--Start a single instance of nginx.
-
kubectl run nginx --image=nginx
---Start a single instance of hazelcast and let the container expose port 5701 .
-
kubectl run hazelcast --image=hazelcast --port=5701
---Start a single instance of hazelcast and set environment variables "DNS_DOMAIN=cluster" and "POD_NAMESPACE=default" in the container.
-
kubectl run hazelcast --image=hazelcast --env="DNS_DOMAIN=cluster" --env="POD_NAMESPACE=default"
---Start a single instance of hazelcast and set labels "app=hazelcast" and "env=prod" in the container.
-
kubectl run hazelcast --image=nginx --labels="app=hazelcast,env=prod"
---Start a replicated instance of nginx.
-
kubectl run nginx --image=nginx --replicas=5
---Dry run. Print the corresponding API objects without creating them.
-
kubectl run nginx --image=nginx --dry-run
---Start a single instance of nginx, but overload the spec of the deployment with a partial set of values parsed from JSON.
-
kubectl run nginx --image=nginx --overrides='{ "apiVersion": "v1", "spec": { ... } }'
---Start a pod of busybox and keep it in the foreground, don't restart it if it exits.
-
kubectl run -i -t busybox --image=busybox --restart=Never
---Start the nginx container using the default command, but use custom arguments (arg1 .. argN) for that command.
-
kubectl run nginx --image=nginx -- <arg1> <arg2> ... <argN>
---Start the nginx container using a different command and custom arguments.
+Create a pod using the data in pod.json.
kubectl run nginx --image=nginx --command -- <cmd> <arg1> ... <argN>
+kubectl create -f ./pod.json
- Start the perl container to compute π to 2000 places and print it out.
+ Create a pod based on the JSON passed into stdin.
-kubectl run pi --image=perl --restart=OnFailure -- perl -Mbignum=bpi -wle 'print bpi(2000)'
+cat pod.json | kubectl create -f -
- Start the cron job to compute π to 2000 places and print it out every 5 minutes.
+ Edit the data in docker-registry.yaml in JSON then create the resource using the edited data.
-kubectl run pi --schedule="0/5 * * * ?" --image=perl --restart=OnFailure -- perl -Mbignum=bpi -wle 'print bpi(2000)'
+kubectl create -f docker-registry.yaml --edit -o json
-Create and run a particular image, possibly replicated.
-Creates a deployment or job to manage the created container(s).
+Create a resource from a file or from stdin.
+JSON and YAML formats are accepted.
Usage
-$ run NAME --image=image [--env="key=value"] [--port=port] [--replicas=replicas] [--dry-run=bool] [--overrides=inline-json] [--command] -- [COMMAND] [args...]
+$ create -f FILENAME
Flags
@@ -108,154 +63,166 @@ Flags
If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-attach
-false
-If true, wait for the Pod to start running, and then attach to the Pod as if 'kubectl attach ...' were called. Default false, unless '-i/--stdin' is set, in which case the default is true. With '--restart=Never' the exit code of the container process is returned.
-
-
-command
-false
-If true and extra arguments are present, use them as the 'command' field in the container, rather than the 'args' field which is the default.
-
-
dry-run
false
If true, only print the object that would be sent, without sending it.
-env
-[]
-Environment variables to set in the container
-
-
-expose
+edit
false
-If true, a public, external service is created for the container(s) which are run
-
-
-generator
-The name of the API generator to use, see http://kubernetes.io/docs/user-guide/kubectl-conventions/#generators for a list.
+Edit the API resource before creating
-hostport
--1
-The host port mapping for the container port. To demonstrate a single-machine container.
+filename
+f
+[]
+Filename, directory, or URL to files to use to create the resource
-image
-output
+o
The image for the container to run.
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-image-pull-policy
+raw
The image pull policy for the container. If left empty, this value will not be specified by the client and defaulted by the server
+Raw URI to POST to the server. Uses the transport specified by the kubeconfig file.
-include-extended-apis
+record
true
-If true, include definitions of new APIs via calls to the API server. [default true]
+false
+Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
-labels
-l
-Comma separated labels to apply to the pod(s). Will override previous values.
+recursive
+R
+false
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-leave-stdin-open
+save-config
false
-If the pod is started in interactive mode or with stdin, leave stdin open after the first attach completes. By default, stdin will be closed after the first attach completes.
+If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-limits
-selector
+l
The resource requirement limits for this container. For example, 'cpu=200m,memory=512Mi'. Note that server side components may assign limits depending on the server configuration, such as limit ranges.
+Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
-no-headers
+template
false
-When using the default or custom-column output format, don't print headers (default print headers).
-
-
-output
-o
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-output-version
-validate
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+true
+If true, use a schema to validate the input before sending it
-overrides
-windows-line-endings
An inline JSON override for the generated object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field.
+false
+Only relevant if --edit=true. Defaults to the line ending native to your platform.
+
+
+
+clusterrole
+
+ Create a ClusterRole named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
+
+kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods
+
+
+ Create a ClusterRole named "pod-reader" with ResourceName specified
+
+kubectl create clusterrole pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod
+
+
+ Create a ClusterRole named "foo" with API Group specified
+
+kubectl create clusterrole foo --verb=get,list,watch --resource=rs.extensions
+
+
+ Create a ClusterRole named "foo" with SubResource specified
+
+kubectl create clusterrole foo --verb=get,list,watch --resource=pods,pods/status
+
+
+ Create a ClusterRole name "foo" with NonResourceURL specified
+
+kubectl create clusterrole "foo" --verb=get --non-resource-url=/logs/*
+
+
+ Create a ClusterRole name "monitoring" with AggregationRule specified
+
+kubectl create clusterrole monitoring --aggregation-rule="rbac.example.com/aggregate-to-monitoring=true"
+
+Create a ClusterRole.
+Usage
+$ clusterrole NAME --verb=verb --resource=resource.group [--resource-name=resourcename] [--dry-run]
+Flags
+
+
-pod-running-timeout
-1m0s
-The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running
+Name
+Shorthand
+Default
+Usage
+
+
-port
+aggregation-rule
The port that this container exposes. If --expose is true, this is also the port used by the service that is created.
+An aggregation label selector for combining ClusterRoles.
-quiet
+allow-missing-template-keys
false
-If true, suppress prompt messages.
+true
+If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-record
+dry-run
false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
+If true, only print the object that would be sent, without sending it.
-replicas
-r
-1
-Number of replicas to create for this container. Default is 1.
+non-resource-url
+[]
+A partial url that user should have access to.
-requests
-output
+o
The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges.
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-restart
+resource
Always
-The restart policy for this Pod. Legal values [Always, OnFailure, Never]. If set to 'Always' a deployment is created, if set to 'OnFailure' a job is created, if set to 'Never', a regular pod is created. For the latter two --replicas must be 1. Default 'Always', for CronJobs Never.
+[]
+Resource that the rule applies to
-rm
+resource-name
false
-If true, delete resources created in this command for attached containers.
+[]
+Resource in the white list that the rule applies to, repeat this flag for multiple items
save-config
@@ -264,52 +231,93 @@ Flags
If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-schedule
+template
A schedule in the Cron format the job should be run with.
+Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-service-generator
+validate
service/v2
-The name of the generator to use for creating a service. Only used if --expose is true
+true
+If true, use a schema to validate the input before sending it
-service-overrides
-verb
An inline JSON override for the generated service object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field. Only used if --expose is true.
+[]
+Verb that applies to the resources contained in the rule
-
-serviceaccount
-Service account to set in the pod spec
+
+
+
+clusterrolebinding
+
+ Create a ClusterRoleBinding for user1, user2, and group1 using the cluster-admin ClusterRole
+
+kubectl create clusterrolebinding cluster-admin --clusterrole=cluster-admin --user=user1 --user=user2 --group=group1
+
+Create a ClusterRoleBinding for a particular ClusterRole.
+Usage
+$ clusterrolebinding NAME --clusterrole=NAME [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run]
+Flags
+
+
+
+Name
+Shorthand
+Default
+Usage
+
+
-show-all
-a
+allow-missing-template-keys
+true
-When printing, show all resources (default show all pods including terminated one.)
+If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-show-labels
+clusterrole
+ClusterRole this ClusterRoleBinding should reference
+
+
+dry-run
false
-When printing, show all labels as the last column (default hide labels column)
+If true, only print the object that would be sent, without sending it.
-sort-by
+generator
clusterrolebinding.rbac.authorization.k8s.io/v1alpha1
+The name of the API generator to use.
+
+
+group
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+[]
+Groups to bind to the role
-stdin
-i
+output
+o
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+
+
+save-config
+false
-Keep stdin open on the container(s) in the pod, even if nothing is attached.
+If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
+
+
+serviceaccount
+[]
+Service accounts to bind to the role, in the format :
template
@@ -318,79 +326,46 @@ Flags
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-tty
-t
-false
-Allocated a TTY for each container in the pod.
+validate
+true
+If true, use a schema to validate the input before sending it
-run-container
-
- Start a single instance of nginx.
-
-kubectl run nginx --image=nginx
-
-
- Start a single instance of hazelcast and let the container expose port 5701 .
-
-kubectl run hazelcast --image=hazelcast --port=5701
-
-
- Start a single instance of hazelcast and set environment variables "DNS_DOMAIN=cluster" and "POD_NAMESPACE=default" in the container.
-
-kubectl run hazelcast --image=hazelcast --env="DNS_DOMAIN=cluster" --env="POD_NAMESPACE=default"
-
-
- Start a single instance of hazelcast and set labels "app=hazelcast" and "env=prod" in the container.
-
-kubectl run hazelcast --image=nginx --labels="app=hazelcast,env=prod"
-
-
- Start a replicated instance of nginx.
-
-kubectl run nginx --image=nginx --replicas=5
-
-
- Dry run. Print the corresponding API objects without creating them.
-
-kubectl run nginx --image=nginx --dry-run
-
-
- Start a single instance of nginx, but overload the spec of the deployment with a partial set of values parsed from JSON.
-
-kubectl run nginx --image=nginx --overrides='{ "apiVersion": "v1", "spec": { ... } }'
-
+configmap
- Start a pod of busybox and keep it in the foreground, don't restart it if it exits.
+ Create a new configmap named my-config based on folder bar
-kubectl run -i -t busybox --image=busybox --restart=Never
+kubectl create configmap my-config --from-file=path/to/bar
- Start the nginx container using the default command, but use custom arguments (arg1 .. argN) for that command.
+ Create a new configmap named my-config with specified keys instead of file basenames on disk
-kubectl run nginx --image=nginx -- <arg1> <arg2> ... <argN>
+kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt
- Start the nginx container using a different command and custom arguments.
+ Create a new configmap named my-config with key1=config1 and key2=config2
-kubectl run nginx --image=nginx --command -- <cmd> <arg1> ... <argN>
+kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2
- Start the perl container to compute π to 2000 places and print it out.
+ Create a new configmap named my-config from the key=value pairs in the file
-kubectl run pi --image=perl --restart=OnFailure -- perl -Mbignum=bpi -wle 'print bpi(2000)'
+kubectl create configmap my-config --from-file=path/to/bar
- Start the cron job to compute π to 2000 places and print it out every 5 minutes.
+ Create a new configmap named my-config from an env file
-kubectl run pi --schedule="0/5 * * * ?" --image=perl --restart=OnFailure -- perl -Mbignum=bpi -wle 'print bpi(2000)'
+kubectl create configmap my-config --from-env-file=path/to/bar.env
-Create and run a particular image, possibly replicated.
-Creates a deployment or job to manage the created container(s).
+Create a configmap based on a file, directory, or specified literal value.
+A single configmap may package one or more key/value pairs.
+When creating a configmap based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key, you may specify an alternate key.
+When creating a configmap based on a directory, each file whose basename is a valid key in the directory will be packaged into the configmap. Any directory entries except regular files are ignored (e.g. subdirectories, symlinks, devices, pipes, etc).
Usage
-$ run-container
+$ configmap NAME [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run]
Flags
@@ -409,88 +384,111 @@ Flags
If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-attach
+append-hash
false
-If true, wait for the Pod to start running, and then attach to the Pod as if 'kubectl attach ...' were called. Default false, unless '-i/--stdin' is set, in which case the default is true. With '--restart=Never' the exit code of the container process is returned.
+Append a hash of the configmap to its name.
-command
+dry-run
false
-If true and extra arguments are present, use them as the 'command' field in the container, rather than the 'args' field which is the default.
+If true, only print the object that would be sent, without sending it.
-dry-run
+from-env-file
false
-If true, only print the object that would be sent, without sending it.
+Specify the path to a file to read lines of key=val pairs to create a configmap (i.e. a Docker .env file).
-env
+from-file
[]
-Environment variables to set in the container
+Key file can be specified using its file path, in which case file basename will be used as configmap key, or optionally with a key and file path, in which case the given key will be used. Specifying a directory will iterate each named file in the directory whose basename is a valid configmap key.
-expose
+from-literal
false
-If true, a public, external service is created for the container(s) which are run
+[]
+Specify a key and literal value to insert in configmap (i.e. mykey=somevalue)
generator
The name of the API generator to use, see http://kubernetes.io/docs/user-guide/kubectl-conventions/#generators for a list.
+configmap/v1
+The name of the API generator to use.
-hostport
+output
+o
-1
-The host port mapping for the container port. To demonstrate a single-machine container.
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-image
-save-config
The image for the container to run.
+false
+If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-image-pull-policy
+template
The image pull policy for the container. If left empty, this value will not be specified by the client and defaulted by the server
+Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-include-extended-apis
+validate
true
-If true, include definitions of new APIs via calls to the API server. [default true]
+If true, use a schema to validate the input before sending it
+
+
+
+
+deployment
+
+ Create a new deployment named my-dep that runs the busybox image.
+
+kubectl create deployment my-dep --image=busybox
+
+Create a deployment with the specified name.
+Usage
+$ deployment NAME --image=image [--dry-run]
+Flags
+
+
+
+Name
+Shorthand
+Default
+Usage
+
+
-labels
-l
+allow-missing-template-keys
Comma separated labels to apply to the pod(s). Will override previous values.
+true
+If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-leave-stdin-open
+dry-run
false
-If the pod is started in interactive mode or with stdin, leave stdin open after the first attach completes. By default, stdin will be closed after the first attach completes.
+If true, only print the object that would be sent, without sending it.
-limits
+generator
The resource requirement limits for this container. For example, 'cpu=200m,memory=512Mi'. Note that server side components may assign limits depending on the server configuration, such as limit ranges.
+The name of the API generator to use.
-no-headers
+image
false
-When using the default or custom-column output format, don't print headers (default print headers).
+[]
+Image name to run.
output
@@ -499,64 +497,69 @@ Flags
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
-save-config
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+false
+If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-overrides
-template
An inline JSON override for the generated object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field.
-
-
-pod-running-timeout
1m0s
-The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running
+Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-port
-validate
The port that this container exposes. If --expose is true, this is also the port used by the service that is created.
-
-
-quiet
-false
-If true, suppress prompt messages.
+true
+If true, use a schema to validate the input before sending it
+
+
+
+job
+
+ Create a job from a CronJob named "a-cronjob"
+
+kubectl create job test-job --from=cronjob/a-cronjob
+
+Create a job with the specified name.
+Usage
+$ job NAME [--from=CRONJOB]
+Flags
+
+
-record
-false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
+Name
+Shorthand
+Default
+Usage
+
+
-replicas
-r
-1
-Number of replicas to create for this container. Default is 1.
+allow-missing-template-keys
+true
+If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-requests
-dry-run
The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges.
+false
+If true, only print the object that would be sent, without sending it.
-restart
+from
Always
-The restart policy for this Pod. Legal values [Always, OnFailure, Never]. If set to 'Always' a deployment is created, if set to 'OnFailure' a job is created, if set to 'Never', a regular pod is created. For the latter two --replicas must be 1. Default 'Always', for CronJobs Never.
+The name of the resource to create a Job from (only cronjob is supported).
-rm
+output
+o
false
-If true, delete resources created in this command for attached containers.
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
save-config
@@ -565,52 +568,69 @@ Flags
If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-schedule
+template
A schedule in the Cron format the job should be run with.
+Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-service-generator
+validate
service/v2
-The name of the generator to use for creating a service. Only used if --expose is true
+true
+If true, use a schema to validate the input before sending it
+
+
+
+namespace
+
+ Create a new namespace named my-namespace
+
+kubectl create namespace my-namespace
+
+Create a namespace with the specified name.
+Usage
+$ namespace NAME [--dry-run]
+Flags
+
+
-service-overrides
-An inline JSON override for the generated service object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field. Only used if --expose is true.
+Name
+Shorthand
+Default
+Usage
+
+
-serviceaccount
-allow-missing-template-keys
Service account to set in the pod spec
-
-
-show-all
-a
true
-When printing, show all resources (default show all pods including terminated one.)
+If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-show-labels
+dry-run
false
-When printing, show all labels as the last column (default hide labels column)
+If true, only print the object that would be sent, without sending it.
-sort-by
+generator
namespace/v1
+The name of the API generator to use.
+
+
+output
+o
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-stdin
-i
+save-config
+false
-Keep stdin open on the container(s) in the pod, even if nothing is attached.
+If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
template
@@ -619,56 +639,28 @@ Flags
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-tty
-t
-false
-Allocated a TTY for each container in the pod.
+validate
+true
+If true, use a schema to validate the input before sending it
-expose
-
- Create a service for a replicated nginx, which serves on port 80 and connects to the containers on port 8000.
-
-kubectl expose rc nginx --port=80 --target-port=8000
-
-
- Create a service for a replication controller identified by type and name specified in "nginx-controller.yaml", which serves on port 80 and connects to the containers on port 8000.
-
-kubectl expose -f nginx-controller.yaml --port=80 --target-port=8000
-
-
- Create a service for a pod valid-pod, which serves on port 444 with the name "frontend"
-
-kubectl expose pod valid-pod --port=444 --name=frontend
-
-
- Create a second service based on the above service, exposing the container port 8443 as port 443 with the name "nginx-https"
-
-kubectl expose service nginx --port=443 --target-port=8443 --name=nginx-https
-
-
- Create a service for a replicated streaming application on port 4100 balancing UDP traffic and named 'video-stream'.
-
-kubectl expose rc streamer --port=4100 --protocol=udp --name=video-stream
-
+poddisruptionbudget
- Create a service for a replicated nginx using replica set, which serves on port 80 and connects to the containers on port 8000.
+ Create a pod disruption budget named my-pdb that will select all pods with the app=rails label # and require at least one of them being available at any point in time.
-kubectl expose rs nginx --port=80 --target-port=8000
+kubectl create poddisruptionbudget my-pdb --selector=app=rails --min-available=1
- Create a service for an nginx deployment, which serves on port 80 and connects to the containers on port 8000.
+ Create a pod disruption budget named my-pdb that will select all pods with the app=nginx label # and require at least half of the pods selected to be available at any point in time.
-kubectl expose deployment nginx --port=80 --target-port=8000
+kubectl create pdb my-pdb --selector=app=nginx --min-available=50%
-Expose a resource as a new Kubernetes service.
-Looks up a deployment, service, replica set, replication controller or pod by name and uses the selector for that resource as the selector for a new service on the specified port. A deployment or replica set will be exposed as a service only if its selector is convertible to a selector that service supports, i.e. when the selector contains only the matchLabels component. Note that if no port is specified via --port and the exposed resource has multiple ports, all will be re-used by the new service. Also if no labels are specified, the new service will re-use the labels from the resource it exposes.
-Possible resources include (case insensitive):
-pod (po), service (svc), replicationcontroller (rc), deployment (deploy), replicaset (rs)
+Create a pod disruption budget with the specified name, selector, and desired minimum available pods
Usage
-$ expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type]
+$ poddisruptionbudget NAME --selector=SELECTOR --min-available=N [--dry-run]
Flags
@@ -687,64 +679,28 @@ Flags
If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-cluster-ip
-ClusterIP to be assigned to the service. Leave empty to auto-allocate, or set to 'None' to create a headless service.
-
-
-container-port
-Synonym for --target-port
-
-
dry-run
false
If true, only print the object that would be sent, without sending it.
-external-ip
-Additional external IP address (not managed by Kubernetes) to accept for the service. If this IP is routed to a node, the service can be accessed by this IP in addition to its generated service IP.
-
-
-filename
-f
-[]
-Filename, directory, or URL to files identifying the resource to expose a service
-
-
generator
service/v2
-The name of the API generator to use. There are 2 generators: 'service/v1' and 'service/v2'. The only difference between them is that service port in v1 is named 'default', while it is left unnamed in v2. Default is 'service/v2'.
-
-
-labels
-l
-Labels to apply to the service created by this call.
+poddisruptionbudget/v1beta1/v2
+The name of the API generator to use.
-load-balancer-ip
+max-unavailable
IP to assign to the LoadBalancer. If empty, an ephemeral IP will be created and used (cloud-provider specific).
+The maximum number or percentage of unavailable pods this budget requires.
-name
-min-available
The name for the newly created object.
-
-
-no-headers
false
-When using the default or custom-column output format, don't print headers (default print headers).
+The minimum number or percentage of available pods this budget requires.
output
@@ -753,42 +709,6 @@ Flags
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
-overrides
-An inline JSON override for the generated object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field.
-
-
-port
-The port that the service should serve on. Copied from the resource being exposed, if unspecified
-
-
-protocol
-The network protocol for the service to be created. Default is 'TCP'.
-
-
-record
-false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
-
-
-recursive
-R
-false
-Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-
-
save-config
false
@@ -798,132 +718,37 @@ Flags
selector
A label selector to use for this service. Only equality-based selector requirements are supported. If empty (the default) infer the selector from the replication controller or replica set.)
+A label selector to use for this budget. Only equality-based selector requirements are supported.
-session-affinity
+template
If non-empty, set the session affinity for the service to this; legal values: 'None', 'ClientIP'
+Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
-
-
-show-labels
-false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
-
-
-target-port
-Name or number for the port on the container that the service should direct traffic to. Optional.
-
-
-template
-Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-
-
-type
-validate
Type for this service: ClusterIP, NodePort, LoadBalancer, or ExternalName. Default is 'ClusterIP'.
+true
+If true, use a schema to validate the input before sending it
-APP MANAGEMENT
-This section contains commands for creating, updating, deleting, and
-viewing your workloads in a Kubernetes cluster.
-annotate
-
- Update pod 'foo' with the annotation 'description' and the value 'my frontend'. # If the same annotation is set multiple times, only the last value will be applied
-
-kubectl annotate pods foo description='my frontend'
-
-
- Update a pod identified by type and name in "pod.json"
-
-kubectl annotate -f pod.json description='my frontend'
-
-
- Update pod 'foo' with the annotation 'description' and the value 'my frontend running nginx', overwriting any existing value.
-
-kubectl annotate --overwrite pods foo description='my frontend running nginx'
-
-
- Update all pods in the namespace
-
-kubectl annotate pods --all description='my frontend running nginx'
-
+priorityclass
- Update pod 'foo' only if the resource is unchanged from version 1.
+ Create a priorityclass named high-priority
-kubectl annotate pods foo description='my frontend running nginx' --resource-version=1
+kubectl create priorityclass default-priority --value=1000 --description="high priority"
- Update pod 'foo' by removing an annotation named 'description' if it exists. # Does not require the --overwrite flag.
+ Create a priorityclass named default-priority that considered as the global default priority
-kubectl annotate pods foo description-
+kubectl create priorityclass default-priority --value=1000 --global-default=true --description="default priority"
-Update the annotations on one or more resources
-All Kubernetes objects support the ability to store additional data with the object as annotations. Annotations are key/value pairs that can be larger than labels and include arbitrary string values such as structured JSON. Tools and system extensions may use annotations to store their own data.
-Attempting to set an annotation that already exists will fail unless --overwrite is set. If --resource-version is specified and does not match the current resource version on the server the command will fail.
-Valid resource types include:
-
-- all
-- certificatesigningrequests (aka 'csr')
-- clusterrolebindings
-- clusterroles
-- componentstatuses (aka 'cs')
-- configmaps (aka 'cm')
-- controllerrevisions
-- cronjobs
-- customresourcedefinition (aka 'crd')
-- daemonsets (aka 'ds')
-- deployments (aka 'deploy')
-- endpoints (aka 'ep')
-- events (aka 'ev')
-- horizontalpodautoscalers (aka 'hpa')
-- ingresses (aka 'ing')
-- jobs
-- limitranges (aka 'limits')
-- namespaces (aka 'ns')
-- networkpolicies (aka 'netpol')
-- nodes (aka 'no')
-- persistentvolumeclaims (aka 'pvc')
-- persistentvolumes (aka 'pv')
-- poddisruptionbudgets (aka 'pdb')
-- podpreset
-- pods (aka 'po')
-- podsecuritypolicies (aka 'psp')
-- podtemplates
-- replicasets (aka 'rs')
-- replicationcontrollers (aka 'rc')
-- resourcequotas (aka 'quota')
-- rolebindings
-- roles
-- secrets
-- serviceaccounts (aka 'sa')
-- services (aka 'svc')
-- statefulsets (aka 'sts')
-- storageclasses (aka 'sc')
-
+Create a priorityclass with the specified name, value, globalDefault and description
Usage
-$ annotate [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--resource-version=version]
+$ priorityclass NAME --value=VALUE --global-default=BOOL [--dry-run]
Flags
@@ -936,112 +761,134 @@ Flags
-all
-false
-Select all resources, including uninitialized ones, in the namespace of the specified resource types.
-
-
allow-missing-template-keys
true
If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
+description
+description is an arbitrary string that usually provides guidelines on when this priority class should be used.
+
+
dry-run
false
If true, only print the object that would be sent, without sending it.
-filename
-f
-[]
-Filename, directory, or URL to files identifying the resource to update the annotation
-
-
-include-extended-apis
+generator
true
-If true, include definitions of new APIs via calls to the API server. [default true]
+priorityclass/v1alpha1
+The name of the API generator to use.
-include-uninitialized
+global-default
false
-If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
+global-default specifies whether this PriorityClass should be considered as the default priority.
-local
+output
+o
false
-If true, annotation will NOT contact api-server but run locally.
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-no-headers
+save-config
false
-When using the default or custom-column output format, don't print headers (default print headers).
+If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-output
-o
+template
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-output-version
-validate
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+true
+If true, use a schema to validate the input before sending it
-overwrite
+value
false
-If true, allow annotations to be overwritten, otherwise reject annotation updates that overwrite existing annotations.
+0
+the value of this priority class.
+
+
+
+
+quota
+
+ Create a new resourcequota named my-quota
+
+kubectl create quota my-quota --hard=cpu=1,memory=1G,pods=2,services=3,replicationcontrollers=2,resourcequotas=1,secrets=5,persistentvolumeclaims=10
+
+
+ Create a new resourcequota named best-effort
+
+kubectl create quota best-effort --hard=pods=100 --scopes=BestEffort
+
+Create a resourcequota with the specified name, hard limits and optional scopes
+Usage
+$ quota NAME [--hard=key1=value1,key2=value2] [--scopes=Scope1,Scope2] [--dry-run=bool]
+Flags
+
+
+
+Name
+Shorthand
+Default
+Usage
+
+
-record
+allow-missing-template-keys
false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
+true
+If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-recursive
-R
+dry-run
+false
-Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
+If true, only print the object that would be sent, without sending it.
-resource-version
-generator
If non-empty, the annotation update will only succeed if this is the current resource-version for the object. Only valid when specifying a single resource.
+resourcequotas/v1
+The name of the API generator to use.
-selector
-l
+hard
Selector (label query) to filter on, not including uninitialized ones, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2).
+A comma-delimited set of resource=quantity pairs that define a hard limit.
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+output
+o
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-show-labels
+save-config
false
-When printing, show all labels as the last column (default hide labels column)
+If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-sort-by
+scopes
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+A comma-delimited set of quota scopes that must all match each object tracked by the quota.
template
@@ -1049,24 +896,39 @@ Flags
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+
+validate
+true
+If true, use a schema to validate the input before sending it
+
-autoscale
+role
- Auto scale a deployment "foo", with the number of pods between 2 and 10, no target CPU utilization specified so a default autoscaling policy will be used:
+ Create a Role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
-kubectl autoscale deployment foo --min=2 --max=10
+kubectl create role pod-reader --verb=get --verb=list --verb=watch --resource=pods
- Auto scale a replication controller "foo", with the number of pods between 1 and 5, target CPU utilization at 80%:
+ Create a Role named "pod-reader" with ResourceName specified
-kubectl autoscale rc foo --max=5 --cpu-percent=80
+kubectl create role pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod
-Creates an autoscaler that automatically chooses and sets the number of pods that run in a kubernetes cluster.
-Looks up a Deployment, ReplicaSet, or ReplicationController by name and creates an autoscaler that uses the given resource as a reference. An autoscaler can automatically increase or decrease number of pods deployed within the system as needed.
+
+ Create a Role named "foo" with API Group specified
+
+kubectl create role foo --verb=get,list,watch --resource=rs.extensions
+
+
+ Create a Role named "foo" with SubResource specified
+
+kubectl create role foo --verb=get,list,watch --resource=pods,pods/status
+
+Create a role with single rule.
Usage
-$ autoscale (-f FILENAME | TYPE NAME | TYPE/NAME) [--min=MINPODS] --max=MAXPODS [--cpu-percent=CPU]
+$ role NAME --verb=verb --resource=resource.group/subresource [--resource-name=resourcename] [--dry-run]
Flags
@@ -1085,106 +947,129 @@ Flags
If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-cpu-percent
--1
-The target average CPU utilization (represented as a percent of requested CPU) over all the pods. If it's not specified or negative, a default autoscaling policy will be used.
-
-
dry-run
false
If true, only print the object that would be sent, without sending it.
-filename
-f
-[]
-Filename, directory, or URL to files identifying the resource to autoscale.
-
-
-generator
+output
+o
horizontalpodautoscaler/v1
-The name of the API generator to use. Currently there is only 1 generator.
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-include-extended-apis
+resource
true
-If true, include definitions of new APIs via calls to the API server. [default true]
+[]
+Resource that the rule applies to
-max
+resource-name
-1
-The upper limit for the number of pods that can be set by the autoscaler. Required.
+[]
+Resource in the white list that the rule applies to, repeat this flag for multiple items
-min
+save-config
-1
-The lower limit for the number of pods that can be set by the autoscaler. If it's not specified or negative, the server will apply a default value.
+false
+If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-name
+template
The name for the newly created object. If not specified, the name of the input resource will be used.
+Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-no-headers
+validate
false
-When using the default or custom-column output format, don't print headers (default print headers).
+true
+If true, use a schema to validate the input before sending it
-output
-o
+verb
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+[]
+Verb that applies to the resources contained in the rule
+
+
+
+
+rolebinding
+
+ Create a RoleBinding for user1, user2, and group1 using the admin ClusterRole
+
+kubectl create rolebinding admin --clusterrole=admin --user=user1 --user=user2 --group=group1
+
+Create a RoleBinding for a particular Role or ClusterRole.
+Usage
+$ rolebinding NAME --clusterrole=NAME|--role=NAME [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run]
+Flags
+
+
+
+Name
+Shorthand
+Default
+Usage
+
+
-output-version
+allow-missing-template-keys
+true
+If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
+
+
+clusterrole
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+ClusterRole this RoleBinding should reference
-record
+dry-run
false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
+If true, only print the object that would be sent, without sending it.
-recursive
-R
-false
-Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
+generator
+rolebinding.rbac.authorization.k8s.io/v1alpha1
+The name of the API generator to use.
-save-config
+group
false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
+[]
+Groups to bind to the role
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+output
+o
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-show-labels
+role
false
-When printing, show all labels as the last column (default hide labels column)
+Role this RoleBinding should reference
-sort-by
+save-config
false
+If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
+
+
+serviceaccount
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+[]
+Service accounts to bind to the role, in the format :
template
@@ -1192,30 +1077,36 @@ Flags
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+
+validate
+true
+If true, use a schema to validate the input before sending it
+
-convert
-
- Convert 'pod.yaml' to latest version and print to stdout.
-
-kubectl convert -f pod.yaml
-
-
- Convert the live state of the resource specified by 'pod.yaml' to the latest version # and print to stdout in JSON format.
-
-kubectl convert -f pod.yaml --local -o json
-
+secret
+Create a secret using specified subcommand.
+Usage
+$ secret
+
+secret docker-registry
- Convert all files under current directory to latest version and create them all.
+ If you don't already have a .dockercfg file, you can create a dockercfg secret directly by using:
-kubectl convert -f . | kubectl create -f -
+kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
-Convert config files between different API versions. Both YAML and JSON formats are accepted.
-The command takes filename, directory, or URL as input, and convert it into format of version specified by --output-version flag. If target version is not specified or not supported, convert to latest version.
-The default output will be printed to stdout in YAML format. One can use -o option to change to output destination.
+Create a new secret for use with Docker registries.
+ Dockercfg secrets are used to authenticate against Docker registries.
+ When using the Docker command line to push images, you can authenticate to a given registry by running:
+ '$ docker login DOCKER_REGISTRY_SERVER --username=DOCKER_USER --password=DOCKER_PASSWORD --email=DOCKER_EMAIL'.
+That produces a ~/.dockercfg file that is used by subsequent 'docker push' and 'docker pull' commands to authenticate to the registry. The email address is optional.
+ When creating applications, you may have a Docker registry that requires authentication. In order for the
+ nodes to pull images on your behalf, they have to have the credentials. You can provide this information
+ by creating a dockercfg secret and attaching it to your service account.
Usage
-$ convert -f FILENAME
+$ docker-registry NAME --docker-username=user --docker-password=password --docker-email=email [--docker-server=string] [--from-literal=key1=value1] [--dry-run]
Flags
@@ -1234,64 +1125,64 @@ Flags
If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-filename
-f
-[]
-Filename, directory, or URL to files to need to get converted.
-
-
-include-extended-apis
+append-hash
true
-If true, include definitions of new APIs via calls to the API server. [default true]
+false
+Append a hash of the secret to its name.
-local
+docker-email
true
-If true, convert will NOT try to contact api-server but run locally.
+Email for Docker registry
-no-headers
+docker-password
false
-When using the default or custom-column output format, don't print headers (default print headers).
+Password for Docker registry authentication
-output
-o
+docker-server
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+https://index.docker.io/v1/
+Server location for Docker registry
-output-version
+docker-username
Output the formatted object with the given group version (for ex: 'extensions/v1beta1').)
+Username for Docker registry authentication
-recursive
-R
+dry-run
+false
-Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
+If true, only print the object that would be sent, without sending it.
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+from-file
+[]
+Key files can be specified using their file path, in which case a default name will be given to them, or optionally with a name and file path, in which case the given name will be used. Specifying a directory will iterate each named file in the directory that is a valid secret key.
-show-labels
+generator
false
-When printing, show all labels as the last column (default hide labels column)
+secret-for-docker-registry/v1
+The name of the API generator to use.
-sort-by
+output
+o
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+
+
+save-config
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+false
+If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
template
@@ -1308,26 +1199,38 @@ Flags
-create
+secret generic
- Create a pod using the data in pod.json.
+ Create a new secret named my-secret with keys for each file in folder bar
-kubectl create -f ./pod.json
+kubectl create secret generic my-secret --from-file=path/to/bar
- Create a pod based on the JSON passed into stdin.
+ Create a new secret named my-secret with specified keys instead of names on disk
-cat pod.json | kubectl create -f -
+kubectl create secret generic my-secret --from-file=ssh-privatekey=~/.ssh/id_rsa --from-file=ssh-publickey=~/.ssh/id_rsa.pub
+
+
+ Create a new secret named my-secret with key1=supersecret and key2=topsecret
+
+kubectl create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret
- Edit the data in docker-registry.yaml in JSON using the v1 API format then create the resource using the edited data.
+ Create a new secret named my-secret using a combination of a file and a literal
-kubectl create -f docker-registry.yaml --edit --output-version=v1 -o json
+kubectl create secret generic my-secret --from-file=ssh-privatekey=~/.ssh/id_rsa --from-literal=passphrase=topsecret
-Create a resource from a file or from stdin.
-JSON and YAML formats are accepted.
+
+ Create a new secret named my-secret from an env file
+
+kubectl create secret generic my-secret --from-env-file=path/to/bar.env
+
+Create a secret based on a file, directory, or specified literal value.
+A single secret may package one or more key/value pairs.
+When creating a secret based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key or you wish to chose your own, you may specify an alternate key.
+When creating a secret based on a directory, each file whose basename is a valid key in the directory will be packaged into the secret. Any directory entries except regular files are ignored (e.g. subdirectories, symlinks, devices, pipes, etc).
Usage
-$ create -f FILENAME
+$ generic NAME [--type=string] [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run]
Flags
@@ -1346,34 +1249,40 @@ Flags
If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
+append-hash
+false
+Append a hash of the secret to its name.
+
+
dry-run
false
If true, only print the object that would be sent, without sending it.
-edit
+from-env-file
false
-Edit the API resource before creating
+Specify the path to a file to read lines of key=val pairs to create a secret (i.e. a Docker .env file).
-filename
-f
+from-file
+[]
-Filename, directory, or URL to files to use to create the resource
+Key files can be specified using their file path, in which case a default name will be given to them, or optionally with a name and file path, in which case the given name will be used. Specifying a directory will iterate each named file in the directory that is a valid secret key.
-include-extended-apis
+from-literal
true
-If true, include definitions of new APIs via calls to the API server. [default true]
+[]
+Specify a key and literal value to insert in secret (i.e. mykey=somevalue)
-no-headers
+generator
false
-When using the default or custom-column output format, don't print headers (default print headers).
+secret/v1
+The name of the API generator to use.
output
@@ -1382,64 +1291,22 @@ Flags
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
-save-config
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+false
+If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-raw
+template
Raw URI to POST to the server. Uses the transport specified by the kubeconfig file.
+Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-record
-false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
-
-
-recursive
-R
-false
-Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-
-
-save-config
-false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-
-
-selector
-l
-Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
-
-
-show-labels
-false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
-
-
-template
+type
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+The type of secret to create
validate
@@ -1447,44 +1314,19 @@ Flags
true
If true, use a schema to validate the input before sending it
-
-windows-line-endings
-false
-Only relevant if --edit=true. Defaults to the line ending native to your platform.
-
-clusterrole
-
- Create a ClusterRole named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
-
-kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods
-
-
- Create a ClusterRole named "pod-reader" with ResourceName specified
-
-kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods --resource-name=readablepod --resource-name=anotherpod
-
-
- Create a ClusterRole named "foo" with API Group specified
-
-kubectl create clusterrole foo --verb=get,list,watch --resource=rs.extensions
-
-
- Create a ClusterRole named "foo" with SubResource specified
-
-kubectl create clusterrole foo --verb=get,list,watch --resource=pods,pods/status
-
+secret tls
- Create a ClusterRole name "foo" with NonResourceURL specified
+ Create a new TLS secret named tls-secret with the given key pair:
-kubectl create clusterrole "foo" --verb=get --non-resource-url=/logs/*
+kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key
-Create a ClusterRole.
+Create a TLS secret from the given public/private key pair.
+The public/private key pair must exist before hand. The public key certificate must be .PEM encoded and match the given private key.
Usage
-$ clusterrole NAME --verb=verb --resource=resource.group [--resource-name=resourcename] [--dry-run]
+$ tls NAME --cert=path/to/cert/file --key=path/to/key/file [--dry-run]
Flags
@@ -1503,46 +1345,40 @@ Flags
If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-dry-run
+append-hash
false
-If true, only print the object that would be sent, without sending it.
+Append a hash of the secret to its name.
-no-headers
+cert
false
-When using the default or custom-column output format, don't print headers (default print headers).
-
-
-non-resource-url
[]
-A partial url that user should have access to.
+Path to PEM encoded public key certificate.
-output
-o
+dry-run
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+false
+If true, only print the object that would be sent, without sending it.
-output-version
-generator
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+secret-for-tls/v1
+The name of the API generator to use.
-resource
+key
[]
-Resource that the rule applies to
+Path to private key associated with given certificate.
-resource-name
+output
+o
[]
-Resource in the white list that the rule applies to, repeat this flag for multiple items
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
save-config
@@ -1551,24 +1387,6 @@ Flags
If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
-
-
-show-labels
-false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
-
-
template
Flags
true
If true, use a schema to validate the input before sending it
-
-verb
-[]
-Verb that applies to the resources contained in the rule
-
-clusterrolebinding
+service
+Create a service using specified subcommand.
+Usage
+$ service
+
+service clusterip
- Create a ClusterRoleBinding for user1, user2, and group1 using the cluster-admin ClusterRole
+ Create a new ClusterIP service named my-cs
-kubectl create clusterrolebinding cluster-admin --clusterrole=cluster-admin --user=user1 --user=user2 --group=group1
+kubectl create service clusterip my-cs --tcp=5678:8080
-Create a ClusterRoleBinding for a particular ClusterRole.
+
+ Create a new ClusterIP service named my-cs (in headless mode)
+
+kubectl create service clusterip my-cs --clusterip="None"
+
+Create a ClusterIP service with the specified name.
Usage
-$ clusterrolebinding NAME --clusterrole=NAME [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run]
+$ clusterip NAME [--tcp=<port>:<targetPort>] [--dry-run]
Flags
@@ -1616,10 +1438,10 @@ Flags
If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-clusterrole
+clusterip
ClusterRole this ClusterRoleBinding should reference
+Assign your own ClusterIP or set to 'None' for a 'headless' service (no loadbalancing).
dry-run
@@ -1630,62 +1452,26 @@ Flags
generator
clusterrolebinding.rbac.authorization.k8s.io/v1alpha1
+service-clusterip/v1
The name of the API generator to use.
-group
-[]
-Groups to bind to the role
-
-
-no-headers
-false
-When using the default or custom-column output format, don't print headers (default print headers).
-
-
output
o
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
save-config
false
If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-serviceaccount
+tcp
[]
-Service accounts to bind to the role, in the format :
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
-
-
-show-labels
-false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+Port pairs can be specified as ':'.
template
@@ -1702,38 +1488,16 @@ Flags
-configmap
-
- Create a new configmap named my-config based on folder bar
-
-kubectl create configmap my-config --from-file=path/to/bar
-
-
- Create a new configmap named my-config with specified keys instead of file basenames on disk
-
-kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt
-
-
- Create a new configmap named my-config with key1=config1 and key2=config2
-
-kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2
-
-
- Create a new configmap named my-config from the key=value pairs in the file
-
-kubectl create configmap my-config --from-file=path/to/bar
-
+service externalname
- Create a new configmap named my-config from an env file
+ Create a new ExternalName service named my-ns
-kubectl create configmap my-config --from-env-file=path/to/bar.env
+kubectl create service externalname my-ns --external-name bar.com
-Create a configmap based on a file, directory, or specified literal value.
-A single configmap may package one or more key/value pairs.
-When creating a configmap based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key, you may specify an alternate key.
-When creating a configmap based on a directory, each file whose basename is a valid key in the directory will be packaged into the configmap. Any directory entries except regular files are ignored (e.g. subdirectories, symlinks, devices, pipes, etc).
+Create an ExternalName service with the specified name.
+ExternalName service references to an external DNS address instead of only pods, which will allow application authors to reference services that exist off platform, on other clusters, or locally.
Usage
-$ configmap NAME [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run]
+$ externalname NAME --external-name external.name [--dry-run]
Flags
@@ -1752,82 +1516,40 @@ Flags
If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-append-hash
-false
-Append a hash of the configmap to its name.
-
-
dry-run
false
If true, only print the object that would be sent, without sending it.
-from-env-file
+external-name
Specify the path to a file to read lines of key=val pairs to create a configmap (i.e. a Docker .env file).
+External name of service
-from-file
+generator
[]
-Key file can be specified using its file path, in which case file basename will be used as configmap key, or optionally with a key and file path, in which case the given key will be used. Specifying a directory will iterate each named file in the directory whose basename is a valid configmap key.
-
-
-from-literal
-[]
-Specify a key and literal value to insert in configmap (i.e. mykey=somevalue)
-
-
-generator
-configmap/v1
+service-externalname/v1
The name of the API generator to use.
-no-headers
-false
-When using the default or custom-column output format, don't print headers (default print headers).
-
-
output
o
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
save-config
false
If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
-
-
-show-labels
-false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-tcp
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+[]
+Port pairs can be specified as ':'.
template
@@ -1844,15 +1566,15 @@ Flags
-deployment
+service loadbalancer
- Create a new deployment named my-dep that runs the busybox image.
+ Create a new LoadBalancer service named my-lbs
-kubectl create deployment my-dep --image=busybox
+kubectl create service loadbalancer my-lbs --tcp=5678:8080
-Create a deployment with the specified name.
+Create a LoadBalancer service with the specified name.
Usage
-$ deployment NAME --image=image [--dry-run]
+$ loadbalancer NAME [--tcp=port:targetPort] [--dry-run]
Flags
@@ -1879,56 +1601,26 @@ Flags
generator
deployment-basic/v1beta1
+service-loadbalancer/v1
The name of the API generator to use.
-image
-[]
-Image name to run.
-
-
-no-headers
-false
-When using the default or custom-column output format, don't print headers (default print headers).
-
-
output
o
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
save-config
false
If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
-
-
-show-labels
-false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-tcp
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+[]
+Port pairs can be specified as ':'.
template
@@ -1945,15 +1637,15 @@ Flags
-job
+service nodeport
- Create a job from a CronJob named "a-cronjob"
+ Create a new NodePort service named my-ns
-kubectl create job --from=cronjob/a-cronjob
+kubectl create service nodeport my-ns --tcp=5678:8080
-Create a job with the specified name.
+Create a NodePort service with the specified name.
Usage
-$ job NAME [--from-cronjob=CRONJOB]
+$ nodeport NAME [--tcp=port:targetPort] [--dry-run]
Flags
@@ -1972,16 +1664,22 @@ Flags
If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-from
+dry-run
false
+If true, only print the object that would be sent, without sending it.
+
+
+generator
The name of the resource to create a Job from (only cronjob is supported).
+service-nodeport/v1
+The name of the API generator to use.
-no-headers
+node-port
false
-When using the default or custom-column output format, don't print headers (default print headers).
+0
+Port used to expose the service on each node in a cluster.
output
@@ -1990,34 +1688,16 @@ Flags
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
save-config
false
If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
-
-
-show-labels
-false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-tcp
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+[]
+Port pairs can be specified as ':'.
template
@@ -2034,15 +1714,15 @@ Flags
-namespace
+serviceaccount
- Create a new namespace named my-namespace
+ Create a new service account named my-service-account
-kubectl create namespace my-namespace
+kubectl create serviceaccount my-service-account
-Create a namespace with the specified name.
+Create a service account with the specified name.
Usage
-$ namespace NAME [--dry-run]
+$ serviceaccount NAME [--dry-run]
Flags
@@ -2069,52 +1749,22 @@ Flags
generator
namespace/v1
+serviceaccount/v1
The name of the API generator to use.
-no-headers
-false
-When using the default or custom-column output format, don't print headers (default print headers).
-
-
output
o
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
save-config
false
If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
-
-
-show-labels
-false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
-
-
template
Flags
-poddisruptionbudget
+get
- Create a pod disruption budget named my-pdb that will select all pods with the app=rails label # and require at least one of them being available at any point in time.
+ List all pods in ps output format.
-kubectl create poddisruptionbudget my-pdb --selector=app=rails --min-available=1
+kubectl get pods
- Create a pod disruption budget named my-pdb that will select all pods with the app=nginx label # and require at least half of the pods selected to be available at any point in time.
+ List all pods in ps output format with more information (such as node name).
-kubectl create pdb my-pdb --selector=app=nginx --min-available=50%
+kubectl get pods -o wide
-Create a pod disruption budget with the specified name, selector, and desired minimum available pods
+
+ List a single replication controller with specified NAME in ps output format.
+
+kubectl get replicationcontroller web
+
+
+ List deployments in JSON output format, in the "v1" version of the "apps" API group:
+
+kubectl get deployments.v1.apps -o json
+
+
+ List a single pod in JSON output format.
+
+kubectl get -o json pod web-pod-13je7
+
+
+ List a pod identified by type and name specified in "pod.yaml" in JSON output format.
+
+kubectl get -f pod.yaml -o json
+
+
+ Return only the phase value of the specified pod.
+
+kubectl get -o template pod/web-pod-13je7 --template={{.status.phase}}
+
+
+ List all replication controllers and services together in ps output format.
+
+kubectl get rc,services
+
+
+ List one or more resources by their type and names.
+
+kubectl get rc/web service/frontend pods/web-pod-13je7
+
+Display one or many resources
+Prints a table of the most important information about the specified resources. You can filter the list using a label selector and the --selector flag. If the desired resource type is namespaced you will only see results in your current namespace unless you pass --all-namespaces.
+Uninitialized objects are not shown unless --include-uninitialized is passed.
+By specifying the output as 'template' and providing a Go template as the value of the --template flag, you can filter the attributes of the fetched resources.
+Use "kubectl api-resources" for a complete list of supported resources.
Usage
-$ poddisruptionbudget NAME --selector=SELECTOR --min-available=N [--dry-run]
+$ get [(-o|--output=)json|yaml|wide|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=...] (TYPE[.VERSION][.GROUP] [NAME | -l label] | TYPE[.VERSION][.GROUP]/NAME ...) [flags]
Flags
@@ -2155,37 +1844,61 @@ Flags
+all-namespaces
+false
+If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
+
+
allow-missing-template-keys
true
If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-dry-run
+chunk-size
false
-If true, only print the object that would be sent, without sending it.
+500
+Return large lists in chunks rather than all at once. Pass 0 to disable. This flag is beta and may change in the future.
-generator
+export
poddisruptionbudget/v1beta1/v2
-The name of the API generator to use.
+false
+If true, use 'export' for the resources. Exported resources are stripped of cluster-specific information.
-max-unavailable
+field-selector
The maximum number or percentage of unavailable pods this budget requires.
+Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.
-min-available
-The minimum number or percentage of available pods this budget requires.
+filename
+f
+[]
+Filename, directory, or URL to files identifying the resource to get from a server.
-no-headers
+ignore-not-found
+false
+If the requested object does not exist the command will return exit code 0.
+
+
+include-uninitialized
+false
+If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
+
+
+label-columns
+L
+[]
+Accepts a comma separated list of labels that are going to be presented as columns. Names are case-sensitive. You can also use multiple flag options like -L label1 -L label2...
+
+
+no-headers
false
When using the default or custom-column output format, don't print headers (default print headers).
@@ -2197,22 +1910,28 @@ Flags
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
+raw
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+Raw URI to request from the server. Uses the transport specified by the kubeconfig file.
-save-config
-recursive
+R
false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
selector
+l
Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
+
+
+server-print
A label selector to use for this budget. Only equality-based selector requirements are supported.
+true
+If true, have the server return the appropriate table output. Supports extension APIs and CRDs.
show-all
@@ -2221,6 +1940,12 @@ Flags
When printing, show all resources (default show all pods including terminated one.)
+show-kind
+false
+If present, list the resource type for the requested object(s).
+
+
show-labels
false
@@ -2239,28 +1964,91 @@ Flags
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-validate
+use-openapi-print-columns
true
-If true, use a schema to validate the input before sending it
+false
+If true, use x-kubernetes-print-column metadata (if present) from the OpenAPI schema for displaying a resource.
+
+
+watch
+w
+false
+After listing/getting the requested object, watch for changes. Uninitialized objects are excluded if no object name is provided.
+
+
+watch-only
+false
+Watch for changes to the requested object(s), without listing/getting first.
-priorityclass
+run
- Create a priorityclass named high-priority
+ Start a single instance of nginx.
-kubectl create priorityclass default-priority --value=1000 --description="high priority"
+kubectl run nginx --image=nginx
- Create a priorityclass named default-priority that considered as the global default priority
+ Start a single instance of hazelcast and let the container expose port 5701 .
-kubectl create priorityclass default-priority --value=1000 --global-default=true --description="default priority"
+kubectl run hazelcast --image=hazelcast --port=5701
-Create a priorityclass with the specified name, value, globalDefault and description
+
+ Start a single instance of hazelcast and set environment variables "DNS_DOMAIN=cluster" and "POD_NAMESPACE=default" in the container.
+
+kubectl run hazelcast --image=hazelcast --env="DNS_DOMAIN=cluster" --env="POD_NAMESPACE=default"
+
+
+ Start a single instance of hazelcast and set labels "app=hazelcast" and "env=prod" in the container.
+
+kubectl run hazelcast --image=nginx --labels="app=hazelcast,env=prod"
+
+
+ Start a replicated instance of nginx.
+
+kubectl run nginx --image=nginx --replicas=5
+
+
+ Dry run. Print the corresponding API objects without creating them.
+
+kubectl run nginx --image=nginx --dry-run
+
+
+ Start a single instance of nginx, but overload the spec of the deployment with a partial set of values parsed from JSON.
+
+kubectl run nginx --image=nginx --overrides='{ "apiVersion": "v1", "spec": { ... } }'
+
+
+ Start a pod of busybox and keep it in the foreground, don't restart it if it exits.
+
+kubectl run -i -t busybox --image=busybox --restart=Never
+
+
+ Start the nginx container using the default command, but use custom arguments (arg1 .. argN) for that command.
+
+kubectl run nginx --image=nginx -- <arg1> <arg2> ... <argN>
+
+
+ Start the nginx container using a different command and custom arguments.
+
+kubectl run nginx --image=nginx --command -- <cmd> <arg1> ... <argN>
+
+
+ Start the perl container to compute π to 2000 places and print it out.
+
+kubectl run pi --image=perl --restart=OnFailure -- perl -Mbignum=bpi -wle 'print bpi(2000)'
+
+
+ Start the cron job to compute π to 2000 places and print it out every 5 minutes.
+
+kubectl run pi --schedule="0/5 * * * ?" --image=perl --restart=OnFailure -- perl -Mbignum=bpi -wle 'print bpi(2000)'
+
+Create and run a particular image, possibly replicated.
+Creates a deployment or job to manage the created container(s).
Usage
-$ priorityclass NAME --value=VALUE --global-default=BOOL [--dry-run]
+$ run NAME --image=image [--env="key=value"] [--port=port] [--replicas=replicas] [--dry-run=bool] [--overrides=inline-json] [--command] -- [COMMAND] [args...]
Flags
@@ -2273,16 +2061,22 @@ Flags
-allow-missing-template-keys
+attach
true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
+false
+If true, wait for the Pod to start running, and then attach to the Pod as if 'kubectl attach ...' were called. Default false, unless '-i/--stdin' is set, in which case the default is true. With '--restart=Never' the exit code of the container process is returned.
-description
+cascade
true
+If true, cascade the deletion of the resources managed by this resource (e.g. Pods created by a ReplicationController). Default true.
+
+
+command
description is an arbitrary string that usually provides guidelines on when this priority class should be used.
+false
+If true and extra arguments are present, use them as the 'command' field in the container, rather than the 'args' field which is the default.
dry-run
@@ -2291,146 +2085,142 @@ Flags
If true, only print the object that would be sent, without sending it.
-generator
+env
priorityclass/v1alpha1
-The name of the API generator to use.
+[]
+Environment variables to set in the container
-global-default
+expose
false
-global-default specifies whether this PriorityClass should be considered as the default priority.
+If true, a public, external service is created for the container(s) which are run
-no-headers
-false
-When using the default or custom-column output format, don't print headers (default print headers).
+filename
+f
+[]
+to use to replace the resource.
-output
-o
+force
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+false
+Only used when grace-period=0. If true, immediately remove resources from API and bypass graceful deletion. Note that immediate deletion of some resources may result in inconsistency or data loss and requires confirmation.
-output-version
+generator
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+The name of the API generator to use, see http://kubernetes.io/docs/user-guide/kubectl-conventions/#generators for a list.
-save-config
+grace-period
false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+-1
+Period of time in seconds given to the resource to terminate gracefully. Ignored if negative. Set to 1 for immediate shutdown. Can only be set to 0 when --force is true (force deletion).
-show-labels
+hostport
false
-When printing, show all labels as the last column (default hide labels column)
+-1
+The host port mapping for the container port. To demonstrate a single-machine container.
-sort-by
+image
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+The image for the container to run.
-template
+image-pull-policy
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+The image pull policy for the container. If left empty, this value will not be specified by the client and defaulted by the server
-validate
+labels
+l
true
-If true, use a schema to validate the input before sending it
+Comma separated labels to apply to the pod(s). Will override previous values.
-value
+leave-stdin-open
0
-the value of this priority class.
+false
+If the pod is started in interactive mode or with stdin, leave stdin open after the first attach completes. By default, stdin will be closed after the first attach completes.
-
-
-
-quota
-
- Create a new resourcequota named my-quota
-
-kubectl create quota my-quota --hard=cpu=1,memory=1G,pods=2,services=3,replicationcontrollers=2,resourcequotas=1,secrets=5,persistentvolumeclaims=10
-
-
- Create a new resourcequota named best-effort
-
-kubectl create quota best-effort --hard=pods=100 --scopes=BestEffort
-
-Create a resourcequota with the specified name, hard limits and optional scopes
-Usage
-$ quota NAME [--hard=key1=value1,key2=value2] [--scopes=Scope1,Scope2] [--dry-run=bool]
-Flags
-
-
-Name
-Shorthand
-Default
-Usage
+limits
+The resource requirement limits for this container. For example, 'cpu=200m,memory=512Mi'. Note that server side components may assign limits depending on the server configuration, such as limit ranges.
-
-
-allow-missing-template-keys
+output
+o
true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-dry-run
+overrides
false
-If true, only print the object that would be sent, without sending it.
+An inline JSON override for the generated object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field.
-generator
+pod-running-timeout
resourcequotas/v1
-The name of the API generator to use.
+1m0s
+The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running
-hard
+port
A comma-delimited set of resource=quantity pairs that define a hard limit.
+The port that this container exposes. If --expose is true, this is also the port used by the service that is created.
-no-headers
+quiet
false
-When using the default or custom-column output format, don't print headers (default print headers).
+If true, suppress prompt messages.
-output
-o
+record
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+false
+Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
-output-version
+recursive
+R
+false
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
+
+
+replicas
+r
+1
+Number of replicas to create for this container. Default is 1.
+
+
+requests
+The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges.
+
+
+restart
Always
+The restart policy for this Pod. Legal values [Always, OnFailure, Never]. If set to 'Always' a deployment is created, if set to 'OnFailure' a job is created, if set to 'Never', a regular pod is created. For the latter two --replicas must be 1. Default 'Always', for CronJobs Never.
+
+
+rm
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+false
+If true, delete resources created in this command for attached containers.
save-config
@@ -2439,68 +2229,98 @@ Flags
If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-scopes
+schedule
A comma-delimited set of quota scopes that must all match each object tracked by the quota.
+A schedule in the Cron format the job should be run with.
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+service-generator
+service/v2
+The name of the generator to use for creating a service. Only used if --expose is true
-show-labels
+service-overrides
false
-When printing, show all labels as the last column (default hide labels column)
+An inline JSON override for the generated service object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field. Only used if --expose is true.
-sort-by
+serviceaccount
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+Service account to set in the pod spec
-template
-stdin
+i
+false
+Keep stdin open on the container(s) in the pod, even if nothing is attached.
+
+
+timeout
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+0s
+The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object
-validate
+tty
+t
+false
+Allocated a TTY for each container in the pod.
+
+
+wait
true
-If true, use a schema to validate the input before sending it
+false
+If true, wait for resources to be gone before returning. This waits for finalizers.
-role
+expose
- Create a Role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
+ Create a service for a replicated nginx, which serves on port 80 and connects to the containers on port 8000.
-kubectl create role pod-reader --verb=get --verb=list --verb=watch --resource=pods
+kubectl expose rc nginx --port=80 --target-port=8000
- Create a Role named "pod-reader" with ResourceName specified
+ Create a service for a replication controller identified by type and name specified in "nginx-controller.yaml", which serves on port 80 and connects to the containers on port 8000.
-kubectl create role pod-reader --verb=get,list,watch --resource=pods --resource-name=readablepod --resource-name=anotherpod
+kubectl expose -f nginx-controller.yaml --port=80 --target-port=8000
- Create a Role named "foo" with API Group specified
+ Create a service for a pod valid-pod, which serves on port 444 with the name "frontend"
-kubectl create role foo --verb=get,list,watch --resource=rs.extensions
+kubectl expose pod valid-pod --port=444 --name=frontend
- Create a Role named "foo" with SubResource specified
+ Create a second service based on the above service, exposing the container port 8443 as port 443 with the name "nginx-https"
-kubectl create role foo --verb=get,list,watch --resource=pods,pods/status
+kubectl expose service nginx --port=443 --target-port=8443 --name=nginx-https
-Create a role with single rule.
+
+ Create a service for a replicated streaming application on port 4100 balancing UDP traffic and named 'video-stream'.
+
+kubectl expose rc streamer --port=4100 --protocol=udp --name=video-stream
+
+
+ Create a service for a replicated nginx using replica set, which serves on port 80 and connects to the containers on port 8000.
+
+kubectl expose rs nginx --port=80 --target-port=8000
+
+
+ Create a service for an nginx deployment, which serves on port 80 and connects to the containers on port 8000.
+
+kubectl expose deployment nginx --port=80 --target-port=8000
+
+Expose a resource as a new Kubernetes service.
+Looks up a deployment, service, replica set, replication controller or pod by name and uses the selector for that resource as the selector for a new service on the specified port. A deployment or replica set will be exposed as a service only if its selector is convertible to a selector that service supports, i.e. when the selector contains only the matchLabels component. Note that if no port is specified via --port and the exposed resource has multiple ports, all will be re-used by the new service. Also if no labels are specified, the new service will re-use the labels from the resource it exposes.
+Possible resources include (case insensitive):
+pod (po), service (svc), replicationcontroller (rc), deployment (deploy), replicaset (rs)
Usage
-$ role NAME --verb=verb --resource=resource.group/subresource [--resource-name=resourcename] [--dry-run]
+$ expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type]
Flags
@@ -2513,230 +2333,171 @@ Flags
-allow-missing-template-keys
+cluster-ip
true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-
-
-dry-run
false
-If true, only print the object that would be sent, without sending it.
+ClusterIP to be assigned to the service. Leave empty to auto-allocate, or set to 'None' to create a headless service.
-no-headers
+container-port
false
-When using the default or custom-column output format, don't print headers (default print headers).
-
-
-output
-o
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+Synonym for --target-port
-output-version
-dry-run
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+false
+If true, only print the object that would be sent, without sending it.
-resource
+external-ip
[]
-Resource that the rule applies to
+Additional external IP address (not managed by Kubernetes) to accept for the service. If this IP is routed to a node, the service can be accessed by this IP in addition to its generated service IP.
-resource-name
-filename
+f
[]
-Resource in the white list that the rule applies to, repeat this flag for multiple items
+Filename, directory, or URL to files identifying the resource to expose a service
-save-config
+generator
false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+service/v2
+The name of the API generator to use. There are 2 generators: 'service/v1' and 'service/v2'. The only difference between them is that service port in v1 is named 'default', while it is left unnamed in v2. Default is 'service/v2'.
-show-labels
+labels
+l
false
-When printing, show all labels as the last column (default hide labels column)
+Labels to apply to the service created by this call.
-sort-by
+load-balancer-ip
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+IP to assign to the LoadBalancer. If empty, an ephemeral IP will be created and used (cloud-provider specific).
-template
+name
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+The name for the newly created object.
-validate
+output
+o
true
-If true, use a schema to validate the input before sending it
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-verb
+overrides
[]
-Verb that applies to the resources contained in the rule
-
-
-
-
-rolebinding
-
- Create a RoleBinding for user1, user2, and group1 using the admin ClusterRole
-
-kubectl create rolebinding admin --clusterrole=admin --user=user1 --user=user2 --group=group1
-
-Create a RoleBinding for a particular Role or ClusterRole.
-Usage
-$ rolebinding NAME --clusterrole=NAME|--role=NAME [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run]
-Flags
-
-
-
-Name
-Shorthand
-Default
-Usage
-
-
-
-
-allow-missing-template-keys
true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
+An inline JSON override for the generated object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field.
-clusterrole
+port
ClusterRole this RoleBinding should reference
+The port that the service should serve on. Copied from the resource being exposed, if unspecified
-dry-run
+protocol
false
-If true, only print the object that would be sent, without sending it.
-
-
-generator
rolebinding.rbac.authorization.k8s.io/v1alpha1
-The name of the API generator to use.
+The network protocol for the service to be created. Default is 'TCP'.
-group
+record
[]
-Groups to bind to the role
+false
+Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
-no-headers
-recursive
+R
false
-When using the default or custom-column output format, don't print headers (default print headers).
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-output
-o
+save-config
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+false
+If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-output-version
+selector
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+A label selector to use for this service. Only equality-based selector requirements are supported. If empty (the default) infer the selector from the replication controller or replica set.)
-role
+session-affinity
Role this RoleBinding should reference
-
-
-save-config
-false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-
-
-serviceaccount
-[]
-Service accounts to bind to the role, in the format :
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
-
-
-show-labels
-false
-When printing, show all labels as the last column (default hide labels column)
+If non-empty, set the session affinity for the service to this; legal values: 'None', 'ClientIP'
-sort-by
+target-port
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+Name or number for the port on the container that the service should direct traffic to. Optional.
-template
-type
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-
-
-validate
true
-If true, use a schema to validate the input before sending it
+Type for this service: ClusterIP, NodePort, LoadBalancer, or ExternalName. Default is 'ClusterIP'.
-secret
-Create a secret using specified subcommand.
-Usage
-$ secret
-
-secret docker-registry
+delete
- If you don't already have a .dockercfg file, you can create a dockercfg secret directly by using:
+ Delete a pod using the type and name specified in pod.json.
-kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
+kubectl delete -f ./pod.json
+
+
+ Delete a pod based on the type and name in the JSON passed into stdin.
+
+cat pod.json | kubectl delete -f -
+
+
+ Delete pods and services with same names "baz" and "foo"
+
+kubectl delete pod,service baz foo
+
+
+ Delete pods and services with label name=myLabel.
+
+kubectl delete pods,services -l name=myLabel
+
+
+ Delete a pod with minimal delay
+
+kubectl delete pod foo --now
+
+
+ Force delete a pod on a dead node
+
+kubectl delete pod foo --grace-period=0 --force
+
+
+ Delete all pods
+
+kubectl delete pods --all
-Create a new secret for use with Docker registries.
-Dockercfg secrets are used to authenticate against Docker registries.
-When using the Docker command line to push images, you can authenticate to a given registry by running: '$ docker login DOCKER REGISTRY SERVER --username=DOCKER USER --password=DOCKER PASSWORD --email=DOCKER _EMAIL'.
- That produces a ~/.dockercfg file that is used by subsequent 'docker push' and 'docker pull' commands to
-authenticate to the registry. The email address is optional.
-When creating applications, you may have a Docker registry that requires authentication. In order for the nodes to pull images on your behalf, they have to have the credentials. You can provide this information by creating a dockercfg secret and attaching it to your service account.
+Delete resources by filenames, stdin, resources and names, or by resources and label selector.
+JSON and YAML formats are accepted. Only one type of the arguments may be specified: filenames, resources and names, or resources and label selector.
+Some resources, such as pods, support graceful deletion. These resources define a default period before they are forcibly terminated (the grace period) but you may override that value with the --grace-period flag, or pass --now to set a grace-period of 1. Because these resources often represent entities in the cluster, deletion may not be acknowledged immediately. If the node hosting a pod is down or cannot reach the API server, termination may take significantly longer than the grace period. To force delete a resource, you must pass a grace period of 0 and specify the --force flag.
+IMPORTANT: Force deleting pods does not wait for confirmation that the pod's processes have been terminated, which can leave those processes running until the node detects the deletion and completes graceful deletion. If your processes use shared storage or talk to a remote API and depend on the name of the pod to identify themselves, force deleting those pods may result in multiple processes running on different machines using the same identification which may lead to data corruption or inconsistency. Only force delete pods when you are sure the pod is terminated, or if your application can tolerate multiple copies of the same pod running at once. Also, if you force delete pods the scheduler may place new pods on those nodes before the node has released those resources and causing those pods to be evicted immediately.
+Note that the delete command does NOT do resource version checks, so if someone submits an update to a resource right when you submit a delete, their update will be lost along with the rest of the resource.
Usage
-$ docker-registry NAME --docker-username=user --docker-password=password --docker-email=email [--docker-server=string] [--from-literal=key1=value1] [--dry-run]
+$ delete ([-f FILENAME] | TYPE [(NAME | -l label | --all)])
Flags
@@ -2749,148 +2510,121 @@ Flags
-allow-missing-template-keys
-true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-
-
-append-hash
+all
false
-Append a hash of the secret to its name.
+Delete all resources, including uninitialized ones, in the namespace of the specified resource types.
-docker-email
-cascade
Email for Docker registry
+true
+If true, cascade the deletion of the resources managed by this resource (e.g. Pods created by a ReplicationController). Default true.
-docker-password
+field-selector
Password for Docker registry authentication
+Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.
-docker-server
-https://index.docker.io/v1/
-Server location for Docker registry
+filename
+f
+[]
+containing the resource to delete.
-docker-username
-force
Username for Docker registry authentication
+false
+Only used when grace-period=0. If true, immediately remove resources from API and bypass graceful deletion. Note that immediate deletion of some resources may result in inconsistency or data loss and requires confirmation.
-dry-run
+grace-period
false
-If true, only print the object that would be sent, without sending it.
+-1
+Period of time in seconds given to the resource to terminate gracefully. Ignored if negative. Set to 1 for immediate shutdown. Can only be set to 0 when --force is true (force deletion).
-generator
+ignore-not-found
secret-for-docker-registry/v1
-The name of the API generator to use.
+false
+Treat "resource not found" as a successful delete. Defaults to "true" when --all is specified.
-include-extended-apis
+include-uninitialized
true
-If true, include definitions of new APIs via calls to the API server. [default true]
+false
+If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
-no-headers
+now
false
-When using the default or custom-column output format, don't print headers (default print headers).
+If true, resources are signaled for immediate shutdown (same as --grace-period=1).
output
o
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-
-
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
-save-config
-false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+Output mode. Use "-o name" for shorter output (resource/name).
-show-labels
-recursive
+R
false
-When printing, show all labels as the last column (default hide labels column)
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-sort-by
-selector
+l
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+Selector (label query) to filter on, not including uninitialized ones.
-template
-timeout
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+0s
+The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object
-validate
+wait
true
-If true, use a schema to validate the input before sending it
+If true, wait for resources to be gone before returning. This waits for finalizers.
+APP MANAGEMENT
+This section contains commands for creating, updating, deleting, and
+viewing your workloads in a Kubernetes cluster.
-secret generic
-
- Create a new secret named my-secret with keys for each file in folder bar
-
-kubectl create secret generic my-secret --from-file=path/to/bar
-
+apply
- Create a new secret named my-secret with specified keys instead of names on disk
+ Apply the configuration in pod.json to a pod.
-kubectl create secret generic my-secret --from-file=ssh-privatekey=~/.ssh/id_rsa --from-file=ssh-publickey=~/.ssh/id_rsa.pub
+kubectl apply -f ./pod.json
- Create a new secret named my-secret with key1=supersecret and key2=topsecret
+ Apply the JSON passed into stdin to a pod.
-kubectl create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret
+cat pod.json | kubectl apply -f -
- Create a new secret named my-secret using a combination of a file and a literal
+ Note: --prune is still in Alpha # Apply the configuration in manifest.yaml that matches label app=nginx and delete all the other resources that are not in the file and match label app=nginx.
-kubectl create secret generic my-secret --from-file=ssh-privatekey=~/.ssh/id_rsa --from-literal=passphrase=topsecret
+kubectl apply --prune -f manifest.yaml -l app=nginx
- Create a new secret named my-secret from an env file
+ Apply the configuration in manifest.yaml and delete all the other configmaps that are not in the file.
-kubectl create secret generic my-secret --from-env-file=path/to/bar.env
+kubectl apply --prune -f manifest.yaml --all --prune-whitelist=core/v1/ConfigMap
-Create a secret based on a file, directory, or specified literal value.
-A single secret may package one or more key/value pairs.
-When creating a secret based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key or you wish to chose your own, you may specify an alternate key.
-When creating a secret based on a directory, each file whose basename is a valid key in the directory will be packaged into the secret. Any directory entries except regular files are ignored (e.g. subdirectories, symlinks, devices, pipes, etc).
+Apply a configuration to a resource by filename or stdin. The resource name must be specified. This resource will be created if it doesn't exist yet. To use 'apply', always create the resource initially with either 'apply' or 'create --save-config'.
+JSON and YAML formats are accepted.
+Alpha Disclaimer: the --prune functionality is not yet complete. Do not use unless you are aware of what the current state is. See https://issues.k8s.io/34274.
Usage
-$ generic NAME [--type=string] [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run]
+$ apply -f FILENAME
Flags
@@ -2903,16 +2637,16 @@ Flags
-allow-missing-template-keys
+all
true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
+false
+Select all resources in the namespace of the specified resource types.
-append-hash
+cascade
false
-Append a hash of the secret to its name.
+true
+If true, cascade the deletion of the resources managed by this resource (e.g. Pods created by a ReplicationController). Default true.
dry-run
@@ -2921,34 +2655,34 @@ Flags
If true, only print the object that would be sent, without sending it.
-from-env-file
-Specify the path to a file to read lines of key=val pairs to create a secret (i.e. a Docker .env file).
+filename
+f
+[]
+that contains the configuration to apply
-from-file
+force
[]
-Key files can be specified using their file path, in which case a default name will be given to them, or optionally with a name and file path, in which case the given name will be used. Specifying a directory will iterate each named file in the directory that is a valid secret key.
+false
+Only used when grace-period=0. If true, immediately remove resources from API and bypass graceful deletion. Note that immediate deletion of some resources may result in inconsistency or data loss and requires confirmation.
-from-literal
+grace-period
[]
-Specify a key and literal value to insert in secret (i.e. mykey=somevalue)
+-1
+Period of time in seconds given to the resource to terminate gracefully. Ignored if negative. Set to 1 for immediate shutdown. Can only be set to 0 when --force is true (force deletion).
-generator
+include-uninitialized
secret/v1
-The name of the API generator to use.
+false
+If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
-no-headers
+openapi-patch
false
-When using the default or custom-column output format, don't print headers (default print headers).
+true
+If true, use openapi to calculate diff when the openapi presents and the resource can be found in the openapi spec. Otherwise, fall back to use baked-in types.
output
@@ -2957,46 +2691,46 @@ Flags
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
-overwrite
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+true
+Automatically resolve conflicts between the modified and live configuration by using values from the modified configuration
-save-config
+prune
false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
+Automatically delete resource objects, including the uninitialized ones, that do not appear in the configs and are created by either apply or create --save-config. Should be used with either -l or --all.
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+prune-whitelist
+[]
+Overwrite the default whitelist with for --prune
-show-labels
+record
false
-When printing, show all labels as the last column (default hide labels column)
+Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+recursive
+R
+false
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-template
-selector
+l
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
-type
-timeout
The type of secret to create
+0s
+The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object
validate
@@ -3004,19 +2738,33 @@ Flags
true
If true, use a schema to validate the input before sending it
+
+wait
+false
+If true, wait for resources to be gone before returning. This waits for finalizers.
+
-secret tls
+edit-last-applied
- Create a new TLS secret named tls-secret with the given key pair:
+ Edit the last-applied-configuration annotations by type/name in YAML.
-kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key
+kubectl apply edit-last-applied deployment/nginx
-Create a TLS secret from the given public/private key pair.
-The public/private key pair must exist before hand. The public key certificate must be .PEM encoded and match the given private key.
+
+ Edit the last-applied-configuration annotations by file in JSON.
+
+kubectl apply edit-last-applied -f deploy.yaml -o json
+
+Edit the latest last-applied-configuration annotations of resources from the default editor.
+The edit-last-applied command allows you to directly edit any API resource you can retrieve via the command line tools. It will open the editor defined by your KUBE _EDITOR, or EDITOR environment variables, or fall back to 'vi' for Linux or 'notepad' for Windows. You can edit multiple objects, although changes are applied one at a time. The command accepts filenames as well as command line arguments, although the files you point to must be previously saved versions of resources.
+The default format is YAML. To edit in JSON, specify "-o json".
+The flag --windows-line-endings can be used to force Windows line endings, otherwise the default for your operating system will be used.
+In the event an error occurs while updating, a temporary file will be created on disk that contains your unapplied changes. The most common error when updating a resource is another editor changing the resource on the server. When this occurs, you will have to apply your changes to the newer version of the resource, or update your temporary saved copy to include the latest resource version.
Usage
-$ tls NAME --cert=path/to/cert/file --key=path/to/key/file [--dry-run]
+$ edit-last-applied (RESOURCE/NAME | -f FILENAME)
Flags
@@ -3029,117 +2777,63 @@ Flags
-allow-missing-template-keys
-true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-
-
-append-hash
-false
-Append a hash of the secret to its name.
-
-
-cert
-Path to PEM encoded public key certificate.
-
-
-dry-run
-false
-If true, only print the object that would be sent, without sending it.
-
-
-generator
-secret-for-tls/v1
-The name of the API generator to use.
-
-
-key
-Path to private key associated with given certificate.
+filename
+f
+[]
+Filename, directory, or URL to files to use to edit the resource
-no-headers
+include-uninitialized
false
-When using the default or custom-column output format, don't print headers (default print headers).
+If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
output
o
-Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-
-
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+yaml
+Output format. One of: yaml|json.
-save-config
+record
false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
-show-labels
-recursive
+R
false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
-
-
-template
-Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-validate
+windows-line-endings
true
-If true, use a schema to validate the input before sending it
+false
+Defaults to the line ending native to your platform.
-service
-Create a service using specified subcommand.
-Usage
-$ service
-
-service clusterip
+set-last-applied
- Create a new ClusterIP service named my-cs
+ Set the last-applied-configuration of a resource to match the contents of a file.
-kubectl create service clusterip my-cs --tcp=5678:8080
+kubectl apply set-last-applied -f deploy.yaml
- Create a new ClusterIP service named my-cs (in headless mode)
+ Execute set-last-applied against each configuration file in a directory.
-kubectl create service clusterip my-cs --clusterip="None"
+kubectl apply set-last-applied -f path/
-Create a ClusterIP service with the specified name.
+
+ Set the last-applied-configuration of a resource to match the contents of a file, will create the annotation if it does not already exist.
+
+kubectl apply set-last-applied -f deploy.yaml --create-annotation=true
+
+Set the latest last-applied-configuration annotations by setting it to match the contents of a file. This results in the last-applied-configuration being updated as though 'kubectl apply -f ' was run, without updating any other parts of the object.
Usage
-$ clusterip NAME [--tcp=<port>:<targetPort>] [--dry-run]
+$ set-last-applied -f FILENAME
Flags
@@ -3152,16 +2846,10 @@ Flags
-allow-missing-template-keys
-true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-
-
-clusterip
-create-annotation
Assign your own ClusterIP or set to 'None' for a 'headless' service (no loadbalancing).
+false
+Will create 'last-applied-configuration' annotations if current objects doesn't have one
dry-run
@@ -3170,16 +2858,10 @@ Flags
If true, only print the object that would be sent, without sending it.
-generator
-service-clusterip/v1
-The name of the API generator to use.
-
-
-no-headers
-false
-When using the default or custom-column output format, don't print headers (default print headers).
+filename
+f
+[]
+Filename, directory, or URL to files that contains the last-applied-configuration annotations
output
@@ -3187,67 +2869,105 @@ Flags
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+
+
+
+view-last-applied
+
+ View the last-applied-configuration annotations by type/name in YAML.
+
+kubectl apply view-last-applied deployment/nginx
+
+
+ View the last-applied-configuration annotations by file in JSON
+
+kubectl apply view-last-applied -f deploy.yaml -o json
+
+View the latest last-applied-configuration annotations by type/name or file.
+The default output will be printed to stdout in YAML format. One can use -o option to change output format.
+Usage
+$ view-last-applied (TYPE [NAME | -l label] | TYPE/NAME | -f FILENAME)
+Flags
+
+
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+Name
+Shorthand
+Default
+Usage
+
+
-save-config
+all
false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
+Select all resources in the namespace of the specified resource types
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+filename
+f
+[]
+Filename, directory, or URL to files that contains the last-applied-configuration annotations
-show-labels
-false
-When printing, show all labels as the last column (default hide labels column)
+output
+o
+yaml
+Output format. Must be one of yaml|json
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+recursive
+R
+false
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-tcp
-[]
-Port pairs can be specified as ':'.
-
-
-template
-Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-
-
-validate
+selector
+l
true
-If true, use a schema to validate the input before sending it
+Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
-service externalname
+annotate
- Create a new ExternalName service named my-ns
+ Update pod 'foo' with the annotation 'description' and the value 'my frontend'. # If the same annotation is set multiple times, only the last value will be applied
-kubectl create service externalname my-ns --external-name bar.com
+kubectl annotate pods foo description='my frontend'
-Create an ExternalName service with the specified name.
-ExternalName service references to an external DNS address instead of only pods, which will allow application authors to reference services that exist off platform, on other clusters, or locally.
+
+ Update a pod identified by type and name in "pod.json"
+
+kubectl annotate -f pod.json description='my frontend'
+
+
+ Update pod 'foo' with the annotation 'description' and the value 'my frontend running nginx', overwriting any existing value.
+
+kubectl annotate --overwrite pods foo description='my frontend running nginx'
+
+
+ Update all pods in the namespace
+
+kubectl annotate pods --all description='my frontend running nginx'
+
+
+ Update pod 'foo' only if the resource is unchanged from version 1.
+
+kubectl annotate pods foo description='my frontend running nginx' --resource-version=1
+
+
+ Update pod 'foo' by removing an annotation named 'description' if it exists. # Does not require the --overwrite flag.
+
+kubectl annotate pods foo description-
+
+Update the annotations on one or more resources
+All Kubernetes objects support the ability to store additional data with the object as annotations. Annotations are key/value pairs that can be larger than labels and include arbitrary string values such as structured JSON. Tools and system extensions may use annotations to store their own data.
+Attempting to set an annotation that already exists will fail unless --overwrite is set. If --resource-version is specified and does not match the current resource version on the server the command will fail.
+Use "kubectl api-resources" for a complete list of supported resources.
Usage
-$ externalname NAME --external-name external.name [--dry-run]
+$ annotate [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--resource-version=version]
Flags
@@ -3260,10 +2980,10 @@ Flags
-allow-missing-template-keys
+all
true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
+false
+Select all resources, including uninitialized ones, in the namespace of the specified resource types.
dry-run
@@ -3272,22 +2992,28 @@ Flags
If true, only print the object that would be sent, without sending it.
-external-name
+field-selector
External name of service
+Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.
-generator
+filename
+f
+[]
+Filename, directory, or URL to files identifying the resource to update the annotation
+
+
+include-uninitialized
service-externalname/v1
-The name of the API generator to use.
+false
+If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
-no-headers
+local
false
-When using the default or custom-column output format, don't print headers (default print headers).
+If true, annotation will NOT contact api-server but run locally.
output
@@ -3296,65 +3022,53 @@ Flags
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
-save-config
+overwrite
false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+If true, allow annotations to be overwritten, otherwise reject annotation updates that overwrite existing annotations.
-show-labels
+record
false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
-tcp
-[]
-Port pairs can be specified as ':'.
+recursive
+R
+false
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-template
+resource-version
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+If non-empty, the annotation update will only succeed if this is the current resource-version for the object. Only valid when specifying a single resource.
-validate
+selector
+l
true
-If true, use a schema to validate the input before sending it
+Selector (label query) to filter on, not including uninitialized ones, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2).
-service loadbalancer
+autoscale
- Create a new LoadBalancer service named my-lbs
+ Auto scale a deployment "foo", with the number of pods between 2 and 10, no target CPU utilization specified so a default autoscaling policy will be used:
-kubectl create service loadbalancer my-lbs --tcp=5678:8080
+kubectl autoscale deployment foo --min=2 --max=10
-Create a LoadBalancer service with the specified name.
+
+ Auto scale a replication controller "foo", with the number of pods between 1 and 5, target CPU utilization at 80%:
+
+kubectl autoscale rc foo --max=5 --cpu-percent=80
+
+Creates an autoscaler that automatically chooses and sets the number of pods that run in a kubernetes cluster.
+Looks up a Deployment, ReplicaSet, or ReplicationController by name and creates an autoscaler that uses the given resource as a reference. An autoscaler can automatically increase or decrease number of pods deployed within the system as needed.
Usage
-$ loadbalancer NAME [--tcp=port:targetPort] [--dry-run]
+$ autoscale (-f FILENAME | TYPE NAME | TYPE/NAME) [--min=MINPODS] --max=MAXPODS [--cpu-percent=CPU]
Flags
@@ -3367,10 +3081,10 @@ Flags
-allow-missing-template-keys
+cpu-percent
true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
+-1
+The target average CPU utilization (represented as a percent of requested CPU) over all the pods. If it's not specified or negative, a default autoscaling policy will be used.
dry-run
@@ -3379,83 +3093,83 @@ Flags
If true, only print the object that would be sent, without sending it.
-generator
-service-loadbalancer/v1
-The name of the API generator to use.
+filename
+f
+[]
+Filename, directory, or URL to files identifying the resource to autoscale.
-no-headers
+generator
false
-When using the default or custom-column output format, don't print headers (default print headers).
+horizontalpodautoscaler/v1
+The name of the API generator to use. Currently there is only 1 generator.
-output
-o
+max
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+-1
+The upper limit for the number of pods that can be set by the autoscaler. Required.
-output-version
-min
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+-1
+The lower limit for the number of pods that can be set by the autoscaler. If it's not specified or negative, the server will apply a default value.
-save-config
+name
false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
-
-
-show-labels
false
-When printing, show all labels as the last column (default hide labels column)
+The name for the newly created object. If not specified, the name of the input resource will be used.
-sort-by
-output
+o
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-tcp
+record
[]
-Port pairs can be specified as ':'.
+false
+Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
-template
-Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+recursive
+R
+false
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-validate
+save-config
true
-If true, use a schema to validate the input before sending it
+false
+If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-service nodeport
+convert
- Create a new NodePort service named my-ns
+ Convert 'pod.yaml' to latest version and print to stdout.
-kubectl create service nodeport my-ns --tcp=5678:8080
+kubectl convert -f pod.yaml
-Create a NodePort service with the specified name.
+
+ Convert the live state of the resource specified by 'pod.yaml' to the latest version # and print to stdout in JSON format.
+
+kubectl convert -f pod.yaml --local -o json
+
+
+ Convert all files under current directory to latest version and create them all.
+
+kubectl convert -f . | kubectl create -f -
+
+Convert config files between different API versions. Both YAML and JSON formats are accepted.
+The command takes filename, directory, or URL as input, and convert it into format of version specified by --output-version flag. If target version is not specified or not supported, convert to latest version.
+The default output will be printed to stdout in YAML format. One can use -o option to change to output destination.
Usage
-$ nodeport NAME [--tcp=port:targetPort] [--dry-run]
+$ convert -f FILENAME
Flags
@@ -3468,82 +3182,34 @@ Flags
-allow-missing-template-keys
+filename
+f
+[]
+Filename, directory, or URL to files to need to get converted.
+
+
+local
true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
+If true, convert will NOT try to contact api-server but run locally.
-dry-run
-false
-If true, only print the object that would be sent, without sending it.
+output
+o
+yaml
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-generator
+output-version
service-nodeport/v1
-The name of the API generator to use.
-
-
-no-headers
-false
-When using the default or custom-column output format, don't print headers (default print headers).
-
-
-node-port
-0
-Port used to expose the service on each node in a cluster.
-
-
-output
-o
-Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-
-
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
-save-config
false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+Output the formatted object with the given group version (for ex: 'extensions/v1beta1').)
-show-labels
-recursive
+R
false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
-
-
-tcp
-[]
-Port pairs can be specified as ':'.
-
-
-template
-Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
validate
@@ -3554,15 +3220,35 @@ Flags
-serviceaccount
+edit
- Create a new service account named my-service-account
+ Edit the service named 'docker-registry':
-kubectl create serviceaccount my-service-account
+kubectl edit svc/docker-registry
-Create a service account with the specified name.
+
+ Use an alternative editor
+
+KUBE_EDITOR="nano" kubectl edit svc/docker-registry
+
+
+ Edit the job 'myjob' in JSON using the v1 API format:
+
+kubectl edit job.v1.batch/myjob -o json
+
+
+ Edit the deployment 'mydeployment' in YAML and save the modified config in its annotation:
+
+kubectl edit deployment/mydeployment -o yaml --save-config
+
+Edit a resource from the default editor.
+The edit command allows you to directly edit any API resource you can retrieve via the command line tools. It will open the editor defined by your KUBE _EDITOR, or EDITOR environment variables, or fall back to 'vi' for Linux or 'notepad' for Windows. You can edit multiple objects, although changes are applied one at a time. The command accepts filenames as well as command line arguments, although the files you point to must be previously saved versions of resources.
+Editing is done with the API version used to fetch the resource. To edit using a specific API version, fully-qualify the resource, version, and group.
+The default format is YAML. To edit in JSON, specify "-o json".
+The flag --windows-line-endings can be used to force Windows line endings, otherwise the default for your operating system will be used.
+In the event an error occurs while updating, a temporary file will be created on disk that contains your unapplied changes. The most common error when updating a resource is another editor changing the resource on the server. When this occurs, you will have to apply your changes to the newer version of the resource, or update your temporary saved copy to include the latest resource version.
Usage
-$ serviceaccount NAME [--dry-run]
+$ edit (RESOURCE/NAME | -f FILENAME)
Flags
@@ -3575,34 +3261,16 @@ Flags
-allow-missing-template-keys
-true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-
-
-dry-run
-false
-If true, only print the object that would be sent, without sending it.
-
-
-generator
-serviceaccount/v1
-The name of the API generator to use.
-
-
-include-extended-apis
-true
-If true, include definitions of new APIs via calls to the API server. [default true]
+filename
+f
+[]
+Filename, directory, or URL to files to use to edit the resource
-no-headers
+include-uninitialized
false
-When using the default or custom-column output format, don't print headers (default print headers).
+If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
output
@@ -3611,40 +3279,28 @@ Flags
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
-save-config
+output-patch
false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+Output the patch if the resource is edited.
-show-labels
+record
false
-When printing, show all labels as the last column (default hide labels column)
+Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+recursive
+R
+false
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-template
-save-config
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+false
+If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
validate
@@ -3652,52 +3308,55 @@ Flags
true
If true, use a schema to validate the input before sending it
+
+windows-line-endings
+false
+Defaults to the line ending native to your platform.
+
-delete
-
- Delete a pod using the type and name specified in pod.json.
-
-kubectl delete -f ./pod.json
-
+label
- Delete a pod based on the type and name in the JSON passed into stdin.
+ Update pod 'foo' with the label 'unhealthy' and the value 'true'.
-cat pod.json | kubectl delete -f -
+kubectl label pods foo unhealthy=true
- Delete pods and services with same names "baz" and "foo"
+ Update pod 'foo' with the label 'status' and the value 'unhealthy', overwriting any existing value.
-kubectl delete pod,service baz foo
+kubectl label --overwrite pods foo status=unhealthy
- Delete pods and services with label name=myLabel.
+ Update all pods in the namespace
-kubectl delete pods,services -l name=myLabel
+kubectl label pods --all status=unhealthy
- Delete a pod with minimal delay
+ Update a pod identified by the type and name in "pod.json"
-kubectl delete pod foo --now
+kubectl label -f pod.json status=unhealthy
- Force delete a pod on a dead node
+ Update pod 'foo' only if the resource is unchanged from version 1.
-kubectl delete pod foo --grace-period=0 --force
+kubectl label pods foo status=unhealthy --resource-version=1
- Delete all pods
+ Update pod 'foo' by removing a label named 'bar' if it exists. # Does not require the --overwrite flag.
-kubectl delete pods --all
+kubectl label pods foo bar-
-Delete resources by filenames, stdin, resources and names, or by resources and label selector.
-JSON and YAML formats are accepted. Only one type of the arguments may be specified: filenames, resources and names, or resources and label selector.
-Some resources, such as pods, support graceful deletion. These resources define a default period before they are forcibly terminated (the grace period) but you may override that value with the --grace-period flag, or pass --now to set a grace-period of 1. Because these resources often represent entities in the cluster, deletion may not be acknowledged immediately. If the node hosting a pod is down or cannot reach the API server, termination may take significantly longer than the grace period. To force delete a resource, you must pass a grace period of 0 and specify the --force flag.
-IMPORTANT: Force deleting pods does not wait for confirmation that the pod's processes have been terminated, which can leave those processes running until the node detects the deletion and completes graceful deletion. If your processes use shared storage or talk to a remote API and depend on the name of the pod to identify themselves, force deleting those pods may result in multiple processes running on different machines using the same identification which may lead to data corruption or inconsistency. Only force delete pods when you are sure the pod is terminated, or if your application can tolerate multiple copies of the same pod running at once. Also, if you force delete pods the scheduler may place new pods on those nodes before the node has released those resources and causing those pods to be evicted immediately.
-Note that the delete command does NOT do resource version checks, so if someone submits an update to a resource right when you submit a delete, their update will be lost along with the rest of the resource.
+Update the labels on a resource.
+
+- A label key and value must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters each.
+- Optionally, the key can begin with a DNS subdomain prefix and a single '/', like example.com/my-app
+- If --overwrite is true, then existing labels can be overwritten, otherwise attempting to overwrite a label will result in an error.
+- If --resource-version is specified, then updates will use this resource version, otherwise the existing resource-version will be used.
+
Usage
-$ delete ([-f FILENAME] | TYPE [(NAME | -l label | --all)])
+$ label [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--resource-version=version]
Flags
@@ -3713,61 +3372,61 @@ Flags
all
false
-Delete all resources, including uninitialized ones, in the namespace of the specified resource types.
+Select all resources, including uninitialized ones, in the namespace of the specified resource types
-cascade
+dry-run
true
-If true, cascade the deletion of the resources managed by this resource (e.g. Pods created by a ReplicationController). Default true.
+false
+If true, only print the object that would be sent, without sending it.
+
+
+field-selector
+Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.
filename
f
[]
-Filename, directory, or URL to files containing the resource to delete.
+Filename, directory, or URL to files identifying the resource to update the labels
-force
+include-uninitialized
false
-Immediate deletion of some resources may result in inconsistency or data loss and requires confirmation.
+If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
-grace-period
+list
-1
-Period of time in seconds given to the resource to terminate gracefully. Ignored if negative.
+false
+If true, display the labels for a given resource.
-ignore-not-found
+local
false
-Treat "resource not found" as a successful delete. Defaults to "true" when --all is specified.
+If true, label will NOT contact api-server but run locally.
-include-extended-apis
+output
+o
true
-If true, include definitions of new APIs via calls to the API server. [default true]
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-include-uninitialized
+overwrite
false
-If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
+If true, allow labels to be overwritten, otherwise reject label updates that overwrite existing labels.
-now
+record
false
-If true, resources are signaled for immediate shutdown (same as --grace-period=1).
-
-
-output
-o
-Output mode. Use "-o name" for shorter output (resource/name).
+Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
recursive
@@ -3776,49 +3435,51 @@ Flags
Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-selector
-l
+resource-version
Selector (label query) to filter on, not including uninitialized ones.
+If non-empty, the labels update will only succeed if this is the current resource-version for the object. Only valid when specifying a single resource.
-timeout
+selector
+l
0s
-The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object
+Selector (label query) to filter on, not including uninitialized ones, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2).
-edit
+patch
- Edit the service named 'docker-registry':
+ Partially update a node using a strategic merge patch. Specify the patch as JSON.
-kubectl edit svc/docker-registry
+kubectl patch node k8s-node-1 -p '{"spec":{"unschedulable":true}}'
- Use an alternative editor
+ Partially update a node using a strategic merge patch. Specify the patch as YAML.
-KUBE_EDITOR="nano" kubectl edit svc/docker-registry
+kubectl patch node k8s-node-1 -p $'spec:\n unschedulable: true'
- Edit the job 'myjob' in JSON using the v1 API format:
+ Partially update a node identified by the type and name specified in "node.json" using strategic merge patch.
-kubectl edit job.v1.batch/myjob -o json
+kubectl patch -f node.json -p '{"spec":{"unschedulable":true}}'
- Edit the deployment 'mydeployment' in YAML and save the modified config in its annotation:
+ Update a container's image; spec.containers[*].name is required because it's a merge key.
-kubectl edit deployment/mydeployment -o yaml --save-config
+kubectl patch pod valid-pod -p '{"spec":{"containers":[{"name":"kubernetes-serve-hostname","image":"new image"}]}}'
-Edit a resource from the default editor.
-The edit command allows you to directly edit any API resource you can retrieve via the command line tools. It will open the editor defined by your KUBE _EDITOR, or EDITOR environment variables, or fall back to 'vi' for Linux or 'notepad' for Windows. You can edit multiple objects, although changes are applied one at a time. The command accepts filenames as well as command line arguments, although the files you point to must be previously saved versions of resources.
-Editing is done with the API version used to fetch the resource. To edit using a specific API version, fully-qualify the resource, version, and group.
-The default format is YAML. To edit in JSON, specify "-o json".
-The flag --windows-line-endings can be used to force Windows line endings, otherwise the default for your operating system will be used.
-In the event an error occurs while updating, a temporary file will be created on disk that contains your unapplied changes. The most common error when updating a resource is another editor changing the resource on the server. When this occurs, you will have to apply your changes to the newer version of the resource, or update your temporary saved copy to include the latest resource version.
+
+ Update a container's image using a json patch with positional arrays.
+
+kubectl patch pod valid-pod --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"new image"}]'
+
+Update field(s) of a resource using strategic merge patch, a JSON merge patch, or a JSON patch.
+JSON and YAML formats are accepted.
+Please refer to the models in https://htmlpreview.github.io/?https://github.com/kubernetes/kubernetes/blob/HEAD/docs/api-reference/v1/definitions.html to find if a field is mutable.
Usage
-$ edit (RESOURCE/NAME | -f FILENAME)
+$ patch (-f FILENAME | TYPE NAME) -p PATCH
Flags
@@ -3831,34 +3492,34 @@ Flags
+dry-run
+false
+If true, only print the object that would be sent, without sending it.
+
+
filename
f
[]
-Filename, directory, or URL to files to use to edit the resource
-
-
-include-extended-apis
-true
-If true, include definitions of new APIs via calls to the API server. [default true]
+Filename, directory, or URL to files identifying the resource to update
-include-uninitialized
+local
false
-If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
+If true, patch will operate on the content of the file, not the server-side resource.
output
o
-yaml
-Output format. One of: yaml|json.
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-patch
+patch
+p
false
-Output the patch if the resource is edited.
+The patch to be applied to the resource JSON file.
record
@@ -3873,118 +3534,41 @@ Flags
Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-save-config
-false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-
-
-validate
-true
-If true, use a schema to validate the input before sending it
-
-
-windows-line-endings
+type
false
-Defaults to the line ending native to your platform.
+strategic
+The type of patch being provided; one of [json merge strategic]
-get
-
- List all pods in ps output format.
-
-kubectl get pods
-
-
- List all pods in ps output format with more information (such as node name).
-
-kubectl get pods -o wide
-
-
- List a single replication controller with specified NAME in ps output format.
-
-kubectl get replicationcontroller web
-
-
- List a single pod in JSON output format.
-
-kubectl get -o json pod web-pod-13je7
-
-
- List a pod identified by type and name specified in "pod.yaml" in JSON output format.
-
-kubectl get -f pod.yaml -o json
-
+replace
- Return only the phase value of the specified pod.
+ Replace a pod using the data in pod.json.
-kubectl get -o template pod/web-pod-13je7 --template={{.status.phase}}
+kubectl replace -f ./pod.json
- List all replication controllers and services together in ps output format.
+ Replace a pod based on the JSON passed into stdin.
-kubectl get rc,services
+cat pod.json | kubectl replace -f -
- List one or more resources by their type and names.
+ Update a single-container pod's image version (tag) to v4
-kubectl get rc/web service/frontend pods/web-pod-13je7
+kubectl get pod mypod -o yaml | sed 's/\(image: myimage\):.*$/\1:v4/' | kubectl replace -f -
- List all resources with different types.
+ Force replace, delete and then re-create the resource
-kubectl get all
+kubectl replace --force -f ./pod.json
-Display one or many resources
-Prints a table of the most important information about the specified resources. You can filter the list using a label selector and the --selector flag. If the desired resource type is namespaced you will only see results in your current namespace unless you pass --all-namespaces.
-Uninitialized objects are not shown unless --include-uninitialized is passed.
-By specifying the output as 'template' and providing a Go template as the value of the --template flag, you can filter the attributes of the fetched resources.
-Valid resource types include:
-
-- all
-- certificatesigningrequests (aka 'csr')
-- clusterrolebindings
-- clusterroles
-- componentstatuses (aka 'cs')
-- configmaps (aka 'cm')
-- controllerrevisions
-- cronjobs
-- customresourcedefinition (aka 'crd')
-- daemonsets (aka 'ds')
-- deployments (aka 'deploy')
-- endpoints (aka 'ep')
-- events (aka 'ev')
-- horizontalpodautoscalers (aka 'hpa')
-- ingresses (aka 'ing')
-- jobs
-- limitranges (aka 'limits')
-- namespaces (aka 'ns')
-- networkpolicies (aka 'netpol')
-- nodes (aka 'no')
-- persistentvolumeclaims (aka 'pvc')
-- persistentvolumes (aka 'pv')
-- poddisruptionbudgets (aka 'pdb')
-- podpreset
-- pods (aka 'po')
-- podsecuritypolicies (aka 'psp')
-- podtemplates
-- replicasets (aka 'rs')
-- replicationcontrollers (aka 'rc')
-- resourcequotas (aka 'quota')
-- rolebindings
-- roles
-- secrets
-- serviceaccounts (aka 'sa')
-- services (aka 'svc')
-- statefulsets (aka 'sts')
-- storageclasses (aka 'sc')
-
+Replace a resource by filename or stdin.
+JSON and YAML formats are accepted. If replacing an existing resource, the complete resource spec must be provided. This can be obtained by
+ $ kubectl get TYPE NAME -o yaml
+Please refer to the models in https://htmlpreview.github.io/?https://github.com/kubernetes/kubernetes/blob/HEAD/docs/api-reference/v1/definitions.html to find if a field is mutable.
Usage
-$ get [(-o|--output=)json|yaml|wide|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=...] (TYPE [NAME | -l label] | TYPE/NAME ...) [flags]
+$ replace -f FILENAME
Flags
@@ -3997,76 +3581,28 @@ Flags
-all-namespaces
-false
-If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
-
-
-allow-missing-template-keys
+cascade
true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-
-
-chunk-size
-500
-Return large lists in chunks rather than all at once. Pass 0 to disable. This flag is beta and may change in the future.
-
-
-experimental-server-print
-false
-If true, have the server return the appropriate table output. Supports extension APIs and CRD. Experimental.
-
-
-export
-false
-If true, use 'export' for the resources. Exported resources are stripped of cluster-specific information.
-
-
-field-selector
-Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.
+If true, cascade the deletion of the resources managed by this resource (e.g. Pods created by a ReplicationController). Default true.
filename
f
[]
-Filename, directory, or URL to files identifying the resource to get from a server.
-
-
-ignore-not-found
-false
-If the requested object does not exist the command will return exit code 0.
-
-
-include-extended-apis
-true
-If true, include definitions of new APIs via calls to the API server. [default true]
+to use to replace the resource.
-include-uninitialized
+force
false
-If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
-
-
-label-columns
-L
-[]
-Accepts a comma separated list of labels that are going to be presented as columns. Names are case-sensitive. You can also use multiple flag options like -L label1 -L label2...
+Only used when grace-period=0. If true, immediately remove resources from API and bypass graceful deletion. Note that immediate deletion of some resources may result in inconsistency or data loss and requires confirmation.
-no-headers
+grace-period
false
-When using the default or custom-column output format, don't print headers (default print headers).
+-1
+Period of time in seconds given to the resource to terminate gracefully. Ignored if negative. Set to 1 for immediate shutdown. Can only be set to 0 when --force is true (force deletion).
output
@@ -4075,120 +3611,73 @@ Flags
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
-raw
-Raw URI to request from the server. Uses the transport specified by the kubeconfig file.
-
-
recursive
R
false
Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-selector
-l
-Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
-
-
-show-kind
-false
-If present, list the resource type for the requested object(s).
-
-
-show-labels
+save-config
false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-template
-timeout
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+0s
+The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object
-use-openapi-print-columns
+validate
true
-If true, use x-kubernetes-print-column metadata (if present) from the OpenAPI schema for displaying a resource.
-
-
-watch
-w
-false
-After listing/getting the requested object, watch for changes. Uninitialized objects are excluded if no object name is provided.
+If true, use a schema to validate the input before sending it
-watch-only
+wait
false
-Watch for changes to the requested object(s), without listing/getting first.
+If true, wait for resources to be gone before returning. This waits for finalizers.
-label
+rollout
- Update pod 'foo' with the label 'unhealthy' and the value 'true'.
+ Rollback to the previous deployment
-kubectl label pods foo unhealthy=true
+kubectl rollout undo deployment/abc
- Update pod 'foo' with the label 'status' and the value 'unhealthy', overwriting any existing value.
+ Check the rollout status of a daemonset
-kubectl label --overwrite pods foo status=unhealthy
-
-
- Update all pods in the namespace
-
-kubectl label pods --all status=unhealthy
-
-
- Update a pod identified by the type and name in "pod.json"
-
-kubectl label -f pod.json status=unhealthy
+kubectl rollout status daemonset/foo
+Manage the rollout of a resource.
+Valid resource types include:
+
+- deployments
+- daemonsets
+- statefulsets
+
+Usage
+$ rollout SUBCOMMAND
+
+history
- Update pod 'foo' only if the resource is unchanged from version 1.
+ View the rollout history of a deployment
-kubectl label pods foo status=unhealthy --resource-version=1
+kubectl rollout history deployment/abc
- Update pod 'foo' by removing a label named 'bar' if it exists. # Does not require the --overwrite flag.
+ View the details of daemonset revision 3
-kubectl label pods foo bar-
+kubectl rollout history daemonset/abc --revision=3
-Update the labels on a resource.
-
-- A label key and value must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters each.
-- Optionally, the key can begin with a DNS subdomain prefix and a single '/', like example.com/my-app
-- If --overwrite is true, then existing labels can be overwritten, otherwise attempting to overwrite a label will result in an error.
-- If --resource-version is specified, then updates will use this resource version, otherwise the existing resource-version will be used.
-
+View previous rollout revisions and configurations.
Usage
-$ label [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--resource-version=version]
+$ history (TYPE NAME | TYPE/NAME) [flags]
Flags
@@ -4201,82 +3690,88 @@ Flags
-all
-false
-Select all resources, including uninitialized ones, in the namespace of the specified resource types
-
-
-allow-missing-template-keys
-true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-
-
-dry-run
-false
-If true, only print the object that would be sent, without sending it.
-
-
filename
f
[]
-Filename, directory, or URL to files identifying the resource to update the labels
-
-
-include-extended-apis
-true
-If true, include definitions of new APIs via calls to the API server. [default true]
-
-
-include-uninitialized
-false
-If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
+Filename, directory, or URL to files identifying the resource to get from a server.
-list
-recursive
+R
false
-If true, display the labels for a given resource.
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-local
+revision
false
-If true, label will NOT contact api-server but run locally.
+0
+See the details, including podTemplate of the revision specified
+
+
+
+pause
+
+ Mark the nginx deployment as paused. Any current state of # the deployment will continue its function, new updates to the deployment will not # have an effect as long as the deployment is paused.
+
+kubectl rollout pause deployment/nginx
+
+Mark the provided resource as paused
+Paused resources will not be reconciled by a controller. Use "kubectl rollout resume" to resume a paused resource. Currently only deployments support being paused.
+Usage
+$ pause RESOURCE
+Flags
+
+
-no-headers
-false
-When using the default or custom-column output format, don't print headers (default print headers).
+Name
+Shorthand
+Default
+Usage
+
+
-output
-o
-Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+filename
+f
+[]
+Filename, directory, or URL to files identifying the resource to get from a server.
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+recursive
+R
+false
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
+
+
+
+resume
+
+ Resume an already paused deployment
+
+kubectl rollout resume deployment/nginx
+
+Resume a paused resource
+Paused resources will not be reconciled by a controller. By resuming a resource, we allow it to be reconciled again. Currently only deployments support being resumed.
+Usage
+$ resume RESOURCE
+Flags
+
+
-overwrite
-false
-If true, allow labels to be overwritten, otherwise reject label updates that overwrite existing labels.
+Name
+Shorthand
+Default
+Usage
+
+
-record
-false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
+filename
+f
+[]
+Filename, directory, or URL to files identifying the resource to get from a server.
recursive
@@ -4284,76 +3779,76 @@ Flags
false
Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
+
+
+
+status
+
+ Watch the rollout status of a deployment
+
+kubectl rollout status deployment/nginx
+
+Show the status of the rollout.
+By default 'rollout status' will watch the status of the latest rollout until it's done. If you don't want to wait for the rollout to finish then you can use --watch=false. Note that if a new rollout starts in-between, then 'rollout status' will continue watching the latest revision. If you want to pin to a specific revision and abort if it is rolled over by another revision, use --revision=N where N is the revision you need to watch for.
+Usage
+$ status (TYPE NAME | TYPE/NAME) [flags]
+Flags
+
+
-resource-version
-If non-empty, the labels update will only succeed if this is the current resource-version for the object. Only valid when specifying a single resource.
-
-
-selector
-l
-Selector (label query) to filter on, not including uninitialized ones, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2).
+Name
+Shorthand
+Default
+Usage
+
+
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+filename
+f
+[]
+Filename, directory, or URL to files identifying the resource to get from a server.
-show-labels
-recursive
+R
false
-When printing, show all labels as the last column (default hide labels column)
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-sort-by
-revision
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+0
+Pin to a specific revision for showing its status. Defaults to 0 (last revision).
-template
-Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+watch
+w
+true
+Watch the status of the rollout until it's done.
-patch
-
- Partially update a node using a strategic merge patch. Specify the patch as JSON.
-
-kubectl patch node k8s-node-1 -p '{"spec":{"unschedulable":true}}'
-
-
- Partially update a node using a strategic merge patch. Specify the patch as YAML.
-
-kubectl patch node k8s-node-1 -p $'spec:\n unschedulable: true'
-
+undo
- Partially update a node identified by the type and name specified in "node.json" using strategic merge patch.
+ Rollback to the previous deployment
-kubectl patch -f node.json -p '{"spec":{"unschedulable":true}}'
+kubectl rollout undo deployment/abc
- Update a container's image; spec.containers[*].name is required because it's a merge key.
+ Rollback to daemonset revision 3
-kubectl patch pod valid-pod -p '{"spec":{"containers":[{"name":"kubernetes-serve-hostname","image":"new image"}]}}'
+kubectl rollout undo daemonset/abc --to-revision=3
- Update a container's image using a json patch with positional arrays.
+ Rollback to the previous deployment with dry-run
-kubectl patch pod valid-pod --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"new image"}]'
+kubectl rollout undo --dry-run=true deployment/abc
-Update field(s) of a resource using strategic merge patch, a JSON merge patch, or a JSON patch.
-JSON and YAML formats are accepted.
-Please refer to the models in https://htmlpreview.github.io/?https://github.com/kubernetes/kubernetes/blob/HEAD/docs/api-reference/v1/definitions.html to find if a field is mutable.
+Rollback to a previous rollout.
Usage
-$ patch (-f FILENAME | TYPE NAME) -p PATCH
+$ undo (TYPE NAME | TYPE/NAME) [flags]
Flags
@@ -4366,58 +3861,16 @@ Flags
-allow-missing-template-keys
+dry-run
true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
+false
+If true, only print the object that would be sent, without sending it.
filename
f
[]
-Filename, directory, or URL to files identifying the resource to update
-
-
-include-extended-apis
-true
-If true, include definitions of new APIs via calls to the API server. [default true]
-
-
-local
-false
-If true, patch will operate on the content of the file, not the server-side resource.
-
-
-no-headers
-false
-When using the default or custom-column output format, don't print headers (default print headers).
-
-
-output
-o
-Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-
-
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
-patch
-p
-The patch to be applied to the resource JSON file.
-
-
-record
-false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
+Filename, directory, or URL to files identifying the resource to get from a server.
recursive
@@ -4426,65 +3879,45 @@ Flags
Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
-
-
-show-labels
-false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
-
-
-template
-Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-
-
-type
+to-revision
strategic
-The type of patch being provided; one of [json merge strategic]
+0
+The revision to rollback to. Default to 0 (last revision).
-replace
+scale
- Replace a pod using the data in pod.json.
+ Scale a replicaset named 'foo' to 3.
-kubectl replace -f ./pod.json
+kubectl scale --replicas=3 rs/foo
- Replace a pod based on the JSON passed into stdin.
+ Scale a resource identified by type and name specified in "foo.yaml" to 3.
-cat pod.json | kubectl replace -f -
+kubectl scale --replicas=3 -f foo.yaml
- Update a single-container pod's image version (tag) to v4
+ If the deployment named mysql's current size is 2, scale mysql to 3.
-kubectl get pod mypod -o yaml | sed 's/\(image: myimage\):.*$/\1:v4/' | kubectl replace -f -
+kubectl scale --current-replicas=2 --replicas=3 deployment/mysql
- Force replace, delete and then re-create the resource
+ Scale multiple replication controllers.
-kubectl replace --force -f ./pod.json
+kubectl scale --replicas=5 rc/foo rc/bar rc/baz
-Replace a resource by filename or stdin.
-JSON and YAML formats are accepted. If replacing an existing resource, the complete resource spec must be provided. This can be obtained by
- $ kubectl get TYPE NAME -o yaml
-Please refer to the models in https://htmlpreview.github.io/?https://github.com/kubernetes/kubernetes/blob/HEAD/docs/api-reference/v1/definitions.html to find if a field is mutable.
+
+ Scale statefulset named 'web' to 3.
+
+kubectl scale --replicas=3 statefulset/web
+
+Set a new size for a Deployment, ReplicaSet, Replication Controller, or StatefulSet.
+Scale also allows users to specify one or more preconditions for the scale action.
+If --current-replicas or --resource-version is specified, it is validated before the scale is attempted, and it is guaranteed that the precondition holds true when the scale is sent to the server.
Usage
-$ replace -f FILENAME
+$ scale [--resource-version=version] [--current-replicas=count] --replicas=COUNT (-f FILENAME | TYPE NAME)
Flags
@@ -4497,40 +3930,28 @@ Flags
-cascade
-false
-Only relevant during a force replace. If true, cascade the deletion of the resources managed by this resource (e.g. Pods created by a ReplicationController).
-
-
-filename
-f
-[]
-Filename, directory, or URL to files to use to replace the resource.
-
-
-force
+all
false
-Delete and re-create the specified resource
+Select all resources in the namespace of the specified resource types
-grace-period
+current-replicas
-1
-Only relevant during a force replace. Period of time in seconds given to the old resource to terminate gracefully. Ignored if negative.
+Precondition for current size. Requires that the current size of the resource match this value in order to scale.
-include-extended-apis
-true
-If true, include definitions of new APIs via calls to the API server. [default true]
+filename
+f
+[]
+Filename, directory, or URL to files identifying the resource to set a new size
output
o
Output mode. Use "-o name" for shorter output (resource/name).
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
record
@@ -4545,57 +3966,101 @@ Flags
Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-save-config
+replicas
false
-If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
+0
+The new desired number of replicas. Required.
-timeout
+resource-version
0s
-Only relevant during a force replace. The length of time to wait before giving up on a delete of the old resource, zero means determine a timeout from the size of the object. Any other values should contain a corresponding time unit (e.g. 1s, 2m, 3h).
+Precondition for resource version. Requires that the current resource version match this value in order to scale.
-validate
+selector
+l
true
-If true, use a schema to validate the input before sending it
+Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
+
+
+timeout
+0s
+The length of time to wait before giving up on a scale operation, zero means don't wait. Any other values should contain a corresponding time unit (e.g. 1s, 2m, 3h).
-rolling-update
+set
+Configure application resources
+These commands help you make changes to existing application resources.
+Usage
+$ set SUBCOMMAND
+
+env
- Update pods of frontend-v1 using new replication controller data in frontend-v2.json.
+ Update deployment 'registry' with a new environment variable
-kubectl rolling-update frontend-v1 -f frontend-v2.json
+kubectl set env deployment/registry STORAGE_DIR=/local
- Update pods of frontend-v1 using JSON data passed into stdin.
+ List the environment variables defined on a deployments 'sample-build'
-cat frontend-v2.json | kubectl rolling-update frontend-v1 -f -
+kubectl set env deployment/sample-build --list
- Update the pods of frontend-v1 to frontend-v2 by just changing the image, and switching the # name of the replication controller.
+ List the environment variables defined on all pods
-kubectl rolling-update frontend-v1 frontend-v2 --image=image:v2
+kubectl set env pods --all --list
- Update the pods of frontend by just changing the image, and keeping the old name.
+ Output modified deployment in YAML, and does not alter the object on the server
-kubectl rolling-update frontend --image=image:v2
+kubectl set env deployment/sample-build STORAGE_DIR=/data -o yaml
- Abort and reverse an existing rollout in progress (from frontend-v1 to frontend-v2).
+ Update all containers in all replication controllers in the project to have ENV=prod
-kubectl rolling-update frontend-v1 frontend-v2 --rollback
+kubectl set env rc --all ENV=prod
-Perform a rolling update of the given ReplicationController.
-Replaces the specified replication controller with a new replication controller by updating one pod at a time to use the new PodTemplate. The new-controller.json must specify the same namespace as the existing replication controller and overwrite at least one (common) label in its replicaSelector.
-! http://kubernetes.io/images/docs/kubectl_rollingupdate.svg
+
+ Import environment from a secret
+
+kubectl set env --from=secret/mysecret deployment/myapp
+
+
+ Import environment from a config map with a prefix
+
+kubectl set env --from=configmap/myconfigmap --prefix=MYSQL_ deployment/myapp
+
+
+ Import specific keys from a config map
+
+kubectl set env --keys=my-example-key --from=configmap/myconfigmap deployment/myapp
+
+
+ Remove the environment variable ENV from container 'c1' in all deployment configs
+
+kubectl set env deployments --all --containers="c1" ENV-
+
+
+ Remove the environment variable ENV from a deployment definition on disk and # update the deployment config on the server
+
+kubectl set env -f deploy.json ENV-
+
+
+ Set some of the local shell environment into a deployment config on the server
+
+env | grep RAILS_ | kubectl set env -e - deployment/registry
+
+Update environment variables on a pod template.
+List environment variable definitions in one or more pods, pod templates. Add, update, or remove container environment variable definitions in one or more pod templates (within replication controllers or deployment configurations). View or modify the environment variable definitions on all containers in the specified pods or pod templates, or just those that match a wildcard.
+If "--env -" is passed, environment variables can be read from STDIN using the standard env syntax.
+Possible resources include (case insensitive):
+ pod (po), replicationcontroller (rc), deployment (deploy), daemonset (ds), job, replicaset (rs)
Usage
-$ rolling-update OLD_CONTROLLER_NAME ([NEW_CONTROLLER_NAME] --image=NEW_CONTAINER_IMAGE | -f NEW_CONTROLLER_SPEC)
+$ env RESOURCE/NAME KEY_1=VAL_1 ... KEY_N=VAL_N
Flags
@@ -4608,22 +4073,16 @@ Flags
-allow-missing-template-keys
-true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-
-
-container
-all
Container name which will have its image upgraded. Only relevant when --image is specified, ignored otherwise. Required when using --image on a multi-container pod
+false
+If true, select all resources in the namespace of the specified resource types
-deployment-label-key
-deployment
-The key to use to differentiate between two different controllers, default 'deployment'. Only relevant when --image is specified, ignored otherwise
+containers
+c
+*
+The names of containers in the selected pod templates to change - may use wildcards
dry-run
@@ -4632,34 +4091,40 @@ Flags
If true, only print the object that would be sent, without sending it.
+env
+e
+[]
+Specify a key-value pair for an environment variable to set into each container.
+
+
filename
f
[]
-Filename or URL to file to use to create the new replication controller.
+Filename, directory, or URL to files the resource to update the env
-image
+from
Image to use for upgrading the replication controller. Must be distinct from the existing image (either new image or new image tag). Can not be used with --filename/-f
+The name of a resource from which to inject environment variables
-image-pull-policy
-keys
Explicit policy for when to pull container images. Required when --image is same as existing image, ignored otherwise.
+[]
+Comma-separated list of keys to import from specified resource
-include-extended-apis
+list
true
-If true, include definitions of new APIs via calls to the API server. [default true]
+false
+If true, display the environment and any changes in the standard format. this flag will removed when we have kubectl view env.
-no-headers
+local
false
-When using the default or custom-column output format, don't print headers (default print headers).
+If true, set env will NOT contact api-server but run locally.
output
@@ -4668,103 +4133,64 @@ Flags
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
-poll-interval
-3s
-Time delay between polling for replication controller status after the update. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
-
-
-rollback
+overwrite
false
-If true, this is a request to abort an existing rollout that is partially rolled out. It effectively reverses current and next and runs a rollout
-
-
-show-all
-a
true
-When printing, show all resources (default show all pods including terminated one.)
-
-
-show-labels
-false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+If true, allow environment to be overwritten, otherwise reject updates that overwrite existing environment.
-template
+prefix
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+Prefix to append to variable names
-timeout
-5m0s
-Max time to wait for a replication controller to update before giving up. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+recursive
+R
+false
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-update-period
+resolve
1m0s
-Time to wait between updating pods. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+false
+If true, show secret or configmap references when listing variables
-validate
+selector
+l
true
-If true, use a schema to validate the input before sending it
+Selector (label query) to filter on
-rollout
+image
- Rollback to the previous deployment
+ Set a deployment's nginx container image to 'nginx:1.9.1', and its busybox container image to 'busybox'.
-kubectl rollout undo deployment/abc
+kubectl set image deployment/nginx busybox=busybox nginx=nginx:1.9.1
- Check the rollout status of a daemonset
+ Update all deployments' and rc's nginx container's image to 'nginx:1.9.1'
-kubectl rollout status daemonset/foo
+kubectl set image deployments,rc nginx=nginx:1.9.1 --all
-Manage the rollout of a resource.
-Valid resource types include:
-
-- deployments
-- daemonsets
-- statefulsets
-
-Usage
-$ rollout SUBCOMMAND
-
-history
- View the rollout history of a deployment
+ Update image of all containers of daemonset abc to 'nginx:1.9.1'
-kubectl rollout history deployment/abc
+kubectl set image daemonset abc *=nginx:1.9.1
- View the details of daemonset revision 3
+ Print result (in yaml format) of updating nginx container image from local file, without hitting the server
-kubectl rollout history daemonset/abc --revision=3
+kubectl set image -f path/to/file.yaml nginx=nginx:1.9.1 --local -o yaml
-View previous rollout revisions and configurations.
+Update existing container image(s) of resources.
+Possible resources include (case insensitive):
+ pod (po), replicationcontroller (rc), deployment (deploy), daemonset (ds), replicaset (rs)
Usage
-$ history (TYPE NAME | TYPE/NAME) [flags]
+$ image (-f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1 ... CONTAINER_NAME_N=CONTAINER_IMAGE_N
Flags
@@ -4777,36 +4203,88 @@ Flags
+all
+false
+Select all resources, including uninitialized ones, in the namespace of the specified resource types
+
+
+dry-run
+false
+If true, only print the object that would be sent, without sending it.
+
+
filename
f
[]
Filename, directory, or URL to files identifying the resource to get from a server.
+include-uninitialized
+false
+If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
+
+
+local
+false
+If true, set image will NOT contact api-server but run locally.
+
+
+output
+o
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+
+
+record
+false
+Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
+
+
recursive
R
false
Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-revision
+selector
+l
0
-See the details, including podTemplate of the revision specified
+Selector (label query) to filter on, not including uninitialized ones, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
-pause
+resources
- Mark the nginx deployment as paused. Any current state of # the deployment will continue its function, new updates to the deployment will not # have an effect as long as the deployment is paused.
+ Set a deployments nginx container cpu limits to "200m" and memory to "512Mi"
-kubectl rollout pause deployment/nginx
+kubectl set resources deployment nginx -c=nginx --limits=cpu=200m,memory=512Mi
-Mark the provided resource as paused
-Paused resources will not be reconciled by a controller. Use "kubectl rollout resume" to resume a paused resource. Currently only deployments support being paused.
+
+ Set the resource request and limits for all containers in nginx
+
+kubectl set resources deployment nginx --limits=cpu=200m,memory=512Mi --requests=cpu=100m,memory=256Mi
+
+
+ Remove the resource requests for resources on containers in nginx
+
+kubectl set resources deployment nginx --limits=cpu=0,memory=0 --requests=cpu=0,memory=0
+
+
+ Print the result (in yaml format) of updating nginx container limits from a local, without hitting the server
+
+kubectl set resources -f path/to/file.yaml --limits=cpu=200m,memory=512Mi --local -o yaml
+
+Specify compute resource requirements (cpu, memory) for any resource that defines a pod template. If a pod is successfully scheduled, it is guaranteed the amount of resource requested, but may burst up to its specified limits.
+for each compute resource, if a limit is specified and a request is omitted, the request will default to the limit.
+Possible resources include (case insensitive): Use "kubectl api-resources" for a complete list of supported resources..
Usage
-$ pause RESOURCE
+$ resources (-f FILENAME | TYPE NAME) ([--limits=LIMITS & --requests=REQUESTS]
Flags
@@ -4819,30 +4297,91 @@ Flags
+all
+false
+Select all resources, including uninitialized ones, in the namespace of the specified resource types
+
+
+containers
+c
+*
+The names of containers in the selected pod templates to change, all containers are selected by default - may use wildcards
+
+
+dry-run
+false
+If true, only print the object that would be sent, without sending it.
+
+
filename
f
[]
Filename, directory, or URL to files identifying the resource to get from a server.
+include-uninitialized
+false
+If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
+
+
+limits
+The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges.
+
+
+local
+false
+If true, set resources will NOT contact api-server but run locally.
+
+
+output
+o
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+
+
+record
+false
+Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
+
+
recursive
R
false
Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
+
+requests
+The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges.
+
+
+selector
+l
+Selector (label query) to filter on, not including uninitialized ones,supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
+
-resume
+selector
- Resume an already paused deployment
+ set the labels and selector before creating a deployment/service pair.
-kubectl rollout resume deployment/nginx
+kubectl create service clusterip my-svc --clusterip="None" -o yaml --dry-run | kubectl set selector --local -f - 'environment=qa' -o yaml | kubectl create -f -
+kubectl create deployment my-dep -o yaml --dry-run | kubectl label --local -f - environment=qa -o yaml | kubectl create -f -
-Resume a paused resource
-Paused resources will not be reconciled by a controller. By resuming a resource, we allow it to be reconciled again. Currently only deployments support being resumed.
+Set the selector on a resource. Note that the new selector will overwrite the old selector if the resource had one prior to the invocation of 'set selector'.
+A selector must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters. If --resource-version is specified, then updates will use this resource version, otherwise the existing resource-version will be used. Note: currently selectors can only be set on Service objects.
Usage
-$ resume RESOURCE
+$ selector (-f FILENAME | TYPE NAME) EXPRESSIONS [--resource-version=version]
Flags
@@ -4855,30 +4394,78 @@ Flags
+all
+false
+Select all resources in the namespace of the specified resource types
+
+
+dry-run
+false
+If true, only print the object that would be sent, without sending it.
+
+
filename
f
[]
-Filename, directory, or URL to files identifying the resource to get from a server.
+identifying the resource.
-recursive
-R
+include-uninitialized
+false
-Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
+If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
-
+
+local
+false
+If true, annotation will NOT contact api-server but run locally.
+
+
+output
+o
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+
+
+record
+false
+Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
+
+
+recursive
+R
+true
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
+
+
+resource-version
+If non-empty, the selectors update will only succeed if this is the current resource-version for the object. Only valid when specifying a single resource.
+
+
-status
+serviceaccount
- Watch the rollout status of a deployment
+ Set Deployment nginx-deployment's ServiceAccount to serviceaccount1
-kubectl rollout status deployment/nginx
+kubectl set serviceaccount deployment nginx-deployment serviceaccount1
-Show the status of the rollout.
-By default 'rollout status' will watch the status of the latest rollout until it's done. If you don't want to wait for the rollout to finish then you can use --watch=false. Note that if a new rollout starts in-between, then 'rollout status' will continue watching the latest revision. If you want to pin to a specific revision and abort if it is rolled over by another revision, use --revision=N where N is the revision you need to watch for.
+
+ Print the result (in yaml format) of updated nginx deployment with serviceaccount from local file, without hitting apiserver
+
+kubectl set sa -f nginx-deployment.yaml serviceaccount1 --local --dry-run -o yaml
+
+Update ServiceAccount of pod template resources.
+Possible resources (case insensitive) can be:
+replicationcontroller (rc), deployment (deploy), daemonset (ds), job, replicaset (rs), statefulset
Usage
-$ status (TYPE NAME | TYPE/NAME) [flags]
+$ serviceaccount (-f FILENAME | TYPE NAME) SERVICE_ACCOUNT
Flags
@@ -4891,51 +4478,75 @@ Flags
+all
+false
+Select all resources, including uninitialized ones, in the namespace of the specified resource types
+
+
+dry-run
+false
+If true, only print the object that would be sent, without sending it.
+
+
filename
f
[]
Filename, directory, or URL to files identifying the resource to get from a server.
-recursive
-R
+include-uninitialized
+false
-Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
+If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
-revision
+local
0
-Pin to a specific revision for showing its status. Defaults to 0 (last revision).
+false
+If true, set serviceaccount will NOT contact api-server but run locally.
-watch
-w
-true
-Watch the status of the rollout until it's done.
+output
+o
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+
+
+record
+false
+Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
+
+
+recursive
+R
+false
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-undo
+subject
- Rollback to the previous deployment
+ Update a ClusterRoleBinding for serviceaccount1
-kubectl rollout undo deployment/abc
+kubectl set subject clusterrolebinding admin --serviceaccount=namespace:serviceaccount1
- Rollback to daemonset revision 3
+ Update a RoleBinding for user1, user2, and group1
-kubectl rollout undo daemonset/abc --to-revision=3
+kubectl set subject rolebinding admin --user=user1 --user=user2 --group=group1
- Rollback to the previous deployment with dry-run
+ Print the result (in yaml format) of updating rolebinding subjects from a local, without hitting the server
-kubectl rollout undo --dry-run=true deployment/abc
+kubectl create rolebinding admin --role=admin --user=admin -o yaml --dry-run | kubectl set subject --local -f - --user=foo -o yaml
-Rollback to a previous rollout.
+Update User, Group or ServiceAccount in a RoleBinding/ClusterRoleBinding.
Usage
-$ undo (TYPE NAME | TYPE/NAME) [flags]
+$ subject (-f FILENAME | TYPE NAME) [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run]
Flags
@@ -4948,6 +4559,12 @@ Flags
+all
+false
+Select all resources, including uninitialized ones, in the namespace of the specified resource types
+
+
dry-run
false
@@ -4957,7 +4574,31 @@ Flags
filename
f
[]
-Filename, directory, or URL to files identifying the resource to get from a server.
+Filename, directory, or URL to files the resource to update the subjects
+
+
+group
+[]
+Groups to bind to the role
+
+
+include-uninitialized
+false
+If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
+
+
+local
+false
+If true, set subject will NOT contact api-server but run locally.
+
+
+output
+o
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
recursive
@@ -4966,45 +4607,23 @@ Flags
Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-to-revision
+selector
+l
0
-The revision to rollback to. Default to 0 (last revision).
+Selector (label query) to filter on, not including uninitialized ones, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
+
+
+serviceaccount
+[]
+Service accounts to bind to the role
-scale
-
- Scale a replicaset named 'foo' to 3.
-
-kubectl scale --replicas=3 rs/foo
-
-
- Scale a resource identified by type and name specified in "foo.yaml" to 3.
-
-kubectl scale --replicas=3 -f foo.yaml
-
-
- If the deployment named mysql's current size is 2, scale mysql to 3.
-
-kubectl scale --current-replicas=2 --replicas=3 deployment/mysql
-
-
- Scale multiple replication controllers.
-
-kubectl scale --replicas=5 rc/foo rc/bar rc/baz
-
-
- Scale statefulset named 'web' to 3.
-
-kubectl scale --replicas=3 statefulset/web
-
-Set a new size for a Deployment, ReplicaSet, Replication Controller, or StatefulSet.
-Scale also allows users to specify one or more preconditions for the scale action.
-If --current-replicas or --resource-version is specified, it is validated before the scale is attempted, and it is guaranteed that the precondition holds true when the scale is sent to the server.
+wait
Usage
-$ scale [--resource-version=version] [--current-replicas=count] --replicas=COUNT (-f FILENAME | TYPE NAME)
+$ wait resource.group/name [--for=delete|--for condition=available]
Flags
@@ -5017,60 +4636,36 @@ Flags
-all
+all-namespaces
false
-Select all resources in the namespace of the specified resource types
-
-
-current-replicas
--1
-Precondition for current size. Requires that the current size of the resource match this value in order to scale.
+If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
filename
f
[]
-Filename, directory, or URL to files identifying the resource to set a new size
+identifying the resource.
-include-extended-apis
+for
true
-If true, include definitions of new APIs via calls to the API server. [default true]
+The condition to wait on: [delete|condition=condition-name].
output
o
Output mode. Use "-o name" for shorter output (resource/name).
-
-
-record
-false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
recursive
R
-false
+true
Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-replicas
--1
-The new desired number of replicas. Required.
-
-
-resource-version
-Precondition for resource version. Requires that the current resource version match this value in order to scale.
-
-
selector
l
Flags
timeout
0s
-The length of time to wait before giving up on a scale operation, zero means don't wait. Any other values should contain a corresponding time unit (e.g. 1s, 2m, 3h).
+30s
+The length of time to wait before giving up. Zero means check once and don't wait, negative means wait for a week.
+WORKING WITH APPS
+This section contains commands for inspecting and debugging your
+applications.
+
+logs will print the logs from the specified pod + container.exec can be used to get an interactive shell on a pod + container.describe will print debug information about the given resource.
-set
-Configure application resources
-These commands help you make changes to existing application resources.
-Usage
-$ set SUBCOMMAND
-
-env
+attach
- Update deployment 'registry' with a new environment variable
+ Get output from running pod 123456-7890, using the first container by default
-kubectl set env deployment/registry STORAGE_DIR=/local
+kubectl attach 123456-7890
- List the environment variables defined on a deployments 'sample-build'
+ Get output from ruby-container from pod 123456-7890
-kubectl set env deployment/sample-build --list
+kubectl attach 123456-7890 -c ruby-container
- List the environment variables defined on all pods
+ Switch to raw terminal mode, sends stdin to 'bash' in ruby-container from pod 123456-7890 # and sends stdout/stderr from 'bash' back to the client
-kubectl set env pods --all --list
+kubectl attach 123456-7890 -c ruby-container -i -t
- Output modified deployment in YAML, and does not alter the object on the server
+ Get output from the first pod of a ReplicaSet named nginx
-kubectl set env deployment/sample-build STORAGE_DIR=/data -o yaml
+kubectl attach rs/nginx
-
- Update all containers in all replication controllers in the project to have ENV=prod
+Attach to a process that is already running inside an existing container.
+Usage
+$ attach (POD | TYPE/NAME) -c CONTAINER
+Flags
+
+
+
+Name
+Shorthand
+Default
+Usage
+
+
+
+
+container
+c
+Container name. If omitted, the first container in the pod will be chosen
+
+
+pod-running-timeout
+1m0s
+The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running
+
+
+stdin
+i
+false
+Pass stdin to the container
+
+
+tty
+t
+false
+Stdin is a TTY
+
+
+
+
+auth
+Inspect authorization
+Usage
+$ auth
+
+can-i
+
+ Check to see if I can create pods in any namespace
-kubectl set env rc --all ENV=prod
+kubectl auth can-i create pods --all-namespaces
- Import environment from a secret
+ Check to see if I can list deployments in my current namespace
-kubectl set env --from=secret/mysecret deployment/myapp
+kubectl auth can-i list deployments.extensions
- Import environment from a config map with a prefix
+ Check to see if I can do everything in my current namespace ("*" means all)
-kubectl set env --from=configmap/myconfigmap --prefix=MYSQL_ deployment/myapp
+kubectl auth can-i '*' '*'
- Remove the environment variable ENV from container 'c1' in all deployment configs
+ Check to see if I can get the job named "bar" in namespace "foo"
-kubectl set env deployments --all --containers="c1" ENV-
+kubectl auth can-i list jobs.batch/bar -n foo
- Remove the environment variable ENV from a deployment definition on disk and # update the deployment config on the server
+ Check to see if I can read pod logs
-kubectl set env -f deploy.json ENV-
+kubectl auth can-i get pods --subresource=log
- Set some of the local shell environment into a deployment config on the server
+ Check to see if I can access the URL /logs/
-env | grep RAILS_ | kubectl set env -e - deployment/registry
+kubectl auth can-i get /logs/
-Update environment variables on a pod template.
-List environment variable definitions in one or more pods, pod templates. Add, update, or remove container environment variable definitions in one or more pod templates (within replication controllers or deployment configurations). View or modify the environment variable definitions on all containers in the specified pods or pod templates, or just those that match a wildcard.
-If "--env -" is passed, environment variables can be read from STDIN using the standard env syntax.
-Possible resources include (case insensitive):
- pod (po), replicationcontroller (rc), deployment (deploy), daemonset (ds), job, replicaset (rs)
+Check whether an action is allowed.
+VERB is a logical Kubernetes API verb like 'get', 'list', 'watch', 'delete', etc. TYPE is a Kubernetes resource. Shortcuts and groups will be resolved. NONRESOURCEURL is a partial URL starts with "/". NAME is the name of a particular Kubernetes resource.
Usage
-$ env RESOURCE/NAME KEY_1=VAL_1 ... KEY_N=VAL_N
+$ can-i VERB [TYPE | TYPE/NAME | NONRESOURCEURL]
Flags
@@ -5161,64 +4802,58 @@ Flags
-all
+all-namespaces
false
-If true, select all resources in the namespace of the specified resource types
-
-
-allow-missing-template-keys
-true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-
-
-containers
-c
-*
-The names of containers in the selected pod templates to change - may use wildcards
+If true, check the specified action in all namespaces.
-dry-run
-quiet
+q
false
-If true, only print the object that would be sent, without sending it.
-
-
-env
-e
-[]
-Specify a key-value pair for an environment variable to set into each container.
-
-
-filename
-f
-[]
-Filename, directory, or URL to files the resource to update the env
+If true, suppress output and just return the exit code.
-from
+subresource
The name of a resource from which to inject environment variables
+SubResource such as pod/log or deployment/scale
+
+
+
+reconcile
+
+ Reconcile rbac resources from a file
+
+kubectl auth reconcile -f my-rbac-rules.yaml
+
+Reconciles rules for RBAC Role, RoleBinding, ClusterRole, and ClusterRole binding objects.
+This is preferred to 'apply' for RBAC resources so that proper rule coverage checks are done.
+Usage
+$ reconcile -f FILENAME
+Flags
+
+
-list
-false
-If true, display the environment and any changes in the standard format. this flag will removed when we have kubectl view env.
+Name
+Shorthand
+Default
+Usage
+
+
-local
+dry-run
false
-If true, set env will NOT contact api-server but run locally.
+If true, display results but do not submit changes
-no-headers
-false
-When using the default or custom-column output format, don't print headers (default print headers).
+filename
+f
+[]
+Filename, directory, or URL to files identifying the resource to reconcile.
output
@@ -5227,94 +4862,38 @@ Flags
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
-overwrite
-true
-If true, allow environment to be overwritten, otherwise reject updates that overwrite existing environment.
-
-
-prefix
-Prefix to append to variable names
-
-
recursive
R
false
Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-
-resolve
-false
-If true, show secret or configmap references when listing variables
-
-
-selector
-l
-Selector (label query) to filter on
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
-
-
-show-labels
-false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
-
-
-template
-Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-
-image
+cp
- Set a deployment's nginx container image to 'nginx:1.9.1', and its busybox container image to 'busybox'.
+ !!!Important Note!!! # Requires that the 'tar' binary is present in your container # image. If 'tar' is not present, 'kubectl cp' will fail. # Copy /tmp/foo_dir local directory to /tmp/bar_dir in a remote pod in the default namespace
-kubectl set image deployment/nginx busybox=busybox nginx=nginx:1.9.1
+kubectl cp /tmp/foo_dir <some-pod>:/tmp/bar_dir
- Update all deployments' and rc's nginx container's image to 'nginx:1.9.1'
+ Copy /tmp/foo local file to /tmp/bar in a remote pod in a specific container
-kubectl set image deployments,rc nginx=nginx:1.9.1 --all
+kubectl cp /tmp/foo <some-pod>:/tmp/bar -c <specific-container>
- Update image of all containers of daemonset abc to 'nginx:1.9.1'
+ Copy /tmp/foo local file to /tmp/bar in a remote pod in namespace
-kubectl set image daemonset abc *=nginx:1.9.1
+kubectl cp /tmp/foo <some-namespace>/<some-pod>:/tmp/bar
- Print result (in yaml format) of updating nginx container image from local file, without hitting the server
+ Copy /tmp/foo from a remote pod to /tmp/bar locally
-kubectl set image -f path/to/file.yaml nginx=nginx:1.9.1 --local -o yaml
+kubectl cp <some-namespace>/<some-pod>:/tmp/foo /tmp/bar
-Update existing container image(s) of resources.
-Possible resources include (case insensitive):
- pod (po), replicationcontroller (rc), deployment (deploy), daemonset (ds), replicaset (rs)
+Copy files and directories to and from containers.
Usage
-$ image (-f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1 ... CONTAINER_NAME_N=CONTAINER_IMAGE_N
+$ cp <file-spec-src> <file-spec-dest>
Flags
@@ -5327,64 +4906,80 @@ Flags
-all
-false
-Select all resources, including uninitialized ones, in the namespace of the specified resource types
-
-
-allow-missing-template-keys
-true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-
-
-dry-run
+container
+c
false
-If true, only print the object that would be sent, without sending it.
-
-
-filename
-f
-[]
-Filename, directory, or URL to files identifying the resource to get from a server.
-
-
-include-uninitialized
-false
-If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
+Container name. If omitted, the first container in the pod will be chosen
+
+
+
+describe
+
+ Describe a node
+
+kubectl describe nodes kubernetes-node-emt8.c.myproject.internal
+
+
+ Describe a pod
+
+kubectl describe pods/nginx
+
+
+ Describe a pod identified by type and name in "pod.json"
+
+kubectl describe -f pod.json
+
+
+ Describe all pods
+
+kubectl describe pods
+
+
+ Describe pods by label name=myLabel
+
+kubectl describe po -l name=myLabel
+
+
+ Describe all pods managed by the 'frontend' replication controller (rc-created pods # get the name of the rc as a prefix in the pod the name).
+
+kubectl describe pods frontend
+
+Show details of a specific resource or group of resources
+Print a detailed description of the selected resources, including related resources such as events or controllers. You may select a single object by name, all objects of that type, provide a name prefix, or label selector. For example:
+ $ kubectl describe TYPE NAME_PREFIX
+will first check for an exact match on TYPE and NAME PREFIX. If no such resource exists, it will output details for every resource that has a name prefixed with NAME PREFIX.
+Use "kubectl api-resources" for a complete list of supported resources.
+Usage
+$ describe (-f FILENAME | TYPE [NAME_PREFIX | -l label] | TYPE/NAME)
+Flags
+
+
-local
-false
-If true, set image will NOT contact api-server but run locally.
+Name
+Shorthand
+Default
+Usage
+
+
-no-headers
+all-namespaces
false
-When using the default or custom-column output format, don't print headers (default print headers).
-
-
-output
-o
-Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+filename
+f
+[]
+Filename, directory, or URL to files containing the resource to describe
-record
+include-uninitialized
false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
+If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
recursive
@@ -5396,61 +4991,128 @@ Flags
selector
l
Selector (label query) to filter on, not including uninitialized ones, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
+Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
-show-all
-a
+show-events
+true
-When printing, show all resources (default show all pods including terminated one.)
+If true, display events related to the described object.
+
+
+
+exec
+
+ Get output from running 'date' from pod 123456-7890, using the first container by default
+
+kubectl exec 123456-7890 date
+
+
+ Get output from running 'date' in ruby-container from pod 123456-7890
+
+kubectl exec 123456-7890 -c ruby-container date
+
+
+ Switch to raw terminal mode, sends stdin to 'bash' in ruby-container from pod 123456-7890 # and sends stdout/stderr from 'bash' back to the client
+
+kubectl exec 123456-7890 -c ruby-container -i -t -- bash -il
+
+
+ List contents of /usr from the first container of pod 123456-7890 and sort by modification time. # If the command you want to execute in the pod has any flags in common (e.g. -i), # you must use two dashes (--) to separate your command's flags/arguments. # Also note, do not surround your command and its flags/arguments with quotes # unless that is how you would execute it normally (i.e., do ls -t /usr, not "ls -t /usr").
+
+kubectl exec 123456-7890 -i -t -- ls -t /usr
+
+Execute a command in a container.
+Usage
+$ exec POD [-c CONTAINER] -- COMMAND [args...]
+Flags
+
+
-show-labels
-false
-When printing, show all labels as the last column (default hide labels column)
+Name
+Shorthand
+Default
+Usage
+
+
-sort-by
-container
+c
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+Container name. If omitted, the first container in the pod will be chosen
-template
-pod
+p
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+Pod name
+
+
+stdin
+i
+false
+Pass stdin to the container
+
+
+tty
+t
+false
+Stdin is a TTY
-resources
+logs
- Set a deployments nginx container cpu limits to "200m" and memory to "512Mi"
+ Return snapshot logs from pod nginx with only one container
-kubectl set resources deployment nginx -c=nginx --limits=cpu=200m,memory=512Mi
+kubectl logs nginx
- Set the resource request and limits for all containers in nginx
+ Return snapshot logs from pod nginx with multi containers
-kubectl set resources deployment nginx --limits=cpu=200m,memory=512Mi --requests=cpu=100m,memory=256Mi
+kubectl logs nginx --all-containers=true
- Remove the resource requests for resources on containers in nginx
+ Return snapshot logs from all containers in pods defined by label app=nginx
-kubectl set resources deployment nginx --limits=cpu=0,memory=0 --requests=cpu=0,memory=0
+kubectl logs -lapp=nginx --all-containers=true
- Print the result (in yaml format) of updating nginx container limits from a local, without hitting the server
+ Return snapshot of previous terminated ruby container logs from pod web-1
-kubectl set resources -f path/to/file.yaml --limits=cpu=200m,memory=512Mi --local -o yaml
+kubectl logs -p -c ruby web-1
-Specify compute resource requirements (cpu, memory) for any resource that defines a pod template. If a pod is successfully scheduled, it is guaranteed the amount of resource requested, but may burst up to its specified limits.
-for each compute resource, if a limit is specified and a request is omitted, the request will default to the limit.
-Possible resources include (case insensitive): replicationcontroller, deployment, daemonset, job, replicaset.
+
+ Begin streaming the logs of the ruby container in pod web-1
+
+kubectl logs -f -c ruby web-1
+
+
+ Display only the most recent 20 lines of output in pod nginx
+
+kubectl logs --tail=20 nginx
+
+
+ Show all logs from pod nginx written in the last hour
+
+kubectl logs --since=1h nginx
+
+
+ Return snapshot logs from first container of a job named hello
+
+kubectl logs job/hello
+
+
+ Return snapshot logs from container nginx-1 of a deployment named nginx
+
+kubectl logs deployment/nginx -c nginx-1
+
+Print the logs for a container in a pod or specified resource. If the pod has only one container, the container name is optional.
Usage
-$ resources (-f FILENAME | TYPE NAME) ([--limits=LIMITS & --requests=REQUESTS]
+$ logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER]
Flags
@@ -5463,133 +5125,160 @@ Flags
-all
+all-containers
false
-Select all resources, including uninitialized ones, in the namespace of the specified resource types
-
-
-allow-missing-template-keys
-true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
+Get all containers's logs in the pod(s).
-containers
+container
c
-*
-The names of containers in the selected pod templates to change, all containers are selected by default - may use wildcards
-
-
-dry-run
false
-If true, only print the object that would be sent, without sending it.
+Print the logs of this container
-filename
+follow
f
-[]
-Filename, directory, or URL to files identifying the resource to get from a server.
+false
+Specify if the logs should be streamed.
-include-uninitialized
+interactive
false
-If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
+If true, prompt the user for input when required.
-limits
-limit-bytes
The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges.
+0
+Maximum bytes of logs to return. Defaults to no limit.
-local
+pod-running-timeout
20s
+The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running
+
+
+previous
+p
false
-If true, set resources will NOT contact api-server but run locally.
+If true, print the logs for the previous instance of the container in a pod if it exists.
-no-headers
+selector
+l
false
-When using the default or custom-column output format, don't print headers (default print headers).
+Selector (label query) to filter on.
-output
-o
+since
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+0s
+Only return logs newer than a relative duration like 5s, 2m, or 3h. Defaults to all logs. Only one of since-time / since may be used.
-output-version
+since-time
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+Only return logs after a specific date (RFC3339). Defaults to all logs. Only one of since-time / since may be used.
-record
-false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
-
-
-recursive
-R
-false
-Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-
-
-requests
-The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges.
-
-
-selector
-l
+tail
Selector (label query) to filter on, not including uninitialized ones,supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+-1
+Lines of recent log file to display. Defaults to -1 with no selector, showing all log lines otherwise 10, if a selector is provided.
-show-labels
+timestamps
false
-When printing, show all labels as the last column (default hide labels column)
+Include timestamps on each line in the log output
+
+
+
+port-forward
+
+ Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in the pod
+
+kubectl port-forward pod/mypod 5000 6000
+
+
+ Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in a pod selected by the deployment
+
+kubectl port-forward deployment/mydeployment 5000 6000
+
+
+ Listen on port 8888 locally, forwarding to 5000 in the pod
+
+kubectl port-forward pod/mypod 8888:5000
+
+
+ Listen on a random port locally, forwarding to 5000 in the pod
+
+kubectl port-forward pod/mypod :5000
+
+Forward one or more local ports to a pod.
+Use resource type/name such as deployment/mydeployment to select a pod. Resource type defaults to 'pod' if omitted.
+If there are multiple pods matching the criteria, a pod will be selected automatically. The forwarding session ends when the selected pod terminates, and rerun of the command is needed to resume forwarding.
+Usage
+$ port-forward TYPE/NAME [LOCAL_PORT:]REMOTE_PORT [...[LOCAL_PORT_N:]REMOTE_PORT_N]
+Flags
+
+
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+Name
+Shorthand
+Default
+Usage
+
+
-template
-pod-running-timeout
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+1m0s
+The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running
-selector
+proxy
- set the labels and selector before creating a deployment/service pair.
+ To proxy all of the kubernetes api and nothing else, use:
-kubectl create service clusterip my-svc --clusterip="None" -o yaml --dry-run | kubectl set selector --local -f - 'environment=qa' -o yaml | kubectl create -f -
-kubectl create deployment my-dep -o yaml --dry-run | kubectl label --local -f - environment=qa -o yaml | kubectl create -f -
+$ kubectl proxy --api-prefix=/
-Set the selector on a resource. Note that the new selector will overwrite the old selector if the resource had one prior to the invocation of 'set selector'.
-A selector must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters. If --resource-version is specified, then updates will use this resource version, otherwise the existing resource-version will be used. Note: currently selectors can only be set on Service objects.
+
+ To proxy only part of the kubernetes api and also some static files:
+
+$ kubectl proxy --www=/my/files --www-prefix=/static/ --api-prefix=/api/
+
+
+ The above lets you 'curl localhost:8001/api/v1/pods'. # To proxy the entire kubernetes api at a different root, use:
+
+$ kubectl proxy --api-prefix=/custom/
+
+
+ The above lets you 'curl localhost:8001/custom/api/v1/pods' # Run a proxy to kubernetes apiserver on port 8011, serving static content from ./local/www/
+
+kubectl proxy --port=8011 --www=./local/www/
+
+
+ Run a proxy to kubernetes apiserver on an arbitrary local port. # The chosen port for the server will be output to stdout.
+
+kubectl proxy --port=0
+
+
+ Run a proxy to kubernetes apiserver, changing the api prefix to k8s-api # This makes e.g. the pods api available at localhost:8001/k8s-api/v1/pods/
+
+kubectl proxy --api-prefix=/k8s-api
+
+Creates a proxy server or application-level gateway between localhost and the Kubernetes API Server. It also allows serving static content over specified HTTP path. All incoming data enters through one port and gets forwarded to the remote kubernetes API Server port, except for the path matching the static content path.
Usage
-$ selector (-f FILENAME | TYPE NAME) EXPRESSIONS [--resource-version=version]
+$ proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-prefix=prefix]
Flags
@@ -5602,120 +5291,96 @@ Flags
-all
-false
-Select all resources, including uninitialized ones, in the namespace of the specified resource types
-
-
-allow-missing-template-keys
+accept-hosts
true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
+^localhost$,^127.0.0.1$,^[::1]$
+Regular expression for hosts that the proxy should accept.
-dry-run
+accept-paths
false
-If true, only print the object that would be sent, without sending it.
-
-
-filename
-f
-[]
-Filename, directory, or URL to files the resource to update the selectors
+^.*
+Regular expression for paths that the proxy should accept.
-include-uninitialized
+address
false
-If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
+127.0.0.1
+The IP address on which to serve on.
-local
+api-prefix
false
-If true, set selector will NOT contact api-server but run locally.
+/
+Prefix to serve the proxied API under.
-no-headers
+disable-filter
false
-When using the default or custom-column output format, don't print headers (default print headers).
-
-
-output
-o
-Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+If true, disable request filtering in the proxy. This is dangerous, and can leave you vulnerable to XSRF attacks, when used with an accessible port.
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+port
+p
+8001
+The port on which to run the proxy. Set to 0 to pick a random port.
-record
+reject-methods
false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
-
-
-recursive
-R
-false
-Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
+^$
+Regular expression for HTTP methods that the proxy should reject (example --reject-methods='POST,PUT,PATCH').
-resource-version
-reject-paths
If non-empty, the selectors update will only succeed if this is the current resource-version for the object. Only valid when specifying a single resource.
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+^/api/./pods/./exec,^/api/./pods/./attach
+Regular expression for paths that the proxy should reject. Paths specified here will be rejected even accepted by --accept-paths.
-show-labels
+unix-socket
+u
false
-When printing, show all labels as the last column (default hide labels column)
+Unix socket on which to run the proxy.
-sort-by
-www
+w
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+Also serve static files from the given directory under the specified prefix.
-template
-Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+www-prefix
+P
+/static/
+Prefix to serve static files under, if static file directory is specified.
-serviceaccount
+top
+Display Resource (CPU/Memory/Storage) usage.
+The top command allows you to see the resource consumption for nodes or pods.
+This command requires Heapster to be correctly configured and working on the server.
+Usage
+$ top
+
+node
- Set Deployment nginx-deployment's ServiceAccount to serviceaccount1
+ Show metrics for all nodes
-kubectl set serviceaccount deployment nginx-deployment serviceaccount1
+kubectl top node
- Print the result (in yaml format) of updated nginx deployment with serviceaccount from local file, without hitting apiserver
+ Show metrics for a given node
-kubectl set sa -f nginx-deployment.yaml serviceaccount1 --local --dry-run -o yaml
+kubectl top node NODE_NAME
-Update ServiceAccount of pod template resources.
-Possible resources (case insensitive) can be:
-replicationcontroller (rc), deployment (deploy), daemonset (ds), job, replicaset (rs), statefulset
+Display Resource (CPU/Memory/Storage) usage of nodes.
+The top-node command allows you to see the resource consumption of nodes.
Usage
-$ serviceaccount (-f FILENAME | TYPE NAME) SERVICE_ACCOUNT
+$ node [NAME | -l label]
Flags
@@ -5728,117 +5393,142 @@ Flags
-all
+heapster-namespace
false
-Select all resources, including uninitialized ones, in the namespace of the specified resource types
+kube-system
+Namespace Heapster service is located in
-allow-missing-template-keys
+heapster-port
true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
+Port name in service to use
-dry-run
+heapster-scheme
false
-If true, only print the object that would be sent, without sending it.
+http
+Scheme (http or https) to connect to Heapster as
-filename
-f
-[]
-Filename, directory, or URL to files identifying the resource to get from a server.
+heapster-service
+heapster
+Name of Heapster service
-include-uninitialized
+selector
+l
false
-If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
+Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
+
+
+
+pod
+
+ Show metrics for all pods in the default namespace
+
+kubectl top pod
+
+
+ Show metrics for all pods in the given namespace
+
+kubectl top pod --namespace=NAMESPACE
+
+
+ Show metrics for a given pod and its containers
+
+kubectl top pod POD_NAME --containers
+
+
+ Show metrics for the pods defined by label name=myLabel
+
+kubectl top pod -l name=myLabel
+
+Display Resource (CPU/Memory/Storage) usage of pods.
+The 'top pod' command allows you to see the resource consumption of pods.
+Due to the metrics pipeline delay, they may be unavailable for a few minutes since pod creation.
+Usage
+$ pod [NAME | -l label]
+Flags
+
+
-local
-false
-If true, set serviceaccount will NOT contact api-server but run locally.
+Name
+Shorthand
+Default
+Usage
+
+
-no-headers
+all-namespaces
false
-When using the default or custom-column output format, don't print headers (default print headers).
+If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
-output
-o
+containers
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+false
+If present, print usage of containers within a pod.
-output-version
-heapster-namespace
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+kube-system
+Namespace Heapster service is located in
-record
+heapster-port
false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
-
-
-recursive
-R
-false
-Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+Port name in service to use
-show-labels
+heapster-scheme
false
-When printing, show all labels as the last column (default hide labels column)
+http
+Scheme (http or https) to connect to Heapster as
-sort-by
-heapster-service
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+heapster
+Name of Heapster service
-template
-selector
+l
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
+CLUSTER MANAGEMENT
-subject
-
- Update a ClusterRoleBinding for serviceaccount1
-
-kubectl set subject clusterrolebinding admin --serviceaccount=namespace:serviceaccount1
-
-
- Update a RoleBinding for user1, user2, and group1
-
-kubectl set subject rolebinding admin --user=user1 --user=user2 --group=group1
-
+api-versions
- Print the result (in yaml format) of updating rolebinding subjects from a local, without hitting the server
+ Print the supported API versions
-kubectl create rolebinding admin --role=admin --user=admin -o yaml --dry-run | kubectl set subject --local -f - --user=foo -o yaml
+kubectl api-versions
-Update User, Group or ServiceAccount in a RoleBinding/ClusterRoleBinding.
+Print the supported API versions on the server, in the form of "group/version"
Usage
-$ subject (-f FILENAME | TYPE NAME) [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run]
+$ api-versions
+
+certificate
+Modify certificate resources.
+Usage
+$ certificate SUBCOMMAND
+
+approve
+Approve a certificate signing request.
+kubectl certificate approve allows a cluster admin to approve a certificate signing request (CSR). This action tells a certificate signing controller to issue a certificate to the requestor with the attributes requested in the CSR.
+SECURITY NOTICE: Depending on the requested attributes, the issued certificate can potentially grant a requester access to cluster resources or to authenticate as a requested identity. Before approving a CSR, ensure you understand what the signed certificate can do.
+Usage
+$ approve (-f FILENAME | NAME)
Flags
@@ -5851,52 +5541,16 @@ Flags
-all
-false
-Select all resources, including uninitialized ones, in the namespace of the specified resource types
-
-
-allow-missing-template-keys
-true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-
-
-dry-run
-false
-If true, only print the object that would be sent, without sending it.
-
-
filename
f
[]
-Filename, directory, or URL to files the resource to update the subjects
-
-
-group
-[]
-Groups to bind to the role
-
-
-include-uninitialized
-false
-If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
-
-
-local
-false
-If true, set subject will NOT contact api-server but run locally.
+Filename, directory, or URL to files identifying the resource to update
-no-headers
+force
false
-When using the default or custom-column output format, don't print headers (default print headers).
+Update the CSR even if it is already approved.
output
@@ -5905,83 +5559,92 @@ Flags
Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
recursive
R
false
Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
+
+
+
+deny
+Deny a certificate signing request.
+kubectl certificate deny allows a cluster admin to deny a certificate signing request (CSR). This action tells a certificate signing controller to not to issue a certificate to the requestor.
+Usage
+$ deny (-f FILENAME | NAME)
+Flags
+
+
-selector
-l
-Selector (label query) to filter on, not including uninitialized ones, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
+Name
+Shorthand
+Default
+Usage
+
+
-serviceaccount
-filename
+f
[]
-Service accounts to bind to the role
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+Filename, directory, or URL to files identifying the resource to update
-show-labels
+force
false
-When printing, show all labels as the last column (default hide labels column)
+Update the CSR even if it is already denied.
-sort-by
-output
+o
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-template
-Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+recursive
+R
+false
+Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-DECLARATIVE APP MANAGEMENT
-apply
+cluster-info
- Apply the configuration in pod.json to a pod.
+ Print the address of the master and cluster services
-kubectl apply -f ./pod.json
+kubectl cluster-info
+Display addresses of the master and services with label kubernetes.io/cluster-service=true To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
+Usage
+$ cluster-info
+
+dump
- Apply the JSON passed into stdin to a pod.
+ Dump current cluster state to stdout
-cat pod.json | kubectl apply -f -
+kubectl cluster-info dump
- Note: --prune is still in Alpha # Apply the configuration in manifest.yaml that matches label app=nginx and delete all the other resources that are not in the file and match label app=nginx.
+ Dump current cluster state to /path/to/cluster-state
-kubectl apply --prune -f manifest.yaml -l app=nginx
+kubectl cluster-info dump --output-directory=/path/to/cluster-state
- Apply the configuration in manifest.yaml and delete all the other configmaps that are not in the file.
+ Dump all namespaces to stdout
-kubectl apply --prune -f manifest.yaml --all --prune-whitelist=core/v1/ConfigMap
+kubectl cluster-info dump --all-namespaces
-Apply a configuration to a resource by filename or stdin. The resource name must be specified. This resource will be created if it doesn't exist yet. To use 'apply', always create the resource initially with either 'apply' or 'create --save-config'.
-JSON and YAML formats are accepted.
-Alpha Disclaimer: the --prune functionality is not yet complete. Do not use unless you are aware of what the current state is. See https://issues.k8s.io/34274.
+
+ Dump a set of namespaces to /path/to/cluster-state
+
+kubectl cluster-info dump --namespaces default,kube-system --output-directory=/path/to/cluster-state
+
+Dumps cluster info out suitable for debugging and diagnosing cluster problems. By default, dumps everything to stdout. You can optionally specify a directory with --output-directory. If you specify a directory, kubernetes will build a set of files in that directory. By default only dumps things in the 'kube-system' namespace, but you can switch to a different namespace with the --namespaces flag, or specify --all-namespaces to dump all namespaces.
+The command also dumps the logs of all of the pods in the cluster, these logs are dumped into different directories based on namespace and pod name.
Usage
-$ apply -f FILENAME
+$ dump
Flags
@@ -5994,176 +5657,179 @@ Flags
-all
+all-namespaces
false
-Select all resources in the namespace of the specified resource types.
-
-
-allow-missing-template-keys
-true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-
-
-cascade
-true
-Only relevant during a prune or a force apply. If true, cascade the deletion of the resources managed by pruned or deleted resources (e.g. Pods created by a ReplicationController).
+If true, dump all namespaces. If true, --namespaces is ignored.
-dry-run
+namespaces
false
-If true, only print the object that would be sent, without sending it.
-
-
-filename
-f
[]
-Filename, directory, or URL to files that contains the configuration to apply
+A comma separated list of namespaces to dump.
-force
+output-directory
false
-Delete and re-create the specified resource, when PATCH encounters conflict and has retried for 5 times.
-
-
-grace-period
-1
-Only relevant during a prune or a force apply. Period of time in seconds given to pruned or deleted resources to terminate gracefully. Ignored if negative.
+Where to output the files. If empty or '-' uses stdout, otherwise creates a directory hierarchy in that directory
-include-extended-apis
+pod-running-timeout
true
-If true, include definitions of new APIs via calls to the API server. [default true]
+20s
+The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running
+
+
+
+cordon
+
+ Mark node "foo" as unschedulable.
+
+kubectl cordon foo
+
+Mark node as unschedulable.
+Usage
+$ cordon NODE
+Flags
+
+
-include-uninitialized
-false
-If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
+Name
+Shorthand
+Default
+Usage
+
+
-no-headers
+dry-run
false
-When using the default or custom-column output format, don't print headers (default print headers).
-
-
-openapi-patch
-true
-If true, use openapi to calculate diff when the openapi presents and the resource can be found in the openapi spec. Otherwise, fall back to use baked-in types.
-
-
-output
-o
-Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
+If true, only print the object that would be sent, without sending it.
-output-version
-selector
+l
DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
+Selector (label query) to filter on
+
+
+
+drain
+
+ Drain node "foo", even if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet on it.
+
+$ kubectl drain foo --force
+
+
+ As above, but abort if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet, and use a grace period of 15 minutes.
+
+$ kubectl drain foo --grace-period=900
+
+Drain node in preparation for maintenance.
+The given node will be marked unschedulable to prevent new pods from arriving. 'drain' evicts the pods if the APIServer supports eviction (http://kubernetes.io/docs/admin/disruptions/). Otherwise, it will use normal DELETE to delete the pods. The 'drain' evicts or deletes all pods except mirror pods (which cannot be deleted through the API server). If there are DaemonSet-managed pods, drain will not proceed without --ignore-daemonsets, and regardless it will not delete any DaemonSet-managed pods, because those pods would be immediately replaced by the DaemonSet controller, which ignores unschedulable markings. If there are any pods that are neither mirror pods nor managed by ReplicationController, ReplicaSet, DaemonSet, StatefulSet or Job, then drain will not delete any pods unless you use --force. --force will also allow deletion to proceed if the managing resource of one or more pods is missing.
+'drain' waits for graceful termination. You should not operate on the machine until the command completes.
+When you are ready to put the node back into service, use kubectl uncordon, which will make the node schedulable again.
+! http://kubernetes.io/images/docs/kubectl_drain.svg
+Usage
+$ drain NODE
+Flags
+
+
-overwrite
-true
-Automatically resolve conflicts between the modified and live configuration by using values from the modified configuration
+Name
+Shorthand
+Default
+Usage
+
+
-prune
+delete-local-data
false
-Automatically delete resource objects, including the uninitialized ones, that do not appear in the configs and are created by either apply or create --save-config. Should be used with either -l or --all.
-
-
-prune-whitelist
-[]
-Overwrite the default whitelist with for --prune
+Continue even if there are pods using emptyDir (local data that will be deleted when the node is drained).
-record
+dry-run
false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
+If true, only print the object that would be sent, without sending it.
-recursive
-R
+force
+false
-Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
+Continue even if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet.
-selector
-l
+grace-period
Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
+-1
+Period of time in seconds given to each pod to terminate gracefully. If negative, the default value specified in the pod will be used.
-show-labels
+ignore-daemonsets
false
-When printing, show all labels as the last column (default hide labels column)
+Ignore DaemonSet-managed pods.
-sort-by
+pod-selector
If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
+Label selector to filter pods on the node
-template
-selector
+l
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+Selector (label query) to filter on
timeout
0s
-Only relevant during a force apply. The length of time to wait before giving up on a delete of the old resource, zero means determine a timeout from the size of the object. Any other values should contain a corresponding time unit (e.g. 1s, 2m, 3h).
-
-
-validate
-true
-If true, use a schema to validate the input before sending it
+The length of time to wait before giving up, zero means infinite
-edit-last-applied
+taint
- Edit the last-applied-configuration annotations by type/name in YAML.
+ Update node 'foo' with a taint with key 'dedicated' and value 'special-user' and effect 'NoSchedule'. # If a taint with that key and effect already exists, its value is replaced as specified.
-kubectl apply edit-last-applied deployment/nginx
+kubectl taint nodes foo dedicated=special-user:NoSchedule
- Edit the last-applied-configuration annotations by file in JSON.
+ Remove from node 'foo' the taint with key 'dedicated' and effect 'NoSchedule' if one exists.
-kubectl apply edit-last-applied -f deploy.yaml -o json
+kubectl taint nodes foo dedicated:NoSchedule-
-Edit the latest last-applied-configuration annotations of resources from the default editor.
-The edit-last-applied command allows you to directly edit any API resource you can retrieve via the command line tools. It will open the editor defined by your KUBE _EDITOR, or EDITOR environment variables, or fall back to 'vi' for Linux or 'notepad' for Windows. You can edit multiple objects, although changes are applied one at a time. The command accepts filenames as well as command line arguments, although the files you point to must be previously saved versions of resources.
-The default format is YAML. To edit in JSON, specify "-o json".
-The flag --windows-line-endings can be used to force Windows line endings, otherwise the default for your operating system will be used.
-In the event an error occurs while updating, a temporary file will be created on disk that contains your unapplied changes. The most common error when updating a resource is another editor changing the resource on the server. When this occurs, you will have to apply your changes to the newer version of the resource, or update your temporary saved copy to include the latest resource version.
+
+ Remove from node 'foo' all the taints with key 'dedicated'
+
+kubectl taint nodes foo dedicated-
+
+
+ Add a taint with key 'dedicated' on nodes having label mylabel=X
+
+kubectl taint node -l myLabel=X dedicated=foo:PreferNoSchedule
+
+Update the taints on one or more nodes.
+
+- A taint consists of a key, value, and effect. As an argument here, it is expressed as key=value:effect.
+- The key must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 253 characters.
+- Optionally, the key can begin with a DNS subdomain prefix and a single '/', like example.com/my-app
+- The value must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters.
+- The effect must be NoSchedule, PreferNoSchedule or NoExecute.
+- Currently taint can only apply to node.
+
Usage
-$ edit-last-applied (RESOURCE/NAME | -f FILENAME)
+$ taint NODE NAME KEY_1=VAL_1:TAINT_EFFECT_1 ... KEY_N=VAL_N:TAINT_EFFECT_N
Flags
@@ -6176,63 +5842,47 @@ Flags
-filename
-f
-[]
-Filename, directory, or URL to files to use to edit the resource
-
-
-include-uninitialized
+all
false
-If true, the kubectl command applies to uninitialized objects. If explicitly set to false, this flag overrides other flags that make the kubectl commands apply to uninitialized objects, e.g., "--all". Objects with empty metadata.initializers are regarded as initialized.
+Select all nodes in the cluster
output
o
-yaml
-Output format. One of: yaml|json.
+Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-record
+overwrite
false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
+If true, allow taints to be overwritten, otherwise reject taint updates that overwrite existing taints.
-recursive
-R
-false
-Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
+selector
+l
+Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
-windows-line-endings
+validate
false
-Defaults to the line ending native to your platform.
+true
+If true, use a schema to validate the input before sending it
-set-last-applied
+uncordon
- Set the last-applied-configuration of a resource to match the contents of a file.
+ Mark node "foo" as schedulable.
-kubectl apply set-last-applied -f deploy.yaml
-
-
- Execute set-last-applied against each configuration file in a directory.
-
-kubectl apply set-last-applied -f path/
-
-
- Set the last-applied-configuration of a resource to match the contents of a file, will create the annotation if it does not already exist.
-
-kubectl apply set-last-applied -f deploy.yaml --create-annotation=true
+$ kubectl uncordon foo
-Set the latest last-applied-configuration annotations by setting it to match the contents of a file. This results in the last-applied-configuration being updated as though 'kubectl apply -f ' was run, without updating any other parts of the object.
+Mark node as schedulable.
Usage
-$ set-last-applied -f FILENAME
+$ uncordon NODE
Flags
@@ -6245,95 +5895,48 @@ Flags
-allow-missing-template-keys
-true
-If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-
-
-create-annotation
-false
-Will create 'last-applied-configuration' annotations if current objects doesn't have one
-
-
dry-run
false
If true, only print the object that would be sent, without sending it.
-filename
-f
-[]
-Filename, directory, or URL to files that contains the last-applied-configuration annotations
-
-
-no-headers
-false
-When using the default or custom-column output format, don't print headers (default print headers).
-
-
-output
-o
-Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
-
-
-output-version
-DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
-
-
-record
-false
-Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
-
-
-show-all
-a
-true
-When printing, show all resources (default show all pods including terminated one.)
-
-
-show-labels
-false
-When printing, show all labels as the last column (default hide labels column)
-
-
-sort-by
-If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
-
-
-template
-selector
+l
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
+Selector (label query) to filter on
+KUBECTL SETTINGS AND USAGE
-view-last-applied
+alpha
+These commands correspond to alpha features that are not enabled in Kubernetes clusters by default.
+Usage
+$ alpha
+
+diff
- View the last-applied-configuration annotations by type/name in YAML.
+ Diff resources included in pod.json. By default, it will diff LOCAL and LIVE versions
-kubectl apply view-last-applied deployment/nginx
+kubectl alpha diff -f pod.json
- View the last-applied-configuration annotations by file in JSON
+ When one version is specified, diff that version against LIVE
-kubectl apply view-last-applied -f deploy.yaml -o json
+cat service.yaml | kubectl alpha diff -f - MERGED
-View the latest last-applied-configuration annotations by type/name or file.
-The default output will be printed to stdout in YAML format. One can use -o option to change output format.
+
+ Or specify both versions
+
+kubectl alpha diff -f pod.json -f service.yaml LAST LOCAL
+
+Diff configurations specified by filename or stdin between their local, last-applied, live and/or "merged" versions.
+LOCAL and LIVE versions are diffed by default. Other available keywords are MERGED and LAST.
+Output is always YAML.
+KUBERNETES EXTERNAL DIFF environment variable can be used to select your own diff command. By default, the "diff" command available in your path will be run with "-u" (unicode) and "-N" (treat new files as empty) options.
Usage
-$ view-last-applied (TYPE [NAME | -l label] | TYPE/NAME | -f FILENAME)
+$ diff -f FILENAME
Flags
@@ -6346,22 +5949,10 @@ Flags
-all
-false
-Select all resources in the namespace of the specified resource types
-
-
filename
f
[]
-Filename, directory, or URL to files that contains the last-applied-configuration annotations
-
-
-output
-o
-Output format. Must be one of yaml|json
+Filename, directory, or URL to files contains the configuration to diff
recursive
@@ -6369,47 +5960,38 @@ Flags
false
Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-
-selector
-l
-Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)
-
-WORKING WITH APPS
-This section contains commands for inspecting and debugging your
-applications.
-
-logs will print the logs from the specified pod + container.exec can be used to get an interactive shell on a pod + container.describe will print debug information about the given resource.
-attach
+api-resources
- Get output from running pod 123456-7890, using the first container by default
+ Print the supported API Resources
-kubectl attach 123456-7890
+kubectl api-resources
- Get output from ruby-container from pod 123456-7890
+ Print the supported API Resources with more information
-kubectl attach 123456-7890 -c ruby-container
+kubectl api-resources -o wide
- Switch to raw terminal mode, sends stdin to 'bash' in ruby-container from pod 123456-7890 # and sends stdout/stderr from 'bash' back to the client
+ Print the supported namespaced resources
-kubectl attach 123456-7890 -c ruby-container -i -t
+kubectl api-resources --namespaced=true
- Get output from the first pod of a ReplicaSet named nginx
+ Print the supported non-namespaced resources
-kubectl attach rs/nginx
+kubectl api-resources --namespaced=false
-Attach to a process that is already running inside an existing container.
+
+ Print the supported API Resources with specific APIGroup
+
+kubectl api-resources --api-group=extensions
+
+Print the supported API resources on the server
Usage
-$ attach (POD | TYPE/NAME) -c CONTAINER
+$ api-resources
Flags
@@ -6422,77 +6004,164 @@ Flags
-container
-c
+api-group
Container name. If omitted, the first container in the pod will be chosen
+Limit to resources in the specified API group.
-pod-running-timeout
+cached
1m0s
-The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running
+false
+Use the cached list of resources if available.
-stdin
-i
-false
-Pass stdin to the container
+namespaced
+true
+If false, non-namespaced resources will be returned, otherwise returning namespaced resources by default.
-tty
-t
+no-headers
+false
-Stdin is a TTY
+When using the default or custom-column output format, don't print headers (default print headers).
+
+
+output
+o
+Output format. One of: wide|name.
+
+
+verbs
+[]
+Limit to resources that support the specified verbs.
-auth
-Inspect authorization
-Usage
-$ auth
-
-can-i
+completion
- Check to see if I can create pods in any namespace
+ Installing bash completion on macOS using homebrew ## If running Bash 3.2 included with macOS
-kubectl auth can-i create pods --all-namespaces
+brew install bash-completion
+
+
+ or, if running Bash 4.1+
+
+brew install bash-completion@2
+
+
+ If kubectl is installed via homebrew, this should start working immediately. ## If you've installed via other means, you may need add the completion to your completion directory
+
+kubectl completion bash > $(brew --prefix)/etc/bash_completion.d/kubectl
- Check to see if I can list deployments in my current namespace
+ Installing bash completion on Linux ## Load the kubectl completion code for bash into the current shell
-kubectl auth can-i list deployments.extensions
+source <(kubectl completion bash)
+
+
+ Write bash completion code to a file and source if from .bash_profile
+
+kubectl completion bash > ~/.kube/completion.bash.inc
+printf "
- Check to see if I can do everything in my current namespace ("*" means all)
+ Kubectl shell completion
-kubectl auth can-i '*' '*'
+source '$HOME/.kube/completion.bash.inc'
+" >> $HOME/.bash_profile
+source $HOME/.bash_profile
- Check to see if I can get the job named "bar" in namespace "foo"
+ Load the kubectl completion code for zsh[1] into the current shell
-kubectl auth can-i list jobs.batch/bar -n foo
+source <(kubectl completion zsh)
- Check to see if I can read pod logs
+ Set the kubectl completion code for zsh[1] to autoload on startup
-kubectl auth can-i get pods --subresource=log
+kubectl completion zsh > "
