1. [root@master ~]# kubectl create --help
    2. Create a resource from a file or from stdin.
    4.  JSON and YAML formats are accepted.
    6. Examples:
    7.   # Create a pod using the data in pod.json.
    8.   kubectl create -f ./pod.json
    10.   # Create a pod based on the JSON passed into stdin.
    11.   cat pod.json | kubectl create -f -
    13.   # Edit the data in docker-registry.yaml in JSON then create the resource using the edited data.
    14.   kubectl create -f docker-registry.yaml --edit -o json
    16. Available Commands:
    17.   clusterrole         Create a ClusterRole.
    18.   clusterrolebinding  Create a ClusterRoleBinding for a particular ClusterRole
    19.   configmap           Create a configmap from a local file, directory or literal value
    20.   cronjob             Create a cronjob with the specified name.
    21.   deployment          Create a deployment with the specified name.
    22.   job                 Create a job with the specified name.
    23.   namespace           Create a namespace with the specified name
    24.   poddisruptionbudget Create a pod disruption budget with the specified name.
    25.   priorityclass       Create a priorityclass with the specified name.
    26.   quota               Create a quota with the specified name.
    27.   role                Create a role with single rule.
    28.   rolebinding         Create a RoleBinding for a particular Role or ClusterRole
    29.   secret              Create a secret using specified subcommand
    30.   service             Create a service using specified subcommand.
    31.   serviceaccount      Create a service account with the specified name
    33. Options:
    34.       --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in
    35. the template. Only applies to golang and jsonpath output formats.
    36.       --dry-run='none': Must be "none", "server", or "client". If client strategy, only print the object that would be
    37. sent, without sending it. If server strategy, submit server-side request without persisting the resource.
    38.       --edit=false: Edit the API resource before creating
    39.   -f, --filename=[]: Filename, directory, or URL to files to use to create the resource
    40.   -k, --kustomize='': Process the kustomization directory. This flag can't be used together with -f or -R.
    41.   -o, --output='': Output format. One of:
    42. json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-file.
    43.       --raw='': Raw URI to POST to the server.  Uses the transport specified by the kubeconfig file.
    44.       --record=false: Record current kubectl command in the resource annotation. If set to false, do not record the
    45. command. If set to true, record the command. If not set, default to updating the existing annotation value only if one
    46. already exists.
    47.   -R, --recursive=false: Process the directory used in -f, --filename recursively. Useful when you want to manage
    48. related manifests organized within the same directory.
    49.       --save-config=false: If true, the configuration of current object will be saved in its annotation. Otherwise, the
    50. annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
    51.   -l, --selector='': Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
    52.       --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The
    53. template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
    54.       --validate=true: If true, use a schema to validate the input before sending it
    55.       --windows-line-endings=false: Only relevant if --edit=true. Defaults to the line ending native to your platform.
    57. Usage:
    58.   kubectl create -f FILENAME [options]
    60. Use "kubectl <command> --help" for more information about a given command.
    61. Use "kubectl options" for a list of global command-line options (applies to all commands).
    62. [root@master ~]#
    1. [root@master ~]# kubectl create clusterrole --help
    2. Create a ClusterRole.
    4. Examples:
    5.   # Create a ClusterRole named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
    6.   kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods
    8.   # Create a ClusterRole named "pod-reader" with ResourceName specified
    9.   kubectl create clusterrole pod-reader --verb=get --resource=pods --resource-name=readablepod
    10. --resource-name=anotherpod
    12.   # Create a ClusterRole named "foo" with API Group specified
    13.   kubectl create clusterrole foo --verb=get,list,watch --resource=rs.extensions
    15.   # Create a ClusterRole named "foo" with SubResource specified
    16.   kubectl create clusterrole foo --verb=get,list,watch --resource=pods,pods/status
    18.   # Create a ClusterRole name "foo" with NonResourceURL specified
    19.   kubectl create clusterrole "foo" --verb=get --non-resource-url=/logs/*
    21.   # Create a ClusterRole name "monitoring" with AggregationRule specified
    22.   kubectl create clusterrole monitoring --aggregation-rule="rbac.example.com/aggregate-to-monitoring=true"
    24. Options:
    25.       --aggregation-rule=: An aggregation label selector for combining ClusterRoles.
    26.       --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in
    27. the template. Only applies to golang and jsonpath output formats.
    28.       --dry-run='none': Must be "none", "server", or "client". If client strategy, only print the object that would be
    29. sent, without sending it. If server strategy, submit server-side request without persisting the resource.
    30.       --non-resource-url=[]: A partial url that user should have access to.
    31.   -o, --output='': Output format. One of:
    32. json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-file.
    33.       --resource=[]: Resource that the rule applies to
    34.       --resource-name=[]: Resource in the white list that the rule applies to, repeat this flag for multiple items
    35.       --save-config=false: If true, the configuration of current object will be saved in its annotation. Otherwise, the
    36. annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
    37.       --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The
    38. template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
    39.       --validate=true: If true, use a schema to validate the input before sending it
    40.       --verb=[]: Verb that applies to the resources contained in the rule
    42. Usage:
    43.   kubectl create clusterrole NAME --verb=verb --resource=resource.group [--resource-name=resourcename]
    44. [--dry-run=server|client|none] [options]
    46. Use "kubectl options" for a list of global command-line options (applies to all commands).
    47. [root@master ~]#
    1. [root@master ~]# kubectl create namespace app-team1
    2. namespace/app-team1 created
    3. [root@master ~]# kubectl create clusterrole deployment-clusterrole --verb=create --resource=deployments,statefulsets,daemonsets
    4. clusterrole.rbac.authorization.k8s.io/deployment-clusterrole created
    5. [root@master ~]# kubectl create serviceaccount cicd-token --namespace=app-team1 
    6. serviceaccount/cicd-token created
    7. [root@master ~]# kubectl create rolebinding deployment-clusterole --clusterrole=deployment=clusterrole --serviceaccount=app-team1:cicd-token --namespace=app-team1
    8. rolebinding.rbac.authorization.k8s.io/deployment-clusterole created
    9. [root@master ~]#
    1. [root@master ~]# kubectl get rolebindings.rbac.authorization.k8s.io -n app-team1 
    2. NAME                    ROLE                                 AGE
    3. deployment-clusterole   ClusterRole/deployment=clusterrole   4m50s
    4. [root@master ~]# kubectl describe rolebindings.rbac.authorization.k8s.io -n app-team1 
    5. Name:         deployment-clusterole
    6. Labels:       <none>
    7. Annotations:  <none>
    8. Role:
    9.   Kind:  ClusterRole
    10.   Name:  deployment=clusterrole
    11. Subjects:
    12.   Kind            Name        Namespace
    13.   ----            ----        ---------
    14.   ServiceAccount  cicd-token  app-team1
    15. [root@master ~]# kubectl describe serviceaccounts cicd-token -n app-team1 
    16. Name:                cicd-token
    17. Namespace:           app-team1
    18. Labels:              <none>
    19. Annotations:         <none>
    20. Image pull secrets:  <none>
    21. Mountable secrets:   cicd-token-token-jbpjd
    22. Tokens:              cicd-token-token-jbpjd
    23. Events:              <none>
    24. [root@master ~]#
    26. [root@master ~]# kubectl describe clusterrole deployment-clusterrole -n app-team1 
    27. Name:         deployment-clusterrole
    28. Labels:       <none>
    29. Annotations:  <none>
    30. PolicyRule:
    31.   Resources          Non-Resource URLs  Resource Names  Verbs
    32.   ---------          -----------------  --------------  -----
    33.   daemonsets.apps    []                 []              [create]
    34.   deployments.apps   []                 []              [create]
    35.   statefulsets.apps  []                 []              [create]
    36. [root@master ~]#