This is the multi-page printable view of this section.
Click here to print.
Return to the regular view of this page.
kubectl config
Synopsis
Modify kubeconfig files using subcommands like "kubectl config set current-context my-context".
The loading order follows these rules:
- If the --kubeconfig flag is set, then only that file is loaded. The flag may only be set once and no merging takes place.
- If $KUBECONFIG environment variable is set, then it is used as a list of paths (normal path delimiting rules for your system). These paths are merged. When a value is modified, it is modified in the file that defines the stanza. When a value is created, it is created in the first file that exists. If no files in the chain exist, then it creates the last file in the list.
- Otherwise, ${HOME}/.kube/config is used and no merging takes place.
kubectl config SUBCOMMAND
Options
-h, --help |
| help for config |
--kubeconfig string |
| use a particular kubeconfig file |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--certificate-authority string |
| Path to a cert file for the certificate authority |
--client-certificate string |
| Path to a client certificate file for TLS |
--client-key string |
| Path to a client key file for TLS |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--cluster string |
| The name of the kubeconfig cluster to use |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--insecure-skip-tls-verify |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
--match-server-version |
| Require server version to match client version |
-n, --namespace string |
| If present, the namespace scope for this CLI request |
--password string |
| Password for basic authentication to the API server |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
-s, --server string |
| The address and port of the Kubernetes API server |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--tls-server-name string |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
--token string |
| Bearer token for authentication to the API server |
--user string |
| The name of the kubeconfig user to use |
--username string |
| Username for basic authentication to the API server |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also
1 - kubectl config current-context
Synopsis
Display the current-context.
kubectl config current-context [flags]
Examples
# Display the current-context
kubectl config current-context
Options
-h, --help |
| help for current-context |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--certificate-authority string |
| Path to a cert file for the certificate authority |
--client-certificate string |
| Path to a client certificate file for TLS |
--client-key string |
| Path to a client key file for TLS |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--cluster string |
| The name of the kubeconfig cluster to use |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--insecure-skip-tls-verify |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
--kubeconfig string |
| use a particular kubeconfig file |
--match-server-version |
| Require server version to match client version |
-n, --namespace string |
| If present, the namespace scope for this CLI request |
--password string |
| Password for basic authentication to the API server |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
-s, --server string |
| The address and port of the Kubernetes API server |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--tls-server-name string |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
--token string |
| Bearer token for authentication to the API server |
--user string |
| The name of the kubeconfig user to use |
--username string |
| Username for basic authentication to the API server |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also
2 - kubectl config delete-cluster
Synopsis
Delete the specified cluster from the kubeconfig.
kubectl config delete-cluster NAME
Examples
# Delete the minikube cluster
kubectl config delete-cluster minikube
Options
-h, --help |
| help for delete-cluster |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--certificate-authority string |
| Path to a cert file for the certificate authority |
--client-certificate string |
| Path to a client certificate file for TLS |
--client-key string |
| Path to a client key file for TLS |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--cluster string |
| The name of the kubeconfig cluster to use |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--insecure-skip-tls-verify |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
--kubeconfig string |
| use a particular kubeconfig file |
--match-server-version |
| Require server version to match client version |
-n, --namespace string |
| If present, the namespace scope for this CLI request |
--password string |
| Password for basic authentication to the API server |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
-s, --server string |
| The address and port of the Kubernetes API server |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--tls-server-name string |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
--token string |
| Bearer token for authentication to the API server |
--user string |
| The name of the kubeconfig user to use |
--username string |
| Username for basic authentication to the API server |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also
3 - kubectl config delete-context
Synopsis
Delete the specified context from the kubeconfig.
kubectl config delete-context NAME
Examples
# Delete the context for the minikube cluster
kubectl config delete-context minikube
Options
-h, --help |
| help for delete-context |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--certificate-authority string |
| Path to a cert file for the certificate authority |
--client-certificate string |
| Path to a client certificate file for TLS |
--client-key string |
| Path to a client key file for TLS |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--cluster string |
| The name of the kubeconfig cluster to use |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--insecure-skip-tls-verify |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
--kubeconfig string |
| use a particular kubeconfig file |
--match-server-version |
| Require server version to match client version |
-n, --namespace string |
| If present, the namespace scope for this CLI request |
--password string |
| Password for basic authentication to the API server |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
-s, --server string |
| The address and port of the Kubernetes API server |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--tls-server-name string |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
--token string |
| Bearer token for authentication to the API server |
--user string |
| The name of the kubeconfig user to use |
--username string |
| Username for basic authentication to the API server |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also
4 - kubectl config delete-user
Synopsis
Delete the specified user from the kubeconfig.
kubectl config delete-user NAME
Examples
# Delete the minikube user
kubectl config delete-user minikube
Options
-h, --help |
| help for delete-user |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--certificate-authority string |
| Path to a cert file for the certificate authority |
--client-certificate string |
| Path to a client certificate file for TLS |
--client-key string |
| Path to a client key file for TLS |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--cluster string |
| The name of the kubeconfig cluster to use |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--insecure-skip-tls-verify |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
--kubeconfig string |
| use a particular kubeconfig file |
--match-server-version |
| Require server version to match client version |
-n, --namespace string |
| If present, the namespace scope for this CLI request |
--password string |
| Password for basic authentication to the API server |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
-s, --server string |
| The address and port of the Kubernetes API server |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--tls-server-name string |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
--token string |
| Bearer token for authentication to the API server |
--user string |
| The name of the kubeconfig user to use |
--username string |
| Username for basic authentication to the API server |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also
5 - kubectl config get-clusters
Synopsis
Display clusters defined in the kubeconfig.
kubectl config get-clusters [flags]
Examples
# List the clusters that kubectl knows about
kubectl config get-clusters
Options
-h, --help |
| help for get-clusters |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--certificate-authority string |
| Path to a cert file for the certificate authority |
--client-certificate string |
| Path to a client certificate file for TLS |
--client-key string |
| Path to a client key file for TLS |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--cluster string |
| The name of the kubeconfig cluster to use |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--insecure-skip-tls-verify |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
--kubeconfig string |
| use a particular kubeconfig file |
--match-server-version |
| Require server version to match client version |
-n, --namespace string |
| If present, the namespace scope for this CLI request |
--password string |
| Password for basic authentication to the API server |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
-s, --server string |
| The address and port of the Kubernetes API server |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--tls-server-name string |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
--token string |
| Bearer token for authentication to the API server |
--user string |
| The name of the kubeconfig user to use |
--username string |
| Username for basic authentication to the API server |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also
6 - kubectl config get-contexts
Synopsis
Display one or many contexts from the kubeconfig file.
kubectl config get-contexts [(-o|--output=)name)]
Examples
# List all the contexts in your kubeconfig file
kubectl config get-contexts
# Describe one context in your kubeconfig file
kubectl config get-contexts my-context
Options
-h, --help |
| help for get-contexts |
--no-headers |
| When using the default or custom-column output format, don't print headers (default print headers). |
-o, --output string |
| Output format. One of: (name). |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--certificate-authority string |
| Path to a cert file for the certificate authority |
--client-certificate string |
| Path to a client certificate file for TLS |
--client-key string |
| Path to a client key file for TLS |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--cluster string |
| The name of the kubeconfig cluster to use |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--insecure-skip-tls-verify |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
--kubeconfig string |
| use a particular kubeconfig file |
--match-server-version |
| Require server version to match client version |
-n, --namespace string |
| If present, the namespace scope for this CLI request |
--password string |
| Password for basic authentication to the API server |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
-s, --server string |
| The address and port of the Kubernetes API server |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--tls-server-name string |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
--token string |
| Bearer token for authentication to the API server |
--user string |
| The name of the kubeconfig user to use |
--username string |
| Username for basic authentication to the API server |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also
7 - kubectl config get-users
Synopsis
Display users defined in the kubeconfig.
kubectl config get-users [flags]
Examples
# List the users that kubectl knows about
kubectl config get-users
Options
-h, --help |
| help for get-users |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--certificate-authority string |
| Path to a cert file for the certificate authority |
--client-certificate string |
| Path to a client certificate file for TLS |
--client-key string |
| Path to a client key file for TLS |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--cluster string |
| The name of the kubeconfig cluster to use |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--insecure-skip-tls-verify |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
--kubeconfig string |
| use a particular kubeconfig file |
--match-server-version |
| Require server version to match client version |
-n, --namespace string |
| If present, the namespace scope for this CLI request |
--password string |
| Password for basic authentication to the API server |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
-s, --server string |
| The address and port of the Kubernetes API server |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--tls-server-name string |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
--token string |
| Bearer token for authentication to the API server |
--user string |
| The name of the kubeconfig user to use |
--username string |
| Username for basic authentication to the API server |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also
8 - kubectl config rename-context
Synopsis
Renames a context from the kubeconfig file.
CONTEXT_NAME is the context name that you want to change.
NEW_NAME is the new name you want to set.
Note: If the context being renamed is the 'current-context', this field will also be updated.
kubectl config rename-context CONTEXT_NAME NEW_NAME
Examples
# Rename the context 'old-name' to 'new-name' in your kubeconfig file
kubectl config rename-context old-name new-name
Options
-h, --help |
| help for rename-context |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--certificate-authority string |
| Path to a cert file for the certificate authority |
--client-certificate string |
| Path to a client certificate file for TLS |
--client-key string |
| Path to a client key file for TLS |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--cluster string |
| The name of the kubeconfig cluster to use |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--insecure-skip-tls-verify |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
--kubeconfig string |
| use a particular kubeconfig file |
--match-server-version |
| Require server version to match client version |
-n, --namespace string |
| If present, the namespace scope for this CLI request |
--password string |
| Password for basic authentication to the API server |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
-s, --server string |
| The address and port of the Kubernetes API server |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--tls-server-name string |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
--token string |
| Bearer token for authentication to the API server |
--user string |
| The name of the kubeconfig user to use |
--username string |
| Username for basic authentication to the API server |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also
9 - kubectl config set
Synopsis
Set an individual value in a kubeconfig file.
PROPERTY_NAME is a dot delimited name where each token represents either an attribute name or a map key. Map keys may not contain dots.
PROPERTY_VALUE is the new value you want to set. Binary fields such as 'certificate-authority-data' expect a base64 encoded string unless the --set-raw-bytes flag is used.
Specifying an attribute name that already exists will merge new fields on top of existing values.
kubectl config set PROPERTY_NAME PROPERTY_VALUE
Examples
# Set the server field on the my-cluster cluster to https://1.2.3.4
kubectl config set clusters.my-cluster.server https://1.2.3.4
# Set the certificate-authority-data field on the my-cluster cluster
kubectl config set clusters.my-cluster.certificate-authority-data $(echo "cert_data_here" | base64 -i -)
# Set the cluster field in the my-context context to my-cluster
kubectl config set contexts.my-context.cluster my-cluster
# Set the client-key-data field in the cluster-admin user using --set-raw-bytes option
kubectl config set users.cluster-admin.client-key-data cert_data_here --set-raw-bytes=true
Options
-h, --help |
| help for set |
--set-raw-bytes tristate[=true] |
| When writing a []byte PROPERTY_VALUE, write the given string directly without base64 decoding. |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--certificate-authority string |
| Path to a cert file for the certificate authority |
--client-certificate string |
| Path to a client certificate file for TLS |
--client-key string |
| Path to a client key file for TLS |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--cluster string |
| The name of the kubeconfig cluster to use |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--insecure-skip-tls-verify |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
--kubeconfig string |
| use a particular kubeconfig file |
--match-server-version |
| Require server version to match client version |
-n, --namespace string |
| If present, the namespace scope for this CLI request |
--password string |
| Password for basic authentication to the API server |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
-s, --server string |
| The address and port of the Kubernetes API server |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--tls-server-name string |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
--token string |
| Bearer token for authentication to the API server |
--user string |
| The name of the kubeconfig user to use |
--username string |
| Username for basic authentication to the API server |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also
10 - kubectl config set-cluster
Synopsis
Set a cluster entry in kubeconfig.
Specifying a name that already exists will merge new fields on top of existing values for those fields.
kubectl config set-cluster NAME [--server=server] [--certificate-authority=path/to/certificate/authority] [--insecure-skip-tls-verify=true] [--tls-server-name=example.com]
Examples
# Set only the server field on the e2e cluster entry without touching other values
kubectl config set-cluster e2e --server=https://1.2.3.4
# Embed certificate authority data for the e2e cluster entry
kubectl config set-cluster e2e --embed-certs --certificate-authority=~/.kube/e2e/kubernetes.ca.crt
# Disable cert checking for the e2e cluster entry
kubectl config set-cluster e2e --insecure-skip-tls-verify=true
# Set the custom TLS server name to use for validation for the e2e cluster entry
kubectl config set-cluster e2e --tls-server-name=my-cluster-name
# Set the proxy URL for the e2e cluster entry
kubectl config set-cluster e2e --proxy-url=https://1.2.3.4
Options
--certificate-authority string |
| Path to certificate-authority file for the cluster entry in kubeconfig |
--embed-certs tristate[=true] |
| embed-certs for the cluster entry in kubeconfig |
-h, --help |
| help for set-cluster |
--insecure-skip-tls-verify tristate[=true] |
| insecure-skip-tls-verify for the cluster entry in kubeconfig |
--proxy-url string |
| proxy-url for the cluster entry in kubeconfig |
--server string |
| server for the cluster entry in kubeconfig |
--tls-server-name string |
| tls-server-name for the cluster entry in kubeconfig |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--client-certificate string |
| Path to a client certificate file for TLS |
--client-key string |
| Path to a client key file for TLS |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--cluster string |
| The name of the kubeconfig cluster to use |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--kubeconfig string |
| use a particular kubeconfig file |
--match-server-version |
| Require server version to match client version |
-n, --namespace string |
| If present, the namespace scope for this CLI request |
--password string |
| Password for basic authentication to the API server |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--token string |
| Bearer token for authentication to the API server |
--user string |
| The name of the kubeconfig user to use |
--username string |
| Username for basic authentication to the API server |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also
11 - kubectl config set-context
Synopsis
Set a context entry in kubeconfig.
Specifying a name that already exists will merge new fields on top of existing values for those fields.
kubectl config set-context [NAME | --current] [--cluster=cluster_nickname] [--user=user_nickname] [--namespace=namespace]
Examples
# Set the user field on the gce context entry without touching other values
kubectl config set-context gce --user=cluster-admin
Options
--cluster string |
| cluster for the context entry in kubeconfig |
--current |
| Modify the current context |
-h, --help |
| help for set-context |
--namespace string |
| namespace for the context entry in kubeconfig |
--user string |
| user for the context entry in kubeconfig |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--certificate-authority string |
| Path to a cert file for the certificate authority |
--client-certificate string |
| Path to a client certificate file for TLS |
--client-key string |
| Path to a client key file for TLS |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--insecure-skip-tls-verify |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
--kubeconfig string |
| use a particular kubeconfig file |
--match-server-version |
| Require server version to match client version |
--password string |
| Password for basic authentication to the API server |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
-s, --server string |
| The address and port of the Kubernetes API server |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--tls-server-name string |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
--token string |
| Bearer token for authentication to the API server |
--username string |
| Username for basic authentication to the API server |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also
12 - kubectl config set-credentials
Synopsis
Set a user entry in kubeconfig.
Specifying a name that already exists will merge new fields on top of existing values.
Client-certificate flags:
--client-certificate=certfile --client-key=keyfile
Bearer token flags:
--token=bearer_token
Basic auth flags:
--username=basic_user --password=basic_password
Bearer token and basic auth are mutually exclusive.
kubectl config set-credentials NAME [--client-certificate=path/to/certfile] [--client-key=path/to/keyfile] [--token=bearer_token] [--username=basic_user] [--password=basic_password] [--auth-provider=provider_name] [--auth-provider-arg=key=value] [--exec-command=exec_command] [--exec-api-version=exec_api_version] [--exec-arg=arg] [--exec-env=key=value]
Examples
# Set only the "client-key" field on the "cluster-admin"
# entry, without touching other values
kubectl config set-credentials cluster-admin --client-key=~/.kube/admin.key
# Set basic auth for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif
# Embed client certificate data in the "cluster-admin" entry
kubectl config set-credentials cluster-admin --client-certificate=~/.kube/admin.crt --embed-certs=true
# Enable the Google Compute Platform auth provider for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --auth-provider=gcp
# Enable the OpenID Connect auth provider for the "cluster-admin" entry with additional arguments
kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar
# Remove the "client-secret" config value for the OpenID Connect auth provider for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret-
# Enable new exec auth plugin for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --exec-command=/path/to/the/executable --exec-api-version=client.authentication.k8s.io/v1beta1
# Enable new exec auth plugin for the "cluster-admin" entry with interactive mode
kubectl config set-credentials cluster-admin --exec-command=/path/to/the/executable --exec-api-version=client.authentication.k8s.io/v1beta1 --exec-interactive-mode=Never
# Define new exec auth plugin arguments for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --exec-arg=arg1 --exec-arg=arg2
# Create or update exec auth plugin environment variables for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --exec-env=key1=val1 --exec-env=key2=val2
# Remove exec auth plugin environment variables for the "cluster-admin" entry
kubectl config set-credentials cluster-admin --exec-env=var-to-remove-
Options
--auth-provider string |
| Auth provider for the user entry in kubeconfig |
--auth-provider-arg strings |
| 'key=value' arguments for the auth provider |
--client-certificate string |
| Path to client-certificate file for the user entry in kubeconfig |
--client-key string |
| Path to client-key file for the user entry in kubeconfig |
--embed-certs tristate[=true] |
| Embed client cert/key for the user entry in kubeconfig |
--exec-api-version string |
| API version of the exec credential plugin for the user entry in kubeconfig |
--exec-arg strings |
| New arguments for the exec credential plugin command for the user entry in kubeconfig |
--exec-command string |
| Command for the exec credential plugin for the user entry in kubeconfig |
--exec-env strings |
| 'key=value' environment values for the exec credential plugin |
--exec-interactive-mode string |
| InteractiveMode of the exec credentials plugin for the user entry in kubeconfig |
--exec-provide-cluster-info tristate[=true] |
| ProvideClusterInfo of the exec credentials plugin for the user entry in kubeconfig |
-h, --help |
| help for set-credentials |
--password string |
| password for the user entry in kubeconfig |
--token string |
| token for the user entry in kubeconfig |
--username string |
| username for the user entry in kubeconfig |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--certificate-authority string |
| Path to a cert file for the certificate authority |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--cluster string |
| The name of the kubeconfig cluster to use |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--insecure-skip-tls-verify |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
--kubeconfig string |
| use a particular kubeconfig file |
--match-server-version |
| Require server version to match client version |
-n, --namespace string |
| If present, the namespace scope for this CLI request |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
-s, --server string |
| The address and port of the Kubernetes API server |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--tls-server-name string |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
--user string |
| The name of the kubeconfig user to use |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also
13 - kubectl config unset
Synopsis
Unset an individual value in a kubeconfig file.
PROPERTY_NAME is a dot delimited name where each token represents either an attribute name or a map key. Map keys may not contain dots.
kubectl config unset PROPERTY_NAME
Examples
# Unset the current-context
kubectl config unset current-context
# Unset namespace in foo context
kubectl config unset contexts.foo.namespace
Options
-h, --help |
| help for unset |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--certificate-authority string |
| Path to a cert file for the certificate authority |
--client-certificate string |
| Path to a client certificate file for TLS |
--client-key string |
| Path to a client key file for TLS |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--cluster string |
| The name of the kubeconfig cluster to use |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--insecure-skip-tls-verify |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
--kubeconfig string |
| use a particular kubeconfig file |
--match-server-version |
| Require server version to match client version |
-n, --namespace string |
| If present, the namespace scope for this CLI request |
--password string |
| Password for basic authentication to the API server |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
-s, --server string |
| The address and port of the Kubernetes API server |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--tls-server-name string |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
--token string |
| Bearer token for authentication to the API server |
--user string |
| The name of the kubeconfig user to use |
--username string |
| Username for basic authentication to the API server |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also
14 - kubectl config use-context
Synopsis
Set the current-context in a kubeconfig file.
kubectl config use-context CONTEXT_NAME
Examples
# Use the context for the minikube cluster
kubectl config use-context minikube
Options
-h, --help |
| help for use-context |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--certificate-authority string |
| Path to a cert file for the certificate authority |
--client-certificate string |
| Path to a client certificate file for TLS |
--client-key string |
| Path to a client key file for TLS |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--cluster string |
| The name of the kubeconfig cluster to use |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--insecure-skip-tls-verify |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
--kubeconfig string |
| use a particular kubeconfig file |
--match-server-version |
| Require server version to match client version |
-n, --namespace string |
| If present, the namespace scope for this CLI request |
--password string |
| Password for basic authentication to the API server |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
-s, --server string |
| The address and port of the Kubernetes API server |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--tls-server-name string |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
--token string |
| Bearer token for authentication to the API server |
--user string |
| The name of the kubeconfig user to use |
--username string |
| Username for basic authentication to the API server |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also
15 - kubectl config view
Synopsis
Display merged kubeconfig settings or a specified kubeconfig file.
You can use --output jsonpath={...} to extract specific values using a jsonpath expression.
kubectl config view [flags]
Examples
# Show merged kubeconfig settings
kubectl config view
# Show merged kubeconfig settings, raw certificate data, and exposed secrets
kubectl config view --raw
# Get the password for the e2e user
kubectl config view -o jsonpath='{.users[?(@.name == "e2e")].user.password}'
Options
--allow-missing-template-keys Default: true |
| If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. |
--flatten |
| Flatten the resulting kubeconfig file into self-contained output (useful for creating portable kubeconfig files) |
-h, --help |
| help for view |
--merge tristate[=true] Default: true |
| Merge the full hierarchy of kubeconfig files |
--minify |
| Remove all information not used by current-context from the output |
-o, --output string Default: "yaml" |
| Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file). |
--raw |
| Display raw byte data and sensitive data |
--show-managed-fields |
| If true, keep the managedFields when printing objects in JSON or YAML format. |
--template string |
| Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview]. |
--as string |
| Username to impersonate for the operation. User could be a regular user or a service account in a namespace. |
--as-group strings |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. |
--as-uid string |
| UID to impersonate for the operation. |
--cache-dir string Default: "$HOME/.kube/cache" |
| Default cache directory |
--certificate-authority string |
| Path to a cert file for the certificate authority |
--client-certificate string |
| Path to a client certificate file for TLS |
--client-key string |
| Path to a client key file for TLS |
--cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks |
--cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks |
--cluster string |
| The name of the kubeconfig cluster to use |
--context string |
| The name of the kubeconfig context to use |
--default-not-ready-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. |
--default-unreachable-toleration-seconds int Default: 300 |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. |
--disable-compression |
| If true, opt-out of response compression for all requests to the server |
--insecure-skip-tls-verify |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure |
--kubeconfig string |
| use a particular kubeconfig file |
--match-server-version |
| Require server version to match client version |
-n, --namespace string |
| If present, the namespace scope for this CLI request |
--password string |
| Password for basic authentication to the API server |
--profile string Default: "none" |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) |
--profile-output string Default: "profile.pprof" |
| Name of the file to write the profile to |
--request-timeout string Default: "0" |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. |
-s, --server string |
| The address and port of the Kubernetes API server |
--storage-driver-buffer-duration duration Default: 1m0s |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction |
--storage-driver-db string Default: "cadvisor" |
| database name |
--storage-driver-host string Default: "localhost:8086" |
| database host:port |
--storage-driver-password string Default: "root" |
| database password |
--storage-driver-secure |
| use secure connection with database |
--storage-driver-table string Default: "stats" |
| table name |
--storage-driver-user string Default: "root" |
| database username |
--tls-server-name string |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used |
--token string |
| Bearer token for authentication to the API server |
--user string |
| The name of the kubeconfig user to use |
--username string |
| Username for basic authentication to the API server |
--version version[=true] |
| --version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version |
--warnings-as-errors |
| Treat warnings received from the server as errors and exit with a non-zero exit code |
See Also