GETTING STARTED

This section contains the most basic commands for getting a workload running on your cluster.

Once your workloads are running, you can use the commands in the WORKING WITH APPS section to inspect them.

run

Start a single instance of nginx.

kubectl run nginx --image=nginx

Start a single instance of hazelcast and let the container expose port 5701 .

kubectl run hazelcast --image=hazelcast --port=5701

Start a single instance of hazelcast and set environment variables "DNS_DOMAIN=cluster" and "POD_NAMESPACE=default" in the container.

kubectl run hazelcast --image=hazelcast --env="DNS_DOMAIN=cluster" --env="POD_NAMESPACE=default"

Start a replicated instance of nginx.

kubectl run nginx --image=nginx --replicas=5

Dry run. Print the corresponding API objects without creating them.

kubectl run nginx --image=nginx --dry-run

Start a single instance of nginx, but overload the spec of the deployment with a partial set of values parsed from JSON.

kubectl run nginx --image=nginx --overrides='{ "apiVersion": "v1", "spec": { ... } }'

Start a pod of busybox and keep it in the foreground, don't restart it if it exits.

kubectl run -i -t busybox --image=busybox --restart=Never

Start the nginx container using the default command, but use custom arguments (arg1 .. argN) for that command.

kubectl run nginx --image=nginx -- <arg1> <arg2> ... <argN>

Start the nginx container using a different command and custom arguments.

kubectl run nginx --image=nginx --command -- <cmd> <arg1> ... <argN>

Start the perl container to compute π to 2000 places and print it out.

kubectl run pi --image=perl --restart=OnFailure -- perl -Mbignum=bpi -wle 'print bpi(2000)'

Start the cron job to compute π to 2000 places and print it out every 5 minutes.

kubectl run pi --schedule="0/5 * * * ?" --image=perl --restart=OnFailure -- perl -Mbignum=bpi -wle 'print bpi(2000)'

Create and run a particular image, possibly replicated.

Creates a deployment or job to manage the created container(s).

Usage

$ run NAME --image=image [--env="key=value"] [--port=port] [--replicas=replicas] [--dry-run=bool] [--overrides=inline-json] [--command] -- [COMMAND] [args...]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
attach false If true, wait for the Pod to start running, and then attach to the Pod as if 'kubectl attach ...' were called. Default false, unless '-i/--stdin' is set, in which case the default is true. With '--restart=Never' the exit code of the container process is returned.
command false If true and extra arguments are present, use them as the 'command' field in the container, rather than the 'args' field which is the default.
dry-run false If true, only print the object that would be sent, without sending it.
env [] Environment variables to set in the container
expose false If true, a public, external service is created for the container(s) which are run
generator The name of the API generator to use, see http://kubernetes.io/docs/user-guide/kubectl-conventions/#generators for a list.
hostport -1 The host port mapping for the container port. To demonstrate a single-machine container.
image The image for the container to run.
image-pull-policy The image pull policy for the container. If left empty, this value will not be specified by the client and defaulted by the server
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
labels l Labels to apply to the pod(s).
leave-stdin-open false If the pod is started in interactive mode or with stdin, leave stdin open after the first attach completes. By default, stdin will be closed after the first attach completes.
limits The resource requirement limits for this container. For example, 'cpu=200m,memory=512Mi'. Note that server side components may assign limits depending on the server configuration, such as limit ranges.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
overrides An inline JSON override for the generated object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field.
port The port that this container exposes. If --expose is true, this is also the port used by the service that is created.
quiet false If true, suppress prompt messages.
record false Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
replicas r 1 Number of replicas to create for this container. Default is 1.
requests The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges.
restart Always The restart policy for this Pod. Legal values [Always, OnFailure, Never]. If set to 'Always' a deployment is created, if set to 'OnFailure' a job is created, if set to 'Never', a regular pod is created. For the latter two --replicas must be 1. Default 'Always', for CronJobs Never.
rm false If true, delete resources created in this command for attached containers.
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schedule A schedule in the Cron format the job should be run with.
service-generator service/v2 The name of the generator to use for creating a service. Only used if --expose is true
service-overrides An inline JSON override for the generated service object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field. Only used if --expose is true.
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
stdin i false Keep stdin open on the container(s) in the pod, even if nothing is attached.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
tty t false Allocated a TTY for each container in the pod.

expose

Create a service for a replicated nginx, which serves on port 80 and connects to the containers on port 8000.

kubectl expose rc nginx --port=80 --target-port=8000

Create a service for a replication controller identified by type and name specified in "nginx-controller.yaml", which serves on port 80 and connects to the containers on port 8000.

kubectl expose -f nginx-controller.yaml --port=80 --target-port=8000

Create a service for a pod valid-pod, which serves on port 444 with the name "frontend"

kubectl expose pod valid-pod --port=444 --name=frontend

Create a second service based on the above service, exposing the container port 8443 as port 443 with the name "nginx-https"

kubectl expose service nginx --port=443 --target-port=8443 --name=nginx-https

Create a service for a replicated streaming application on port 4100 balancing UDP traffic and named 'video-stream'.

kubectl expose rc streamer --port=4100 --protocol=udp --name=video-stream

Create a service for a replicated nginx using replica set, which serves on port 80 and connects to the containers on port 8000.

kubectl expose rs nginx --port=80 --target-port=8000

Create a service for an nginx deployment, which serves on port 80 and connects to the containers on port 8000.

kubectl expose deployment nginx --port=80 --target-port=8000

Expose a resource as a new Kubernetes service.

Looks up a deployment, service, replica set, replication controller or pod by name and uses the selector for that resource as the selector for a new service on the specified port. A deployment or replica set will be exposed as a service only if its selector is convertible to a selector that service supports, i.e. when the selector contains only the matchLabels component. Note that if no port is specified via --port and the exposed resource has multiple ports, all will be re-used by the new service. Also if no labels are specified, the new service will re-use the labels from the resource it exposes.

Possible resources include (case insensitive):

pod (po), service (svc), replicationcontroller (rc), deployment (deploy), replicaset (rs)

Usage

$ expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
cluster-ip ClusterIP to be assigned to the service. Leave empty to auto-allocate, or set to 'None' to create a headless service.
container-port Synonym for --target-port
dry-run false If true, only print the object that would be sent, without sending it.
external-ip Additional external IP address (not managed by Kubernetes) to accept for the service. If this IP is routed to a node, the service can be accessed by this IP in addition to its generated service IP.
filename f [] Filename, directory, or URL to files identifying the resource to expose a service
generator service/v2 The name of the API generator to use. There are 2 generators: 'service/v1' and 'service/v2'. The only difference between them is that service port in v1 is named 'default', while it is left unnamed in v2. Default is 'service/v2'.
labels l Labels to apply to the service created by this call.
load-balancer-ip IP to assign to the Load Balancer. If empty, an ephemeral IP will be created and used (cloud-provider specific).
name The name for the newly created object.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
overrides An inline JSON override for the generated object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field.
port The port that the service should serve on. Copied from the resource being exposed, if unspecified
protocol The network protocol for the service to be created. Default is 'TCP'.
record false Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
selector A label selector to use for this service. Only equality-based selector requirements are supported. If empty (the default) infer the selector from the replication controller or replica set.
session-affinity If non-empty, set the session affinity for the service to this; legal values: 'None', 'ClientIP'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
target-port Name or number for the port on the container that the service should direct traffic to. Optional.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
type Type for this service: ClusterIP, NodePort, or LoadBalancer. Default is 'ClusterIP'.

APP MANAGEMENT

This section contains commands for creating, updating, deleting, and viewing your workloads in a Kubernetes cluster.

annotate

Update pod 'foo' with the annotation 'description' and the value 'my frontend'. # If the same annotation is set multiple times, only the last value will be applied

kubectl annotate pods foo description='my frontend'

Update a pod identified by type and name in "pod.json"

kubectl annotate -f pod.json description='my frontend'

Update pod 'foo' with the annotation 'description' and the value 'my frontend running nginx', overwriting any existing value.

kubectl annotate --overwrite pods foo description='my frontend running nginx'

Update all pods in the namespace

kubectl annotate pods --all description='my frontend running nginx'

Update pod 'foo' only if the resource is unchanged from version 1.

kubectl annotate pods foo description='my frontend running nginx' --resource-version=1

Update pod 'foo' by removing an annotation named 'description' if it exists. # Does not require the --overwrite flag.

kubectl annotate pods foo description-

Update the annotations on one or more resources.

Valid resource types include:

Usage

$ annotate [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--resource-version=version]

Flags

Name Shorthand Default Usage
all false select all resources in the namespace of the specified resource types
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
filename f [] Filename, directory, or URL to files identifying the resource to update the annotation
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
local false If true, annotation will NOT contact api-server but run locally.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
overwrite false If true, allow annotations to be overwritten, otherwise reject annotation updates that overwrite existing annotations.
record false Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
resource-version If non-empty, the annotation update will only succeed if this is the current resource-version for the object. Only valid when specifying a single resource.
selector l Selector (label query) to filter on, supports '=', '==', and '!='.
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

autoscale

Auto scale a deployment "foo", with the number of pods between 2 and 10, target CPU utilization specified so a default autoscaling policy will be used:

kubectl autoscale deployment foo --min=2 --max=10

Auto scale a replication controller "foo", with the number of pods between 1 and 5, target CPU utilization at 80%:

kubectl autoscale rc foo --max=5 --cpu-percent=80

Creates an autoscaler that automatically chooses and sets the number of pods that run in a kubernetes cluster.

Looks up a Deployment, ReplicaSet, or ReplicationController by name and creates an autoscaler that uses the given resource as a reference. An autoscaler can automatically increase or decrease number of pods deployed within the system as needed.

Usage

$ autoscale (-f FILENAME | TYPE NAME | TYPE/NAME) [--min=MINPODS] --max=MAXPODS [--cpu-percent=CPU] [flags]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
cpu-percent -1 The target average CPU utilization (represented as a percent of requested CPU) over all the pods. If it's not specified or negative, a default autoscaling policy will be used.
dry-run false If true, only print the object that would be sent, without sending it.
filename f [] Filename, directory, or URL to files identifying the resource to autoscale.
generator horizontalpodautoscaler/v1 The name of the API generator to use. Currently there is only 1 generator.
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
max -1 The upper limit for the number of pods that can be set by the autoscaler. Required.
min -1 The lower limit for the number of pods that can be set by the autoscaler. If it's not specified or negative, the server will apply a default value.
name The name for the newly created object. If not specified, the name of the input resource will be used.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
record false Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

convert

Convert 'pod.yaml' to latest version and print to stdout.

kubectl convert -f pod.yaml

Convert the live state of the resource specified by 'pod.yaml' to the latest version # and print to stdout in json format.

kubectl convert -f pod.yaml --local -o json

Convert all files under current directory to latest version and create them all.

kubectl convert -f . | kubectl create -f -

Convert config files between different API versions. Both YAML and JSON formats are accepted.

The command takes filename, directory, or URL as input, and convert it into format of version specified by --output-version flag. If target version is not specified or not supported, convert to latest version.

The default output will be printed to stdout in YAML format. One can use -o option to change to output destination.

Usage

$ convert -f FILENAME

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
filename f [] Filename, directory, or URL to files to need to get converted.
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
local true If true, convert will NOT try to contact api-server but run locally.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version Output the formatted object with the given group version (for ex: 'extensions/v1beta1').
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it

create

Create a pod using the data in pod.json.

kubectl create -f ./pod.json

Create a pod based on the JSON passed into stdin.

cat pod.json | kubectl create -f -

Edit the data in docker-registry.yaml in JSON using the v1 API format then create the resource using the edited data.

kubectl create -f docker-registry.yaml --edit --output-version=v1 -o json

Create a resource by filename or stdin.

JSON and YAML formats are accepted.

Usage

$ create -f FILENAME

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
edit false Edit the API resource before creating
filename f [] Filename, directory, or URL to files to use to create the resource
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
record false Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
selector l Selector (label query) to filter on, supports '=', '==', and '!='.
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it
windows-line-endings false Only relevant if --edit=true. Use Windows line-endings (default Unix line-endings)

clusterrole

Create a ClusterRole named "pod-reader" that allows user to perform "get", "watch" and "list" on pods

kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods

Create a ClusterRole named "pod-reader" with ResourceName specified

kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods --resource-name=readablepod

Create a ClusterRole.

Usage

$ clusterrole NAME --verb=verb --resource=resource.group [--resource-name=resourcename] [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
resource [] resource that the rule applies to
resource-name [] resource in the white list that the rule applies to
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it
verb [] verb that applies to the resources contained in the rule

clusterrolebinding

Create a ClusterRoleBinding for user1, user2, and group1 using the cluster-admin ClusterRole

kubectl create clusterrolebinding cluster-admin --clusterrole=cluster-admin --user=user1 --user=user2 --group=group1

Create a ClusterRoleBinding for a particular ClusterRole.

Usage

$ clusterrolebinding NAME --clusterrole=NAME [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
clusterrole ClusterRole this ClusterRoleBinding should reference
dry-run false If true, only print the object that would be sent, without sending it.
generator clusterrolebinding.rbac.authorization.k8s.io/v1alpha1 The name of the API generator to use.
group [] groups to bind to the role
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
serviceaccount [] service accounts to bind to the role
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
user [] usernames to bind to the role
validate true If true, use a schema to validate the input before sending it

configmap

Create a new configmap named my-config based on folder bar

kubectl create configmap my-config --from-file=path/to/bar

Create a new configmap named my-config with specified keys instead of file basenames on disk

kubectl create configmap my-config --from-file=key1=/path/to/bar/file1.txt --from-file=key2=/path/to/bar/file2.txt

Create a new configmap named my-config with key1=config1 and key2=config2

kubectl create configmap my-config --from-literal=key1=config1 --from-literal=key2=config2

Create a configmap based on a file, directory, or specified literal value.

A single configmap may package one or more key/value pairs.

When creating a configmap based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key, you may specify an alternate key.

When creating a configmap based on a directory, each file whose basename is a valid key in the directory will be packaged into the configmap. Any directory entries except regular files are ignored (e.g. subdirectories, symlinks, devices, pipes, etc).

Usage

$ configmap NAME [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
from-file [] Key file can be specified using its file path, in which case file basename will be used as configmap key, or optionally with a key and file path, in which case the given key will be used. Specifying a directory will iterate each named file in the directory whose basename is a valid configmap key.
from-literal [] Specify a key and literal value to insert in configmap (i.e. mykey=somevalue)
generator configmap/v1 The name of the API generator to use.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it

deployment

Create a new deployment named my-dep that runs the busybox image.

kubectl create deployment my-dep --image=busybox

Create a deployment with the specified name.

Usage

$ deployment NAME --image=image [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
generator deployment-basic/v1beta1 The name of the API generator to use.
image [] Image name to run.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it

namespace

Create a new namespace named my-namespace

kubectl create namespace my-namespace

Create a namespace with the specified name.

Usage

$ namespace NAME [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
generator namespace/v1 The name of the API generator to use.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it

poddisruptionbudget

Create a pod disruption budget named my-pdb that will select all pods with the app=rails label # and require at least one of them being available at any point in time.

kubectl create poddisruptionbudget my-pdb --selector=app=rails --min-available=1

Create a pod disruption budget named my-pdb that will select all pods with the app=nginx label # and require at least half of the pods selected to be available at any point in time.

kubectl create pdb my-pdb --selector=app=nginx --min-available=50%

Create a pod disruption budget with the specified name, selector, and desired minimum available pods

Usage

$ poddisruptionbudget NAME --selector=SELECTOR --min-available=N [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
generator poddisruptionbudget/v1beta1 The name of the API generator to use.
min-available 1 The minimum number or percentage of available pods this budget requires.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
selector A label selector to use for this budget. Only equality-based selector requirements are supported.
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it

quota

Create a new resourcequota named my-quota

kubectl create quota my-quota --hard=cpu=1,memory=1G,pods=2,services=3,replicationcontrollers=2,resourcequotas=1,secrets=5,persistentvolumeclaims=10

Create a new resourcequota named best-effort

kubectl create quota best-effort --hard=pods=100 --scopes=BestEffort

Create a resourcequota with the specified name, hard limits and optional scopes

Usage

$ quota NAME [--hard=key1=value1,key2=value2] [--scopes=Scope1,Scope2] [--dry-run=bool]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
generator resourcequotas/v1 The name of the API generator to use.
hard A comma-delimited set of resource=quantity pairs that define a hard limit.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
scopes A comma-delimited set of quota scopes that must all match each object tracked by the quota.
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it

role

Create a Role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods

kubectl create role pod-reader --verb=get --verb=list --verb=watch --resource=pods

Create a Role named "pod-reader" with ResourceName specified

kubectl create role pod-reader --verb=get --verg=list --verb=watch --resource=pods --resource-name=readablepod

Create a role with single rule.

Usage

$ role NAME --verb=verb --resource=resource.group [--resource-name=resourcename] [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
resource [] resource that the rule applies to
resource-name [] resource in the white list that the rule applies to
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it
verb [] verb that applies to the resources contained in the rule

rolebinding

Create a RoleBinding for user1, user2, and group1 using the admin ClusterRole

kubectl create rolebinding admin --clusterrole=admin --user=user1 --user=user2 --group=group1

Create a RoleBinding for a particular Role or ClusterRole.

Usage

$ rolebinding NAME --clusterrole=NAME|--role=NAME [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
clusterrole ClusterRole this RoleBinding should reference
dry-run false If true, only print the object that would be sent, without sending it.
generator rolebinding.rbac.authorization.k8s.io/v1alpha1 The name of the API generator to use.
group [] groups to bind to the role
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
role Role this RoleBinding should reference
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
serviceaccount [] service accounts to bind to the role
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
user [] usernames to bind to the role
validate true If true, use a schema to validate the input before sending it

secret

Create a secret using specified subcommand.

Usage

$ secret

secret docker-registry

If you don't already have a .dockercfg file, you can create a dockercfg secret directly by using:

kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL

Create a new secret for use with Docker registries.

Dockercfg secrets are used to authenticate against Docker registries.

When using the Docker command line to push images, you can authenticate to a given registry by running

$ docker login DOCKER_REGISTRY_SERVER --username=DOCKER_USER --password=DOCKER_PASSWORD --email=DOCKER_EMAIL'.

That produces a ~/.dockercfg file that is used by subsequent 'docker push' and 'docker pull' commands to authenticate to the registry. The email address is optional.

When creating applications, you may have a Docker registry that requires authentication. In order for the nodes to pull images on your behalf, they have to have the credentials. You can provide this information by creating a dockercfg secret and attaching it to your service account.

Usage

$ docker-registry NAME --docker-username=user --docker-password=password --docker-email=email [--docker-server=string] [--from-literal=key1=value1] [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
docker-email Email for Docker registry
docker-password Password for Docker registry authentication
docker-server https://index.docker.io/v1/ Server location for Docker registry
docker-username Username for Docker registry authentication
dry-run false If true, only print the object that would be sent, without sending it.
generator secret-for-docker-registry/v1 The name of the API generator to use.
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it

secret generic

Create a new secret named my-secret with keys for each file in folder bar

kubectl create secret generic my-secret --from-file=path/to/bar

Create a new secret named my-secret with specified keys instead of names on disk

kubectl create secret generic my-secret --from-file=ssh-privatekey=~/.ssh/id_rsa --from-file=ssh-publickey=~/.ssh/id_rsa.pub

Create a new secret named my-secret with key1=supersecret and key2=topsecret

kubectl create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret

Create a secret based on a file, directory, or specified literal value.

A single secret may package one or more key/value pairs.

When creating a secret based on a file, the key will default to the basename of the file, and the value will default to the file content. If the basename is an invalid key, you may specify an alternate key.

When creating a secret based on a directory, each file whose basename is a valid key in the directory will be packaged into the secret. Any directory entries except regular files are ignored (e.g. subdirectories, symlinks, devices, pipes, etc).

Usage

$ generic NAME [--type=string] [--from-file=[key=]source] [--from-literal=key1=value1] [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
from-file [] Key files can be specified using their file path, in which case a default name will be given to them, or optionally with a name and file path, in which case the given name will be used. Specifying a directory will iterate each named file in the directory that is a valid secret key.
from-literal [] Specify a key and literal value to insert in secret (i.e. mykey=somevalue)
generator secret/v1 The name of the API generator to use.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
type The type of secret to create
validate true If true, use a schema to validate the input before sending it

secret tls

Create a new TLS secret named tls-secret with the given key pair:

kubectl create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key

Create a TLS secret from the given public/private key pair.

The public/private key pair must exist before hand. The public key certificate must be .PEM encoded and match the given private key.

Usage

$ tls NAME --cert=path/to/cert/file --key=path/to/key/file [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
cert Path to PEM encoded public key certificate.
dry-run false If true, only print the object that would be sent, without sending it.
generator secret-for-tls/v1 The name of the API generator to use.
key Path to private key associated with given certificate.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it

service

Create a service using specified subcommand.

Usage

$ service

service clusterip

Create a new clusterIP service named my-cs

kubectl create service clusterip my-cs --tcp=5678:8080

Create a new clusterIP service named my-cs (in headless mode)

kubectl create service clusterip my-cs --clusterip="None"

Create a clusterIP service with the specified name.

Usage

$ clusterip NAME [--tcp=<port>:<targetPort>] [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
clusterip Assign your own ClusterIP or set to 'None' for a 'headless' service (no loadbalancing).
dry-run false If true, only print the object that would be sent, without sending it.
generator service-clusterip/v1 The name of the API generator to use.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
tcp [] Port pairs can be specified as ':'.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it

service externalname

Create a new ExternalName service named my-ns

kubectl create service externalname my-ns --external-name bar.com

Create an ExternalName service with the specified name.

ExternalName service references to an external DNS address instead of only pods, which will allow application authors to reference services that exist off platform, on other clusters, or locally.

Usage

$ externalname NAME --external-name external.name [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
external-name external name of service
generator service-externalname/v1 The name of the API generator to use.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
tcp [] Port pairs can be specified as ':'.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it

service loadbalancer

Create a new LoadBalancer service named my-lbs

kubectl create service loadbalancer my-lbs --tcp=5678:8080

Create a LoadBalancer service with the specified name.

Usage

$ loadbalancer NAME [--tcp=port:targetPort] [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
generator service-loadbalancer/v1 The name of the API generator to use.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
tcp [] Port pairs can be specified as ':'.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it

service nodeport

Create a new nodeport service named my-ns

kubectl create service nodeport my-ns --tcp=5678:8080

Create a nodeport service with the specified name.

Usage

$ nodeport NAME [--tcp=port:targetPort] [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
generator service-nodeport/v1 The name of the API generator to use.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
node-port 0 Port used to expose the service on each node in a cluster.
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
tcp [] Port pairs can be specified as ':'.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it

serviceaccount

Create a new service account named my-service-account

kubectl create serviceaccount my-service-account

Create a service account with the specified name.

Usage

$ serviceaccount NAME [--dry-run]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
generator serviceaccount/v1 The name of the API generator to use.
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it

delete

Delete a pod using the type and name specified in pod.json.

kubectl delete -f ./pod.json

Delete a pod based on the type and name in the JSON passed into stdin.

cat pod.json | kubectl delete -f -

Delete pods and services with same names "baz" and "foo"

kubectl delete pod,service baz foo

Delete pods and services with label name=myLabel.

kubectl delete pods,services -l name=myLabel

Delete a pod with minimal delay

kubectl delete pod foo --now

Force delete a pod on a dead node

kubectl delete pod foo --grace-period=0 --force

Delete all pods

kubectl delete pods --all

Delete resources by filenames, stdin, resources and names, or by resources and label selector.

JSON and YAML formats are accepted. Only one type of the arguments may be specified: filenames, resources and names, or resources and label selector.

Some resources, such as pods, support graceful deletion. These resources define a default period before they are forcibly terminated (the grace period) but you may override that value with the --grace-period flag, or pass --now to set a grace-period of 1. Because these resources often represent entities in the cluster, deletion may not be acknowledged immediately. If the node hosting a pod is down or cannot reach the API server, termination may take significantly longer than the grace period. To force delete a resource, you must pass a grace period of 0 and specify the --force flag.

IMPORTANT: Force deleting pods does not wait for confirmation that the pod's processes have been terminated, which can leave those processes running until the node detects the deletion and completes graceful deletion. If your processes use shared storage or talk to a remote API and depend on the name of the pod to identify themselves, force deleting those pods may result in multiple processes running on different machines using the same identification which may lead to data corruption or inconsistency. Only force delete pods when you are sure the pod is terminated, or if your application can tolerate multiple copies of the same pod running at once. Also, if you force delete pods the scheduler may place new pods on those nodes before the node has released those resources and causing those pods to be evicted immediately.

Note that the delete command does NOT do resource version checks, so if someone submits an update to a resource right when you submit a delete, their update will be lost along with the rest of the resource.

Usage

$ delete ([-f FILENAME] | TYPE [(NAME | -l label | --all)])

Flags

Name Shorthand Default Usage
all false [-all] to select all the specified resources.
cascade true If true, cascade the deletion of the resources managed by this resource (e.g. Pods created by a ReplicationController). Default true.
filename f [] Filename, directory, or URL to files containing the resource to delete.
force false Immediate deletion of some resources may result in inconsistency or data loss and requires confirmation.
grace-period -1 Period of time in seconds given to the resource to terminate gracefully. Ignored if negative.
ignore-not-found false Treat "resource not found" as a successful delete. Defaults to "true" when --all is specified.
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
now false If true, resources are signaled for immediate shutdown (same as --grace-period=1).
output o Output mode. Use "-o name" for shorter output (resource/name).
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
selector l Selector (label query) to filter on.
timeout 0s The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object

edit

Edit the service named 'docker-registry':

kubectl edit svc/docker-registry

Use an alternative editor

KUBE_EDITOR="nano" kubectl edit svc/docker-registry

Edit the job 'myjob' in JSON using the v1 API format:

kubectl edit job.v1.batch/myjob -o json

Edit the deployment 'mydeployment' in YAML and save the modified config in its annotation:

kubectl edit deployment/mydeployment -o yaml --save-config

Edit a resource from the default editor.

The edit command allows you to directly edit any API resource you can retrieve via the command line tools. It will open the editor defined by your KUBE _EDITOR, or EDITOR environment variables, or fall back to 'vi' for Linux or 'notepad' for Windows. You can edit multiple objects, although changes are applied one at a time. The command accepts filenames as well as command line arguments, although the files you point to must be previously saved versions of resources.

Editing is done with the API version used to fetch the resource. To edit using a specific API version, fully-qualify the resource, version, and group.

The default format is YAML. To edit in JSON, specify "-o json".

The flag --windows-line-endings can be used to force Windows line endings, otherwise the default for your operating system will be used.

In the event an error occurs while updating, a temporary file will be created on disk that contains your unapplied changes. The most common error when updating a resource is another editor changing the resource on the server. When this occurs, you will have to apply your changes to the newer version of the resource, or update your temporary saved copy to include the latest resource version.

Usage

$ edit (RESOURCE/NAME | -f FILENAME)

Flags

Name Shorthand Default Usage
filename f [] Filename, directory, or URL to files to use to edit the resource
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
output o yaml Output format. One of: yaml|json.
record false Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
validate true If true, use a schema to validate the input before sending it
windows-line-endings false Use Windows line-endings (default Unix line-endings)

get

List all pods in ps output format.

kubectl get pods

List all pods in ps output format with more information (such as node name).

kubectl get pods -o wide

List a single replication controller with specified NAME in ps output format.

kubectl get replicationcontroller web

List a single pod in JSON output format.

kubectl get -o json pod web-pod-13je7

List a pod identified by type and name specified in "pod.yaml" in JSON output format.

kubectl get -f pod.yaml -o json

Return only the phase value of the specified pod.

kubectl get -o template pod/web-pod-13je7 --template={{.status.phase}}

List all replication controllers and services together in ps output format.

kubectl get rc,services

List one or more resources by their type and names.

kubectl get rc/web service/frontend pods/web-pod-13je7

List all resources with different types.

kubectl get all

Display one or many resources.

Valid resource types include:

This command will hide resources that have completed, such as pods that are in the Succeeded or Failed phases. You can see the full results for any resource by providing the '--show-all' flag.

By specifying the output as 'template' and providing a Go template as the value of the --template flag, you can filter the attributes of the fetched resources.

Usage

$ get [(-o|--output=)json|yaml|wide|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=...] (TYPE [NAME | -l label] | TYPE/NAME ...) [flags]

Flags

Name Shorthand Default Usage
all-namespaces false If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
export false If true, use 'export' for the resources. Exported resources are stripped of cluster-specific information.
filename f [] Filename, directory, or URL to files identifying the resource to get from a server.
ignore-not-found false Treat "resource not found" as a successful retrieval.
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
label-columns L [] Accepts a comma separated list of labels that are going to be presented as columns. Names are case-sensitive. You can also use multiple flag options like -L label1 -L label2...
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
raw Raw URI to request from the server. Uses the transport specified by the kubeconfig file.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
selector l Selector (label query) to filter on, supports '=', '==', and '!='.
show-all a false When printing, show all resources (default hide terminated pods.)
show-kind false If present, list the resource type for the requested object(s).
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
watch w false After listing/getting the requested object, watch for changes.
watch-only false Watch for changes to the requested object(s), without listing/getting first.

label

Update pod 'foo' with the label 'unhealthy' and the value 'true'.

kubectl label pods foo unhealthy=true

Update pod 'foo' with the label 'status' and the value 'unhealthy', overwriting any existing value.

kubectl label --overwrite pods foo status=unhealthy

Update all pods in the namespace

kubectl label pods --all status=unhealthy

Update a pod identified by the type and name in "pod.json"

kubectl label -f pod.json status=unhealthy

Update pod 'foo' only if the resource is unchanged from version 1.

kubectl label pods foo status=unhealthy --resource-version=1

Update pod 'foo' by removing a label named 'bar' if it exists. # Does not require the --overwrite flag.

kubectl label pods foo bar-

Update the labels on a resource.

Usage

$ label [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--resource-version=version]

Flags

Name Shorthand Default Usage
all false select all resources in the namespace of the specified resource types
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
filename f [] Filename, directory, or URL to files identifying the resource to update the labels
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
local false If true, label will NOT contact api-server but run locally.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
overwrite false If true, allow labels to be overwritten, otherwise reject label updates that overwrite existing labels.
record false Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
resource-version If non-empty, the labels update will only succeed if this is the current resource-version for the object. Only valid when specifying a single resource.
selector l Selector (label query) to filter on, supports '=', '==', and '!='.
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

patch

Partially update a node using strategic merge patch

kubectl patch node k8s-node-1 -p '{"spec":{"unschedulable":true}}'

Partially update a node identified by the type and name specified in "node.json" using strategic merge patch

kubectl patch -f node.json -p '{"spec":{"unschedulable":true}}'

Update a container's image; spec.containers[*].name is required because it's a merge key

kubectl patch pod valid-pod -p '{"spec":{"containers":[{"name":"kubernetes-serve-hostname","image":"new image"}]}}'

Update a container's image using a json patch with positional arrays

kubectl patch pod valid-pod --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"new image"}]'

Update field(s) of a resource using strategic merge patch

JSON and YAML formats are accepted.

Please refer to the models in https://htmlpreview.github.io/?https://github.com/kubernetes/kubernetes/blob/HEAD/docs/api-reference/v1/definitions.html to find if a field is mutable.

Usage

$ patch (-f FILENAME | TYPE NAME) -p PATCH

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
filename f [] Filename, directory, or URL to files identifying the resource to update
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
local false If true, patch will operate on the content of the file, not the server-side resource.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
patch p The patch to be applied to the resource JSON file.
record false Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
type strategic The type of patch being provided; one of [json merge strategic]

replace

Replace a pod using the data in pod.json.

kubectl replace -f ./pod.json

Replace a pod based on the JSON passed into stdin.

cat pod.json | kubectl replace -f -

Update a single-container pod's image version (tag) to v4

kubectl get pod mypod -o yaml | sed 's/\(image: myimage\):.*$/\1:v4/' | kubectl replace -f -

Force replace, delete and then re-create the resource

kubectl replace --force -f ./pod.json

Replace a resource by filename or stdin.

JSON and YAML formats are accepted. If replacing an existing resource, the complete resource spec must be provided. This can be obtained by

$ kubectl get TYPE NAME -o yaml

Please refer to the models in https://htmlpreview.github.io/?https://github.com/kubernetes/kubernetes/blob/HEAD/docs/api-reference/v1/definitions.html to find if a field is mutable.

Usage

$ replace -f FILENAME

Flags

Name Shorthand Default Usage
cascade false Only relevant during a force replace. If true, cascade the deletion of the resources managed by this resource (e.g. Pods created by a ReplicationController).
filename f [] Filename, directory, or URL to files to use to replace the resource.
force false Delete and re-create the specified resource
grace-period -1 Only relevant during a force replace. Period of time in seconds given to the old resource to terminate gracefully. Ignored if negative.
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
output o Output mode. Use "-o name" for shorter output (resource/name).
record false Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
save-config false If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
timeout 0s Only relevant during a force replace. The length of time to wait before giving up on a delete of the old resource, zero means determine a timeout from the size of the object. Any other values should contain a corresponding time unit (e.g. 1s, 2m, 3h).
validate true If true, use a schema to validate the input before sending it

rolling-update

Update pods of frontend-v1 using new replication controller data in frontend-v2.json.

kubectl rolling-update frontend-v1 -f frontend-v2.json

Update pods of frontend-v1 using JSON data passed into stdin.

cat frontend-v2.json | kubectl rolling-update frontend-v1 -f -

Update the pods of frontend-v1 to frontend-v2 by just changing the image, and switching the # name of the replication controller.

kubectl rolling-update frontend-v1 frontend-v2 --image=image:v2

Update the pods of frontend by just changing the image, and keeping the old name.

kubectl rolling-update frontend --image=image:v2

Abort and reverse an existing rollout in progress (from frontend-v1 to frontend-v2).

kubectl rolling-update frontend-v1 frontend-v2 --rollback

Perform a rolling update of the given ReplicationController.

Replaces the specified replication controller with a new replication controller by updating one pod at a time to use the new PodTemplate. The new-controller.json must specify the same namespace as the existing replication controller and overwrite at least one (common) label in its replicaSelector.

! http://kubernetes.io/images/docs/kubectl_rollingupdate.svg

Usage

$ rolling-update OLD_CONTROLLER_NAME ([NEW_CONTROLLER_NAME] --image=NEW_CONTAINER_IMAGE | -f NEW_CONTROLLER_SPEC)

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
container Container name which will have its image upgraded. Only relevant when --image is specified, ignored otherwise. Required when using --image on a multi-container pod
deployment-label-key deployment The key to use to differentiate between two different controllers, default 'deployment'. Only relevant when --image is specified, ignored otherwise
dry-run false If true, only print the object that would be sent, without sending it.
filename f [] Filename or URL to file to use to create the new replication controller.
image Image to use for upgrading the replication controller. Must be distinct from the existing image (either new image or new image tag). Can not be used with --filename/-f
image-pull-policy Explicit policy for when to pull container images. Required when --image is same as existing image, ignored otherwise.
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
poll-interval 3s Time delay between polling for replication controller status after the update. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
rollback false If true, this is a request to abort an existing rollout that is partially rolled out. It effectively reverses current and next and runs a rollout
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
timeout 5m0s Max time to wait for a replication controller to update before giving up. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
update-period 1m0s Time to wait between updating pods. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
validate true If true, use a schema to validate the input before sending it

rollout

Rollback to the previous deployment

kubectl rollout undo deployment/abc

Manage a deployment using subcommands like "kubectl rollout undo deployment/abc"

Usage

$ rollout SUBCOMMAND

history

View the rollout history of a deployment

kubectl rollout history deployment/abc

View the details of deployment revision 3

kubectl rollout history deployment/abc --revision=3

View previous rollout revisions and configurations.

Usage

$ history (TYPE NAME | TYPE/NAME) [flags]

Flags

Name Shorthand Default Usage
filename f [] Filename, directory, or URL to files identifying the resource to get from a server.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
revision 0 See the details, including podTemplate of the revision specified

pause

Mark the nginx deployment as paused. Any current state of # the deployment will continue its function, new updates to the deployment will not # have an effect as long as the deployment is paused.

kubectl rollout pause deployment/nginx

Mark the provided resource as paused

Paused resources will not be reconciled by a controller. Use \"kubectl rollout resume \" to resume a paused resource. Currently only deployments support being paused.

Usage

$ pause RESOURCE

Flags

Name Shorthand Default Usage
filename f [] Filename, directory, or URL to files identifying the resource to get from a server.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

resume

Resume an already paused deployment

kubectl rollout resume deployment/nginx

Resume a paused resource

Paused resources will not be reconciled by a controller. By resuming a resource, we allow it to be reconciled again. Currently only deployments support being resumed.

Usage

$ resume RESOURCE

Flags

Name Shorthand Default Usage
filename f [] Filename, directory, or URL to files identifying the resource to get from a server.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

status

Watch the rollout status of a deployment

kubectl rollout status deployment/nginx

Show the status of the rollout.

By default 'rollout status' will watch the status of the latest rollout until it's done. If you don't want to wait for the rollout to finish then you can use --watch=false. Note that if a new rollout starts in-between, then 'rollout status' will continue watching the latest revision. If you want to pin to a specific revision and abort if it is rolled over by another revision, use --revision=N where N is the revision you need to watch for.

Usage

$ status (TYPE NAME | TYPE/NAME) [flags]

Flags

Name Shorthand Default Usage
filename f [] Filename, directory, or URL to files identifying the resource to get from a server.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
revision 0 Pin to a specific revision for showing its status. Defaults to 0 (last revision).
watch w true Watch the status of the rollout until it's done.

undo

Rollback to the previous deployment

kubectl rollout undo deployment/abc

Rollback to deployment revision 3

kubectl rollout undo deployment/abc --to-revision=3

Rollback to the previous deployment with dry-run

kubectl rollout undo --dry-run=true deployment/abc

Rollback to a previous rollout.

Usage

$ undo (TYPE NAME | TYPE/NAME) [flags]

Flags

Name Shorthand Default Usage
dry-run false If true, only print the object that would be sent, without sending it.
filename f [] Filename, directory, or URL to files identifying the resource to get from a server.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
to-revision 0 The revision to rollback to. Default to 0 (last revision).

scale

Scale a replicaset named 'foo' to 3.

kubectl scale --replicas=3 rs/foo

Scale a resource identified by type and name specified in "foo.yaml" to 3.

kubectl scale --replicas=3 -f foo.yaml

If the deployment named mysql's current size is 2, scale mysql to 3.

kubectl scale --current-replicas=2 --replicas=3 deployment/mysql

Scale multiple replication controllers.

kubectl scale --replicas=5 rc/foo rc/bar rc/baz

Scale job named 'cron' to 3.

kubectl scale --replicas=3 job/cron

Set a new size for a Deployment, ReplicaSet, Replication Controller, or Job.

Scale also allows users to specify one or more preconditions for the scale action.

If --current-replicas or --resource-version is specified, it is validated before the scale is attempted, and it is guaranteed that the precondition holds true when the scale is sent to the server.

Usage

$ scale [--resource-version=version] [--current-replicas=count] --replicas=COUNT (-f FILENAME | TYPE NAME)

Flags

Name Shorthand Default Usage
current-replicas -1 Precondition for current size. Requires that the current size of the resource match this value in order to scale.
filename f [] Filename, directory, or URL to files identifying the resource to set a new size
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
output o Output mode. Use "-o name" for shorter output (resource/name).
record false Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
replicas -1 The new desired number of replicas. Required.
resource-version Precondition for resource version. Requires that the current resource version match this value in order to scale.
timeout 0s The length of time to wait before giving up on a scale operation, zero means don't wait. Any other values should contain a corresponding time unit (e.g. 1s, 2m, 3h).

set

Configure application resources

These commands help you make changes to existing application resources.

Usage

$ set SUBCOMMAND

image

Set a deployment's nginx container image to 'nginx:1.9.1', and its busybox container image to 'busybox'.

kubectl set image deployment/nginx busybox=busybox nginx=nginx:1.9.1

Update all deployments' and rc's nginx container's image to 'nginx:1.9.1'

kubectl set image deployments,rc nginx=nginx:1.9.1 --all

Update image of all containers of daemonset abc to 'nginx:1.9.1'

kubectl set image daemonset abc *=nginx:1.9.1

Print result (in yaml format) of updating nginx container image from local file, without hitting the server

kubectl set image -f path/to/file.yaml nginx=nginx:1.9.1 --local -o yaml

Update existing container image(s) of resources.

Possible resources include (case insensitive):

pod (po), replicationcontroller (rc), deployment (deploy), daemonset (ds), job, replicaset (rs)

Usage

$ image (-f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1 ... CONTAINER_NAME_N=CONTAINER_IMAGE_N

Flags

Name Shorthand Default Usage
all false select all resources in the namespace of the specified resource types
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
filename f [] Filename, directory, or URL to files identifying the resource to get from a server.
local false If true, set image will NOT contact api-server but run locally.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
record false Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
selector l Selector (label query) to filter on, supports '=', '==', and '!='.
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

resources

Set a deployments nginx container cpu limits to "200m" and memory to "512Mi"

kubectl set resources deployment nginx -c=nginx --limits=cpu=200m,memory=512Mi

Set the resource request and limits for all containers in nginx

kubectl set resources deployment nginx --limits=cpu=200m,memory=512Mi --requests=cpu=100m,memory=256Mi

Remove the resource requests for resources on containers in nginx

kubectl set resources deployment nginx --limits=cpu=0,memory=0 --requests=cpu=0,memory=0

Print the result (in yaml format) of updating nginx container limits from a local, without hitting the server

kubectl set resources -f path/to/file.yaml --limits=cpu=200m,memory=512Mi --local -o yaml

Specify compute resource requirements (cpu, memory) for any resource that defines a pod template. If a pod is successfully scheduled, it is guaranteed the amount of resource requested, but may burst up to its specified limits.

for each compute resource, if a limit is specified and a request is omitted, the request will default to the limit.

Possible resources include (case insensitive): replicationcontroller, deployment, daemonset, job, replicaset.

Usage

$ resources (-f FILENAME | TYPE NAME) ([--limits=LIMITS & --requests=REQUESTS]

Flags

Name Shorthand Default Usage
all false select all resources in the namespace of the specified resource types
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
containers c * The names of containers in the selected pod templates to change, all containers are selected by default - may use wildcards
dry-run false If true, only print the object that would be sent, without sending it.
filename f [] Filename, directory, or URL to files identifying the resource to get from a server.
limits The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges.
local false If true, set resources will NOT contact api-server but run locally.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
record false Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
requests The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note that server side components may assign requests depending on the server configuration, such as limit ranges.
selector l Selector (label query) to filter on, supports '=', '==', and '!='.
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

selector

set the labels and selector before creating a deployment/service pair.

kubectl create service clusterip my-svc --clusterip="None" -o yaml --dry-run | kubectl set selector --local -f - 'environment=qa' -o yaml | kubectl create -f -
kubectl create deployment my-dep -o yaml --dry-run | kubectl label --local -f - environment=qa -o yaml | kubectl create -f -

Set the selector on a resource. Note that the new selector will overwrite the old selector if the resource had one prior to the invocation of 'set selector'.

A selector must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters. If --resource-version is specified, then updates will use this resource version, otherwise the existing resource-version will be used. Note: currently selectors can only be set on Service objects.

Usage

$ selector (-f FILENAME | TYPE NAME) EXPRESSIONS [--resource-version=version]

Flags

Name Shorthand Default Usage
all false Select all resources in the namespace of the specified resource types
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
filename f [] Filename, directory, or URL to files the resource to update the selectors
local false If true, set selector will NOT contact api-server but run locally.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
record false Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
resource-version If non-empty, the selectors update will only succeed if this is the current resource-version for the object. Only valid when specifying a single resource.
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

DECLARATIVE APP MANAGEMENT

apply

Apply the configuration in pod.json to a pod.

kubectl apply -f ./pod.json

Apply the JSON passed into stdin to a pod.

cat pod.json | kubectl apply -f -

Note: --prune is still in Alpha # Apply the configuration in manifest.yaml that matches label app=nginx and delete all the other resources that are not in the file and match label app=nginx.

kubectl apply --prune -f manifest.yaml -l app=nginx

Apply the configuration in manifest.yaml and delete all the other configmaps that are not in the file.

kubectl apply --prune -f manifest.yaml --all --prune-whitelist=core/v1/ConfigMap

Apply a configuration to a resource by filename or stdin. The resource name must be specified. This resource will be created if it doesn't exist yet. To use 'apply', always create the resource initially with either 'apply' or 'create --save-config'.

JSON and YAML formats are accepted.

Alpha Disclaimer: the --prune functionality is not yet complete. Do not use unless you are aware of what the current state is. See https://issues.k8s.io/34274.

Usage

$ apply -f FILENAME

Flags

Name Shorthand Default Usage
all false [-all] to select all the specified resources.
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
cascade true Only relevant during a prune or a force apply. If true, cascade the deletion of the resources managed by pruned or deleted resources (e.g. Pods created by a ReplicationController).
dry-run false If true, only print the object that would be sent, without sending it.
filename f [] Filename, directory, or URL to files that contains the configuration to apply
force false Delete and re-create the specified resource, when PATCH encounters conflict and has retried for 5 times.
grace-period -1 Only relevant during a prune or a force apply. Period of time in seconds given to pruned or deleted resources to terminate gracefully. Ignored if negative.
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
overwrite true Automatically resolve conflicts between the modified and live configuration by using values from the modified configuration
prune false Automatically delete resource objects that do not appear in the configs and are created by either apply or create --save-config. Should be used with either -l or --all.
prune-whitelist [] Overwrite the default whitelist with for --prune
record false Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
selector l Selector (label query) to filter on, supports '=', '==', and '!='.
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
timeout 0s Only relevant during a force apply. The length of time to wait before giving up on a delete of the old resource, zero means determine a timeout from the size of the object. Any other values should contain a corresponding time unit (e.g. 1s, 2m, 3h).
validate true If true, use a schema to validate the input before sending it

set-last-applied

Set the last-applied-configuration of a resource to match the contents of a file.

kubectl apply set-last-applied -f deploy.yaml

Execute set-last-applied against each configuration file in a directory.

kubectl apply set-last-applied -f path/

Set the last-applied-configuration of a resource to match the contents of a file, will create the annotation if it does not already exist.

kubectl apply set-last-applied -f deploy.yaml --create-annotation=true

Set the latest last-applied-configuration annotations by setting it to match the contents of a file. This results in the last-applied-configuration being updated as though 'kubectl apply -f ' was run, without updating any other parts of the object.

Usage

$ set-last-applied -f FILENAME

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
create-annotation false Will create 'last-applied-configuration' annotations if current objects doesn't have one
dry-run false If true, only print the object that would be sent, without sending it.
filename f [] Filename, directory, or URL to files that contains the last-applied-configuration annotations
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
record false Record current kubectl command in the resource annotation. If set to false, do not record the command. If set to true, record the command. If not set, default to updating the existing annotation value only if one already exists.
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

view-last-applied

View the last-applied-configuration annotations by type/name in YAML.

kubectl apply view-last-applied deployment/nginx

View the last-applied-configuration annotations by file in JSON

kubectl apply view-last-applied -f deploy.yaml -o json

View the latest last-applied-configuration annotations by type/name or file.

The default output will be printed to stdout in YAML format. One can use -o option to change output format.

Usage

$ view-last-applied (TYPE [NAME | -l label] | TYPE/NAME | -f FILENAME)

Flags

Name Shorthand Default Usage
filename f [] Filename, directory, or URL to files that contains the last-applied-configuration annotations
output o Output format. Must be one of yaml|json
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
selector l Selector (label query) to filter on, supports '=', '==', and '!='.

WORKING WITH APPS

This section contains commands for inspecting and debugging your applications.

attach

Get output from running pod 123456-7890, using the first container by default

kubectl attach 123456-7890

Get output from ruby-container from pod 123456-7890

kubectl attach 123456-7890 -c ruby-container

Switch to raw terminal mode, sends stdin to 'bash' in ruby-container from pod 123456-7890 # and sends stdout/stderr from 'bash' back to the client

kubectl attach 123456-7890 -c ruby-container -i -t

Get output from the first pod of a ReplicaSet named nginx

kubectl attach rs/nginx

Attach to a process that is already running inside an existing container.

Usage

$ attach (POD | TYPE/NAME) -c CONTAINER

Flags

Name Shorthand Default Usage
container c Container name. If omitted, the first container in the pod will be chosen
stdin i false Pass stdin to the container
tty t false Stdin is a TTY

auth

Inspect authorization

Usage

$ auth

can-i

Check to see if I can create pods in any namespace

kubectl auth can-i create pods --all-namespaces

Check to see if I can list deployments in my current namespace

kubectl auth can-i list deployments.extensions

Check to see if I can get the job named "bar" in namespace "foo"

kubectl auth can-i list jobs.batch/bar -n foo

Check whether an action is allowed.

VERB is a logical Kubernetes API verb like 'get', 'list', 'watch', 'delete', etc. TYPE is a Kubernetes resource. Shortcuts and groups will be resolved. NAME is the name of a particular Kubernetes resource.

Usage

$ can-i VERB [TYPE | TYPE/NAME]

Flags

Name Shorthand Default Usage
all-namespaces false If true, check the specified action in all namespaces.
quiet q false If true, suppress output and just return the exit code.

cp

!!!Important Note!!! # Requires that the 'tar' binary is present in your container # image. If 'tar' is not present, 'kubectl cp' will fail. # Copy /tmp/foo_dir local directory to /tmp/bar_dir in a remote pod in the default namespace

kubectl cp /tmp/foo_dir <some-pod>:/tmp/bar_dir

Copy /tmp/foo local file to /tmp/bar in a remote pod in a specific container

kubectl cp /tmp/foo <some-pod>:/tmp/bar -c <specific-container>

Copy /tmp/foo local file to /tmp/bar in a remote pod in namespace 

kubectl cp /tmp/foo <some-namespace>/<some-pod>:/tmp/bar

Copy /tmp/foo from a remote pod to /tmp/bar locally

kubectl cp <some-namespace>/<some-pod>:/tmp/foo /tmp/bar

Copy files and directories to and from containers.

Usage

$ cp <file-spec-src> <file-spec-dest>

Flags

Name Shorthand Default Usage
container c Container name. If omitted, the first container in the pod will be chosen

describe

Describe a node

kubectl describe nodes kubernetes-node-emt8.c.myproject.internal

Describe a pod

kubectl describe pods/nginx

Describe a pod identified by type and name in "pod.json"

kubectl describe -f pod.json

Describe all pods

kubectl describe pods

Describe pods by label name=myLabel

kubectl describe po -l name=myLabel

Describe all pods managed by the 'frontend' replication controller (rc-created pods # get the name of the rc as a prefix in the pod the name).

kubectl describe pods frontend

Show details of a specific resource or group of resources. This command joins many API calls together to form a detailed description of a given resource or group of resources.

$ kubectl describe TYPE NAME_PREFIX

will first check for an exact match on TYPE and NAME PREFIX. If no such resource exists, it will output details for every resource that has a name prefixed with NAME PREFIX.

Valid resource types include:

Usage

$ describe (-f FILENAME | TYPE [NAME_PREFIX | -l label] | TYPE/NAME)

Flags

Name Shorthand Default Usage
all-namespaces false If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
filename f [] Filename, directory, or URL to files containing the resource to describe
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
selector l Selector (label query) to filter on, supports '=', '==', and '!='.
show-events true If true, display events related to the described object.

exec

Get output from running 'date' from pod 123456-7890, using the first container by default

kubectl exec 123456-7890 date

Get output from running 'date' in ruby-container from pod 123456-7890

kubectl exec 123456-7890 -c ruby-container date

Switch to raw terminal mode, sends stdin to 'bash' in ruby-container from pod 123456-7890 # and sends stdout/stderr from 'bash' back to the client

kubectl exec 123456-7890 -c ruby-container -i -t -- bash -il

Execute a command in a container.

Usage

$ exec POD [-c CONTAINER] -- COMMAND [args...]

Flags

Name Shorthand Default Usage
container c Container name. If omitted, the first container in the pod will be chosen
pod p Pod name
stdin i false Pass stdin to the container
tty t false Stdin is a TTY

logs

Return snapshot logs from pod nginx with only one container

kubectl logs nginx

Return snapshot logs for the pods defined by label app=nginx

kubectl logs -lapp=nginx

Return snapshot of previous terminated ruby container logs from pod web-1

kubectl logs -p -c ruby web-1

Begin streaming the logs of the ruby container in pod web-1

kubectl logs -f -c ruby web-1

Display only the most recent 20 lines of output in pod nginx

kubectl logs --tail=20 nginx

Show all logs from pod nginx written in the last hour

kubectl logs --since=1h nginx

Return snapshot logs from first container of a job named hello

kubectl logs job/hello

Return snapshot logs from container nginx-1 of a deployment named nginx

kubectl logs deployment/nginx -c nginx-1

Print the logs for a container in a pod or specified resource. If the pod has only one container, the container name is optional.

Usage

$ logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER]

Flags

Name Shorthand Default Usage
container c Print the logs of this container
follow f false Specify if the logs should be streamed.
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
interactive false If true, prompt the user for input when required.
limit-bytes 0 Maximum bytes of logs to return. Defaults to no limit.
previous p false If true, print the logs for the previous instance of the container in a pod if it exists.
selector l Selector (label query) to filter on.
since 0s Only return logs newer than a relative duration like 5s, 2m, or 3h. Defaults to all logs. Only one of since-time / since may be used.
since-time Only return logs after a specific date (RFC3339). Defaults to all logs. Only one of since-time / since may be used.
tail -1 Lines of recent log file to display. Defaults to -1 with no selector, showing all log lines otherwise 10, if a selector is provided.
timestamps false Include timestamps on each line in the log output

port-forward

Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in the pod

kubectl port-forward mypod 5000 6000

Listen on port 8888 locally, forwarding to 5000 in the pod

kubectl port-forward mypod 8888:5000

Listen on a random port locally, forwarding to 5000 in the pod

kubectl port-forward mypod :5000

Listen on a random port locally, forwarding to 5000 in the pod

kubectl port-forward mypod 0:5000

Forward one or more local ports to a pod.

Usage

$ port-forward POD [LOCAL_PORT:]REMOTE_PORT [...[LOCAL_PORT_N:]REMOTE_PORT_N]

Flags

Name Shorthand Default Usage
pod p Pod name

proxy

Run a proxy to kubernetes apiserver on port 8011, serving static content from ./local/www/

kubectl proxy --port=8011 --www=./local/www/

Run a proxy to kubernetes apiserver on an arbitrary local port. # The chosen port for the server will be output to stdout.

kubectl proxy --port=0

Run a proxy to kubernetes apiserver, changing the api prefix to k8s-api # This makes e.g. the pods api available at localhost:8001/k8s-api/v1/pods/

kubectl proxy --api-prefix=/k8s-api

To proxy all of the kubernetes api and nothing else, use:

$ kubectl proxy --api-prefix=/

To proxy only part of the kubernetes api and also some static files:

$ kubectl proxy --www=/my/files --www-prefix=/static/ --api-prefix=/api/

The above lets you 'curl localhost:8001/api/v1/pods'.

To proxy the entire kubernetes api at a different root, use:

$ kubectl proxy --api-prefix=/custom/

The above lets you 'curl localhost:8001/custom/api/v1/pods'

Usage

$ proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-prefix=prefix]

Flags

Name Shorthand Default Usage
accept-hosts ^localhost$,^127.0.0.1$,^[::1]$ Regular expression for hosts that the proxy should accept.
accept-paths ^.* Regular expression for paths that the proxy should accept.
address 127.0.0.1 The IP address on which to serve on.
api-prefix / Prefix to serve the proxied API under.
disable-filter false If true, disable request filtering in the proxy. This is dangerous, and can leave you vulnerable to XSRF attacks, when used with an accessible port.
port p 8001 The port on which to run the proxy. Set to 0 to pick a random port.
reject-methods POST,PUT,PATCH Regular expression for HTTP methods that the proxy should reject.
reject-paths ^/api/./pods/./exec,^/api/./pods/./attach Regular expression for paths that the proxy should reject.
unix-socket u Unix socket on which to run the proxy.
www w Also serve static files from the given directory under the specified prefix.
www-prefix P /static/ Prefix to serve static files under, if static file directory is specified.

top

Display Resource (CPU/Memory/Storage) usage.

The top command allows you to see the resource consumption for nodes or pods.

This command requires Heapster to be correctly configured and working on the server.

Usage

$ top

node

Show metrics for all nodes

kubectl top node

Show metrics for a given node

kubectl top node NODE_NAME

Display Resource (CPU/Memory/Storage) usage of nodes.

The top-node command allows you to see the resource consumption of nodes.

Usage

$ node [NAME | -l label]

Flags

Name Shorthand Default Usage
heapster-namespace kube-system Namespace Heapster service is located in
heapster-port Port name in service to use
heapster-scheme http Scheme (http or https) to connect to Heapster as
heapster-service heapster Name of Heapster service
selector l Selector (label query) to filter on, supports '=', '==', and '!='.

pod

Show metrics for all pods in the default namespace

kubectl top pod

Show metrics for all pods in the given namespace

kubectl top pod --namespace=NAMESPACE

Show metrics for a given pod and its containers

kubectl top pod POD_NAME --containers

Show metrics for the pods defined by label name=myLabel

kubectl top pod -l name=myLabel

Display Resource (CPU/Memory/Storage) usage of pods.

The 'top pod' command allows you to see the resource consumption of pods.

Due to the metrics pipeline delay, they may be unavailable for a few minutes since pod creation.

Usage

$ pod [NAME | -l label]

Flags

Name Shorthand Default Usage
all-namespaces false If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
containers false If present, print usage of containers within a pod.
heapster-namespace kube-system Namespace Heapster service is located in
heapster-port Port name in service to use
heapster-scheme http Scheme (http or https) to connect to Heapster as
heapster-service heapster Name of Heapster service
selector l Selector (label query) to filter on, supports '=', '==', and '!='.

CLUSTER MANAGEMENT

api-versions

Print the supported API versions

kubectl api-versions

Print the supported API versions on the server, in the form of "group/version"

Usage

$ api-versions

certificate

Modify certificate resources.

Usage

$ certificate SUBCOMMAND

approve

Approve a certificate signing request.

kubectl certificate approve allows a cluster admin to approve a certificate signing request (CSR). This action tells a certificate signing controller to issue a certificate to the requestor with the attributes requested in the CSR.

SECURITY NOTICE: Depending on the requested attributes, the issued certificate can potentially grant a requester access to cluster resources or to authenticate as a requested identity. Before approving a CSR, ensure you understand what the signed certificate can do.

Usage

$ approve (-f FILENAME | NAME)

Flags

Name Shorthand Default Usage
filename f [] Filename, directory, or URL to files identifying the resource to update
output o Output mode. Use "-o name" for shorter output (resource/name).
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

deny

Deny a certificate signing request.

kubectl certificate deny allows a cluster admin to deny a certificate signing request (CSR). This action tells a certificate signing controller to not to issue a certificate to the requestor.

Usage

$ deny (-f FILENAME | NAME)

Flags

Name Shorthand Default Usage
filename f [] Filename, directory, or URL to files identifying the resource to update
output o Output mode. Use "-o name" for shorter output (resource/name).
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.

cluster-info

Print the address of the master and cluster services

kubectl cluster-info

Display addresses of the master and services with label kubernetes.io/cluster-service=true To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

Usage

$ cluster-info

Flags

Name Shorthand Default Usage
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]

dump

Dump current cluster state to stdout

kubectl cluster-info dump

Dump current cluster state to /path/to/cluster-state

kubectl cluster-info dump --output-directory=/path/to/cluster-state

Dump all namespaces to stdout

kubectl cluster-info dump --all-namespaces

Dump a set of namespaces to /path/to/cluster-state

kubectl cluster-info dump --namespaces default,kube-system --output-directory=/path/to/cluster-state

Dumps cluster info out suitable for debugging and diagnosing cluster problems. By default, dumps everything to stdout. You can optionally specify a directory with --output-directory. If you specify a directory, kubernetes will build a set of files in that directory. By default only dumps things in the 'kube-system' namespace, but you can switch to a different namespace with the --namespaces flag, or specify --all-namespaces to dump all namespaces.

The command also dumps the logs of all of the pods in the cluster, these logs are dumped into different directories based on namespace and pod name.

Usage

$ dump

Flags

Name Shorthand Default Usage
all-namespaces false If true, dump all namespaces. If true, --namespaces is ignored.
namespaces [] A comma separated list of namespaces to dump.
output-directory Where to output the files. If empty or '-' uses stdout, otherwise creates a directory hierarchy in that directory

cordon

Mark node "foo" as unschedulable.

kubectl cordon foo

Mark node as unschedulable.

Usage

$ cordon NODE

drain

Drain node "foo", even if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet on it.

$ kubectl drain foo --force

As above, but abort if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet, and use a grace period of 15 minutes.

$ kubectl drain foo --grace-period=900

Drain node in preparation for maintenance.

The given node will be marked unschedulable to prevent new pods from arriving. 'drain' evicts the pods if the APIServer supports eviction (http://kubernetes.io/docs/admin/disruptions/). Otherwise, it will use normal DELETE to delete the pods. The 'drain' evicts or deletes all pods except mirror pods (which cannot be deleted through the API server). If there are DaemonSet-managed pods, drain will not proceed without --ignore-daemonsets, and regardless it will not delete any DaemonSet-managed pods, because those pods would be immediately replaced by the DaemonSet controller, which ignores unschedulable markings. If there are any pods that are neither mirror pods nor managed by ReplicationController, ReplicaSet, DaemonSet, StatefulSet or Job, then drain will not delete any pods unless you use --force. --force will also allow deletion to proceed if the managing resource of one or more pods is missing.

'drain' waits for graceful termination. You should not operate on the machine until the command completes.

When you are ready to put the node back into service, use kubectl uncordon, which will make the node schedulable again.

! http://kubernetes.io/images/docs/kubectl_drain.svg

Usage

$ drain NODE

Flags

Name Shorthand Default Usage
delete-local-data false Continue even if there are pods using emptyDir (local data that will be deleted when the node is drained).
force false Continue even if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet.
grace-period -1 Period of time in seconds given to each pod to terminate gracefully. If negative, the default value specified in the pod will be used.
ignore-daemonsets false Ignore DaemonSet-managed pods.
timeout 0s The length of time to wait before giving up, zero means infinite

taint

Update node 'foo' with a taint with key 'dedicated' and value 'special-user' and effect 'NoSchedule'. # If a taint with that key and effect already exists, its value is replaced as specified.

kubectl taint nodes foo dedicated=special-user:NoSchedule

Remove from node 'foo' the taint with key 'dedicated' and effect 'NoSchedule' if one exists.

kubectl taint nodes foo dedicated:NoSchedule-

Remove from node 'foo' all the taints with key 'dedicated'

kubectl taint nodes foo dedicated-

Update the taints on one or more nodes.

Usage

$ taint NODE NAME KEY_1=VAL_1:TAINT_EFFECT_1 ... KEY_N=VAL_N:TAINT_EFFECT_N

Flags

Name Shorthand Default Usage
all false select all nodes in the cluster
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
overwrite false If true, allow taints to be overwritten, otherwise reject taint updates that overwrite existing taints.
schema-cache-dir ~/.kube/schema If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
selector l Selector (label query) to filter on, supports '=', '==', and '!='.
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
validate true If true, use a schema to validate the input before sending it

uncordon

Mark node "foo" as schedulable.

$ kubectl uncordon foo

Mark node as schedulable.

Usage

$ uncordon NODE

KUBECTL SETTINGS AND USAGE

completion

Install bash completion on a Mac using homebrew

brew install bash-completion
printf "\n# Bash completion support\nsource $(brew --prefix)/etc/bash_completion\n" >> $HOME/.bash_profile
source $HOME/.bash_profile

Load the kubectl completion code for bash into the current shell

source <(kubectl completion bash)

Write bash completion code to a file and source if from .bash_profile

kubectl completion bash > ~/.kube/completion.bash.inc
printf "\n# Kubectl shell completion\nsource '$HOME/.kube/completion.bash.inc'\n" >> $HOME/.bash_profile
source $HOME/.bash_profile

Load the kubectl completion code for zsh[1] into the current shell

source <(kubectl completion zsh)

Output shell completion code for the specified shell (bash or zsh). The shell code must be evalutated to provide interactive completion of kubectl commands. This can be done by sourcing it from the .bash _profile.

Note: this requires the bash-completion framework, which is not installed by default on Mac. This can be installed by using homebrew:

$ brew install bash-completion

Once installed, bash completion must be evaluated. This can be done by adding the following line to the .bash profile

$ source $(brew --prefix)/etc/bash_completion

Note for zsh users: [1] zsh completions are only supported in versions of zsh >= 5.2

Usage

$ completion SHELL

config

Modify kubeconfig files using subcommands like "kubectl config set current-context my-context"

The loading order follows these rules:

  1. If the --kubeconfig flag is set, then only that file is loaded. The flag may only be set once and no merging takes place.
  2. If $KUBECONFIG environment variable is set, then it is used a list of paths (normal path delimitting rules for your system). These paths are merged. When a value is modified, it is modified in the file that defines the stanza. When a value is created, it is created in the first file that exists. If no files in the chain exist, then it creates the last file in the list.
  3. Otherwise, ${HOME}/.kube/config is used and no merging takes place.

Usage

$ config SUBCOMMAND

Flags

Name Shorthand Default Usage
kubeconfig use a particular kubeconfig file

current-context

Display the current-context

kubectl config current-context

Displays the current-context

Usage

$ current-context

delete-cluster

Delete the minikube cluster

kubectl config delete-cluster minikube

Delete the specified cluster from the kubeconfig

Usage

$ delete-cluster NAME

delete-context

Delete the context for the minikube cluster

kubectl config delete-context minikube

Delete the specified context from the kubeconfig

Usage

$ delete-context NAME

get-clusters

List the clusters kubectl knows about

kubectl config get-clusters

Display clusters defined in the kubeconfig.

Usage

$ get-clusters

get-contexts

List all the contexts in your kubeconfig file

kubectl config get-contexts

Describe one context in your kubeconfig file.

kubectl config get-contexts my-context

Displays one or many contexts from the kubeconfig file.

Usage

$ get-contexts [(-o|--output=)name)]

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].

set

Sets an individual value in a kubeconfig file

PROPERTY _NAME is a dot delimited name where each token represents either an attribute name or a map key. Map keys may not contain dots.

PROPERTY _VALUE is the new value you wish to set. Binary fields such as 'certificate-authority-data' expect a base64 encoded string unless the --set-raw-bytes flag is used.

Usage

$ set PROPERTY_NAME PROPERTY_VALUE

Flags

Name Shorthand Default Usage
set-raw-bytes false When writing a []byte PROPERTY_VALUE, write the given string directly without base64 decoding.

set-cluster

Set only the server field on the e2e cluster entry without touching other values.

kubectl config set-cluster e2e --server=https://1.2.3.4

Embed certificate authority data for the e2e cluster entry

kubectl config set-cluster e2e --certificate-authority=~/.kube/e2e/kubernetes.ca.crt

Disable cert checking for the dev cluster entry

kubectl config set-cluster e2e --insecure-skip-tls-verify=true

Sets a cluster entry in kubeconfig.

Specifying a name that already exists will merge new fields on top of existing values for those fields.

Usage

$ set-cluster NAME [--server=server] [--certificate-authority=path/to/certificate/authority] [--insecure-skip-tls-verify=true]

Flags

Name Shorthand Default Usage
api-version api-version for the cluster entry in kubeconfig
certificate-authority path to certificate-authority file for the cluster entry in kubeconfig
embed-certs false embed-certs for the cluster entry in kubeconfig
insecure-skip-tls-verify false insecure-skip-tls-verify for the cluster entry in kubeconfig
server server for the cluster entry in kubeconfig

set-context

Set the user field on the gce context entry without touching other values

kubectl config set-context gce --user=cluster-admin

Sets a context entry in kubeconfig

Specifying a name that already exists will merge new fields on top of existing values for those fields.

Usage

$ set-context NAME [--cluster=cluster_nickname] [--user=user_nickname] [--namespace=namespace]

Flags

Name Shorthand Default Usage
cluster cluster for the context entry in kubeconfig
namespace namespace for the context entry in kubeconfig
user user for the context entry in kubeconfig

set-credentials

Set only the "client-key" field on the "cluster-admin" # entry, without touching other values:

kubectl config set-credentials cluster-admin --client-key=~/.kube/admin.key

Set basic auth for the "cluster-admin" entry

kubectl config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif

Embed client certificate data in the "cluster-admin" entry

kubectl config set-credentials cluster-admin --client-certificate=~/.kube/admin.crt --embed-certs=true

Enable the Google Compute Platform auth provider for the "cluster-admin" entry

kubectl config set-credentials cluster-admin --auth-provider=gcp

Enable the OpenID Connect auth provider for the "cluster-admin" entry with additional args

kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar

Remove the "client-secret" config value for the OpenID Connect auth provider for the "cluster-admin" entry

kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret-

Sets a user entry in kubeconfig

Specifying a name that already exists will merge new fields on top of existing values.

Client-certificate flags: --client-certificate=certfile --client-key=keyfile

Bearer token flags: --token=bearer_token

Basic auth flags: --username=basic_user --password=basic_password

Bearer token and basic auth are mutually exclusive.

Usage

$ set-credentials NAME [--client-certificate=path/to/certfile] [--client-key=path/to/keyfile] [--token=bearer_token] [--username=basic_user] [--password=basic_password] [--auth-provider=provider_name] [--auth-provider-arg=key=value]

Flags

Name Shorthand Default Usage
auth-provider auth provider for the user entry in kubeconfig
auth-provider-arg [] 'key=value' arugments for the auth provider
client-certificate path to client-certificate file for the user entry in kubeconfig
client-key path to client-key file for the user entry in kubeconfig
embed-certs false embed client cert/key for the user entry in kubeconfig
password password for the user entry in kubeconfig
token token for the user entry in kubeconfig
username username for the user entry in kubeconfig

unset

Unsets an individual value in a kubeconfig file

PROPERTY _NAME is a dot delimited name where each token represents either an attribute name or a map key. Map keys may not contain dots.

Usage

$ unset PROPERTY_NAME

use-context

Use the context for the minikube cluster

kubectl config use-context minikube

Sets the current-context in a kubeconfig file

Usage

$ use-context CONTEXT_NAME

view

Show Merged kubeconfig settings.

kubectl config view

Get the password for the e2e user

kubectl config view -o jsonpath='{.users[?(@.name == "e2e")].user.password}'

Display merged kubeconfig settings or a specified kubeconfig file.

You can use --output jsonpath={...} to extract specific values using a jsonpath expression.

Usage

$ view

Flags

Name Shorthand Default Usage
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
flatten false flatten the resulting kubeconfig file into self-contained output (useful for creating portable kubeconfig files)
merge true merge the full hierarchy of kubeconfig files
minify false remove all information not used by current-context from the output
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
raw false display raw byte data
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

explain

Get the documentation of the resource and its fields

kubectl explain pods

Get the documentation of a specific field of a resource

kubectl explain pods.spec.containers

Documentation of resources.

Valid resource types include:

Usage

$ explain RESOURCE

Flags

Name Shorthand Default Usage
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
recursive false Print the fields of fields (Currently only 1 level deep)

options

Print flags inherited by all commands

kubectl options

Print the list of flags inherited by all commands

Usage

$ options

version

Print the client and server versions for the current context

kubectl version

Print the client and server version information for the current context

Usage

$ version

Flags

Name Shorthand Default Usage
client c false Client version only (no server required).
short false Print just the version number.

DEPRECATED COMMANDS

stop

Shut down foo.

kubectl stop replicationcontroller foo

Stop pods and services with label name=myLabel.

kubectl stop pods,services -l name=myLabel

Shut down the service defined in service.json

kubectl stop -f service.json

Shut down all resources in the path/to/resources directory

kubectl stop -f path/to/resources

Deprecated: This command is deprecated, all its functionalities are covered by "kubectl delete"

Usage

$ stop (-f FILENAME | TYPE (NAME | -l label | --all))

Flags

Name Shorthand Default Usage
all false [-all] to select all the specified resources.
filename f [] Filename, directory, or URL to files of resource(s) to be stopped.
grace-period -1 Period of time in seconds given to the resource to terminate gracefully. Ignored if negative.
ignore-not-found false Treat "resource not found" as a successful stop.
include-extended-apis true If true, include definitions of new APIs via calls to the API server. [default true]
output o Output mode. Use "-o name" for shorter output (resource/name).
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
selector l Selector (label query) to filter on.
timeout 0s The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object