Kubernetes kubectl set subject 命令详解

kubectl set subject

更新RoleBinding / ClusterRoleBinding中User、Group 或 ServiceAccount。


$ subject (-f FILENAME | TYPE NAME) [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run]


更新一个ClusterRoleBinding 的 serviceaccount1

kubectl set subject clusterrolebinding admin --serviceaccount=namespace:serviceaccount1


kubectl set subject rolebinding admin --user=user1 --user=user2 --group=group1


Name Shorthand Default Usage
all false select all resources in the namespace of the specified resource types
allow-missing-template-keys true If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
dry-run false If true, only print the object that would be sent, without sending it.
filename f [] Filename, directory, or URL to files the resource to update the subjects
group [] groups to bind to the role
local false If true, set resources will NOT contact api-server but run locally.
no-headers false When using the default or custom-column output format, don't print headers (default print headers).
output o Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath].
output-version DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob').
recursive R false Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
selector l Selector (label query) to filter on, supports '=', '==', and '!='.
serviceaccount [] service accounts to bind to the role
show-all a false When printing, show all resources (default hide terminated pods.)
show-labels false When printing, show all labels as the last column (default hide labels column)
sort-by If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string.
template Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
user [] usernames to bind to the role



业精于勤 荒于嬉;行成于思 毁于随;



Time limit exceeded. Please complete the captcha once again.