columns-file=template.txt

where the template.txt file contains:

NAME          RSRC
metadata.name metadata.resourceVersion

The result of running either command is similar to:

NAME           RSRC
submit-queue   610995

Server-side columns

kubectl supports receiving specific column information from the server about objects. This means that for any given resource, the server will return columns and rows relevant to that resource, for the client to print. This allows for consistent human-readable output across clients used against the same cluster, by having the server encapsulate the details of printing.

This feature is enabled by default. To disable it, add the --server-print=false flag to the kubectl get command.

Examples

To print information about the status of a pod, use a command like the following:

kubectl get pods <pod-name> --server-print=false

The output is similar to:

NAME       AGE
pod-name   1m

Sorting list objects

To output objects to a sorted list in your terminal window, you can add the --sort-by flag to a supported kubectl command. Sort your objects by specifying any numeric or string field with the --sort-by flag. To specify a field, use a jsonpath expression.

Syntax

kubectl [command] [TYPE] [NAME] --sort-by=<jsonpath_exp>

Example

To print a list of pods sorted by name, you run:

kubectl get pods --sort-by=.metadata.name

Examples: Common operations

Use the following set of examples to help you familiarize yourself with running the commonly used kubectl operations:

kubectl apply - Apply or Update a resource from a file or stdin.

# Create a service using the definition in example-service.yaml.
kubectl apply -f example-service.yaml

# Create a replication controller using the definition in example-controller.yaml.
kubectl apply -f example-controller.yaml

# Create the objects that are defined in any .yaml, .yml, or .json file within the <directory> directory.
kubectl apply -f <directory>

kubectl get - List one or more resources.

# List all pods in plain-text output format.
kubectl get pods

# List all pods in plain-text output format and include additional information (such as node name).
kubectl get pods -o wide

# List the replication controller with the specified name in plain-text output format. Tip: You can shorten and replace the 'replicationcontroller' resource type with the alias 'rc'.
kubectl get replicationcontroller <rc-name>

# List all replication controllers and services together in plain-text output format.
kubectl get rc,services

# List all daemon sets in plain-text output format.
kubectl get ds

# List all pods running on node server01
kubectl get pods --field-selector=spec.nodeName=server01

kubectl describe - Display detailed state of one or more resources, including the uninitialized ones by default.

# Display the details of the node with name <node-name>.
kubectl describe nodes <node-name>

# Display the details of the pod with name <pod-name>.
kubectl describe pods/<pod-name>

# Display the details of all the pods that are managed by the replication controller named <rc-name>.
# Remember: Any pods that are created by the replication controller get prefixed with the name of the replication controller.
kubectl describe pods <rc-name>

# Describe all pods
kubectl describe pods

Note: The kubectl get command is usually used for retrieving one or more resources of the same resource type. It features a rich set of flags that allows you to customize the output format using the -o or --output flag, for example. You can specify the -w or --watch flag to start watching updates to a particular object. The kubectl describe command is more focused on describing the many related aspects of a specified resource. It may invoke several API calls to the API server to build a view for the user. For example, the kubectl describe node command retrieves not only the information about the node, but also a summary of the pods running on it, the events generated for the node etc.

kubectl delete - Delete resources either from a file, stdin, or specifying label selectors, names, resource selectors, or resources.

# Delete a pod using the type and name specified in the pod.yaml file.
kubectl delete -f pod.yaml

# Delete all the pods and services that have the label '<label-key>=<label-value>'.
kubectl delete pods,services -l <label-key>=<label-value>

# Delete all pods, including uninitialized ones.
kubectl delete pods --all

kubectl exec - Execute a command against a container in a pod.

# Get output from running 'date' from pod <pod-name>. By default, output is from the first container.
kubectl exec <pod-name> -- date

# Get output from running 'date' in container <container-name> of pod <pod-name>.
kubectl exec <pod-name> -c <container-name> -- date

# Get an interactive TTY and run /bin/bash from pod <pod-name>. By default, output is from the first container.
kubectl exec -ti <pod-name> -- /bin/bash

kubectl logs - Print the logs for a container in a pod.

# Return a snapshot of the logs from pod <pod-name>.
kubectl logs <pod-name>

# Start streaming the logs from pod <pod-name>. This is similar to the 'tail -f' Linux command.
kubectl logs -f <pod-name>

kubectl diff - View a diff of the proposed updates to a cluster.

# Diff resources included in "pod.json".
kubectl diff -f pod.json

# Diff file read from stdin.
cat service.yaml | kubectl diff -f -

Examples: Creating and using plugins

Use the following set of examples to help you familiarize yourself with writing and using kubectl plugins:

# create a simple plugin in any language and name the resulting executable file
# so that it begins with the prefix "kubectl-"
cat ./kubectl-hello

#!/bin/sh

# this plugin prints the words "hello world"
echo "hello world"

With a plugin written, let's make it executable:

chmod a+x ./kubectl-hello

# and move it to a location in our PATH
sudo mv ./kubectl-hello /usr/local/bin
sudo chown root:root /usr/local/bin

# You have now created and "installed" a kubectl plugin.
# You can begin using this plugin by invoking it from kubectl as if it were a regular command
kubectl hello

hello world

# You can "uninstall" a plugin, by removing it from the folder in your
# $PATH where you placed it
sudo rm /usr/local/bin/kubectl-hello

In order to view all of the plugins that are available to kubectl, use the kubectl plugin list subcommand:

kubectl plugin list

The output is similar to:

The following kubectl-compatible plugins are available:

/usr/local/bin/kubectl-hello
/usr/local/bin/kubectl-foo
/usr/local/bin/kubectl-bar

kubectl plugin list also warns you about plugins that are not executable, or that are shadowed by other plugins; for example:

sudo chmod -x /usr/local/bin/kubectl-foo # remove execute permission
kubectl plugin list

The following kubectl-compatible plugins are available:

/usr/local/bin/kubectl-hello
/usr/local/bin/kubectl-foo
  - warning: /usr/local/bin/kubectl-foo identified as a plugin, but it is not executable
/usr/local/bin/kubectl-bar

error: one plugin warning was found

You can think of plugins as a means to build more complex functionality on top of the existing kubectl commands:

cat ./kubectl-whoami

The next few examples assume that you already made kubectl-whoami have the following contents:

#!/bin/bash

# this plugin makes use of the `kubectl config` command in order to output
# information about the current user, based on the currently selected context
kubectl config view --template='{{ range .contexts }}{{ if eq .name "'$(kubectl config current-context)'" }}Current user: {{ printf "%s\n" .context.user }}{{ end }}{{ end }}'

Running the above command gives you an output containing the user for the current context in your KUBECONFIG file:

# make the file executable
sudo chmod +x ./kubectl-whoami

# and move it into your PATH
sudo mv ./kubectl-whoami /usr/local/bin

kubectl whoami
Current user: plugins-user

What's next

Read the kubectl reference documentation:
- the kubectl command reference
- the command line arguments reference
Learn about kubectl usage conventions
Read about JSONPath support in kubectl
Read about how to extend kubectl with plugins
- To find out more about plugins, take a look at the example CLI plugin.

1 - kubectl Quick Reference

This page contains a list of commonly used kubectl commands and flags.

Note: These instructions are for Kubernetes v1.29. To check the version, use the kubectl version command.

Kubectl autocomplete

BASH

source <(kubectl completion bash) # set up autocomplete in bash into the current shell, bash-completion package should be installed first.
echo "source <(kubectl completion bash)" >> ~/.bashrc # add autocomplete permanently to your bash shell.

You can also use a shorthand alias for kubectl that also works with completion:

alias k=kubectl
complete -o default -F __start_kubectl k

ZSH

source <(kubectl completion zsh)  # set up autocomplete in zsh into the current shell
echo '[[ $commands[kubectl] ]] && source <(kubectl completion zsh)' >> ~/.zshrc # add autocomplete permanently to your zsh shell

FISH

Require kubectl version 1.23 or above.

echo 'kubectl completion fish | source' >> ~/.config/fish/config.fish  # add kubectl autocompletion permanently to your fish shell

A note on `--all-namespaces`

Appending --all-namespaces happens frequently enough that you should be aware of the shorthand for --all-namespaces:

kubectl -A

Kubectl context and configuration

Set which Kubernetes cluster kubectl communicates with and modifies configuration information. See Authenticating Across Clusters with kubeconfig documentation for detailed config file information.

kubectl config view # Show Merged kubeconfig settings.

# use multiple kubeconfig files at the same time and view merged config
KUBECONFIG=~/.kube/config:~/.kube/kubconfig2

kubectl config view

# Show merged kubeconfig settings and raw certificate data and exposed secrets
kubectl config view --raw 

# get the password for the e2e user
kubectl config view -o jsonpath='{.users[?(@.name == "e2e")].user.password}'

# get the certificate for the e2e user
kubectl config view --raw -o jsonpath='{.users[?(.name == 'e2e')].user.client-certificate-data}' | base64 -d

kubectl config view -o jsonpath='{.users[].name}'    # display the first user
kubectl config view -o jsonpath='{.users[*].name}'   # get a list of users
kubectl config get-contexts                          # display list of contexts
kubectl config get-contexts -o name                  # get all context names
kubectl config current-context                       # display the current-context
kubectl config use-context my-cluster-name           # set the default context to my-cluster-name

kubectl config set-cluster my-cluster-name           # set a cluster entry in the kubeconfig

# configure the URL to a proxy server to use for requests made by this client in the kubeconfig
kubectl config set-cluster my-cluster-name --proxy-url=my-proxy-url

# add a new user to your kubeconf that supports basic auth
kubectl config set-credentials kubeuser/foo.kubernetes.com --username=kubeuser --password=kubepassword

# permanently save the namespace for all subsequent kubectl commands in that context.
kubectl config set-context --current --namespace=ggckad-s2

# set a context utilizing a specific username and namespace.
kubectl config set-context gce --user=cluster-admin --namespace=foo \
  && kubectl config use-context gce

kubectl config unset users.foo                       # delete user foo

# short alias to set/show context/namespace (only works for bash and bash-compatible shells, current context to be set before using kn to set namespace)
alias kx='f() { [ "$1" ] && kubectl config use-context $1 || kubectl config current-context ; } ; f'
alias kn='f() { [ "$1" ] && kubectl config set-context --current --namespace $1 || kubectl config view --minify | grep namespace | cut -d" " -f6 ; } ; f'

Kubectl apply

apply manages applications through files defining Kubernetes resources. It creates and updates resources in a cluster through running kubectl apply. This is the recommended way of managing Kubernetes applications on production. See Kubectl Book.

Creating objects

Kubernetes manifests can be defined in YAML or JSON. The file extension .yaml, .yml, and .json can be used.

kubectl apply -f ./my-manifest.yaml                 # create resource(s)
kubectl apply -f ./my1.yaml -f ./my2.yaml           # create from multiple files
kubectl apply -f ./dir                              # create resource(s) in all manifest files in dir
kubectl apply -f https://example.com/manifest.yaml  # create resource(s) from url (Note: this is an example domain and does not contain a valid manifest)
kubectl create deployment nginx --image=nginx       # start a single instance of nginx

# create a Job which prints "Hello World"
kubectl create job hello --image=busybox:1.28 -- echo "Hello World"

# create a CronJob that prints "Hello World" every minute
kubectl create cronjob hello --image=busybox:1.28   --schedule="*/1 * * * *" -- echo "Hello World"

kubectl explain pods                           # get the documentation for pod manifests

# Create multiple YAML objects from stdin
kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: busybox-sleep
spec:
  containers:
  - name: busybox
    image: busybox:1.28
    args:
    - sleep
    - "1000000"
---
apiVersion: v1
kind: Pod
metadata:
  name: busybox-sleep-less
spec:
  containers:
  - name: busybox
    image: busybox:1.28
    args:
    - sleep
    - "1000"
EOF

# Create a secret with several keys
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  password: $(echo -n "s33msi4" | base64 -w0)
  username: $(echo -n "jane" | base64 -w0)
EOF

Viewing and finding resources

# Get commands with basic output
kubectl get services                          # List all services in the namespace
kubectl get pods --all-namespaces             # List all pods in all namespaces
kubectl get pods -o wide                      # List all pods in the current namespace, with more details
kubectl get deployment my-dep                 # List a particular deployment
kubectl get pods                              # List all pods in the namespace
kubectl get pod my-pod -o yaml                # Get a pod's YAML

# Describe commands with verbose output
kubectl describe nodes my-node
kubectl describe pods my-pod

# List Services Sorted by Name
kubectl get services --sort-by=.metadata.name

# List pods Sorted by Restart Count
kubectl get pods --sort-by='.status.containerStatuses[0].restartCount'

# List PersistentVolumes sorted by capacity
kubectl get pv --sort-by=.spec.capacity.storage

# Get the version label of all pods with label app=cassandra
kubectl get pods --selector=app=cassandra -o \
  jsonpath='{.items[*].metadata.labels.version}'

# Retrieve the value of a key with dots, e.g. 'ca.crt'
kubectl get configmap myconfig \
  -o jsonpath='{.data.ca\.crt}'

# Retrieve a base64 encoded value with dashes instead of underscores.
kubectl get secret my-secret --template='{{index .data "key-name-with-dashes"}}'

# Get all worker nodes (use a selector to exclude results that have a label
# named 'node-role.kubernetes.io/control-plane')
kubectl get node --selector='!node-role.kubernetes.io/control-plane'

# Get all running pods in the namespace
kubectl get pods --field-selector=status.phase=Running

# Get ExternalIPs of all nodes
kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="ExternalIP")].address}'

# List Names of Pods that belong to Particular RC
# "jq" command useful for transformations that are too complex for jsonpath, it can be found at https://jqlang.github.io/jq/
sel=${$(kubectl get rc my-rc --output=json | jq -j '.spec.selector | to_entries | .[] | "\(.key)=\(.value),"')%?}
echo $(kubectl get pods --selector=$sel --output=jsonpath={.items..metadata.name})

# Show labels for all pods (or any other Kubernetes object that supports labelling)
kubectl get pods --show-labels

# Check which nodes are ready
JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}' \
 && kubectl get nodes -o jsonpath="$JSONPATH" | grep "Ready=True"

# Check which nodes are ready with custom-columns
kubectl get node -o custom-columns='NODE_NAME:.metadata.name,STATUS:.status.conditions[?(@.type=="Ready")].status'

# Output decoded secrets without external tools
kubectl get secret my-secret -o go-template='{{range $k,$v := .data}}{{"### "}}{{$k}}{{"\n"}}{{$v|base64decode}}{{"\n\n"}}{{end}}'

# List all Secrets currently in use by a pod
kubectl get pods -o json | jq '.items[].spec.containers[].env[]?.valueFrom.secretKeyRef.name' | grep -v null | sort | uniq

# List all containerIDs of initContainer of all pods
# Helpful when cleaning up stopped containers, while avoiding removal of initContainers.
kubectl get pods --all-namespaces -o jsonpath='{range .items[*].status.initContainerStatuses[*]}{.containerID}{"\n"}{end}' | cut -d/ -f3

# List Events sorted by timestamp
kubectl get events --sort-by=.metadata.creationTimestamp

# List all warning events
kubectl events --types=Warning

# Compares the current state of the cluster against the state that the cluster would be in if the manifest was applied.
kubectl diff -f ./my-manifest.yaml

# Produce a period-delimited tree of all keys returned for nodes
# Helpful when locating a key within a complex nested JSON structure
kubectl get nodes -o json | jq -c 'paths|join(".")'

# Produce a period-delimited tree of all keys returned for pods, etc
kubectl get pods -o json | jq -c 'paths|join(".")'

# Produce ENV for all pods, assuming you have a default container for the pods, default namespace and the `env` command is supported.
# Helpful when running any supported command across all pods, not just `env`
for pod in $(kubectl get po --output=jsonpath={.items..metadata.name}); do echo $pod && kubectl exec -it $pod -- env; done

# Get a deployment's status subresource
kubectl get deployment nginx-deployment --subresource=status

Updating resources

kubectl set image deployment/frontend www=image:v2               # Rolling update "www" containers of "frontend" deployment, updating the image
kubectl rollout history deployment/frontend                      # Check the history of deployments including the revision
kubectl rollout undo deployment/frontend                         # Rollback to the previous deployment
kubectl rollout undo deployment/frontend --to-revision=2         # Rollback to a specific revision
kubectl rollout status -w deployment/frontend                    # Watch rolling update status of "frontend" deployment until completion
kubectl rollout restart deployment/frontend                      # Rolling restart of the "frontend" deployment


cat pod.json | kubectl replace -f -                              # Replace a pod based on the JSON passed into stdin

# Force replace, delete and then re-create the resource. Will cause a service outage.
kubectl replace --force -f ./pod.json

# Create a service for a replicated nginx, which serves on port 80 and connects to the containers on port 8000
kubectl expose rc nginx --port=80 --target-port=8000

# Update a single-container pod's image version (tag) to v4
kubectl get pod mypod -o yaml | sed 's/\(image: myimage\):.*$/\1:v4/' | kubectl replace -f -

kubectl label pods my-pod new-label=awesome                      # Add a Label
kubectl label pods my-pod new-label-                             # Remove a label
kubectl label pods my-pod new-label=new-value --overwrite        # Overwrite an existing value
kubectl annotate pods my-pod icon-url=http://goo.gl/XXBTWq       # Add an annotation
kubectl annotate pods my-pod icon-url-                           # Remove annotation
kubectl autoscale deployment foo --min=2 --max=10                # Auto scale a deployment "foo"

Patching resources

# Partially update a node
kubectl patch node k8s-node-1 -p '{"spec":{"unschedulable":true}}'

# Update a container's image; spec.containers[*].name is required because it's a merge key
kubectl patch pod valid-pod -p '{"spec":{"containers":[{"name":"kubernetes-serve-hostname","image":"new image"}]}}'

# Update a container's image using a json patch with positional arrays
kubectl patch pod valid-pod --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"new image"}]'

# Disable a deployment livenessProbe using a json patch with positional arrays
kubectl patch deployment valid-deployment  --type json   -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/livenessProbe"}]'

# Add a new element to a positional array
kubectl patch sa default --type='json' -p='[{"op": "add", "path": "/secrets/1", "value": {"name": "whatever" } }]'

# Update a deployment's replica count by patching its scale subresource
kubectl patch deployment nginx-deployment --subresource='scale' --type='merge' -p '{"spec":{"replicas":2}}'

Editing resources

Edit any API resource in your preferred editor.

kubectl edit svc/docker-registry                      # Edit the service named docker-registry
KUBE_EDITOR="nano" kubectl edit svc/docker-registry   # Use an alternative editor

Scaling resources

kubectl scale --replicas=3 rs/foo                                 # Scale a replicaset named 'foo' to 3
kubectl scale --replicas=3 -f foo.yaml                            # Scale a resource specified in "foo.yaml" to 3
kubectl scale --current-replicas=2 --replicas=3 deployment/mysql  # If the deployment named mysql's current size is 2, scale mysql to 3
kubectl scale --replicas=5 rc/foo rc/bar rc/baz                   # Scale multiple replication controllers

Deleting resources

kubectl delete -f ./pod.json                                      # Delete a pod using the type and name specified in pod.json
kubectl delete pod unwanted --now                                 # Delete a pod with no grace period
kubectl delete pod,service baz foo                                # Delete pods and services with same names "baz" and "foo"
kubectl delete pods,services -l name=myLabel                      # Delete pods and services with label name=myLabel
kubectl -n my-ns delete pod,svc --all                             # Delete all pods and services in namespace my-ns,
# Delete all pods matching the awk pattern1 or pattern2
kubectl get pods  -n mynamespace --no-headers=true | awk '/pattern1|pattern2/{print $1}' | xargs  kubectl delete -n mynamespace pod

Interacting with running Pods

kubectl logs my-pod                                 # dump pod logs (stdout)
kubectl logs -l name=myLabel                        # dump pod logs, with label name=myLabel (stdout)
kubectl logs my-pod --previous                      # dump pod logs (stdout) for a previous instantiation of a container
kubectl logs my-pod -c my-container                 # dump pod container logs (stdout, multi-container case)
kubectl logs -l name=myLabel -c my-container        # dump pod container logs, with label name=myLabel (stdout)
kubectl logs my-pod -c my-container --previous      # dump pod container logs (stdout, multi-container case) for a previous instantiation of a container
kubectl logs -f my-pod                              # stream pod logs (stdout)
kubectl logs -f my-pod -c my-container              # stream pod container logs (stdout, multi-container case)
kubectl logs -f -l name=myLabel --all-containers    # stream all pods logs with label name=myLabel (stdout)
kubectl run -i --tty busybox --image=busybox:1.28 -- sh  # Run pod as interactive shell
kubectl run nginx --image=nginx -n mynamespace      # Start a single instance of nginx pod in the namespace of mynamespace
kubectl run nginx --image=nginx --dry-run=client -o yaml > pod.yaml
                                                    # Generate spec for running pod nginx and write it into a file called pod.yaml
kubectl attach my-pod -i                            # Attach to Running Container
kubectl port-forward my-pod 5000:6000               # Listen on port 5000 on the local machine and forward to port 6000 on my-pod
kubectl exec my-pod -- ls /                         # Run command in existing pod (1 container case)
kubectl exec --stdin --tty my-pod -- /bin/sh        # Interactive shell access to a running pod (1 container case)
kubectl exec my-pod -c my-container -- ls /         # Run command in existing pod (multi-container case)
kubectl top pod POD_NAME --containers               # Show metrics for a given pod and its containers
kubectl top pod POD_NAME --sort-by=cpu              # Show metrics for a given pod and sort it by 'cpu' or 'memory'

Copying files and directories to and from containers

kubectl cp /tmp/foo_dir my-pod:/tmp/bar_dir            # Copy /tmp/foo_dir local directory to /tmp/bar_dir in a remote pod in the current namespace
kubectl cp /tmp/foo my-pod:/tmp/bar -c my-container    # Copy /tmp/foo local file to /tmp/bar in a remote pod in a specific container
kubectl cp /tmp/foo my-namespace/my-pod:/tmp/bar       # Copy /tmp/foo local file to /tmp/bar in a remote pod in namespace my-namespace
kubectl cp my-namespace/my-pod:/tmp/foo /tmp/bar       # Copy /tmp/foo from a remote pod to /tmp/bar locally

Note: kubectl cp requires that the 'tar' binary is present in your container image. If 'tar' is not present, kubectl cp will fail. For advanced use cases, such as symlinks, wildcard expansion or file mode preservation consider using kubectl exec.

tar cf - /tmp/foo | kubectl exec -i -n my-namespace my-pod -- tar xf - -C /tmp/bar           # Copy /tmp/foo local file to /tmp/bar in a remote pod in namespace my-namespace
kubectl exec -n my-namespace my-pod -- tar cf - /tmp/foo | tar xf - -C /tmp/bar    # Copy /tmp/foo from a remote pod to /tmp/bar locally

Interacting with Deployments and Services

kubectl logs deploy/my-deployment                         # dump Pod logs for a Deployment (single-container case)
kubectl logs deploy/my-deployment -c my-container         # dump Pod logs for a Deployment (multi-container case)

kubectl port-forward svc/my-service 5000                  # listen on local port 5000 and forward to port 5000 on Service backend
kubectl port-forward svc/my-service 5000:my-service-port  # listen on local port 5000 and forward to Service target port with name <my-service-port>

kubectl port-forward deploy/my-deployment 5000:6000       # listen on local port 5000 and forward to port 6000 on a Pod created by <my-deployment>
kubectl exec deploy/my-deployment -- ls                   # run command in first Pod and first container in Deployment (single- or multi-container cases)

Interacting with Nodes and cluster

kubectl cordon my-node                                                # Mark my-node as unschedulable
kubectl drain my-node                                                 # Drain my-node in preparation for maintenance
kubectl uncordon my-node                                              # Mark my-node as schedulable
kubectl top node my-node                                              # Show metrics for a given node
kubectl cluster-info                                                  # Display addresses of the master and services
kubectl cluster-info dump                                             # Dump current cluster state to stdout
kubectl cluster-info dump --output-directory=/path/to/cluster-state   # Dump current cluster state to /path/to/cluster-state

# View existing taints on which exist on current nodes.
kubectl get nodes -o='custom-columns=NodeName:.metadata.name,TaintKey:.spec.taints[*].key,TaintValue:.spec.taints[*].value,TaintEffect:.spec.taints[*].effect'

# If a taint with that key and effect already exists, its value is replaced as specified.
kubectl taint nodes foo dedicated=special-user:NoSchedule

Resource types

List all supported resource types along with their shortnames, API group, whether they are namespaced, and kind:

kubectl api-resources

Other operations for exploring API resources:

kubectl api-resources --namespaced=true      # All namespaced resources
kubectl api-resources --namespaced=false     # All non-namespaced resources
kubectl api-resources -o name                # All resources with simple output (only the resource name)
kubectl api-resources -o wide                # All resources with expanded (aka "wide") output
kubectl api-resources --verbs=list,get       # All resources that support the "list" and "get" request verbs
kubectl api-resources --api-group=extensions # All resources in the "extensions" API group

Formatting output

To output details to your terminal window in a specific format, add the -o (or --output) flag to a supported kubectl command.

Output format	Description
`-o=custom-columns=<spec>`	Print a table using a comma separated list of custom columns
`-o=custom-columns-file=<filename>`	Print a table using the custom columns template in the `<filename>` file
`-o=go-template=<template>`	Print the fields defined in a golang template
`-o=go-template-file=<filename>`	Print the fields defined by the golang template in the `<filename>` file
`-o=json`	Output a JSON formatted API object
`-o=jsonpath=<template>`	Print the fields defined in a jsonpath expression
`-o=jsonpath-file=<filename>`	Print the fields defined by the jsonpath expression in the `<filename>` file
`-o=name`	Print only the resource name and nothing else
`-o=wide`	Output in the plain-text format with any additional information, and for pods, the node name is included
`-o=yaml`	Output a YAML formatted API object

Examples using -o=custom-columns:

# All images running in a cluster
kubectl get pods -A -o=custom-columns='DATA:spec.containers[*].image'

# All images running in namespace: default, grouped by Pod
kubectl get pods --namespace default --output=custom-columns="NAME:.metadata.name,IMAGE:.spec.containers[*].image"

 # All images excluding "registry.k8s.io/coredns:1.6.2"
kubectl get pods -A -o=custom-columns='DATA:spec.containers[?(@.image!="registry.k8s.io/coredns:1.6.2")].image'

# All fields under metadata regardless of name
kubectl get pods -A -o=custom-columns='DATA:metadata.*'

More examples in the kubectl reference documentation.

Kubectl output verbosity and debugging

Kubectl verbosity is controlled with the -v or --v flags followed by an integer representing the log level. General Kubernetes logging conventions and the associated log levels are described here.

Verbosity	Description
`--v=0`	Generally useful for this to always be visible to a cluster operator.
`--v=1`	A reasonable default log level if you don't want verbosity.
`--v=2`	Useful steady state information about the service and important log messages that may correlate to significant changes in the system. This is the recommended default log level for most systems.
`--v=3`	Extended information about changes.
`--v=4`	Debug level verbosity.
`--v=5`	Trace level verbosity.
`--v=6`	Display requested resources.
`--v=7`	Display HTTP request headers.
`--v=8`	Display HTTP request contents.
`--v=9`	Display HTTP request contents without truncation of contents.

What's next

Read the kubectl overview and learn about JsonPath.
See kubectl options.
Also read kubectl Usage Conventions to understand how to use kubectl in reusable scripts.
See more community kubectl cheatsheets.

2 - kubectl reference

2.1 - kubectl

Synopsis

kubectl controls the Kubernetes cluster manager.

Find more information at: https://kubernetes.io/docs/reference/kubectl/

kubectl [flags]

Options

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
-h, --help
	help for kubectl
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.2 - kubectl annotate

Synopsis

Update the annotations on one or more resources.

All Kubernetes objects support the ability to store additional data with the object as annotations. Annotations are key/value pairs that can be larger than labels and include arbitrary string values such as structured JSON. Tools and system extensions may use annotations to store their own data.

Attempting to set an annotation that already exists will fail unless --overwrite is set. If --resource-version is specified and does not match the current resource version on the server the command will fail.

Use "kubectl api-resources" for a complete list of supported resources.

kubectl annotate [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--resource-version=version]

Examples

  # Update pod 'foo' with the annotation 'description' and the value 'my frontend'
  # If the same annotation is set multiple times, only the last value will be applied
  kubectl annotate pods foo description='my frontend'
  
  # Update a pod identified by type and name in "pod.json"
  kubectl annotate -f pod.json description='my frontend'
  
  # Update pod 'foo' with the annotation 'description' and the value 'my frontend running nginx', overwriting any existing value
  kubectl annotate --overwrite pods foo description='my frontend running nginx'
  
  # Update all pods in the namespace
  kubectl annotate pods --all description='my frontend running nginx'
  
  # Update pod 'foo' only if the resource is unchanged from version 1
  kubectl annotate pods foo description='my frontend running nginx' --resource-version=1
  
  # Update pod 'foo' by removing an annotation named 'description' if it exists
  # Does not require the --overwrite flag
  kubectl annotate pods foo description-

Options

--all
	Select all resources, in the namespace of the specified resource types.
-A, --all-namespaces
	If true, check the specified action in all namespaces.
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-annotate"
	Name of the manager used to track field ownership.
--field-selector string
	Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to update the annotation
-h, --help
	help for annotate
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
--list
	If true, display the annotations for a given resource.
--local
	If true, annotation will NOT contact api-server but run locally.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--overwrite
	If true, allow annotations to be overwritten, otherwise reject annotation updates that overwrite existing annotations.
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--resource-version string
	If non-empty, the annotation update will only succeed if this is the current resource-version for the object. Only valid when specifying a single resource.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.3 - kubectl api-resources

Synopsis

Print the supported API resources on the server.

kubectl api-resources [flags]

Examples

  # Print the supported API resources
  kubectl api-resources
  
  # Print the supported API resources with more information
  kubectl api-resources -o wide
  
  # Print the supported API resources sorted by a column
  kubectl api-resources --sort-by=name
  
  # Print the supported namespaced resources
  kubectl api-resources --namespaced=true
  
  # Print the supported non-namespaced resources
  kubectl api-resources --namespaced=false
  
  # Print the supported API resources with a specific APIGroup
  kubectl api-resources --api-group=rbac.authorization.k8s.io

Options

--api-group string
	Limit to resources in the specified API group.
--cached
	Use the cached list of resources if available.
--categories strings
	Limit to resources that belong to the specified categories.
-h, --help
	help for api-resources
--namespaced Default: true
	If false, non-namespaced resources will be returned, otherwise returning namespaced resources by default.
--no-headers
	When using the default or custom-column output format, don't print headers (default print headers).
-o, --output string
	Output format. One of: (wide, name).
--sort-by string
	If non-empty, sort list of resources using specified field. The field can be either 'name' or 'kind'.
--verbs strings
	Limit to resources that support the specified verbs.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.4 - kubectl api-versions

Synopsis

Print the supported API versions on the server, in the form of "group/version".

kubectl api-versions

Examples

  # Print the supported API versions
  kubectl api-versions

Options

-h, --help
	help for api-versions

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.5 - kubectl apply

Synopsis

Apply a configuration to a resource by file name or stdin. The resource name must be specified. This resource will be created if it doesn't exist yet. To use 'apply', always create the resource initially with either 'apply' or 'create --save-config'.

JSON and YAML formats are accepted.

Alpha Disclaimer: the --prune functionality is not yet complete. Do not use unless you are aware of what the current state is. See https://issues.k8s.io/34274.

kubectl apply (-f FILENAME | -k DIRECTORY)

Examples

  # Apply the configuration in pod.json to a pod
  kubectl apply -f ./pod.json
  
  # Apply resources from a directory containing kustomization.yaml - e.g. dir/kustomization.yaml
  kubectl apply -k dir/
  
  # Apply the JSON passed into stdin to a pod
  cat pod.json | kubectl apply -f -
  
  # Apply the configuration from all files that end with '.json'
  kubectl apply -f '*.json'
  
  # Note: --prune is still in Alpha
  # Apply the configuration in manifest.yaml that matches label app=nginx and delete all other resources that are not in the file and match label app=nginx
  kubectl apply --prune -f manifest.yaml -l app=nginx
  
  # Apply the configuration in manifest.yaml and delete all the other config maps that are not in the file
  kubectl apply --prune -f manifest.yaml --all --prune-allowlist=core/v1/ConfigMap

Options

--all
	Select all resources in the namespace of the specified resource types.
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--cascade string[="background"] Default: "background"
	Must be "background", "orphan", or "foreground". Selects the deletion cascading strategy for the dependents (e.g. Pods created by a ReplicationController). Defaults to background.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-client-side-apply"
	Name of the manager used to track field ownership.
-f, --filename strings
	The files that contain the configurations to apply.
--force
	If true, immediately remove resources from API and bypass graceful deletion. Note that immediate deletion of some resources may result in inconsistency or data loss and requires confirmation.
--force-conflicts
	If true, server-side apply will force the changes against conflicts.
--grace-period int Default: -1
	Period of time in seconds given to the resource to terminate gracefully. Ignored if negative. Set to 1 for immediate shutdown. Can only be set to 0 when --force is true (force deletion).
-h, --help
	help for apply
-k, --kustomize string
	Process a kustomization directory. This flag can't be used together with -f or -R.
--openapi-patch Default: true
	If true, use openapi to calculate diff when the openapi presents and the resource can be found in the openapi spec. Otherwise, fall back to use baked-in types.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--overwrite Default: true
	Automatically resolve conflicts between the modified and live configuration by using values from the modified configuration
--prune
	Automatically delete resource objects, that do not appear in the configs and are created by either apply or create --save-config. Should be used with either -l or --all.
--prune-allowlist strings
	Overwrite the default allowlist with <group/version/kind> for --prune
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--server-side
	If true, apply runs in the server instead of the client.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--timeout duration
	The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.
--wait
	If true, wait for resources to be gone before returning. This waits for finalizers.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.5.1 - kubectl apply edit-last-applied

Synopsis

Edit the latest last-applied-configuration annotations of resources from the default editor.

The edit-last-applied command allows you to directly edit any API resource you can retrieve via the command-line tools. It will open the editor defined by your KUBE_EDITOR, or EDITOR environment variables, or fall back to 'vi' for Linux or 'notepad' for Windows. You can edit multiple objects, although changes are applied one at a time. The command accepts file names as well as command-line arguments, although the files you point to must be previously saved versions of resources.

The default format is YAML. To edit in JSON, specify "-o json".

The flag --windows-line-endings can be used to force Windows line endings, otherwise the default for your operating system will be used.

In the event an error occurs while updating, a temporary file will be created on disk that contains your unapplied changes. The most common error when updating a resource is another editor changing the resource on the server. When this occurs, you will have to apply your changes to the newer version of the resource, or update your temporary saved copy to include the latest resource version.

kubectl apply edit-last-applied (RESOURCE/NAME | -f FILENAME)

Examples

  # Edit the last-applied-configuration annotations by type/name in YAML
  kubectl apply edit-last-applied deployment/nginx
  
  # Edit the last-applied-configuration annotations by file in JSON
  kubectl apply edit-last-applied -f deploy.yaml -o json

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--field-manager string Default: "kubectl-client-side-apply"
	Name of the manager used to track field ownership.
-f, --filename strings
	Filename, directory, or URL to files to use to edit the resource
-h, --help
	help for edit-last-applied
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.
--windows-line-endings
	Defaults to the line ending native to your platform.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.5.2 - kubectl apply set-last-applied

Synopsis

Set the latest last-applied-configuration annotations by setting it to match the contents of a file. This results in the last-applied-configuration being updated as though 'kubectl apply -f<file> ' was run, without updating any other parts of the object.

kubectl apply set-last-applied -f FILENAME

Examples

  # Set the last-applied-configuration of a resource to match the contents of a file
  kubectl apply set-last-applied -f deploy.yaml
  
  # Execute set-last-applied against each configuration file in a directory
  kubectl apply set-last-applied -f path/
  
  # Set the last-applied-configuration of a resource to match the contents of a file; will create the annotation if it does not already exist
  kubectl apply set-last-applied -f deploy.yaml --create-annotation=true

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--create-annotation
	Will create 'last-applied-configuration' annotations if current objects doesn't have one
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
-f, --filename strings
	Filename, directory, or URL to files that contains the last-applied-configuration annotations
-h, --help
	help for set-last-applied
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.5.3 - kubectl apply view-last-applied

Synopsis

View the latest last-applied-configuration annotations by type/name or file.

The default output will be printed to stdout in YAML format. You can use the -o option to change the output format.

kubectl apply view-last-applied (TYPE [NAME | -l label] | TYPE/NAME | -f FILENAME)

Examples

  # View the last-applied-configuration annotations by type/name in YAML
  kubectl apply view-last-applied deployment/nginx
  
  # View the last-applied-configuration annotations by file in JSON
  kubectl apply view-last-applied -f deploy.yaml -o json

Options

--all
	Select all resources in the namespace of the specified resource types
-f, --filename strings
	Filename, directory, or URL to files that contains the last-applied-configuration annotations
-h, --help
	help for view-last-applied
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-o, --output string Default: "yaml"
	Output format. Must be one of (yaml, json)
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.6 - kubectl attach

Synopsis

Attach to a process that is already running inside an existing container.

kubectl attach (POD | TYPE/NAME) -c CONTAINER

Examples

  # Get output from running pod mypod; use the 'kubectl.kubernetes.io/default-container' annotation
  # for selecting the container to be attached or the first container in the pod will be chosen
  kubectl attach mypod
  
  # Get output from ruby-container from pod mypod
  kubectl attach mypod -c ruby-container
  
  # Switch to raw terminal mode; sends stdin to 'bash' in ruby-container from pod mypod
  # and sends stdout/stderr from 'bash' back to the client
  kubectl attach mypod -c ruby-container -i -t
  
  # Get output from the first pod of a replica set named nginx
  kubectl attach rs/nginx

Options

-c, --container string
	Container name. If omitted, use the kubectl.kubernetes.io/default-container annotation for selecting the container to be attached or the first container in the pod will be chosen
-h, --help
	help for attach
--pod-running-timeout duration Default: 1m0s
	The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running
-q, --quiet
	Only print output from the remote session
-i, --stdin
	Pass stdin to the container
-t, --tty
	Stdin is a TTY

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.7 - kubectl auth

Synopsis

Inspect authorization.

kubectl auth [flags]

Options

-h, --help
	help for auth

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.7.1 - kubectl auth can-i

Synopsis

Check whether an action is allowed.

VERB is a logical Kubernetes API verb like 'get', 'list', 'watch', 'delete', etc. TYPE is a Kubernetes resource. Shortcuts and groups will be resolved. NONRESOURCEURL is a partial URL that starts with "/". NAME is the name of a particular Kubernetes resource. This command pairs nicely with impersonation. See --as global flag.

kubectl auth can-i VERB [TYPE | TYPE/NAME | NONRESOURCEURL]

Examples

  # Check to see if I can create pods in any namespace
  kubectl auth can-i create pods --all-namespaces
  
  # Check to see if I can list deployments in my current namespace
  kubectl auth can-i list deployments.apps
  
  # Check to see if service account "foo" of namespace "dev" can list pods
  # in the namespace "prod".
  # You must be allowed to use impersonation for the global option "--as".
  kubectl auth can-i list pods --as=system:serviceaccount:dev:foo -n prod
  
  # Check to see if I can do everything in my current namespace ("*" means all)
  kubectl auth can-i '*' '*'
  
  # Check to see if I can get the job named "bar" in namespace "foo"
  kubectl auth can-i list jobs.batch/bar -n foo
  
  # Check to see if I can read pod logs
  kubectl auth can-i get pods --subresource=log
  
  # Check to see if I can access the URL /logs/
  kubectl auth can-i get /logs/
  
  # List all allowed actions in namespace "foo"
  kubectl auth can-i --list --namespace=foo

Options

-A, --all-namespaces
	If true, check the specified action in all namespaces.
-h, --help
	help for can-i
--list
	If true, prints all allowed actions.
--no-headers
	If true, prints allowed actions without headers
-q, --quiet
	If true, suppress output and just return the exit code.
--subresource string
	SubResource such as pod/log or deployment/scale

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.7.2 - kubectl auth reconcile

Synopsis

Reconciles rules for RBAC role, role binding, cluster role, and cluster role binding objects.

Missing objects are created, and the containing namespace is created for namespaced objects, if required.

Existing roles are updated to include the permissions in the input objects, and remove extra permissions if --remove-extra-permissions is specified.

Existing bindings are updated to include the subjects in the input objects, and remove extra subjects if --remove-extra-subjects is specified.

This is preferred to 'apply' for RBAC resources so that semantically-aware merging of rules and subjects is done.

kubectl auth reconcile -f FILENAME

Examples

  # Reconcile RBAC resources from a file
  kubectl auth reconcile -f my-rbac-rules.yaml

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to reconcile.
-h, --help
	help for reconcile
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--remove-extra-permissions
	If true, removes extra permissions added to roles
--remove-extra-subjects
	If true, removes extra subjects added to rolebindings
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.7.3 - kubectl auth whoami

Synopsis

Experimental: Check who you are and your attributes (groups, extra).

    This command is helpful to get yourself aware of the current user attributes,
    especially when dynamic authentication, e.g., token webhook, auth proxy, or OIDC provider,
    is enabled in the Kubernetes cluster.

kubectl auth whoami

Examples

  # Get your subject attributes.
  kubectl auth whoami
  
  # Get your subject attributes in JSON format.
  kubectl auth whoami -o json

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-h, --help
	help for whoami
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.8 - kubectl autoscale

Synopsis

Creates an autoscaler that automatically chooses and sets the number of pods that run in a Kubernetes cluster.

Looks up a deployment, replica set, stateful set, or replication controller by name and creates an autoscaler that uses the given resource as a reference. An autoscaler can automatically increase or decrease number of pods deployed within the system as needed.

kubectl autoscale (-f FILENAME | TYPE NAME | TYPE/NAME) [--min=MINPODS] --max=MAXPODS [--cpu-percent=CPU]

Examples

  # Auto scale a deployment "foo", with the number of pods between 2 and 10, no target CPU utilization specified so a default autoscaling policy will be used
  kubectl autoscale deployment foo --min=2 --max=10
  
  # Auto scale a replication controller "foo", with the number of pods between 1 and 5, target CPU utilization at 80%
  kubectl autoscale rc foo --max=5 --cpu-percent=80

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--cpu-percent int32 Default: -1
	The target average CPU utilization (represented as a percent of requested CPU) over all the pods. If it's not specified or negative, a default autoscaling policy will be used.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-autoscale"
	Name of the manager used to track field ownership.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to autoscale.
-h, --help
	help for autoscale
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
--max int32 Default: -1
	The upper limit for the number of pods that can be set by the autoscaler. Required.
--min int32 Default: -1
	The lower limit for the number of pods that can be set by the autoscaler. If it's not specified or negative, the server will apply a default value.
--name string
	The name for the newly created object. If not specified, the name of the input resource will be used.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.9 - kubectl certificate

Synopsis

Modify certificate resources.

kubectl certificate SUBCOMMAND

Options

-h, --help
	help for certificate

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.9.1 - kubectl certificate approve

Synopsis

Approve a certificate signing request.

kubectl certificate approve allows a cluster admin to approve a certificate signing request (CSR). This action tells a certificate signing controller to issue a certificate to the requester with the attributes requested in the CSR.

SECURITY NOTICE: Depending on the requested attributes, the issued certificate can potentially grant a requester access to cluster resources or to authenticate as a requested identity. Before approving a CSR, ensure you understand what the signed certificate can do.

kubectl certificate approve (-f FILENAME | NAME)

Examples

  # Approve CSR 'csr-sqgzp'
  kubectl certificate approve csr-sqgzp

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to update
--force
	Update the CSR even if it is already approved.
-h, --help
	help for approve
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.9.2 - kubectl certificate deny

Synopsis

Deny a certificate signing request.

kubectl certificate deny allows a cluster admin to deny a certificate signing request (CSR). This action tells a certificate signing controller to not to issue a certificate to the requester.

kubectl certificate deny (-f FILENAME | NAME)

Examples

  # Deny CSR 'csr-sqgzp'
  kubectl certificate deny csr-sqgzp

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to update
--force
	Update the CSR even if it is already denied.
-h, --help
	help for deny
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.10 - kubectl cluster-info

Synopsis

Display addresses of the control plane and services with label kubernetes.io/cluster-service=true. To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

kubectl cluster-info [flags]

Examples

  # Print the address of the control plane and cluster services
  kubectl cluster-info

Options

-h, --help
	help for cluster-info

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.10.1 - kubectl cluster-info dump

Synopsis

Dump cluster information out suitable for debugging and diagnosing cluster problems. By default, dumps everything to stdout. You can optionally specify a directory with --output-directory. If you specify a directory, Kubernetes will build a set of files in that directory. By default, only dumps things in the current namespace and 'kube-system' namespace, but you can switch to a different namespace with the --namespaces flag, or specify --all-namespaces to dump all namespaces.

The command also dumps the logs of all of the pods in the cluster; these logs are dumped into different directories based on namespace and pod name.

kubectl cluster-info dump [flags]

Examples

  # Dump current cluster state to stdout
  kubectl cluster-info dump
  
  # Dump current cluster state to /path/to/cluster-state
  kubectl cluster-info dump --output-directory=/path/to/cluster-state
  
  # Dump all namespaces to stdout
  kubectl cluster-info dump --all-namespaces
  
  # Dump a set of namespaces to /path/to/cluster-state
  kubectl cluster-info dump --namespaces default,kube-system --output-directory=/path/to/cluster-state

Options

-A, --all-namespaces
	If true, dump all namespaces. If true, --namespaces is ignored.
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-h, --help
	help for dump
--namespaces strings
	A comma separated list of namespaces to dump.
-o, --output string Default: "json"
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--output-directory string
	Where to output the files. If empty or '-' uses stdout, otherwise creates a directory hierarchy in that directory
--pod-running-timeout duration Default: 20s
	The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.11 - kubectl completion

Synopsis

Output shell completion code for the specified shell (bash, zsh, fish, or powershell). The shell code must be evaluated to provide interactive completion of kubectl commands. This can be done by sourcing it from the .bash_profile.

Detailed instructions on how to do this are available here:

    for macOS:
    https://kubernetes.io/docs/tasks/tools/install-kubectl-macos/#enable-shell-autocompletion
    
    for linux:
    https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/#enable-shell-autocompletion
    
    for windows:
    https://kubernetes.io/docs/tasks/tools/install-kubectl-windows/#enable-shell-autocompletion

Note for zsh users: [1] zsh completions are only supported in versions of zsh >= 5.2.

kubectl completion SHELL

Examples

  # Installing bash completion on macOS using homebrew
  ## If running Bash 3.2 included with macOS
  brew install bash-completion
  ## or, if running Bash 4.1+
  brew install bash-completion@2
  ## If kubectl is installed via homebrew, this should start working immediately
  ## If you've installed via other means, you may need add the completion to your completion directory
  kubectl completion bash > $(brew --prefix)/etc/bash_completion.d/kubectl
  
  
  # Installing bash completion on Linux
  ## If bash-completion is not installed on Linux, install the 'bash-completion' package
  ## via your distribution's package manager.
  ## Load the kubectl completion code for bash into the current shell
  source <(kubectl completion bash)
  ## Write bash completion code to a file and source it from .bash_profile
  kubectl completion bash > ~/.kube/completion.bash.inc
  printf "
  # kubectl shell completion
  source '$HOME/.kube/completion.bash.inc'
  " >> $HOME/.bash_profile
  source $HOME/.bash_profile
  
  # Load the kubectl completion code for zsh[1] into the current shell
  source <(kubectl completion zsh)
  # Set the kubectl completion code for zsh[1] to autoload on startup
  kubectl completion zsh > "${fpath[1]}/_kubectl"
  
  
  # Load the kubectl completion code for fish[2] into the current shell
  kubectl completion fish | source
  # To load completions for each session, execute once:
  kubectl completion fish > ~/.config/fish/completions/kubectl.fish
  
  # Load the kubectl completion code for powershell into the current shell
  kubectl completion powershell | Out-String | Invoke-Expression
  # Set kubectl completion code for powershell to run on startup
  ## Save completion code to a script and execute in the profile
  kubectl completion powershell > $HOME\.kube\completion.ps1
  Add-Content $PROFILE "$HOME\.kube\completion.ps1"
  ## Execute completion code in the profile
  Add-Content $PROFILE "if (Get-Command kubectl -ErrorAction SilentlyContinue) {
  kubectl completion powershell | Out-String | Invoke-Expression
  }"
  ## Add completion code directly to the $PROFILE script
  kubectl completion powershell >> $PROFILE

Options

-h, --help
	help for completion

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12 - kubectl config

Synopsis

Modify kubeconfig files using subcommands like "kubectl config set current-context my-context".

The loading order follows these rules:

If the --kubeconfig flag is set, then only that file is loaded. The flag may only be set once and no merging takes place.
If $KUBECONFIG environment variable is set, then it is used as a list of paths (normal path delimiting rules for your system). These paths are merged. When a value is modified, it is modified in the file that defines the stanza. When a value is created, it is created in the first file that exists. If no files in the chain exist, then it creates the last file in the list.
Otherwise, ${HOME}/.kube/config is used and no merging takes place.

kubectl config SUBCOMMAND

Options

-h, --help
	help for config
--kubeconfig string
	use a particular kubeconfig file

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12.1 - kubectl config current-context

Synopsis

Display the current-context.

kubectl config current-context [flags]

Examples

  # Display the current-context
  kubectl config current-context

Options

-h, --help
	help for current-context

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	use a particular kubeconfig file
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12.2 - kubectl config delete-cluster

Synopsis

Delete the specified cluster from the kubeconfig.

kubectl config delete-cluster NAME

Examples

  # Delete the minikube cluster
  kubectl config delete-cluster minikube

Options

-h, --help
	help for delete-cluster

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	use a particular kubeconfig file
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12.3 - kubectl config delete-context

Synopsis

Delete the specified context from the kubeconfig.

kubectl config delete-context NAME

Examples

  # Delete the context for the minikube cluster
  kubectl config delete-context minikube

Options

-h, --help
	help for delete-context

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	use a particular kubeconfig file
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12.4 - kubectl config delete-user

Synopsis

Delete the specified user from the kubeconfig.

kubectl config delete-user NAME

Examples

  # Delete the minikube user
  kubectl config delete-user minikube

Options

-h, --help
	help for delete-user

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	use a particular kubeconfig file
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12.5 - kubectl config get-clusters

Synopsis

Display clusters defined in the kubeconfig.

kubectl config get-clusters [flags]

Examples

  # List the clusters that kubectl knows about
  kubectl config get-clusters

Options

-h, --help
	help for get-clusters

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	use a particular kubeconfig file
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12.6 - kubectl config get-contexts

Synopsis

Display one or many contexts from the kubeconfig file.

kubectl config get-contexts [(-o|--output=)name)]

Examples

  # List all the contexts in your kubeconfig file
  kubectl config get-contexts
  
  # Describe one context in your kubeconfig file
  kubectl config get-contexts my-context

Options

-h, --help
	help for get-contexts
--no-headers
	When using the default or custom-column output format, don't print headers (default print headers).
-o, --output string
	Output format. One of: (name).

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	use a particular kubeconfig file
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12.7 - kubectl config get-users

Synopsis

Display users defined in the kubeconfig.

kubectl config get-users [flags]

Examples

  # List the users that kubectl knows about
  kubectl config get-users

Options

-h, --help
	help for get-users

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	use a particular kubeconfig file
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12.8 - kubectl config rename-context

Synopsis

Renames a context from the kubeconfig file.

CONTEXT_NAME is the context name that you want to change.

NEW_NAME is the new name you want to set.

Note: If the context being renamed is the 'current-context', this field will also be updated.

kubectl config rename-context CONTEXT_NAME NEW_NAME

Examples

  # Rename the context 'old-name' to 'new-name' in your kubeconfig file
  kubectl config rename-context old-name new-name

Options

-h, --help
	help for rename-context

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	use a particular kubeconfig file
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12.9 - kubectl config set

Synopsis

Set an individual value in a kubeconfig file.

PROPERTY_NAME is a dot delimited name where each token represents either an attribute name or a map key. Map keys may not contain dots.

PROPERTY_VALUE is the new value you want to set. Binary fields such as 'certificate-authority-data' expect a base64 encoded string unless the --set-raw-bytes flag is used.

Specifying an attribute name that already exists will merge new fields on top of existing values.

kubectl config set PROPERTY_NAME PROPERTY_VALUE

Examples

  # Set the server field on the my-cluster cluster to https://1.2.3.4
  kubectl config set clusters.my-cluster.server https://1.2.3.4
  
  # Set the certificate-authority-data field on the my-cluster cluster
  kubectl config set clusters.my-cluster.certificate-authority-data $(echo "cert_data_here" | base64 -i -)
  
  # Set the cluster field in the my-context context to my-cluster
  kubectl config set contexts.my-context.cluster my-cluster
  
  # Set the client-key-data field in the cluster-admin user using --set-raw-bytes option
  kubectl config set users.cluster-admin.client-key-data cert_data_here --set-raw-bytes=true

Options

-h, --help
	help for set
--set-raw-bytes tristate[=true]
	When writing a []byte PROPERTY_VALUE, write the given string directly without base64 decoding.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	use a particular kubeconfig file
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12.10 - kubectl config set-cluster

Synopsis

Set a cluster entry in kubeconfig.

Specifying a name that already exists will merge new fields on top of existing values for those fields.

kubectl config set-cluster NAME [--server=server] [--certificate-authority=path/to/certificate/authority] [--insecure-skip-tls-verify=true] [--tls-server-name=example.com]

Examples

  # Set only the server field on the e2e cluster entry without touching other values
  kubectl config set-cluster e2e --server=https://1.2.3.4
  
  # Embed certificate authority data for the e2e cluster entry
  kubectl config set-cluster e2e --embed-certs --certificate-authority=~/.kube/e2e/kubernetes.ca.crt
  
  # Disable cert checking for the e2e cluster entry
  kubectl config set-cluster e2e --insecure-skip-tls-verify=true
  
  # Set the custom TLS server name to use for validation for the e2e cluster entry
  kubectl config set-cluster e2e --tls-server-name=my-cluster-name
  
  # Set the proxy URL for the e2e cluster entry
  kubectl config set-cluster e2e --proxy-url=https://1.2.3.4

Options

--certificate-authority string
	Path to certificate-authority file for the cluster entry in kubeconfig
--embed-certs tristate[=true]
	embed-certs for the cluster entry in kubeconfig
-h, --help
	help for set-cluster
--insecure-skip-tls-verify tristate[=true]
	insecure-skip-tls-verify for the cluster entry in kubeconfig
--proxy-url string
	proxy-url for the cluster entry in kubeconfig
--server string
	server for the cluster entry in kubeconfig
--tls-server-name string
	tls-server-name for the cluster entry in kubeconfig

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--kubeconfig string
	use a particular kubeconfig file
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12.11 - kubectl config set-context

Synopsis

Set a context entry in kubeconfig.

Specifying a name that already exists will merge new fields on top of existing values for those fields.

kubectl config set-context [NAME | --current] [--cluster=cluster_nickname] [--user=user_nickname] [--namespace=namespace]

Examples

  # Set the user field on the gce context entry without touching other values
  kubectl config set-context gce --user=cluster-admin

Options

--cluster string
	cluster for the context entry in kubeconfig
--current
	Modify the current context
-h, --help
	help for set-context
--namespace string
	namespace for the context entry in kubeconfig
--user string
	user for the context entry in kubeconfig

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	use a particular kubeconfig file
--match-server-version
	Require server version to match client version
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12.12 - kubectl config set-credentials

Synopsis

Set a user entry in kubeconfig.

Specifying a name that already exists will merge new fields on top of existing values.

    Client-certificate flags:
    --client-certificate=certfile --client-key=keyfile
    
    Bearer token flags:
    --token=bearer_token
    
    Basic auth flags:
    --username=basic_user --password=basic_password

Bearer token and basic auth are mutually exclusive.

kubectl config set-credentials NAME [--client-certificate=path/to/certfile] [--client-key=path/to/keyfile] [--token=bearer_token] [--username=basic_user] [--password=basic_password] [--auth-provider=provider_name] [--auth-provider-arg=key=value] [--exec-command=exec_command] [--exec-api-version=exec_api_version] [--exec-arg=arg] [--exec-env=key=value]

Examples

  # Set only the "client-key" field on the "cluster-admin"
  # entry, without touching other values
  kubectl config set-credentials cluster-admin --client-key=~/.kube/admin.key
  
  # Set basic auth for the "cluster-admin" entry
  kubectl config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif
  
  # Embed client certificate data in the "cluster-admin" entry
  kubectl config set-credentials cluster-admin --client-certificate=~/.kube/admin.crt --embed-certs=true
  
  # Enable the Google Compute Platform auth provider for the "cluster-admin" entry
  kubectl config set-credentials cluster-admin --auth-provider=gcp
  
  # Enable the OpenID Connect auth provider for the "cluster-admin" entry with additional arguments
  kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar
  
  # Remove the "client-secret" config value for the OpenID Connect auth provider for the "cluster-admin" entry
  kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret-
  
  # Enable new exec auth plugin for the "cluster-admin" entry
  kubectl config set-credentials cluster-admin --exec-command=/path/to/the/executable --exec-api-version=client.authentication.k8s.io/v1beta1
  
  # Define new exec auth plugin arguments for the "cluster-admin" entry
  kubectl config set-credentials cluster-admin --exec-arg=arg1 --exec-arg=arg2
  
  # Create or update exec auth plugin environment variables for the "cluster-admin" entry
  kubectl config set-credentials cluster-admin --exec-env=key1=val1 --exec-env=key2=val2
  
  # Remove exec auth plugin environment variables for the "cluster-admin" entry
  kubectl config set-credentials cluster-admin --exec-env=var-to-remove-

Options

--auth-provider string
	Auth provider for the user entry in kubeconfig
--auth-provider-arg strings
	'key=value' arguments for the auth provider
--client-certificate string
	Path to client-certificate file for the user entry in kubeconfig
--client-key string
	Path to client-key file for the user entry in kubeconfig
--embed-certs tristate[=true]
	Embed client cert/key for the user entry in kubeconfig
--exec-api-version string
	API version of the exec credential plugin for the user entry in kubeconfig
--exec-arg strings
	New arguments for the exec credential plugin command for the user entry in kubeconfig
--exec-command string
	Command for the exec credential plugin for the user entry in kubeconfig
--exec-env strings
	'key=value' environment values for the exec credential plugin
-h, --help
	help for set-credentials
--password string
	password for the user entry in kubeconfig
--token string
	token for the user entry in kubeconfig
--username string
	username for the user entry in kubeconfig

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	use a particular kubeconfig file
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--user string
	The name of the kubeconfig user to use
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12.13 - kubectl config unset

Synopsis

Unset an individual value in a kubeconfig file.

PROPERTY_NAME is a dot delimited name where each token represents either an attribute name or a map key. Map keys may not contain dots.

kubectl config unset PROPERTY_NAME

Examples

  # Unset the current-context
  kubectl config unset current-context
  
  # Unset namespace in foo context
  kubectl config unset contexts.foo.namespace

Options

-h, --help
	help for unset

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	use a particular kubeconfig file
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12.14 - kubectl config use-context

Synopsis

Set the current-context in a kubeconfig file.

kubectl config use-context CONTEXT_NAME

Examples

  # Use the context for the minikube cluster
  kubectl config use-context minikube

Options

-h, --help
	help for use-context

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	use a particular kubeconfig file
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.12.15 - kubectl config view

Synopsis

Display merged kubeconfig settings or a specified kubeconfig file.

You can use --output jsonpath={...} to extract specific values using a jsonpath expression.

kubectl config view [flags]

Examples

  # Show merged kubeconfig settings
  kubectl config view
  
  # Show merged kubeconfig settings, raw certificate data, and exposed secrets
  kubectl config view --raw
  
  # Get the password for the e2e user
  kubectl config view -o jsonpath='{.users[?(@.name == "e2e")].user.password}'

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--flatten
	Flatten the resulting kubeconfig file into self-contained output (useful for creating portable kubeconfig files)
-h, --help
	help for view
--merge tristate[=true] Default: true
	Merge the full hierarchy of kubeconfig files
--minify
	Remove all information not used by current-context from the output
-o, --output string Default: "yaml"
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--raw
	Display raw byte data and sensitive data
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	use a particular kubeconfig file
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.13 - kubectl cordon

Synopsis

Mark node as unschedulable.

kubectl cordon NODE

Examples

  # Mark node "foo" as unschedulable
  kubectl cordon foo

Options

--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
-h, --help
	help for cordon
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.14 - kubectl cp

Synopsis

Copy files and directories to and from containers.

kubectl cp <file-spec-src> <file-spec-dest>

Examples

  # !!!Important Note!!!
  # Requires that the 'tar' binary is present in your container
  # image.  If 'tar' is not present, 'kubectl cp' will fail.
  #
  # For advanced use cases, such as symlinks, wildcard expansion or
  # file mode preservation, consider using 'kubectl exec'.
  
  # Copy /tmp/foo local file to /tmp/bar in a remote pod in namespace <some-namespace>
  tar cf - /tmp/foo | kubectl exec -i -n <some-namespace> <some-pod> -- tar xf - -C /tmp/bar
  
  # Copy /tmp/foo from a remote pod to /tmp/bar locally
  kubectl exec -n <some-namespace> <some-pod> -- tar cf - /tmp/foo | tar xf - -C /tmp/bar
  
  # Copy /tmp/foo_dir local directory to /tmp/bar_dir in a remote pod in the default namespace
  kubectl cp /tmp/foo_dir <some-pod>:/tmp/bar_dir
  
  # Copy /tmp/foo local file to /tmp/bar in a remote pod in a specific container
  kubectl cp /tmp/foo <some-pod>:/tmp/bar -c <specific-container>
  
  # Copy /tmp/foo local file to /tmp/bar in a remote pod in namespace <some-namespace>
  kubectl cp /tmp/foo <some-namespace>/<some-pod>:/tmp/bar
  
  # Copy /tmp/foo from a remote pod to /tmp/bar locally
  kubectl cp <some-namespace>/<some-pod>:/tmp/foo /tmp/bar

Options

-c, --container string
	Container name. If omitted, use the kubectl.kubernetes.io/default-container annotation for selecting the container to be attached or the first container in the pod will be chosen
-h, --help
	help for cp
--no-preserve
	The copied file/directory's ownership and permissions will not be preserved in the container
--retries int
	Set number of retries to complete a copy operation from a container. Specify 0 to disable or any negative value for infinite retrying. The default is 0 (no retry).

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15 - kubectl create

Synopsis

Create a resource from a file or from stdin.

JSON and YAML formats are accepted.

kubectl create -f FILENAME

Examples

  # Create a pod using the data in pod.json
  kubectl create -f ./pod.json
  
  # Create a pod based on the JSON passed into stdin
  cat pod.json | kubectl create -f -
  
  # Edit the data in registry.yaml in JSON then create the resource using the edited data
  kubectl create -f registry.yaml --edit -o json

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--edit
	Edit the API resource before creating
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
-f, --filename strings
	Filename, directory, or URL to files to use to create the resource
-h, --help
	help for create
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--raw string
	Raw URI to POST to the server. Uses the transport specified by the kubeconfig file.
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.
--windows-line-endings
	Only relevant if --edit=true. Defaults to the line ending native to your platform.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.1 - kubectl create clusterrole

Synopsis

Create a cluster role.

kubectl create clusterrole NAME --verb=verb --resource=resource.group [--resource-name=resourcename] [--dry-run=server|client|none]

Examples

  # Create a cluster role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
  kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods
  
  # Create a cluster role named "pod-reader" with ResourceName specified
  kubectl create clusterrole pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod
  
  # Create a cluster role named "foo" with API Group specified
  kubectl create clusterrole foo --verb=get,list,watch --resource=rs.apps
  
  # Create a cluster role named "foo" with SubResource specified
  kubectl create clusterrole foo --verb=get,list,watch --resource=pods,pods/status
  
  # Create a cluster role name "foo" with NonResourceURL specified
  kubectl create clusterrole "foo" --verb=get --non-resource-url=/logs/*
  
  # Create a cluster role name "monitoring" with AggregationRule specified
  kubectl create clusterrole monitoring --aggregation-rule="rbac.example.com/aggregate-to-monitoring=true"

Options

--aggregation-rule <comma-separated 'key=value' pairs>
	An aggregation label selector for combining ClusterRoles.
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
-h, --help
	help for clusterrole
--non-resource-url strings
	A partial url that user should have access to.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--resource strings
	Resource that the rule applies to
--resource-name strings
	Resource in the white list that the rule applies to, repeat this flag for multiple items
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.
--verb strings
	Verb that applies to the resources contained in the rule

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.2 - kubectl create clusterrolebinding

Synopsis

Create a cluster role binding for a particular cluster role.

kubectl create clusterrolebinding NAME --clusterrole=NAME [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run=server|client|none]

Examples

  # Create a cluster role binding for user1, user2, and group1 using the cluster-admin cluster role
  kubectl create clusterrolebinding cluster-admin --clusterrole=cluster-admin --user=user1 --user=user2 --group=group1

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--clusterrole string
	ClusterRole this ClusterRoleBinding should reference
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
--group strings
	Groups to bind to the clusterrole. The flag can be repeated to add multiple groups.
-h, --help
	help for clusterrolebinding
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--serviceaccount strings
	Service accounts to bind to the clusterrole, in the format <namespace>:<name>. The flag can be repeated to add multiple service accounts.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--user strings
	Usernames to bind to the clusterrole. The flag can be repeated to add multiple users.
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.3 - kubectl create configmap

Synopsis

Create a config map based on a file, directory, or specified literal value.

A single config map may package one or more key/value pairs.

When creating a config map based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key, you may specify an alternate key.

When creating a config map based on a directory, each file whose basename is a valid key in the directory will be packaged into the config map. Any directory entries except regular files are ignored (e.g. subdirectories, symlinks, devices, pipes, etc).

kubectl create configmap NAME [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run=server|client|none]

Examples

  # Create a new config map named my-config based on folder bar
  kubectl create configmap my-config --from-file=path/to/bar
  
  # Create a new config map named my-config with specified keys instead of file basenames on disk
  kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt
  
  # Create a new config map named my-config with key1=config1 and key2=config2
  kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2
  
  # Create a new config map named my-config from the key=value pairs in the file
  kubectl create configmap my-config --from-file=path/to/bar
  
  # Create a new config map named my-config from an env file
  kubectl create configmap my-config --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--append-hash
	Append a hash of the configmap to its name.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
--from-env-file strings
	Specify the path to a file to read lines of key=val pairs to create a configmap.
--from-file strings
	Key file can be specified using its file path, in which case file basename will be used as configmap key, or optionally with a key and file path, in which case the given key will be used. Specifying a directory will iterate each named file in the directory whose basename is a valid configmap key.
--from-literal strings
	Specify a key and literal value to insert in configmap (i.e. mykey=somevalue)
-h, --help
	help for configmap
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.4 - kubectl create cronjob

Synopsis

Create a cron job with the specified name.

kubectl create cronjob NAME --image=image --schedule='0/5 * * * ?' -- [COMMAND] [args...] [flags]

Examples

  # Create a cron job
  kubectl create cronjob my-job --image=busybox --schedule="*/1 * * * *"
  
  # Create a cron job with a command
  kubectl create cronjob my-job --image=busybox --schedule="*/1 * * * *" -- date

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
-h, --help
	help for cronjob
--image string
	Image name to run.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--restart string
	job's restart policy. supported values: OnFailure, Never
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--schedule string
	A schedule in the Cron format the job should be run with.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.5 - kubectl create deployment

Synopsis

Create a deployment with the specified name.

kubectl create deployment NAME --image=image -- [COMMAND] [args...]

Examples

  # Create a deployment named my-dep that runs the busybox image
  kubectl create deployment my-dep --image=busybox
  
  # Create a deployment with a command
  kubectl create deployment my-dep --image=busybox -- date
  
  # Create a deployment named my-dep that runs the nginx image with 3 replicas
  kubectl create deployment my-dep --image=nginx --replicas=3
  
  # Create a deployment named my-dep that runs the busybox image and expose port 5701
  kubectl create deployment my-dep --image=busybox --port=5701

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
-h, --help
	help for deployment
--image strings
	Image names to run.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--port int32 Default: -1
	The port that this container exposes.
-r, --replicas int32 Default: 1
	Number of replicas to create. Default is 1.
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.6 - kubectl create ingress

Synopsis

Create an ingress with the specified name.

kubectl create ingress NAME --rule=host/path=service:port[,tls[=secret]]

Examples

  # Create a single ingress called 'simple' that directs requests to foo.com/bar to svc
  # svc1:8080 with a TLS secret "my-cert"
  kubectl create ingress simple --rule="foo.com/bar=svc1:8080,tls=my-cert"
  
  # Create a catch all ingress of "/path" pointing to service svc:port and Ingress Class as "otheringress"
  kubectl create ingress catch-all --class=otheringress --rule="/path=svc:port"
  
  # Create an ingress with two annotations: ingress.annotation1 and ingress.annotations2
  kubectl create ingress annotated --class=default --rule="foo.com/bar=svc:port" \
  --annotation ingress.annotation1=foo \
  --annotation ingress.annotation2=bla
  
  # Create an ingress with the same host and multiple paths
  kubectl create ingress multipath --class=default \
  --rule="foo.com/=svc:port" \
  --rule="foo.com/admin/=svcadmin:portadmin"
  
  # Create an ingress with multiple hosts and the pathType as Prefix
  kubectl create ingress ingress1 --class=default \
  --rule="foo.com/path*=svc:8080" \
  --rule="bar.com/admin*=svc2:http"
  
  # Create an ingress with TLS enabled using the default ingress certificate and different path types
  kubectl create ingress ingtls --class=default \
  --rule="foo.com/=svc:https,tls" \
  --rule="foo.com/path/subpath*=othersvc:8080"
  
  # Create an ingress with TLS enabled using a specific secret and pathType as Prefix
  kubectl create ingress ingsecret --class=default \
  --rule="foo.com/*=svc:8080,tls=secret1"
  
  # Create an ingress with a default backend
  kubectl create ingress ingdefault --class=default \
  --default-backend=defaultsvc:http \
  --rule="foo.com/*=svc:8080,tls=secret1"

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--annotation strings
	Annotation to insert in the ingress object, in the format annotation=value
--class string
	Ingress Class to be used
--default-backend string
	Default service for backend, in format of svcname:port
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
-h, --help
	help for ingress
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--rule strings
	Rule in format host/path=service:port[,tls=secretname]. Paths containing the leading character '*' are considered pathType=Prefix. tls argument is optional.
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.7 - kubectl create job

Synopsis

Create a job with the specified name.

kubectl create job NAME --image=image [--from=cronjob/name] -- [COMMAND] [args...]

Examples

  # Create a job
  kubectl create job my-job --image=busybox
  
  # Create a job with a command
  kubectl create job my-job --image=busybox -- date
  
  # Create a job from a cron job named "a-cronjob"
  kubectl create job test-job --from=cronjob/a-cronjob

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
--from string
	The name of the resource to create a Job from (only cronjob is supported).
-h, --help
	help for job
--image string
	Image name to run.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.8 - kubectl create namespace

Synopsis

Create a namespace with the specified name.

kubectl create namespace NAME [--dry-run=server|client|none]

Examples

  # Create a new namespace named my-namespace
  kubectl create namespace my-namespace

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
-h, --help
	help for namespace
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.9 - kubectl create poddisruptionbudget

Synopsis

Create a pod disruption budget with the specified name, selector, and desired minimum available pods.

kubectl create poddisruptionbudget NAME --selector=SELECTOR --min-available=N [--dry-run=server|client|none]

Examples

  # Create a pod disruption budget named my-pdb that will select all pods with the app=rails label
  # and require at least one of them being available at any point in time
  kubectl create poddisruptionbudget my-pdb --selector=app=rails --min-available=1
  
  # Create a pod disruption budget named my-pdb that will select all pods with the app=nginx label
  # and require at least half of the pods selected to be available at any point in time
  kubectl create pdb my-pdb --selector=app=nginx --min-available=50%

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
-h, --help
	help for poddisruptionbudget
--max-unavailable string
	The maximum number or percentage of unavailable pods this budget requires.
--min-available string
	The minimum number or percentage of available pods this budget requires.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--selector string
	A label selector to use for this budget. Only equality-based selector requirements are supported.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.10 - kubectl create priorityclass

Synopsis

Create a priority class with the specified name, value, globalDefault and description.

kubectl create priorityclass NAME --value=VALUE --global-default=BOOL [--dry-run=server|client|none]

Examples

  # Create a priority class named high-priority
  kubectl create priorityclass high-priority --value=1000 --description="high priority"
  
  # Create a priority class named default-priority that is considered as the global default priority
  kubectl create priorityclass default-priority --value=1000 --global-default=true --description="default priority"
  
  # Create a priority class named high-priority that cannot preempt pods with lower priority
  kubectl create priorityclass high-priority --value=1000 --description="high priority" --preemption-policy="Never"

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--description string
	description is an arbitrary string that usually provides guidelines on when this priority class should be used.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
--global-default
	global-default specifies whether this PriorityClass should be considered as the default priority.
-h, --help
	help for priorityclass
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--preemption-policy string Default: "PreemptLowerPriority"
	preemption-policy is the policy for preempting pods with lower priority.
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.
--value int32
	the value of this priority class.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.11 - kubectl create quota

Synopsis

Create a resource quota with the specified name, hard limits, and optional scopes.

kubectl create quota NAME [--hard=key1=value1,key2=value2] [--scopes=Scope1,Scope2] [--dry-run=server|client|none]

Examples

  # Create a new resource quota named my-quota
  kubectl create quota my-quota --hard=cpu=1,memory=1G,pods=2,services=3,replicationcontrollers=2,resourcequotas=1,secrets=5,persistentvolumeclaims=10
  
  # Create a new resource quota named best-effort
  kubectl create quota best-effort --hard=pods=100 --scopes=BestEffort

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
--hard string
	A comma-delimited set of resource=quantity pairs that define a hard limit.
-h, --help
	help for quota
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--scopes string
	A comma-delimited set of quota scopes that must all match each object tracked by the quota.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.12 - kubectl create role

Synopsis

Create a role with single rule.

kubectl create role NAME --verb=verb --resource=resource.group/subresource [--resource-name=resourcename] [--dry-run=server|client|none]

Examples

  # Create a role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
  kubectl create role pod-reader --verb=get --verb=list --verb=watch --resource=pods
  
  # Create a role named "pod-reader" with ResourceName specified
  kubectl create role pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod
  
  # Create a role named "foo" with API Group specified
  kubectl create role foo --verb=get,list,watch --resource=rs.apps
  
  # Create a role named "foo" with SubResource specified
  kubectl create role foo --verb=get,list,watch --resource=pods,pods/status

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
-h, --help
	help for role
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--resource strings
	Resource that the rule applies to
--resource-name strings
	Resource in the white list that the rule applies to, repeat this flag for multiple items
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.
--verb strings
	Verb that applies to the resources contained in the rule

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.13 - kubectl create rolebinding

Synopsis

Create a role binding for a particular role or cluster role.

kubectl create rolebinding NAME --clusterrole=NAME|--role=NAME [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run=server|client|none]

Examples

  # Create a role binding for user1, user2, and group1 using the admin cluster role
  kubectl create rolebinding admin --clusterrole=admin --user=user1 --user=user2 --group=group1
  
  # Create a role binding for serviceaccount monitoring:sa-dev using the admin role
  kubectl create rolebinding admin-binding --role=admin --serviceaccount=monitoring:sa-dev

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--clusterrole string
	ClusterRole this RoleBinding should reference
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
--group strings
	Groups to bind to the role. The flag can be repeated to add multiple groups.
-h, --help
	help for rolebinding
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--role string
	Role this RoleBinding should reference
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--serviceaccount strings
	Service accounts to bind to the role, in the format <namespace>:<name>. The flag can be repeated to add multiple service accounts.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--user strings
	Usernames to bind to the role. The flag can be repeated to add multiple users.
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.14 - kubectl create secret

Synopsis

Create a secret with specified type.

A docker-registry type secret is for accessing a container registry.

A generic type secret indicate an Opaque secret type.

A tls type secret holds TLS certificate and its associated key.

kubectl create secret (docker-registry | generic | tls)

Options

-h, --help
	help for secret

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.15 - kubectl create secret docker-registry

Synopsis

Create a new secret for use with Docker registries.

    Dockercfg secrets are used to authenticate against Docker registries.
    
    When using the Docker command line to push images, you can authenticate to a given registry by running:
    '$ docker login DOCKER_REGISTRY_SERVER --username=DOCKER_USER --password=DOCKER_PASSWORD --email=DOCKER_EMAIL'.

That produces a ~/.dockercfg file that is used by subsequent 'docker push' and 'docker pull' commands to authenticate to the registry. The email address is optional.

    When creating applications, you may have a Docker registry that requires authentication.  In order for the
    nodes to pull images on your behalf, they must have the credentials.  You can provide this information
    by creating a dockercfg secret and attaching it to your service account.

kubectl create secret docker-registry NAME --docker-username=user --docker-password=password --docker-email=email [--docker-server=string] [--from-file=[key=]source] [--dry-run=server|client|none]

Examples

  # If you do not already have a .dockercfg file, create a dockercfg secret directly
  kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
  
  # Create a new secret named my-secret from ~/.docker/config.json
  kubectl create secret docker-registry my-secret --from-file=.dockerconfigjson=path/to/.docker/config.json

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--append-hash
	Append a hash of the secret to its name.
--docker-email string
	Email for Docker registry
--docker-password string
	Password for Docker registry authentication
--docker-server string Default: "https://index.docker.io/v1/"
	Server location for Docker registry
--docker-username string
	Username for Docker registry authentication
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
--from-file strings
	Key files can be specified using their file path, in which case a default name will be given to them, or optionally with a name and file path, in which case the given name will be used. Specifying a directory will iterate each named file in the directory that is a valid secret key.
-h, --help
	help for docker-registry
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.16 - kubectl create secret generic

Synopsis

Create a secret based on a file, directory, or specified literal value.

A single secret may package one or more key/value pairs.

When creating a secret based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key or you wish to chose your own, you may specify an alternate key.

When creating a secret based on a directory, each file whose basename is a valid key in the directory will be packaged into the secret. Any directory entries except regular files are ignored (e.g. subdirectories, symlinks, devices, pipes, etc).

kubectl create secret generic NAME [--type=string] [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run=server|client|none]

Examples

  # Create a new secret named my-secret with keys for each file in folder bar
  kubectl create secret generic my-secret --from-file=path/to/bar
  
  # Create a new secret named my-secret with specified keys instead of names on disk
  kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-file=ssh-publickey=path/to/id_rsa.pub
  
  # Create a new secret named my-secret with key1=supersecret and key2=topsecret
  kubectl create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret
  
  # Create a new secret named my-secret using a combination of a file and a literal
  kubectl create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-literal=passphrase=topsecret
  
  # Create a new secret named my-secret from env files
  kubectl create secret generic my-secret --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--append-hash
	Append a hash of the secret to its name.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
--from-env-file strings
	Specify the path to a file to read lines of key=val pairs to create a secret.
--from-file strings
	Key files can be specified using their file path, in which case a default name will be given to them, or optionally with a name and file path, in which case the given name will be used. Specifying a directory will iterate each named file in the directory that is a valid secret key.
--from-literal strings
	Specify a key and literal value to insert in secret (i.e. mykey=somevalue)
-h, --help
	help for generic
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--type string
	The type of secret to create
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.17 - kubectl create secret tls

Synopsis

Create a TLS secret from the given public/private key pair.

The public/private key pair must exist beforehand. The public key certificate must be .PEM encoded and match the given private key.

kubectl create secret tls NAME --cert=path/to/cert/file --key=path/to/key/file [--dry-run=server|client|none]

Examples

  # Create a new TLS secret named tls-secret with the given key pair
  kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--append-hash
	Append a hash of the secret to its name.
--cert string
	Path to PEM encoded public key certificate.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
-h, --help
	help for tls
--key string
	Path to private key associated with given certificate.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.18 - kubectl create service

Synopsis

Create a service using a specified subcommand.

kubectl create service [flags]

Options

-h, --help
	help for service

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.19 - kubectl create service clusterip

Synopsis

Create a ClusterIP service with the specified name.

kubectl create service clusterip NAME [--tcp=<port>:<targetPort>] [--dry-run=server|client|none]

Examples

  # Create a new ClusterIP service named my-cs
  kubectl create service clusterip my-cs --tcp=5678:8080
  
  # Create a new ClusterIP service named my-cs (in headless mode)
  kubectl create service clusterip my-cs --clusterip="None"

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--clusterip string
	Assign your own ClusterIP or set to 'None' for a 'headless' service (no loadbalancing).
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
-h, --help
	help for clusterip
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--tcp strings
	Port pairs can be specified as '<port>:<targetPort>'.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.20 - kubectl create service externalname

Synopsis

Create an ExternalName service with the specified name.

ExternalName service references to an external DNS address instead of only pods, which will allow application authors to reference services that exist off platform, on other clusters, or locally.

kubectl create service externalname NAME --external-name external.name [--dry-run=server|client|none]

Examples

  # Create a new ExternalName service named my-ns
  kubectl create service externalname my-ns --external-name bar.com

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--external-name string
	External name of service
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
-h, --help
	help for externalname
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--tcp strings
	Port pairs can be specified as '<port>:<targetPort>'.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.21 - kubectl create service loadbalancer

Synopsis

Create a LoadBalancer service with the specified name.

kubectl create service loadbalancer NAME [--tcp=port:targetPort] [--dry-run=server|client|none]

Examples

  # Create a new LoadBalancer service named my-lbs
  kubectl create service loadbalancer my-lbs --tcp=5678:8080

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
-h, --help
	help for loadbalancer
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--tcp strings
	Port pairs can be specified as '<port>:<targetPort>'.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.22 - kubectl create service nodeport

Synopsis

Create a NodePort service with the specified name.

kubectl create service nodeport NAME [--tcp=port:targetPort] [--dry-run=server|client|none]

Examples

  # Create a new NodePort service named my-ns
  kubectl create service nodeport my-ns --tcp=5678:8080

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
-h, --help
	help for nodeport
--node-port int
	Port used to expose the service on each node in a cluster.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--tcp strings
	Port pairs can be specified as '<port>:<targetPort>'.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.23 - kubectl create serviceaccount

Synopsis

Create a service account with the specified name.

kubectl create serviceaccount NAME [--dry-run=server|client|none]

Examples

  # Create a new service account named my-service-account
  kubectl create serviceaccount my-service-account

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-create"
	Name of the manager used to track field ownership.
-h, --help
	help for serviceaccount
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.15.24 - kubectl create token

Synopsis

Request a service account token.

kubectl create token SERVICE_ACCOUNT_NAME

Examples

  # Request a token to authenticate to the kube-apiserver as the service account "myapp" in the current namespace
  kubectl create token myapp
  
  # Request a token for a service account in a custom namespace
  kubectl create token myapp --namespace myns
  
  # Request a token with a custom expiration
  kubectl create token myapp --duration 10m
  
  # Request a token with a custom audience
  kubectl create token myapp --audience https://example.com
  
  # Request a token bound to an instance of a Secret object
  kubectl create token myapp --bound-object-kind Secret --bound-object-name mysecret
  
  # Request a token bound to an instance of a Secret object with a specific UID
  kubectl create token myapp --bound-object-kind Secret --bound-object-name mysecret --bound-object-uid 0d4691ed-659b-4935-a832-355f77ee47cc

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--audience strings
	Audience of the requested token. If unset, defaults to requesting a token for use with the Kubernetes API server. May be repeated to request a token valid for multiple audiences.
--bound-object-kind string
	Kind of an object to bind the token to. Supported kinds are Pod, Secret. If set, --bound-object-name must be provided.
--bound-object-name string
	Name of an object to bind the token to. The token will expire when the object is deleted. Requires --bound-object-kind.
--bound-object-uid string
	UID of an object to bind the token to. Requires --bound-object-kind and --bound-object-name. If unset, the UID of the existing object is used.
--duration duration
	Requested lifetime of the issued token. If not set, the lifetime will be determined by the server automatically. The server may return a token with a longer or shorter lifetime.
-h, --help
	help for token
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.16 - kubectl debug

Synopsis

Debug cluster resources using interactive debugging containers.

'debug' provides automation for common debugging tasks for cluster objects identified by resource and name. Pods will be used by default if no resource is specified.

The action taken by 'debug' varies depending on what resource is specified. Supported actions include:

Workload: Create a copy of an existing pod with certain attributes changed, for example changing the image tag to a new version.
Workload: Add an ephemeral container to an already running pod, for example to add debugging utilities without restarting the pod.
Node: Create a new pod that runs in the node's host namespaces and can access the node's filesystem.

kubectl debug (POD | TYPE[[.VERSION].GROUP]/NAME) [ -- COMMAND [args...] ]

Examples

  # Create an interactive debugging session in pod mypod and immediately attach to it.
  kubectl debug mypod -it --image=busybox
  
  # Create an interactive debugging session for the pod in the file pod.yaml and immediately attach to it.
  # (requires the EphemeralContainers feature to be enabled in the cluster)
  kubectl debug -f pod.yaml -it --image=busybox
  
  # Create a debug container named debugger using a custom automated debugging image.
  kubectl debug --image=myproj/debug-tools -c debugger mypod
  
  # Create a copy of mypod adding a debug container and attach to it
  kubectl debug mypod -it --image=busybox --copy-to=my-debugger
  
  # Create a copy of mypod changing the command of mycontainer
  kubectl debug mypod -it --copy-to=my-debugger --container=mycontainer -- sh
  
  # Create a copy of mypod changing all container images to busybox
  kubectl debug mypod --copy-to=my-debugger --set-image=*=busybox
  
  # Create a copy of mypod adding a debug container and changing container images
  kubectl debug mypod -it --copy-to=my-debugger --image=debian --set-image=app=app:debug,sidecar=sidecar:debug
  
  # Create an interactive debugging session on a node and immediately attach to it.
  # The container will run in the host namespaces and the host's filesystem will be mounted at /host
  kubectl debug node/mynode -it --image=busybox

Options

--arguments-only
	If specified, everything after -- will be passed to the new container as Args instead of Command.
--attach
	If true, wait for the container to start running, and then attach as if 'kubectl attach ...' were called. Default false, unless '-i/--stdin' is set, in which case the default is true.
-c, --container string
	Container name to use for debug container.
--copy-to string
	Create a copy of the target Pod with this name.
--env stringToString Default: []
	Environment variables to set in the container.
-f, --filename strings
	identifying the resource to debug
-h, --help
	help for debug
--image string
	Container image to use for debug container.
--image-pull-policy string
	The image pull policy for the container. If left empty, this value will not be specified by the client and defaulted by the server.
--profile string Default: "legacy"
	Debugging profile. Options are "legacy", "general", "baseline", "netadmin", or "restricted".
-q, --quiet
	If true, suppress informational messages.
--replace
	When used with '--copy-to', delete the original Pod.
--same-node
	When used with '--copy-to', schedule the copy of target Pod on the same node.
--set-image stringToString Default: []
	When used with '--copy-to', a list of name=image pairs for changing container images, similar to how 'kubectl set image' works.
--share-processes Default: true
	When used with '--copy-to', enable process namespace sharing in the copy.
-i, --stdin
	Keep stdin open on the container(s) in the pod, even if nothing is attached.
--target string
	When using an ephemeral container, target processes in this container name.
-t, --tty
	Allocate a TTY for the debugging container.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.17 - kubectl delete

Synopsis

Delete resources by file names, stdin, resources and names, or by resources and label selector.

JSON and YAML formats are accepted. Only one type of argument may be specified: file names, resources and names, or resources and label selector.

Some resources, such as pods, support graceful deletion. These resources define a default period before they are forcibly terminated (the grace period) but you may override that value with the --grace-period flag, or pass --now to set a grace-period of 1. Because these resources often represent entities in the cluster, deletion may not be acknowledged immediately. If the node hosting a pod is down or cannot reach the API server, termination may take significantly longer than the grace period. To force delete a resource, you must specify the --force flag. Note: only a subset of resources support graceful deletion. In absence of the support, the --grace-period flag is ignored.

IMPORTANT: Force deleting pods does not wait for confirmation that the pod's processes have been terminated, which can leave those processes running until the node detects the deletion and completes graceful deletion. If your processes use shared storage or talk to a remote API and depend on the name of the pod to identify themselves, force deleting those pods may result in multiple processes running on different machines using the same identification which may lead to data corruption or inconsistency. Only force delete pods when you are sure the pod is terminated, or if your application can tolerate multiple copies of the same pod running at once. Also, if you force delete pods, the scheduler may place new pods on those nodes before the node has released those resources and causing those pods to be evicted immediately.

Note that the delete command does NOT do resource version checks, so if someone submits an update to a resource right when you submit a delete, their update will be lost along with the rest of the resource.

After a CustomResourceDefinition is deleted, invalidation of discovery cache may take up to 6 hours. If you don't want to wait, you might want to run "kubectl api-resources" to refresh the discovery cache.

kubectl delete ([-f FILENAME] | [-k DIRECTORY] | TYPE [(NAME | -l label | --all)])

Examples

  # Delete a pod using the type and name specified in pod.json
  kubectl delete -f ./pod.json
  
  # Delete resources from a directory containing kustomization.yaml - e.g. dir/kustomization.yaml
  kubectl delete -k dir
  
  # Delete resources from all files that end with '.json'
  kubectl delete -f '*.json'
  
  # Delete a pod based on the type and name in the JSON passed into stdin
  cat pod.json | kubectl delete -f -
  
  # Delete pods and services with same names "baz" and "foo"
  kubectl delete pod,service baz foo
  
  # Delete pods and services with label name=myLabel
  kubectl delete pods,services -l name=myLabel
  
  # Delete a pod with minimal delay
  kubectl delete pod foo --now
  
  # Force delete a pod on a dead node
  kubectl delete pod foo --force
  
  # Delete all pods
  kubectl delete pods --all

Options

--all
	Delete all resources, in the namespace of the specified resource types.
-A, --all-namespaces
	If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
--cascade string[="background"] Default: "background"
	Must be "background", "orphan", or "foreground". Selects the deletion cascading strategy for the dependents (e.g. Pods created by a ReplicationController). Defaults to background.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-selector string
	Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.
-f, --filename strings
	containing the resource to delete.
--force
	If true, immediately remove resources from API and bypass graceful deletion. Note that immediate deletion of some resources may result in inconsistency or data loss and requires confirmation.
--grace-period int Default: -1
	Period of time in seconds given to the resource to terminate gracefully. Ignored if negative. Set to 1 for immediate shutdown. Can only be set to 0 when --force is true (force deletion).
-h, --help
	help for delete
--ignore-not-found
	Treat "resource not found" as a successful delete. Defaults to "true" when --all is specified.
-i, --interactive
	If true, delete resource only when user confirms. This flag is in Alpha.
-k, --kustomize string
	Process a kustomization directory. This flag can't be used together with -f or -R.
--now
	If true, resources are signaled for immediate shutdown (same as --grace-period=1).
-o, --output string
	Output mode. Use "-o name" for shorter output (resource/name).
--raw string
	Raw URI to DELETE to the server. Uses the transport specified by the kubeconfig file.
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--timeout duration
	The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object
--wait Default: true
	If true, wait for resources to be gone before returning. This waits for finalizers.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.18 - kubectl describe

Synopsis

Show details of a specific resource or group of resources.

Print a detailed description of the selected resources, including related resources such as events or controllers. You may select a single object by name, all objects of that type, provide a name prefix, or label selector. For example:

    $ kubectl describe TYPE NAME_PREFIX

will first check for an exact match on TYPE and NAME_PREFIX. If no such resource exists, it will output details for every resource that has a name prefixed with NAME_PREFIX.

Use "kubectl api-resources" for a complete list of supported resources.

kubectl describe (-f FILENAME | TYPE [NAME_PREFIX | -l label] | TYPE/NAME)

Examples

  # Describe a node
  kubectl describe nodes kubernetes-node-emt8.c.myproject.internal
  
  # Describe a pod
  kubectl describe pods/nginx
  
  # Describe a pod identified by type and name in "pod.json"
  kubectl describe -f pod.json
  
  # Describe all pods
  kubectl describe pods
  
  # Describe pods by label name=myLabel
  kubectl describe pods -l name=myLabel
  
  # Describe all pods managed by the 'frontend' replication controller
  # (rc-created pods get the name of the rc as a prefix in the pod name)
  kubectl describe pods frontend

Options

-A, --all-namespaces
	If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
--chunk-size int Default: 500
	Return large lists in chunks rather than all at once. Pass 0 to disable. This flag is beta and may change in the future.
-f, --filename strings
	Filename, directory, or URL to files containing the resource to describe
-h, --help
	help for describe
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--show-events Default: true
	If true, display events related to the described object.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.19 - kubectl diff

Synopsis

Diff configurations specified by file name or stdin between the current online configuration, and the configuration as it would be if applied.

The output is always YAML.

KUBECTL_EXTERNAL_DIFF environment variable can be used to select your own diff command. Users can use external commands with params too, example: KUBECTL_EXTERNAL_DIFF="colordiff -N -u"

By default, the "diff" command available in your path will be run with the "-u" (unified diff) and "-N" (treat absent files as empty) options.

Exit status: 0 No differences were found. 1 Differences were found. >1 Kubectl or diff failed with an error.

Note: KUBECTL_EXTERNAL_DIFF, if used, is expected to follow that convention.

kubectl diff -f FILENAME

Examples

  # Diff resources included in pod.json
  kubectl diff -f pod.json
  
  # Diff file read from stdin
  cat service.yaml | kubectl diff -f -

Options

--concurrency int Default: 1
	Number of objects to process in parallel when diffing against the live version. Larger number = faster, but more memory, I/O and CPU over that shorter period of time.
--field-manager string Default: "kubectl-client-side-apply"
	Name of the manager used to track field ownership.
-f, --filename strings
	Filename, directory, or URL to files contains the configuration to diff
--force-conflicts
	If true, server-side apply will force the changes against conflicts.
-h, --help
	help for diff
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
--prune
	Include resources that would be deleted by pruning. Can be used with -l and default shows all resources would be pruned
--prune-allowlist strings
	Overwrite the default whitelist with <group/version/kind> for --prune
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--server-side
	If true, apply runs in the server instead of the client.
--show-managed-fields
	If true, include managed fields in the diff.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.20 - kubectl drain

Synopsis

Drain node in preparation for maintenance.

The given node will be marked unschedulable to prevent new pods from arriving. 'drain' evicts the pods if the API server supports https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ eviction https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ . Otherwise, it will use normal DELETE to delete the pods. The 'drain' evicts or deletes all pods except mirror pods (which cannot be deleted through the API server). If there are daemon set-managed pods, drain will not proceed without --ignore-daemonsets, and regardless it will not delete any daemon set-managed pods, because those pods would be immediately replaced by the daemon set controller, which ignores unschedulable markings. If there are any pods that are neither mirror pods nor managed by a replication controller, replica set, daemon set, stateful set, or job, then drain will not delete any pods unless you use --force. --force will also allow deletion to proceed if the managing resource of one or more pods is missing.

'drain' waits for graceful termination. You should not operate on the machine until the command completes.

When you are ready to put the node back into service, use kubectl uncordon, which will make the node schedulable again.

https://kubernetes.io/images/docs/kubectl_drain.svg Workflowhttps://kubernetes.io/images/docs/kubectl_drain.svg

kubectl drain NODE

Examples

  # Drain node "foo", even if there are pods not managed by a replication controller, replica set, job, daemon set, or stateful set on it
  kubectl drain foo --force
  
  # As above, but abort if there are pods not managed by a replication controller, replica set, job, daemon set, or stateful set, and use a grace period of 15 minutes
  kubectl drain foo --grace-period=900

Options

--chunk-size int Default: 500
	Return large lists in chunks rather than all at once. Pass 0 to disable. This flag is beta and may change in the future.
--delete-emptydir-data
	Continue even if there are pods using emptyDir (local data that will be deleted when the node is drained).
--disable-eviction
	Force drain to use delete, even if eviction is supported. This will bypass checking PodDisruptionBudgets, use with caution.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--force
	Continue even if there are pods that do not declare a controller.
--grace-period int Default: -1
	Period of time in seconds given to each pod to terminate gracefully. If negative, the default value specified in the pod will be used.
-h, --help
	help for drain
--ignore-daemonsets
	Ignore DaemonSet-managed pods.
--pod-selector string
	Label selector to filter pods on the node
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--skip-wait-for-delete-timeout int
	If pod DeletionTimestamp older than N seconds, skip waiting for the pod. Seconds must be greater than 0 to skip.
--timeout duration
	The length of time to wait before giving up, zero means infinite

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.21 - kubectl edit

Synopsis

Edit a resource from the default editor.

The edit command allows you to directly edit any API resource you can retrieve via the command-line tools. It will open the editor defined by your KUBE_EDITOR, or EDITOR environment variables, or fall back to 'vi' for Linux or 'notepad' for Windows. When attempting to open the editor, it will first attempt to use the shell that has been defined in the 'SHELL' environment variable. If this is not defined, the default shell will be used, which is '/bin/bash' for Linux or 'cmd' for Windows.

You can edit multiple objects, although changes are applied one at a time. The command accepts file names as well as command-line arguments, although the files you point to must be previously saved versions of resources.

Editing is done with the API version used to fetch the resource. To edit using a specific API version, fully-qualify the resource, version, and group.

The default format is YAML. To edit in JSON, specify "-o json".

The flag --windows-line-endings can be used to force Windows line endings, otherwise the default for your operating system will be used.

In the event an error occurs while updating, a temporary file will be created on disk that contains your unapplied changes. The most common error when updating a resource is another editor changing the resource on the server. When this occurs, you will have to apply your changes to the newer version of the resource, or update your temporary saved copy to include the latest resource version.

kubectl edit (RESOURCE/NAME | -f FILENAME)

Examples

  # Edit the service named 'registry'
  kubectl edit svc/registry
  
  # Use an alternative editor
  KUBE_EDITOR="nano" kubectl edit svc/registry
  
  # Edit the job 'myjob' in JSON using the v1 API format
  kubectl edit job.v1.batch/myjob -o json
  
  # Edit the deployment 'mydeployment' in YAML and save the modified config in its annotation
  kubectl edit deployment/mydeployment -o yaml --save-config
  
  # Edit the 'status' subresource for the 'mydeployment' deployment
  kubectl edit deployment mydeployment --subresource='status'

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--field-manager string Default: "kubectl-edit"
	Name of the manager used to track field ownership.
-f, --filename strings
	Filename, directory, or URL to files to use to edit the resource
-h, --help
	help for edit
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--output-patch
	Output the patch if the resource is edited.
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--subresource string
	If specified, edit will operate on the subresource of the requested object. Must be one of [status]. This flag is beta and may change in the future.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.
--windows-line-endings
	Defaults to the line ending native to your platform.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.22 - kubectl events

Synopsis

Display events.

Prints a table of the most important information about events. You can request events for a namespace, for all namespace, or filtered to only those pertaining to a specified resource.

kubectl events [(-o|--output=)json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file] [--for TYPE/NAME] [--watch] [--types=Normal,Warning]

Examples

  # List recent events in the default namespace
  kubectl events
  
  # List recent events in all namespaces
  kubectl events --all-namespaces
  
  # List recent events for the specified pod, then wait for more events and list them as they arrive
  kubectl events --for pod/web-pod-13je7 --watch
  
  # List recent events in YAML format
  kubectl events -oyaml
  
  # List recent only events of type 'Warning' or 'Normal'
  kubectl events --types=Warning,Normal

Options

-A, --all-namespaces
	If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--chunk-size int Default: 500
	Return large lists in chunks rather than all at once. Pass 0 to disable. This flag is beta and may change in the future.
--for string
	Filter events to only those pertaining to the specified resource.
-h, --help
	help for events
--no-headers
	When using the default output format, don't print headers.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--types strings
	Output only events of given types.
-w, --watch
	After listing the requested events, watch for more events.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.23 - kubectl exec

Synopsis

Execute a command in a container.

kubectl exec (POD | TYPE/NAME) [-c CONTAINER] [flags] -- COMMAND [args...]

Examples

  # Get output from running the 'date' command from pod mypod, using the first container by default
  kubectl exec mypod -- date
  
  # Get output from running the 'date' command in ruby-container from pod mypod
  kubectl exec mypod -c ruby-container -- date
  
  # Switch to raw terminal mode; sends stdin to 'bash' in ruby-container from pod mypod
  # and sends stdout/stderr from 'bash' back to the client
  kubectl exec mypod -c ruby-container -i -t -- bash -il
  
  # List contents of /usr from the first container of pod mypod and sort by modification time
  # If the command you want to execute in the pod has any flags in common (e.g. -i),
  # you must use two dashes (--) to separate your command's flags/arguments
  # Also note, do not surround your command and its flags/arguments with quotes
  # unless that is how you would execute it normally (i.e., do ls -t /usr, not "ls -t /usr")
  kubectl exec mypod -i -t -- ls -t /usr
  
  # Get output from running 'date' command from the first pod of the deployment mydeployment, using the first container by default
  kubectl exec deploy/mydeployment -- date
  
  # Get output from running 'date' command from the first pod of the service myservice, using the first container by default
  kubectl exec svc/myservice -- date

Options

-c, --container string
	Container name. If omitted, use the kubectl.kubernetes.io/default-container annotation for selecting the container to be attached or the first container in the pod will be chosen
-f, --filename strings
	to use to exec into the resource
-h, --help
	help for exec
--pod-running-timeout duration Default: 1m0s
	The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running
-q, --quiet
	Only print output from the remote session
-i, --stdin
	Pass stdin to the container
-t, --tty
	Stdin is a TTY

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.24 - kubectl explain

Synopsis

Describe fields and structure of various resources.

This command describes the fields associated with each supported API resource. Fields are identified via a simple JSONPath identifier:

    &lt;type&gt;.&lt;fieldName&gt;[.&lt;fieldName&gt;]

Information about each field is retrieved from the server in OpenAPI format.

Use "kubectl api-resources" for a complete list of supported resources.

kubectl explain TYPE [--recursive=FALSE|TRUE] [--api-version=api-version-group] [--output=plaintext|plaintext-openapiv2]

Examples

  # Get the documentation of the resource and its fields
  kubectl explain pods
  
  # Get all the fields in the resource
  kubectl explain pods --recursive
  
  # Get the explanation for deployment in supported api versions
  kubectl explain deployments --api-version=apps/v1
  
  # Get the documentation of a specific field of a resource
  kubectl explain pods.spec.containers
  
  # Get the documentation of resources in different format
  kubectl explain deployment --output=plaintext-openapiv2

Options

--api-version string
	Use given api-version (group/version) of the resource.
-h, --help
	help for explain
--output string Default: "plaintext"
	Format in which to render the schema. Valid values are: (plaintext, plaintext-openapiv2).
--recursive
	When true, print the name of all the fields recursively. Otherwise, print the available fields with their description.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.25 - kubectl expose

Synopsis

Expose a resource as a new Kubernetes service.

Looks up a deployment, service, replica set, replication controller or pod by name and uses the selector for that resource as the selector for a new service on the specified port. A deployment or replica set will be exposed as a service only if its selector is convertible to a selector that service supports, i.e. when the selector contains only the matchLabels component. Note that if no port is specified via --port and the exposed resource has multiple ports, all will be re-used by the new service. Also if no labels are specified, the new service will re-use the labels from the resource it exposes.

Possible resources include (case insensitive):

pod (po), service (svc), replicationcontroller (rc), deployment (deploy), replicaset (rs)

kubectl expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP|SCTP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type]

Examples

  # Create a service for a replicated nginx, which serves on port 80 and connects to the containers on port 8000
  kubectl expose rc nginx --port=80 --target-port=8000
  
  # Create a service for a replication controller identified by type and name specified in "nginx-controller.yaml", which serves on port 80 and connects to the containers on port 8000
  kubectl expose -f nginx-controller.yaml --port=80 --target-port=8000
  
  # Create a service for a pod valid-pod, which serves on port 444 with the name "frontend"
  kubectl expose pod valid-pod --port=444 --name=frontend
  
  # Create a second service based on the above service, exposing the container port 8443 as port 443 with the name "nginx-https"
  kubectl expose service nginx --port=443 --target-port=8443 --name=nginx-https
  
  # Create a service for a replicated streaming application on port 4100 balancing UDP traffic and named 'video-stream'.
  kubectl expose rc streamer --port=4100 --protocol=UDP --name=video-stream
  
  # Create a service for a replicated nginx using replica set, which serves on port 80 and connects to the containers on port 8000
  kubectl expose rs nginx --port=80 --target-port=8000
  
  # Create a service for an nginx deployment, which serves on port 80 and connects to the containers on port 8000
  kubectl expose deployment nginx --port=80 --target-port=8000

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--cluster-ip string
	ClusterIP to be assigned to the service. Leave empty to auto-allocate, or set to 'None' to create a headless service.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--external-ip string
	Additional external IP address (not managed by Kubernetes) to accept for the service. If this IP is routed to a node, the service can be accessed by this IP in addition to its generated service IP.
--field-manager string Default: "kubectl-expose"
	Name of the manager used to track field ownership.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to expose a service
-h, --help
	help for expose
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-l, --labels string
	Labels to apply to the service created by this call.
--load-balancer-ip string
	IP to assign to the LoadBalancer. If empty, an ephemeral IP will be created and used (cloud-provider specific).
--name string
	The name for the newly created object.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--override-type string Default: "merge"
	The method used to override the generated object: json, merge, or strategic.
--overrides string
	An inline JSON override for the generated object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field.
--port string
	The port that the service should serve on. Copied from the resource being exposed, if unspecified
--protocol string
	The network protocol for the service to be created. Default is 'TCP'.
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--selector string
	A label selector to use for this service. Only equality-based selector requirements are supported. If empty (the default) infer the selector from the replication controller or replica set.)
--session-affinity string
	If non-empty, set the session affinity for the service to this; legal values: 'None', 'ClientIP'
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--target-port string
	Name or number for the port on the container that the service should direct traffic to. Optional.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--type string
	Type for this service: ClusterIP, NodePort, LoadBalancer, or ExternalName. Default is 'ClusterIP'.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.26 - kubectl get

Synopsis

Display one or many resources.

Prints a table of the most important information about the specified resources. You can filter the list using a label selector and the --selector flag. If the desired resource type is namespaced you will only see results in your current namespace unless you pass --all-namespaces.

By specifying the output as 'template' and providing a Go template as the value of the --template flag, you can filter the attributes of the fetched resources.

Use "kubectl api-resources" for a complete list of supported resources.

kubectl get [(-o|--output=)json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file|custom-columns|custom-columns-file|wide] (TYPE[.VERSION][.GROUP] [NAME | -l label] | TYPE[.VERSION][.GROUP]/NAME ...) [flags]

Examples

  # List all pods in ps output format
  kubectl get pods
  
  # List all pods in ps output format with more information (such as node name)
  kubectl get pods -o wide
  
  # List a single replication controller with specified NAME in ps output format
  kubectl get replicationcontroller web
  
  # List deployments in JSON output format, in the "v1" version of the "apps" API group
  kubectl get deployments.v1.apps -o json
  
  # List a single pod in JSON output format
  kubectl get -o json pod web-pod-13je7
  
  # List a pod identified by type and name specified in "pod.yaml" in JSON output format
  kubectl get -f pod.yaml -o json
  
  # List resources from a directory with kustomization.yaml - e.g. dir/kustomization.yaml
  kubectl get -k dir/
  
  # Return only the phase value of the specified pod
  kubectl get -o template pod/web-pod-13je7 --template={{.status.phase}}
  
  # List resource information in custom columns
  kubectl get pod test-pod -o custom-columns=CONTAINER:.spec.containers[0].name,IMAGE:.spec.containers[0].image
  
  # List all replication controllers and services together in ps output format
  kubectl get rc,services
  
  # List one or more resources by their type and names
  kubectl get rc/web service/frontend pods/web-pod-13je7
  
  # List the 'status' subresource for a single pod
  kubectl get pod web-pod-13je7 --subresource status

Options

-A, --all-namespaces
	If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--chunk-size int Default: 500
	Return large lists in chunks rather than all at once. Pass 0 to disable. This flag is beta and may change in the future.
--field-selector string
	Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to get from a server.
-h, --help
	help for get
--ignore-not-found
	If the requested object does not exist the command will return exit code 0.
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-L, --label-columns strings
	Accepts a comma separated list of labels that are going to be presented as columns. Names are case-sensitive. You can also use multiple flag options like -L label1 -L label2...
--no-headers
	When using the default or custom-column output format, don't print headers (default print headers).
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file, custom-columns, custom-columns-file, wide). See custom columns [https://kubernetes.io/docs/reference/kubectl/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [https://kubernetes.io/docs/reference/kubectl/jsonpath/].
--output-watch-events
	Output watch event objects when --watch or --watch-only is used. Existing objects are output as initial ADDED events.
--raw string
	Raw URI to request from the server. Uses the transport specified by the kubeconfig file.
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--server-print Default: true
	If true, have the server return the appropriate table output. Supports extension APIs and CRDs.
--show-kind
	If present, list the resource type for the requested object(s).
--show-labels
	When printing, show all labels as the last column (default hide labels column)
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--sort-by string
	If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
--subresource string
	If specified, gets the subresource of the requested object. Must be one of [status scale]. This flag is beta and may change in the future.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-w, --watch
	After listing/getting the requested object, watch for changes.
--watch-only
	Watch for changes to the requested object(s), without listing/getting first.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.27 - kubectl kustomize

Synopsis

Build a set of KRM resources using a 'kustomization.yaml' file. The DIR argument must be a path to a directory containing 'kustomization.yaml', or a git repository URL with a path suffix specifying same with respect to the repository root. If DIR is omitted, '.' is assumed.

kubectl kustomize DIR [flags]

Examples

  # Build the current working directory
  kubectl kustomize
  
  # Build some shared configuration directory
  kubectl kustomize /home/config/production
  
  # Build from github
  kubectl kustomize https://github.com/kubernetes-sigs/kustomize.git/examples/helloWorld?ref=v1.0.6

Options

--as-current-user
	use the uid and gid of the command executor to run the function in the container
--enable-alpha-plugins
	enable kustomize plugins
--enable-helm
	Enable use of the Helm chart inflator generator.
-e, --env strings
	a list of environment variables to be used by functions
--helm-command string Default: "helm"
	helm command (path to executable)
-h, --help
	help for kustomize
--load-restrictor string Default: "LoadRestrictionsRootOnly"
	if set to 'LoadRestrictionsNone', local kustomizations may load files from outside their root. This does, however, break the relocatability of the kustomization.
--mount strings
	a list of storage options read from the filesystem
--network
	enable network access for functions that declare it
--network-name string Default: "bridge"
	the docker network to run the container in
-o, --output string
	If specified, write output to this path.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.28 - kubectl label

Synopsis

Update the labels on a resource.

A label key and value must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters each.
Optionally, the key can begin with a DNS subdomain prefix and a single '/', like example.com/my-app.
If --overwrite is true, then existing labels can be overwritten, otherwise attempting to overwrite a label will result in an error.
If --resource-version is specified, then updates will use this resource version, otherwise the existing resource-version will be used.

kubectl label [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--resource-version=version]

Examples

  # Update pod 'foo' with the label 'unhealthy' and the value 'true'
  kubectl label pods foo unhealthy=true
  
  # Update pod 'foo' with the label 'status' and the value 'unhealthy', overwriting any existing value
  kubectl label --overwrite pods foo status=unhealthy
  
  # Update all pods in the namespace
  kubectl label pods --all status=unhealthy
  
  # Update a pod identified by the type and name in "pod.json"
  kubectl label -f pod.json status=unhealthy
  
  # Update pod 'foo' only if the resource is unchanged from version 1
  kubectl label pods foo status=unhealthy --resource-version=1
  
  # Update pod 'foo' by removing a label named 'bar' if it exists
  # Does not require the --overwrite flag
  kubectl label pods foo bar-

Options

--all
	Select all resources, in the namespace of the specified resource types
-A, --all-namespaces
	If true, check the specified action in all namespaces.
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-label"
	Name of the manager used to track field ownership.
--field-selector string
	Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to update the labels
-h, --help
	help for label
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
--list
	If true, display the labels for a given resource.
--local
	If true, label will NOT contact api-server but run locally.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--overwrite
	If true, allow labels to be overwritten, otherwise reject label updates that overwrite existing labels.
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--resource-version string
	If non-empty, the labels update will only succeed if this is the current resource-version for the object. Only valid when specifying a single resource.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.29 - kubectl logs

Synopsis

Print the logs for a container in a pod or specified resource. If the pod has only one container, the container name is optional.

kubectl logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER]

Examples

  # Return snapshot logs from pod nginx with only one container
  kubectl logs nginx
  
  # Return snapshot logs from pod nginx with multi containers
  kubectl logs nginx --all-containers=true
  
  # Return snapshot logs from all containers in pods defined by label app=nginx
  kubectl logs -l app=nginx --all-containers=true
  
  # Return snapshot of previous terminated ruby container logs from pod web-1
  kubectl logs -p -c ruby web-1
  
  # Begin streaming the logs of the ruby container in pod web-1
  kubectl logs -f -c ruby web-1
  
  # Begin streaming the logs from all containers in pods defined by label app=nginx
  kubectl logs -f -l app=nginx --all-containers=true
  
  # Display only the most recent 20 lines of output in pod nginx
  kubectl logs --tail=20 nginx
  
  # Show all logs from pod nginx written in the last hour
  kubectl logs --since=1h nginx
  
  # Show logs from a kubelet with an expired serving certificate
  kubectl logs --insecure-skip-tls-verify-backend nginx
  
  # Return snapshot logs from first container of a job named hello
  kubectl logs job/hello
  
  # Return snapshot logs from container nginx-1 of a deployment named nginx
  kubectl logs deployment/nginx -c nginx-1

Options

--all-containers
	Get all containers' logs in the pod(s).
-c, --container string
	Print the logs of this container
-f, --follow
	Specify if the logs should be streamed.
-h, --help
	help for logs
--ignore-errors
	If watching / following pod logs, allow for any errors that occur to be non-fatal
--insecure-skip-tls-verify-backend
	Skip verifying the identity of the kubelet that logs are requested from. In theory, an attacker could provide invalid log content back. You might want to use this if your kubelet serving certificates have expired.
--limit-bytes int
	Maximum bytes of logs to return. Defaults to no limit.
--max-log-requests int Default: 5
	Specify maximum number of concurrent logs to follow when using by a selector. Defaults to 5.
--pod-running-timeout duration Default: 20s
	The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running
--prefix
	Prefix each log line with the log source (pod name and container name)
-p, --previous
	If true, print the logs for the previous instance of the container in a pod if it exists.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--since duration
	Only return logs newer than a relative duration like 5s, 2m, or 3h. Defaults to all logs. Only one of since-time / since may be used.
--since-time string
	Only return logs after a specific date (RFC3339). Defaults to all logs. Only one of since-time / since may be used.
--tail int Default: -1
	Lines of recent log file to display. Defaults to -1 with no selector, showing all log lines otherwise 10, if a selector is provided.
--timestamps
	Include timestamps on each line in the log output

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.30 - kubectl options

Synopsis

Print the list of flags inherited by all commands

kubectl options [flags]

Examples

  # Print flags inherited by all commands
  kubectl options

Options

-h, --help
	help for options

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.31 - kubectl patch

Synopsis

Update fields of a resource using strategic merge patch, a JSON merge patch, or a JSON patch.

JSON and YAML formats are accepted.

Note: Strategic merge patch is not supported for custom resources.

kubectl patch (-f FILENAME | TYPE NAME) [-p PATCH|--patch-file FILE]

Examples

  # Partially update a node using a strategic merge patch, specifying the patch as JSON
  kubectl patch node k8s-node-1 -p '{"spec":{"unschedulable":true}}'
  
  # Partially update a node using a strategic merge patch, specifying the patch as YAML
  kubectl patch node k8s-node-1 -p $'spec:\n unschedulable: true'
  
  # Partially update a node identified by the type and name specified in "node.json" using strategic merge patch
  kubectl patch -f node.json -p '{"spec":{"unschedulable":true}}'
  
  # Update a container's image; spec.containers[*].name is required because it's a merge key
  kubectl patch pod valid-pod -p '{"spec":{"containers":[{"name":"kubernetes-serve-hostname","image":"new image"}]}}'
  
  # Update a container's image using a JSON patch with positional arrays
  kubectl patch pod valid-pod --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"new image"}]'
  
  # Update a deployment's replicas through the 'scale' subresource using a merge patch
  kubectl patch deployment nginx-deployment --subresource='scale' --type='merge' -p '{"spec":{"replicas":2}}'

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-patch"
	Name of the manager used to track field ownership.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to update
-h, --help
	help for patch
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
--local
	If true, patch will operate on the content of the file, not the server-side resource.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-p, --patch string
	The patch to be applied to the resource JSON file.
--patch-file string
	A file containing a patch to be applied to the resource.
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--subresource string
	If specified, patch will operate on the subresource of the requested object. Must be one of [status scale]. This flag is beta and may change in the future.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--type string Default: "strategic"
	The type of patch being provided; one of [json merge strategic]

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.32 - kubectl plugin

Synopsis

Provides utilities for interacting with plugins.

Plugins provide extended functionality that is not part of the major command-line distribution. Please refer to the documentation and examples for more information about how write your own plugins.

The easiest way to discover and install plugins is via the kubernetes sub-project krew. To install krew, visit https://krew.sigs.k8s.io/docs/user-guide/setup/install/ krew.sigs.k8s.io https://krew.sigs.k8s.io/docs/user-guide/setup/install/

kubectl plugin [flags]

Options

-h, --help
	help for plugin

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.32.1 - kubectl plugin list

Synopsis

List all available plugin files on a user's PATH.

Available plugin files are those that are: - executable - anywhere on the user's PATH - begin with "kubectl-"

kubectl plugin list [flags]

Examples

  # List all available plugins
  kubectl plugin list

Options

-h, --help
	help for list
--name-only
	If true, display only the binary name of each plugin, rather than its full path

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.33 - kubectl port-forward

Synopsis

Forward one or more local ports to a pod.

Use resource type/name such as deployment/mydeployment to select a pod. Resource type defaults to 'pod' if omitted.

If there are multiple pods matching the criteria, a pod will be selected automatically. The forwarding session ends when the selected pod terminates, and a rerun of the command is needed to resume forwarding.

kubectl port-forward TYPE/NAME [options] [LOCAL_PORT:]REMOTE_PORT [...[LOCAL_PORT_N:]REMOTE_PORT_N]

Examples

  # Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in the pod
  kubectl port-forward pod/mypod 5000 6000
  
  # Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in a pod selected by the deployment
  kubectl port-forward deployment/mydeployment 5000 6000
  
  # Listen on port 8443 locally, forwarding to the targetPort of the service's port named "https" in a pod selected by the service
  kubectl port-forward service/myservice 8443:https
  
  # Listen on port 8888 locally, forwarding to 5000 in the pod
  kubectl port-forward pod/mypod 8888:5000
  
  # Listen on port 8888 on all addresses, forwarding to 5000 in the pod
  kubectl port-forward --address 0.0.0.0 pod/mypod 8888:5000
  
  # Listen on port 8888 on localhost and selected IP, forwarding to 5000 in the pod
  kubectl port-forward --address localhost,10.19.21.23 pod/mypod 8888:5000
  
  # Listen on a random port locally, forwarding to 5000 in the pod
  kubectl port-forward pod/mypod :5000

Options

--address strings Default: "localhost"
	Addresses to listen on (comma separated). Only accepts IP addresses or localhost as a value. When localhost is supplied, kubectl will try to bind on both 127.0.0.1 and ::1 and will fail if neither of these addresses are available to bind.
-h, --help
	help for port-forward
--pod-running-timeout duration Default: 1m0s
	The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.34 - kubectl proxy

Synopsis

Creates a proxy server or application-level gateway between localhost and the Kubernetes API server. It also allows serving static content over specified HTTP path. All incoming data enters through one port and gets forwarded to the remote Kubernetes API server port, except for the path matching the static content path.

kubectl proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-prefix=prefix]

Examples

  # To proxy all of the Kubernetes API and nothing else
  kubectl proxy --api-prefix=/
  
  # To proxy only part of the Kubernetes API and also some static files
  # You can get pods info with 'curl localhost:8001/api/v1/pods'
  kubectl proxy --www=/my/files --www-prefix=/static/ --api-prefix=/api/
  
  # To proxy the entire Kubernetes API at a different root
  # You can get pods info with 'curl localhost:8001/custom/api/v1/pods'
  kubectl proxy --api-prefix=/custom/
  
  # Run a proxy to the Kubernetes API server on port 8011, serving static content from ./local/www/
  kubectl proxy --port=8011 --www=./local/www/
  
  # Run a proxy to the Kubernetes API server on an arbitrary local port
  # The chosen port for the server will be output to stdout
  kubectl proxy --port=0
  
  # Run a proxy to the Kubernetes API server, changing the API prefix to k8s-api
  # This makes e.g. the pods API available at localhost:8001/k8s-api/v1/pods/
  kubectl proxy --api-prefix=/k8s-api

Options

--accept-hosts string Default: "^localhost$,^127\.0\.0\.1$,^\[::1\]$"
	Regular expression for hosts that the proxy should accept.
--accept-paths string Default: "^.*"
	Regular expression for paths that the proxy should accept.
--address string Default: "127.0.0.1"
	The IP address on which to serve on.
--api-prefix string Default: "/"
	Prefix to serve the proxied API under.
--append-server-path
	If true, enables automatic path appending of the kube context server path to each request.
--disable-filter
	If true, disable request filtering in the proxy. This is dangerous, and can leave you vulnerable to XSRF attacks, when used with an accessible port.
-h, --help
	help for proxy
--keepalive duration
	keepalive specifies the keep-alive period for an active network connection. Set to 0 to disable keepalive.
-p, --port int Default: 8001
	The port on which to run the proxy. Set to 0 to pick a random port.
--reject-methods string Default: "^$"
	Regular expression for HTTP methods that the proxy should reject (example --reject-methods='POST,PUT,PATCH').
--reject-paths string Default: "^/api/./pods/./exec, ^/api/./pods/./attach"
	Regular expression for paths that the proxy should reject. Paths specified here will be rejected even accepted by --accept-paths.
-u, --unix-socket string
	Unix socket on which to run the proxy.
-w, --www string
	Also serve static files from the given directory under the specified prefix.
-P, --www-prefix string Default: "/static/"
	Prefix to serve static files under, if static file directory is specified.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.35 - kubectl replace

Synopsis

Replace a resource by file name or stdin.

JSON and YAML formats are accepted. If replacing an existing resource, the complete resource spec must be provided. This can be obtained by

    $ kubectl get TYPE NAME -o yaml

kubectl replace -f FILENAME

Examples

  # Replace a pod using the data in pod.json
  kubectl replace -f ./pod.json
  
  # Replace a pod based on the JSON passed into stdin
  cat pod.json | kubectl replace -f -
  
  # Update a single-container pod's image version (tag) to v4
  kubectl get pod mypod -o yaml | sed 's/\(image: myimage\):.*$/\1:v4/' | kubectl replace -f -
  
  # Force replace, delete and then re-create the resource
  kubectl replace --force -f ./pod.json

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--cascade string[="background"] Default: "background"
	Must be "background", "orphan", or "foreground". Selects the deletion cascading strategy for the dependents (e.g. Pods created by a ReplicationController). Defaults to background.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-replace"
	Name of the manager used to track field ownership.
-f, --filename strings
	The files that contain the configurations to replace.
--force
	If true, immediately remove resources from API and bypass graceful deletion. Note that immediate deletion of some resources may result in inconsistency or data loss and requires confirmation.
--grace-period int Default: -1
	Period of time in seconds given to the resource to terminate gracefully. Ignored if negative. Set to 1 for immediate shutdown. Can only be set to 0 when --force is true (force deletion).
-h, --help
	help for replace
-k, --kustomize string
	Process a kustomization directory. This flag can't be used together with -f or -R.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--raw string
	Raw URI to PUT to the server. Uses the transport specified by the kubeconfig file.
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--subresource string
	If specified, replace will operate on the subresource of the requested object. Must be one of [status scale]. This flag is beta and may change in the future.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--timeout duration
	The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.
--wait
	If true, wait for resources to be gone before returning. This waits for finalizers.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.36 - kubectl rollout

Synopsis

Manage the rollout of one or many resources.

Valid resource types include:

deployments
daemonsets
statefulsets

kubectl rollout SUBCOMMAND

Examples

  # Rollback to the previous deployment
  kubectl rollout undo deployment/abc
  
  # Check the rollout status of a daemonset
  kubectl rollout status daemonset/foo
  
  # Restart a deployment
  kubectl rollout restart deployment/abc
  
  # Restart deployments with the 'app=nginx' label
  kubectl rollout restart deployment --selector=app=nginx

Options

-h, --help
	help for rollout

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.36.1 - kubectl rollout history

Synopsis

View previous rollout revisions and configurations.

kubectl rollout history (TYPE NAME | TYPE/NAME) [flags]

Examples

  # View the rollout history of a deployment
  kubectl rollout history deployment/abc
  
  # View the details of daemonset revision 3
  kubectl rollout history daemonset/abc --revision=3

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to get from a server.
-h, --help
	help for history
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--revision int
	See the details, including podTemplate of the revision specified
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.36.2 - kubectl rollout pause

Synopsis

Mark the provided resource as paused.

Paused resources will not be reconciled by a controller. Use "kubectl rollout resume" to resume a paused resource. Currently only deployments support being paused.

kubectl rollout pause RESOURCE

Examples

  # Mark the nginx deployment as paused
  # Any current state of the deployment will continue its function; new updates
  # to the deployment will not have an effect as long as the deployment is paused
  kubectl rollout pause deployment/nginx

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--field-manager string Default: "kubectl-rollout"
	Name of the manager used to track field ownership.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to get from a server.
-h, --help
	help for pause
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.36.3 - kubectl rollout restart

Synopsis

Restart a resource.

    Resource rollout will be restarted.

kubectl rollout restart RESOURCE

Examples

  # Restart all deployments in test-namespace namespace
  kubectl rollout restart deployment -n test-namespace
  
  # Restart a deployment
  kubectl rollout restart deployment/nginx
  
  # Restart a daemon set
  kubectl rollout restart daemonset/abc
  
  # Restart deployments with the app=nginx label
  kubectl rollout restart deployment --selector=app=nginx

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--field-manager string Default: "kubectl-rollout"
	Name of the manager used to track field ownership.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to get from a server.
-h, --help
	help for restart
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.36.4 - kubectl rollout resume

Synopsis

Resume a paused resource.

Paused resources will not be reconciled by a controller. By resuming a resource, we allow it to be reconciled again. Currently only deployments support being resumed.

kubectl rollout resume RESOURCE

Examples

  # Resume an already paused deployment
  kubectl rollout resume deployment/nginx

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--field-manager string Default: "kubectl-rollout"
	Name of the manager used to track field ownership.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to get from a server.
-h, --help
	help for resume
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.36.5 - kubectl rollout status

Synopsis

Show the status of the rollout.

By default 'rollout status' will watch the status of the latest rollout until it's done. If you don't want to wait for the rollout to finish then you can use --watch=false. Note that if a new rollout starts in-between, then 'rollout status' will continue watching the latest revision. If you want to pin to a specific revision and abort if it is rolled over by another revision, use --revision=N where N is the revision you need to watch for.

kubectl rollout status (TYPE NAME | TYPE/NAME) [flags]

Examples

  # Watch the rollout status of a deployment
  kubectl rollout status deployment/nginx

Options

-f, --filename strings
	Filename, directory, or URL to files identifying the resource to get from a server.
-h, --help
	help for status
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--revision int
	Pin to a specific revision for showing its status. Defaults to 0 (last revision).
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--timeout duration
	The length of time to wait before ending watch, zero means never. Any other values should contain a corresponding time unit (e.g. 1s, 2m, 3h).
-w, --watch Default: true
	Watch the status of the rollout until it's done.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.36.6 - kubectl rollout undo

Synopsis

Roll back to a previous rollout.

kubectl rollout undo (TYPE NAME | TYPE/NAME) [flags]

Examples

  # Roll back to the previous deployment
  kubectl rollout undo deployment/abc
  
  # Roll back to daemonset revision 3
  kubectl rollout undo daemonset/abc --to-revision=3
  
  # Roll back to the previous deployment with dry-run
  kubectl rollout undo --dry-run=server deployment/abc

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to get from a server.
-h, --help
	help for undo
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--to-revision int
	The revision to rollback to. Default to 0 (last revision).

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.37 - kubectl run

Synopsis

Create and run a particular image in a pod.

kubectl run NAME --image=image [--env="key=value"] [--port=port] [--dry-run=server|client] [--overrides=inline-json] [--command] -- [COMMAND] [args...]

Examples

  # Start a nginx pod
  kubectl run nginx --image=nginx
  
  # Start a hazelcast pod and let the container expose port 5701
  kubectl run hazelcast --image=hazelcast/hazelcast --port=5701
  
  # Start a hazelcast pod and set environment variables "DNS_DOMAIN=cluster" and "POD_NAMESPACE=default" in the container
  kubectl run hazelcast --image=hazelcast/hazelcast --env="DNS_DOMAIN=cluster" --env="POD_NAMESPACE=default"
  
  # Start a hazelcast pod and set labels "app=hazelcast" and "env=prod" in the container
  kubectl run hazelcast --image=hazelcast/hazelcast --labels="app=hazelcast,env=prod"
  
  # Dry run; print the corresponding API objects without creating them
  kubectl run nginx --image=nginx --dry-run=client
  
  # Start a nginx pod, but overload the spec with a partial set of values parsed from JSON
  kubectl run nginx --image=nginx --overrides='{ "apiVersion": "v1", "spec": { ... } }'
  
  # Start a busybox pod and keep it in the foreground, don't restart it if it exits
  kubectl run -i -t busybox --image=busybox --restart=Never
  
  # Start the nginx pod using the default command, but use custom arguments (arg1 .. argN) for that command
  kubectl run nginx --image=nginx -- <arg1> <arg2> ... <argN>
  
  # Start the nginx pod using a different command and custom arguments
  kubectl run nginx --image=nginx --command -- <cmd> <arg1> ... <argN>

Options

--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--annotations strings
	Annotations to apply to the pod.
--attach
	If true, wait for the Pod to start running, and then attach to the Pod as if 'kubectl attach ...' were called. Default false, unless '-i/--stdin' is set, in which case the default is true. With '--restart=Never' the exit code of the container process is returned.
--command
	If true and extra arguments are present, use them as the 'command' field in the container, rather than the 'args' field which is the default.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--env strings
	Environment variables to set in the container.
--expose --port
	If true, create a ClusterIP service associated with the pod. Requires --port.
--field-manager string Default: "kubectl-run"
	Name of the manager used to track field ownership.
-h, --help
	help for run
--image string
	The image for the container to run.
--image-pull-policy string
	The image pull policy for the container. If left empty, this value will not be specified by the client and defaulted by the server.
-l, --labels string
	Comma separated labels to apply to the pod. Will override previous values.
--leave-stdin-open
	If the pod is started in interactive mode or with stdin, leave stdin open after the first attach completes. By default, stdin will be closed after the first attach completes.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--override-type string Default: "merge"
	The method used to override the generated object: json, merge, or strategic.
--overrides string
	An inline JSON override for the generated object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field.
--pod-running-timeout duration Default: 1m0s
	The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running
--port string
	The port that this container exposes.
--privileged
	If true, run the container in privileged mode.
-q, --quiet
	If true, suppress prompt messages.
--restart string Default: "Always"
	The restart policy for this Pod. Legal values [Always, OnFailure, Never].
--rm
	If true, delete the pod after it exits. Only valid when attaching to the container, e.g. with '--attach' or with '-i/--stdin'.
--save-config
	If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
-i, --stdin
	Keep stdin open on the container in the pod, even if nothing is attached.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-t, --tty
	Allocate a TTY for the container in the pod.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.38 - kubectl scale

Synopsis

Set a new size for a deployment, replica set, replication controller, or stateful set.

Scale also allows users to specify one or more preconditions for the scale action.

If --current-replicas or --resource-version is specified, it is validated before the scale is attempted, and it is guaranteed that the precondition holds true when the scale is sent to the server.

kubectl scale [--resource-version=version] [--current-replicas=count] --replicas=COUNT (-f FILENAME | TYPE NAME)

Examples

  # Scale a replica set named 'foo' to 3
  kubectl scale --replicas=3 rs/foo
  
  # Scale a resource identified by type and name specified in "foo.yaml" to 3
  kubectl scale --replicas=3 -f foo.yaml
  
  # If the deployment named mysql's current size is 2, scale mysql to 3
  kubectl scale --current-replicas=2 --replicas=3 deployment/mysql
  
  # Scale multiple replication controllers
  kubectl scale --replicas=5 rc/example1 rc/example2 rc/example3
  
  # Scale stateful set named 'web' to 3
  kubectl scale --replicas=3 statefulset/web

Options

--all
	Select all resources in the namespace of the specified resource types
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--current-replicas int Default: -1
	Precondition for current size. Requires that the current size of the resource match this value in order to scale. -1 (default) for no condition.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to set a new size
-h, --help
	help for scale
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--replicas int
	The new desired number of replicas. Required.
--resource-version string
	Precondition for resource version. Requires that the current resource version match this value in order to scale.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--timeout duration
	The length of time to wait before giving up on a scale operation, zero means don't wait. Any other values should contain a corresponding time unit (e.g. 1s, 2m, 3h).

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.39 - kubectl set

Synopsis

Configure application resources.

These commands help you make changes to existing application resources.

kubectl set SUBCOMMAND

Options

-h, --help
	help for set

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.39.1 - kubectl set env

Synopsis

Update environment variables on a pod template.

List environment variable definitions in one or more pods, pod templates. Add, update, or remove container environment variable definitions in one or more pod templates (within replication controllers or deployment configurations). View or modify the environment variable definitions on all containers in the specified pods or pod templates, or just those that match a wildcard.

If "--env -" is passed, environment variables can be read from STDIN using the standard env syntax.

Possible resources include (case insensitive):

    pod (po), replicationcontroller (rc), deployment (deploy), daemonset (ds), statefulset (sts), cronjob (cj), replicaset (rs)

kubectl set env RESOURCE/NAME KEY_1=VAL_1 ... KEY_N=VAL_N

Examples

  # Update deployment 'registry' with a new environment variable
  kubectl set env deployment/registry STORAGE_DIR=/local
  
  # List the environment variables defined on a deployments 'sample-build'
  kubectl set env deployment/sample-build --list
  
  # List the environment variables defined on all pods
  kubectl set env pods --all --list
  
  # Output modified deployment in YAML, and does not alter the object on the server
  kubectl set env deployment/sample-build STORAGE_DIR=/data -o yaml
  
  # Update all containers in all replication controllers in the project to have ENV=prod
  kubectl set env rc --all ENV=prod
  
  # Import environment from a secret
  kubectl set env --from=secret/mysecret deployment/myapp
  
  # Import environment from a config map with a prefix
  kubectl set env --from=configmap/myconfigmap --prefix=MYSQL_ deployment/myapp
  
  # Import specific keys from a config map
  kubectl set env --keys=my-example-key --from=configmap/myconfigmap deployment/myapp
  
  # Remove the environment variable ENV from container 'c1' in all deployment configs
  kubectl set env deployments --all --containers="c1" ENV-
  
  # Remove the environment variable ENV from a deployment definition on disk and
  # update the deployment config on the server
  kubectl set env -f deploy.json ENV-
  
  # Set some of the local shell environment into a deployment config on the server
  env | grep RAILS_ | kubectl set env -e - deployment/registry

Options

--all
	If true, select all resources in the namespace of the specified resource types
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-c, --containers string Default: "*"
	The names of containers in the selected pod templates to change - may use wildcards
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
-e, --env strings
	Specify a key-value pair for an environment variable to set into each container.
--field-manager string Default: "kubectl-set"
	Name of the manager used to track field ownership.
-f, --filename strings
	Filename, directory, or URL to files the resource to update the env
--from string
	The name of a resource from which to inject environment variables
-h, --help
	help for env
--keys strings
	Comma-separated list of keys to import from specified resource
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
--list
	If true, display the environment and any changes in the standard format. this flag will removed when we have kubectl view env.
--local
	If true, set env will NOT contact api-server but run locally.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--overwrite Default: true
	If true, allow environment to be overwritten, otherwise reject updates that overwrite existing environment.
--prefix string
	Prefix to append to variable names
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--resolve
	If true, show secret or configmap references when listing variables
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.39.2 - kubectl set image

Synopsis

Update existing container image(s) of resources.

Possible resources include (case insensitive):

    pod (po), replicationcontroller (rc), deployment (deploy), daemonset (ds), statefulset (sts), cronjob (cj), replicaset (rs)

kubectl set image (-f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1 ... CONTAINER_NAME_N=CONTAINER_IMAGE_N

Examples

  # Set a deployment's nginx container image to 'nginx:1.9.1', and its busybox container image to 'busybox'
  kubectl set image deployment/nginx busybox=busybox nginx=nginx:1.9.1
  
  # Update all deployments' and rc's nginx container's image to 'nginx:1.9.1'
  kubectl set image deployments,rc nginx=nginx:1.9.1 --all
  
  # Update image of all containers of daemonset abc to 'nginx:1.9.1'
  kubectl set image daemonset abc *=nginx:1.9.1
  
  # Print result (in yaml format) of updating nginx container image from local file, without hitting the server
  kubectl set image -f path/to/file.yaml nginx=nginx:1.9.1 --local -o yaml

Options

--all
	Select all resources, in the namespace of the specified resource types
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-set"
	Name of the manager used to track field ownership.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to get from a server.
-h, --help
	help for image
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
--local
	If true, set image will NOT contact api-server but run locally.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.39.3 - kubectl set resources

Synopsis

Specify compute resource requirements (CPU, memory) for any resource that defines a pod template. If a pod is successfully scheduled, it is guaranteed the amount of resource requested, but may burst up to its specified limits.

For each compute resource, if a limit is specified and a request is omitted, the request will default to the limit.

Possible resources include (case insensitive): Use "kubectl api-resources" for a complete list of supported resources..

kubectl set resources (-f FILENAME | TYPE NAME)  ([--limits=LIMITS & --requests=REQUESTS]

Examples

  # Set a deployments nginx container cpu limits to "200m" and memory to "512Mi"
  kubectl set resources deployment nginx -c=nginx --limits=cpu=200m,memory=512Mi
  
  # Set the resource request and limits for all containers in nginx
  kubectl set resources deployment nginx --limits=cpu=200m,memory=512Mi --requests=cpu=100m,memory=256Mi
  
  # Remove the resource requests for resources on containers in nginx
  kubectl set resources deployment nginx --limits=cpu=0,memory=0 --requests=cpu=0,memory=0
  
  # Print the result (in yaml format) of updating nginx container limits from a local, without hitting the server
  kubectl set resources -f path/to/file.yaml --limits=cpu=200m,memory=512Mi --local -o yaml

Options

--all
	Select all resources, in the namespace of the specified resource types
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-c, --containers string Default: "*"
	The names of containers in the selected pod templates to change, all containers are selected by default - may use wildcards
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-set"
	Name of the manager used to track field ownership.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to get from a server.
-h, --help
	help for resources
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
--limits string
	The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges.
--local
	If true, set resources will NOT contact api-server but run locally.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--requests string
	The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.39.4 - kubectl set selector

Synopsis

Set the selector on a resource. Note that the new selector will overwrite the old selector if the resource had one prior to the invocation of 'set selector'.

A selector must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters. If --resource-version is specified, then updates will use this resource version, otherwise the existing resource-version will be used. Note: currently selectors can only be set on Service objects.

kubectl set selector (-f FILENAME | TYPE NAME) EXPRESSIONS [--resource-version=version]

Examples

  # Set the labels and selector before creating a deployment/service pair
  kubectl create service clusterip my-svc --clusterip="None" -o yaml --dry-run=client | kubectl set selector --local -f - 'environment=qa' -o yaml | kubectl create -f -
  kubectl create deployment my-dep -o yaml --dry-run=client | kubectl label --local -f - environment=qa -o yaml | kubectl create -f -

Options

--all
	Select all resources in the namespace of the specified resource types
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-set"
	Name of the manager used to track field ownership.
-f, --filename strings
	identifying the resource.
-h, --help
	help for selector
--local
	If true, annotation will NOT contact api-server but run locally.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive Default: true
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--resource-version string
	If non-empty, the selectors update will only succeed if this is the current resource-version for the object. Only valid when specifying a single resource.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.39.5 - kubectl set serviceaccount

Synopsis

Update the service account of pod template resources.

Possible resources (case insensitive) can be:

replicationcontroller (rc), deployment (deploy), daemonset (ds), job, replicaset (rs), statefulset

kubectl set serviceaccount (-f FILENAME | TYPE NAME) SERVICE_ACCOUNT

Examples

  # Set deployment nginx-deployment's service account to serviceaccount1
  kubectl set serviceaccount deployment nginx-deployment serviceaccount1
  
  # Print the result (in YAML format) of updated nginx deployment with the service account from local file, without hitting the API server
  kubectl set sa -f nginx-deployment.yaml serviceaccount1 --local --dry-run=client -o yaml

Options

--all
	Select all resources, in the namespace of the specified resource types
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-set"
	Name of the manager used to track field ownership.
-f, --filename strings
	Filename, directory, or URL to files identifying the resource to get from a server.
-h, --help
	help for serviceaccount
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
--local
	If true, set serviceaccount will NOT contact api-server but run locally.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.39.6 - kubectl set subject

Synopsis

Update the user, group, or service account in a role binding or cluster role binding.

kubectl set subject (-f FILENAME | TYPE NAME) [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run=server|client|none]

Examples

  # Update a cluster role binding for serviceaccount1
  kubectl set subject clusterrolebinding admin --serviceaccount=namespace:serviceaccount1
  
  # Update a role binding for user1, user2, and group1
  kubectl set subject rolebinding admin --user=user1 --user=user2 --group=group1
  
  # Print the result (in YAML format) of updating rolebinding subjects from a local, without hitting the server
  kubectl create rolebinding admin --role=admin --user=admin -o yaml --dry-run=client | kubectl set subject --local -f - --user=foo -o yaml

Options

--all
	Select all resources, in the namespace of the specified resource types
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-set"
	Name of the manager used to track field ownership.
-f, --filename strings
	Filename, directory, or URL to files the resource to update the subjects
--group strings
	Groups to bind to the role
-h, --help
	help for subject
-k, --kustomize string
	Process the kustomization directory. This flag can't be used together with -f or -R.
--local
	If true, set subject will NOT contact api-server but run locally.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--serviceaccount strings
	Service accounts to bind to the role
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--user strings
	Usernames to bind to the role

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.40 - kubectl taint

Synopsis

Update the taints on one or more nodes.

A taint consists of a key, value, and effect. As an argument here, it is expressed as key=value:effect.
The key must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 253 characters.
Optionally, the key can begin with a DNS subdomain prefix and a single '/', like example.com/my-app.
The value is optional. If given, it must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters.
The effect must be NoSchedule, PreferNoSchedule or NoExecute.
Currently taint can only apply to node.

kubectl taint NODE NAME KEY_1=VAL_1:TAINT_EFFECT_1 ... KEY_N=VAL_N:TAINT_EFFECT_N

Examples

  # Update node 'foo' with a taint with key 'dedicated' and value 'special-user' and effect 'NoSchedule'
  # If a taint with that key and effect already exists, its value is replaced as specified
  kubectl taint nodes foo dedicated=special-user:NoSchedule
  
  # Remove from node 'foo' the taint with key 'dedicated' and effect 'NoSchedule' if one exists
  kubectl taint nodes foo dedicated:NoSchedule-
  
  # Remove from node 'foo' all the taints with key 'dedicated'
  kubectl taint nodes foo dedicated-
  
  # Add a taint with key 'dedicated' on nodes having label myLabel=X
  kubectl taint node -l myLabel=X  dedicated=foo:PreferNoSchedule
  
  # Add to node 'foo' a taint with key 'bar' and no value
  kubectl taint nodes foo bar:NoSchedule

Options

--all
	Select all nodes in the cluster
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
--field-manager string Default: "kubectl-taint"
	Name of the manager used to track field ownership.
-h, --help
	help for taint
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
--overwrite
	If true, allow taints to be overwritten, otherwise reject taint updates that overwrite existing taints.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--validate string[="strict"] Default: "strict"
	Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.41 - kubectl top

Synopsis

Display resource (CPU/memory) usage.

The top command allows you to see the resource consumption for nodes or pods.

This command requires Metrics Server to be correctly configured and working on the server.

kubectl top [flags]

Options

-h, --help
	help for top

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.41.1 - kubectl top node

Synopsis

Display resource (CPU/memory) usage of nodes.

The top-node command allows you to see the resource consumption of nodes.

kubectl top node [NAME | -l label]

Examples

  # Show metrics for all nodes
  kubectl top node
  
  # Show metrics for a given node
  kubectl top node NODE_NAME

Options

-h, --help
	help for node
--no-headers
	If present, print output without headers
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--show-capacity
	Print node resources based on Capacity instead of Allocatable(default) of the nodes.
--sort-by string
	If non-empty, sort nodes list using specified field. The field can be either 'cpu' or 'memory'.
--use-protocol-buffers Default: true
	Enables using protocol-buffers to access Metrics API.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.41.2 - kubectl top pod

Synopsis

Display resource (CPU/memory) usage of pods.

The 'top pod' command allows you to see the resource consumption of pods.

Due to the metrics pipeline delay, they may be unavailable for a few minutes since pod creation.

kubectl top pod [NAME | -l label]

Examples

  # Show metrics for all pods in the default namespace
  kubectl top pod
  
  # Show metrics for all pods in the given namespace
  kubectl top pod --namespace=NAMESPACE
  
  # Show metrics for a given pod and its containers
  kubectl top pod POD_NAME --containers
  
  # Show metrics for the pods defined by label name=myLabel
  kubectl top pod -l name=myLabel

Options

-A, --all-namespaces
	If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
--containers
	If present, print usage of containers within a pod.
--field-selector string
	Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.
-h, --help
	help for pod
--no-headers
	If present, print output without headers.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
--sort-by string
	If non-empty, sort pods list using specified field. The field can be either 'cpu' or 'memory'.
--sum
	Print the sum of the resource usage
--use-protocol-buffers Default: true
	Enables using protocol-buffers to access Metrics API.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.42 - kubectl uncordon

Synopsis

Mark node as schedulable.

kubectl uncordon NODE

Examples

  # Mark node "foo" as schedulable
  kubectl uncordon foo

Options

--dry-run string[="unchanged"] Default: "none"
	Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
-h, --help
	help for uncordon
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.43 - kubectl version

Synopsis

Print the client and server version information for the current context.

kubectl version [flags]

Examples

  # Print the client and server versions for the current context
  kubectl version

Options

--client
	If true, shows client version only (no server required).
-h, --help
	help for version
-o, --output string
	One of 'yaml' or 'json'.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

2.44 - kubectl wait

Synopsis

Experimental: Wait for a specific condition on one or many resources.

The command takes multiple resources and waits until the specified condition is seen in the Status field of every given resource.

Alternatively, the command can wait for the given set of resources to be deleted by providing the "delete" keyword as the value to the --for flag.

A successful message will be printed to stdout indicating when the specified condition has been met. You can use -o option to change to output destination.

kubectl wait ([-f FILENAME] | resource.group/resource.name | resource.group [(-l label | --all)]) [--for=delete|--for condition=available|--for=jsonpath='{}'[=value]]

Examples

  # Wait for the pod "busybox1" to contain the status condition of type "Ready"
  kubectl wait --for=condition=Ready pod/busybox1
  
  # The default value of status condition is true; you can wait for other targets after an equal delimiter (compared after Unicode simple case folding, which is a more general form of case-insensitivity)
  kubectl wait --for=condition=Ready=false pod/busybox1
  
  # Wait for the pod "busybox1" to contain the status phase to be "Running"
  kubectl wait --for=jsonpath='{.status.phase}'=Running pod/busybox1
  
  # Wait for pod "busybox1" to be Ready
  kubectl wait --for='jsonpath={.status.conditions[?(@.type=="Ready")].status}=True' pod/busybox1
  
  # Wait for the service "loadbalancer" to have ingress.
  kubectl wait --for=jsonpath='{.status.loadBalancer.ingress}' service/loadbalancer
  
  # Wait for the pod "busybox1" to be deleted, with a timeout of 60s, after having issued the "delete" command
  kubectl delete pod/busybox1
  kubectl wait --for=delete pod/busybox1 --timeout=60s

Options

--all
	Select all resources in the namespace of the specified resource types
-A, --all-namespaces
	If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
--allow-missing-template-keys Default: true
	If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
--field-selector string
	Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.
-f, --filename strings
	identifying the resource.
--for string
	The condition to wait on: [delete\|condition=condition-name[=condition-value]\|jsonpath='{JSONPath expression}'=[JSONPath value]]. The default condition-value is true. Condition values are compared after Unicode simple case folding, which is a more general form of case-insensitivity.
-h, --help
	help for wait
--local
	If true, annotation will NOT contact api-server but run locally.
-o, --output string
	Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-R, --recursive Default: true
	Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-l, --selector string
	Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
--show-managed-fields
	If true, keep the managedFields when printing objects in JSON or YAML format.
--template string
	Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
--timeout duration Default: 30s
	The length of time to wait before giving up. Zero means check once and don't wait, negative means wait for a week.

--as string
	Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
--as-group strings
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--as-uid string
	UID to impersonate for the operation.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
--disable-compression
	If true, opt-out of response compression for all requests to the server
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--storage-driver-buffer-duration duration Default: 1m0s
	Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
--storage-driver-db string Default: "cadvisor"
	database name
--storage-driver-host string Default: "localhost:8086"
	database host:port
--storage-driver-password string Default: "root"
	database password
--storage-driver-secure
	use secure connection with database
--storage-driver-table string Default: "stats"
	table name
--storage-driver-user string Default: "root"
	database username
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
--version version[=true]
	--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

3 - kubectl Commands

kubectl Command Reference

4 - kubectl

Synopsis

kubectl controls the Kubernetes cluster manager.

Find more information in Command line tool (kubectl).

kubectl [flags]

Options

--add-dir-header
	If true, adds the file directory to the header of the log messages
--alsologtostderr
	log to standard error as well as files
--as string
	Username to impersonate for the operation
--as-group stringArray
	Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--azure-container-registry-config string
	Path to the file containing Azure container registry configuration information.
--cache-dir string Default: "$HOME/.kube/cache"
	Default cache directory
--certificate-authority string
	Path to a cert file for the certificate authority
--client-certificate string
	Path to a client certificate file for TLS
--client-key string
	Path to a client key file for TLS
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
	CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks
--cluster string
	The name of the kubeconfig cluster to use
--context string
	The name of the kubeconfig context to use
--default-not-ready-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
--default-unreachable-toleration-seconds int Default: 300
	Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
-h, --help
	help for kubectl
--insecure-skip-tls-verify
	If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string
	Path to the kubeconfig file to use for CLI requests.
--log-backtrace-at traceLocation Default: :0
	when logging hits line file:N, emit a stack trace
--log-dir string
	If non-empty, write log files in this directory
--log-file string
	If non-empty, use this log file
--log-file-max-size uint Default: 1800
	Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited.
--log-flush-frequency duration Default: 5s
	Maximum number of seconds between log flushes
--logtostderr Default: true
	log to standard error instead of files
--match-server-version
	Require server version to match client version
-n, --namespace string
	If present, the namespace scope for this CLI request
--one-output
	If true, only write logs to their native severity level (vs also writing to each lower severity level)
--password string
	Password for basic authentication to the API server
--profile string Default: "none"
	Name of profile to capture. One of (none\|cpu\|heap\|goroutine\|threadcreate\|block\|mutex)
--profile-output string Default: "profile.pprof"
	Name of the file to write the profile to
--request-timeout string Default: "0"
	The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server string
	The address and port of the Kubernetes API server
--skip-headers
	If true, avoid header prefixes in the log messages
--skip-log-headers
	If true, avoid headers when opening log files
--stderrthreshold severity Default: 2
	logs at or above this threshold go to stderr
--tls-server-name string
	Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string
	Bearer token for authentication to the API server
--user string
	The name of the kubeconfig user to use
--username string
	Username for basic authentication to the API server
-v, --v Level
	number for the log level verbosity
--version version[=true]
	Print version information and quit
--vmodule moduleSpec
	comma-separated list of pattern=N settings for file-filtered logging
--warnings-as-errors
	Treat warnings received from the server as errors and exit with a non-zero exit code

Environment variables

KUBECONFIG
	Path to the kubectl configuration ("kubeconfig") file. Default: "$HOME/.kube/config"
KUBECTL_COMMAND_HEADERS
	When set to false, turns off extra HTTP headers detailing invoked kubectl command (Kubernetes version v1.22 or later)
KUBECTL_EXPLAIN_OPENAPIV3
	Toggles whether calls to `kubectl explain` use the new OpenAPIv3 data source available. OpenAPIV3 is enabled by default since Kubernetes 1.24.
KUBECTL_ENABLE_CMD_SHADOW
	When set to true, external plugins can be used as subcommands for builtin commands if subcommand does not exist. In alpha stage, this feature can only be used for create command(e.g. kubectl create networkpolicy).
KUBECTL_REMOTE_COMMAND_WEBSOCKETS
	When set to true, the kubectl exec, cp, and attach commands will attempt to stream using the websockets protocol. If the upgrade to websockets fails, the commands will fallback to use the current SPDY protocol.

5 - JSONPath Support

Kubectl supports JSONPath template.

JSONPath template is composed of JSONPath expressions enclosed by curly braces {}. Kubectl uses JSONPath expressions to filter on specific fields in the JSON object and format the output. In addition to the original JSONPath template syntax, the following functions and syntax are valid:

Use double quotes to quote text inside JSONPath expressions.
Use the range, end operators to iterate lists.
Use negative slice indices to step backwards through a list. Negative indices do not "wrap around" a list and are valid as long as -index + listLength >= 0.

Note:

The $ operator is optional since the expression always starts from the root object by default.
The result object is printed as its String() function.

Given the JSON input:

{
  "kind": "List",
  "items":[
    {
      "kind":"None",
      "metadata":{
        "name":"127.0.0.1",
        "labels":{
          "kubernetes.io/hostname":"127.0.0.1"
        }
      },
      "status":{
        "capacity":{"cpu":"4"},
        "addresses":[{"type": "LegacyHostIP", "address":"127.0.0.1"}]
      }
    },
    {
      "kind":"None",
      "metadata":{"name":"127.0.0.2"},
      "status":{
        "capacity":{"cpu":"8"},
        "addresses":[
          {"type": "LegacyHostIP", "address":"127.0.0.2"},
          {"type": "another", "address":"127.0.0.3"}
        ]
      }
    }
  ],
  "users":[
    {
      "name": "myself",
      "user": {}
    },
    {
      "name": "e2e",
      "user": {"username": "admin", "password": "secret"}
    }
  ]
}

Function	Description	Example	Result
`text`	the plain text	`kind is {.kind}`	`kind is List`
`@`	the current object	`{@}`	the same as input
`.` or `[]`	child operator	`{.kind}`, `{['kind']}` or `{['name\.type']}`	`List`
`..`	recursive descent	`{..name}`	`127.0.0.1 127.0.0.2 myself e2e`
`*`	wildcard. Get all objects	`{.items[*].metadata.name}`	`[127.0.0.1 127.0.0.2]`
`[start:end:step]`	subscript operator	`{.users[0].name}`	`myself`
`[,]`	union operator	`{.items[*]['metadata.name', 'status.capacity']}`	`127.0.0.1 127.0.0.2 map[cpu:4] map[cpu:8]`
`?()`	filter	`{.users[?(@.name=="e2e")].user.password}`	`secret`
`range`, `end`	iterate list	`{range .items[*]}[{.metadata.name}, {.status.capacity}] {end}`	`[127.0.0.1, map[cpu:4]] [127.0.0.2, map[cpu:8]]`
`''`	quote interpreted string	`{range .items[*]}{.metadata.name}{'\t'}{end}`	`127.0.0.1 127.0.0.2`
`\`	escape termination character	`{.items[0].metadata.labels.kubernetes\.io/hostname}`	`127.0.0.1`

Examples using kubectl and JSONPath expressions:

kubectl get pods -o json
kubectl get pods -o=jsonpath='{@}'
kubectl get pods -o=jsonpath='{.items[0]}'
kubectl get pods -o=jsonpath='{.items[0].metadata.name}'
kubectl get pods -o=jsonpath="{.items[*]['metadata.name', 'status.capacity']}"
kubectl get pods -o=jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.status.startTime}{"\n"}{end}'
kubectl get pods -o=jsonpath='{.items[0].metadata.labels.kubernetes\.io/hostname}'

Note:

On Windows, you must double quote any JSONPath template that contains spaces (not single quote as shown above for bash). This in turn means that you must use a single quote or escaped double quote around any literals in the template. For example:

kubectl get pods -o=jsonpath="{range .items[*]}{.metadata.name}{'\t'}{.status.startTime}{'\n'}{end}"
kubectl get pods -o=jsonpath="{range .items[*]}{.metadata.name}{\"\t\"}{.status.startTime}{\"\n\"}{end}"

Note:

JSONPath regular expressions are not supported. If you want to match using regular expressions, you can use a tool such as jq.

# kubectl does not support regular expressions for JSONpath output
# The following command does not work
kubectl get pods -o jsonpath='{.items[?(@.metadata.name=~/^test$/)].metadata.name}'

# The following command achieves the desired result
kubectl get pods -o json | jq -r '.items[] | select(.metadata.name | test("test-")).metadata.name'

6 - kubectl for Docker Users

You can use the Kubernetes command line tool kubectl to interact with the API Server. Using kubectl is straightforward if you are familiar with the Docker command line tool. However, there are a few differences between the Docker commands and the kubectl commands. The following sections show a Docker sub-command and describe the equivalent kubectl command.

docker run

To run an nginx Deployment and expose the Deployment, see kubectl create deployment. docker:

docker run -d --restart=always -e DOMAIN=cluster --name nginx-app -p 80:80 nginx

55c103fa129692154a7652490236fee9be47d70a8dd562281ae7d2f9a339a6db

docker ps

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
55c103fa1296        nginx               "nginx -g 'daemon of…"   9 seconds ago       Up 9 seconds        0.0.0.0:80->80/tcp   nginx-app

kubectl:

# start the pod running nginx
kubectl create deployment --image=nginx nginx-app

deployment.apps/nginx-app created

# add env to nginx-app
kubectl set env deployment/nginx-app  DOMAIN=cluster

deployment.apps/nginx-app env updated

Note: kubectl commands print the type and name of the resource created or mutated, which can then be used in subsequent commands. You can expose a new Service after a Deployment is created.

# expose a port through with a service
kubectl expose deployment nginx-app --port=80 --name=nginx-http

service "nginx-http" exposed

By using kubectl, you can create a Deployment to ensure that N pods are running nginx, where N is the number of replicas stated in the spec and defaults to 1. You can also create a service with a selector that matches the pod labels. For more information, see Use a Service to Access an Application in a Cluster.

By default images run in the background, similar to docker run -d .... To run things in the foreground, use kubectl run to create pod:

kubectl run [-i] [--tty] --attach <name> --image=<image>

Unlike docker run ..., if you specify --attach, then you attach stdin, stdout and stderr. You cannot control which streams are attached (docker -a ...). To detach from the container, you can type the escape sequence Ctrl+P followed by Ctrl+Q.

docker ps

To list what is currently running, see kubectl get.

docker:

docker ps -a

CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS                     PORTS                NAMES
14636241935f        ubuntu:16.04        "echo test"              5 seconds ago        Exited (0) 5 seconds ago                        cocky_fermi
55c103fa1296        nginx               "nginx -g 'daemon of…"   About a minute ago   Up About a minute          0.0.0.0:80->80/tcp   nginx-app

kubectl:

kubectl get po

NAME                        READY     STATUS      RESTARTS   AGE
nginx-app-8df569cb7-4gd89   1/1       Running     0          3m
ubuntu                      0/1       Completed   0          20s

docker attach

To attach a process that is already running in a container, see kubectl attach.

docker:

docker ps

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
55c103fa1296        nginx               "nginx -g 'daemon of…"   5 minutes ago       Up 5 minutes        0.0.0.0:80->80/tcp   nginx-app

docker attach 55c103fa1296
...

kubectl:

kubectl get pods

NAME              READY     STATUS    RESTARTS   AGE
nginx-app-5jyvm   1/1       Running   0          10m

kubectl attach -it nginx-app-5jyvm
...

To detach from the container, you can type the escape sequence Ctrl+P followed by Ctrl+Q.

docker exec

To execute a command in a container, see kubectl exec.

docker:

docker ps

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
55c103fa1296        nginx               "nginx -g 'daemon of…"   6 minutes ago       Up 6 minutes        0.0.0.0:80->80/tcp   nginx-app

docker exec 55c103fa1296 cat /etc/hostname

55c103fa1296

kubectl:

kubectl get po

NAME              READY     STATUS    RESTARTS   AGE
nginx-app-5jyvm   1/1       Running   0          10m

kubectl exec nginx-app-5jyvm -- cat /etc/hostname

nginx-app-5jyvm

To use interactive commands.

docker:

docker exec -ti 55c103fa1296 /bin/sh
# exit

kubectl:

kubectl exec -ti nginx-app-5jyvm -- /bin/sh
# exit

For more information, see Get a Shell to a Running Container.

docker logs

To follow stdout/stderr of a process that is running, see kubectl logs.

docker:

docker logs -f a9e

192.168.9.1 - - [14/Jul/2015:01:04:02 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.35.0" "-"
192.168.9.1 - - [14/Jul/2015:01:04:03 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.35.0" "-"

kubectl:

kubectl logs -f nginx-app-zibvs

10.240.63.110 - - [14/Jul/2015:01:09:01 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.26.0" "-"
10.240.63.110 - - [14/Jul/2015:01:09:02 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.26.0" "-"

There is a slight difference between pods and containers; by default pods do not terminate if their processes exit. Instead the pods restart the process. This is similar to the docker run option --restart=always with one major difference. In docker, the output for each invocation of the process is concatenated, but for Kubernetes, each invocation is separate. To see the output from a previous run in Kubernetes, do this:

kubectl logs --previous nginx-app-zibvs

10.240.63.110 - - [14/Jul/2015:01:09:01 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.26.0" "-"
10.240.63.110 - - [14/Jul/2015:01:09:02 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.26.0" "-"

For more information, see Logging Architecture.

docker stop and docker rm

To stop and delete a running process, see kubectl delete.

docker:

docker ps

CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS              PORTS                         NAMES
a9ec34d98787        nginx               "nginx -g 'daemon of"  22 hours ago        Up 22 hours         0.0.0.0:80->80/tcp, 443/tcp   nginx-app

docker stop a9ec34d98787

a9ec34d98787

docker rm a9ec34d98787

a9ec34d98787

kubectl:

kubectl get deployment nginx-app

NAME         READY   UP-TO-DATE   AVAILABLE   AGE
nginx-app    1/1     1            1           2m

kubectl get po -l app=nginx-app

NAME                         READY     STATUS    RESTARTS   AGE
nginx-app-2883164633-aklf7   1/1       Running   0          2m

kubectl delete deployment nginx-app

deployment "nginx-app" deleted

kubectl get po -l app=nginx-app
# Return nothing

Note: When you use kubectl, you don't delete the pod directly. You have to first delete the Deployment that owns the pod. If you delete the pod directly, the Deployment recreates the pod.

There is no direct analog of docker login in kubectl. If you are interested in using Kubernetes with a private registry, see Using a Private Registry.

docker version

To get the version of client and server, see kubectl version.

docker:

docker version

Client version: 1.7.0
Client API version: 1.19
Go version (client): go1.4.2
Git commit (client): 0baf609
OS/Arch (client): linux/amd64
Server version: 1.7.0
Server API version: 1.19
Go version (server): go1.4.2
Git commit (server): 0baf609
OS/Arch (server): linux/amd64

kubectl:

kubectl version

Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.9+a3d1dfa6f4335", GitCommit:"9b77fed11a9843ce3780f70dd251e92901c43072", GitTreeState:"dirty", BuildDate:"2017-08-29T20:32:58Z", OpenPaasKubernetesVersion:"v1.03.02", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.9+a3d1dfa6f4335", GitCommit:"9b77fed11a9843ce3780f70dd251e92901c43072", GitTreeState:"dirty", BuildDate:"2017-08-29T20:32:58Z", OpenPaasKubernetesVersion:"v1.03.02", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}

docker info

To get miscellaneous information about the environment and configuration, see kubectl cluster-info.

docker:

docker info

Containers: 40
Images: 168
Storage Driver: aufs
 Root Dir: /usr/local/google/docker/aufs
 Backing Filesystem: extfs
 Dirs: 248
 Dirperm1 Supported: false
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 3.13.0-53-generic
Operating System: Ubuntu 14.04.2 LTS
CPUs: 12
Total Memory: 31.32 GiB
Name: k8s-is-fun.mtv.corp.google.com
ID: ADUV:GCYR:B3VJ:HMPO:LNPQ:KD5S:YKFQ:76VN:IANZ:7TFV:ZBF4:BYJO
WARNING: No swap limit support

kubectl:

kubectl cluster-info

Kubernetes master is running at https://203.0.113.141
KubeDNS is running at https://203.0.113.141/api/v1/namespaces/kube-system/services/kube-dns/proxy
kubernetes-dashboard is running at https://203.0.113.141/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy
Grafana is running at https://203.0.113.141/api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
Heapster is running at https://203.0.113.141/api/v1/namespaces/kube-system/services/monitoring-heapster/proxy
InfluxDB is running at https://203.0.113.141/api/v1/namespaces/kube-system/services/monitoring-influxdb/proxy

7 - kubectl Usage Conventions

Recommended usage conventions for kubectl.

Using `kubectl` in Reusable Scripts

For a stable output in a script:

Request one of the machine-oriented output forms, such as -o name, -o json, -o yaml, -o go-template, or -o jsonpath.
Fully-qualify the version. For example, jobs.v1.batch/myjob. This will ensure that kubectl does not use its default version that can change over time.
Don't rely on context, preferences, or other implicit states.

Subresources

You can use the --subresource beta flag for kubectl commands like get, patch, edit and replace to fetch and update subresources for all resources that support them. Currently, only the status and scale subresources are supported.
- For kubectl edit, the scale subresource is not supported. If you use --subresource with kubectl edit and specify scale as the subresource, the command will error out.
The API contract against a subresource is identical to a full resource. While updating the status subresource to a new value, keep in mind that the subresource could be potentially reconciled by a controller to a different value.

Best Practices

`kubectl run`

For kubectl run to satisfy infrastructure as code:

Tag the image with a version-specific tag and don't move that tag to a new version. For example, use :v1234, v1.2.3, r03062016-1-4, rather than :latest (For more information, see Best Practices for Configuration).
Check in the script for an image that is heavily parameterized.
Switch to configuration files checked into source control for features that are needed, but not expressible via kubectl run flags.

You can use the --dry-run=client flag to preview the object that would be sent to your cluster, without really submitting it.

`kubectl apply`

You can use kubectl apply to create or update resources. For more information about using kubectl apply to update resources, see Kubectl Book.

Command line tool (kubectl)

Syntax

In-cluster authentication and namespace overrides

Operations

Resource types

Output options

Formatting output

Syntax

Example

Custom columns

Examples

Server-side columns

Examples

Sorting list objects

Syntax

Example

Examples: Common operations

Examples: Creating and using plugins

What's next

1 - kubectl Quick Reference

Kubectl autocomplete

BASH

ZSH

FISH

A note on --all-namespaces

Kubectl context and configuration

Kubectl apply

Creating objects

Viewing and finding resources

Updating resources

Patching resources

Editing resources

Scaling resources

Deleting resources

Interacting with running Pods

Copying files and directories to and from containers

Interacting with Deployments and Services

Interacting with Nodes and cluster

Resource types

Formatting output

Kubectl output verbosity and debugging

What's next

2 - kubectl reference

2.1 - kubectl

Synopsis

Options

See Also

2.2 - kubectl annotate

Synopsis

Examples

Options

See Also

2.3 - kubectl api-resources

Synopsis

Examples

Options

See Also

2.4 - kubectl api-versions

Synopsis

Examples

Options

See Also

2.5 - kubectl apply

Synopsis

Examples

Options

See Also

2.5.1 - kubectl apply edit-last-applied

Synopsis

Examples

Options

See Also

2.5.2 - kubectl apply set-last-applied

Synopsis

Examples

Options

See Also

2.5.3 - kubectl apply view-last-applied

Synopsis

Examples

A note on `--all-namespaces`