What are the equivelant kubectl commands to this yaml?
I am trying to create a Role and RoleBinding so I can use Helm. What are the equivelant kubectl commands to create the following resources? Using the command line makes dev-ops simpler in my scenario.
Role
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tiller-manager-foo
namespace: foo
rules:
- apiGroups: ["", "batch", "extensions", "apps"]
resources: ["*"]
verbs: ["*"]
RoleBinding
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tiller-binding-foo
namespace: foo
subjects:
- kind: ServiceAccount
name: tiller-foo
namespace: foo
roleRef:
kind: Role
name: tiller-manager-foo
apiGroup: rbac.authorization.k8s.io
Update
According to @nightfury1204 I can run the following to create the Role:
kubectl create role tiller-manager-foo --namespace foo --verb=* --resource=.,.apps,.batch,
.extensions -n foo --dry-run -o yaml
This outputs:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: tiller-manager-foo
rules:
- apiGroups:
- ""
resources:
- '*'
verbs:
- '*'
- apiGroups:
- apps
resources:
- '*'
verbs:
- '*'
- apiGroups:
- batch
resources:
- '*'
verbs:
- '*'
- apiGroups:
- extensions
resources:
- '*'
verbs:
- '*'
The namespace is missing and secondly, is this equivelant?
kubernetes kubectl rbac
asked Nov 13 '18 at 16:58
Muhammad Rehan SaeedMuhammad Rehan Saeed
11.8k9111188
add a comment |
I am trying to create a Role and RoleBinding so I can use Helm. What are the equivelant kubectl commands to create the following resources? Using the command line makes dev-ops simpler in my scenario.
Role
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tiller-manager-foo
namespace: foo
rules:
- apiGroups: ["", "batch", "extensions", "apps"]
resources: ["*"]
verbs: ["*"]
RoleBinding
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tiller-binding-foo
namespace: foo
subjects:
- kind: ServiceAccount
name: tiller-foo
namespace: foo
roleRef:
kind: Role
name: tiller-manager-foo
apiGroup: rbac.authorization.k8s.io
Update
According to @nightfury1204 I can run the following to create the Role:
kubectl create role tiller-manager-foo --namespace foo --verb=* --resource=.,.apps,.batch,
.extensions -n foo --dry-run -o yaml
This outputs:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: tiller-manager-foo
rules:
- apiGroups:
- ""
resources:
- '*'
verbs:
- '*'
- apiGroups:
- apps
resources:
- '*'
verbs:
- '*'
- apiGroups:
- batch
resources:
- '*'
verbs:
- '*'
- apiGroups:
- extensions
resources:
- '*'
verbs:
- '*'
The namespace is missing and secondly, is this equivelant?
kubernetes kubectl rbac
asked Nov 13 '18 at 16:58
Muhammad Rehan SaeedMuhammad Rehan Saeed
11.8k9111188
add a comment |
I am trying to create a Role and RoleBinding so I can use Helm. What are the equivelant kubectl commands to create the following resources? Using the command line makes dev-ops simpler in my scenario.
Role
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tiller-manager-foo
namespace: foo
rules:
- apiGroups: ["", "batch", "extensions", "apps"]
resources: ["*"]
verbs: ["*"]
RoleBinding
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tiller-binding-foo
namespace: foo
subjects:
- kind: ServiceAccount
name: tiller-foo
namespace: foo
roleRef:
kind: Role
name: tiller-manager-foo
apiGroup: rbac.authorization.k8s.io
Update
According to @nightfury1204 I can run the following to create the Role:
kubectl create role tiller-manager-foo --namespace foo --verb=* --resource=.,.apps,.batch,
.extensions -n foo --dry-run -o yaml
This outputs:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: tiller-manager-foo
rules:
- apiGroups:
- ""
resources:
- '*'
verbs:
- '*'
- apiGroups:
- apps
resources:
- '*'
verbs:
- '*'
- apiGroups:
- batch
resources:
- '*'
verbs:
- '*'
- apiGroups:
- extensions
resources:
- '*'
verbs:
- '*'
The namespace is missing and secondly, is this equivelant?
kubernetes kubectl rbac
asked Nov 13 '18 at 16:58
Muhammad Rehan SaeedMuhammad Rehan Saeed
11.8k9111188
I am trying to create a Role and RoleBinding so I can use Helm. What are the equivelant kubectl commands to create the following resources? Using the command line makes dev-ops simpler in my scenario.
Role
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tiller-manager-foo
namespace: foo
rules:
- apiGroups: ["", "batch", "extensions", "apps"]
resources: ["*"]
verbs: ["*"]
RoleBinding
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tiller-binding-foo
namespace: foo
subjects:
- kind: ServiceAccount
name: tiller-foo
namespace: foo
roleRef:
kind: Role
name: tiller-manager-foo
apiGroup: rbac.authorization.k8s.io
Update
According to @nightfury1204 I can run the following to create the Role:
kubectl create role tiller-manager-foo --namespace foo --verb=* --resource=.,.apps,.batch,
.extensions -n foo --dry-run -o yaml
This outputs:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: tiller-manager-foo
rules:
- apiGroups:
- ""
resources:
- '*'
verbs:
- '*'
- apiGroups:
- apps
resources:
- '*'
verbs:
- '*'
- apiGroups:
- batch
resources:
- '*'
verbs:
- '*'
- apiGroups:
- extensions
resources:
- '*'
verbs:
- '*'
The namespace is missing and secondly, is this equivelant?
kubernetes kubectl rbac
kubernetes kubectl rbac
asked Nov 13 '18 at 16:58
Muhammad Rehan SaeedMuhammad Rehan Saeed
11.8k9111188
asked Nov 13 '18 at 16:58
Muhammad Rehan SaeedMuhammad Rehan Saeed
11.8k9111188
edited Nov 14 '18 at 8:41
Muhammad Rehan Saeed
asked Nov 13 '18 at 16:58
Muhammad Rehan SaeedMuhammad Rehan Saeed
11.8k9111188
asked Nov 13 '18 at 16:58
Muhammad Rehan SaeedMuhammad Rehan Saeed
11.8k9111188
asked Nov 13 '18 at 16:58
Muhammad Rehan SaeedMuhammad Rehan Saeed
11.8k9111188
11.8k9111188
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
For Role:
kubectl create role tiller-manager-foo --verb=* --resource=*.batch,*.extensions,*.apps,*. -n foo
--resource=*support added on kubectl 1.12 version
For Rolebinding:
kubectl create rolebinding tiller-binding-foo --role=tiller-manager-foo --serviceaccount=foo:tiller-foo -n foo
answered Nov 13 '18 at 18:08
nightfury1204nightfury1204
1,70949
For theRole, thenamespaceis missing,-ndoesn't seem to work when I runkubectl create role tiller-manager-foo --namespace foo --verb=* --resource=*.,*.apps,*.batch,*. extensions -n foo --dry-run -o yaml.
– Muhammad Rehan Saeed
Nov 14 '18 at 8:39
1
-n fooworked for me(i just tested it). Also you have to havefoonamespace in the cluster. if-ndoesn't work, then you can use--namespace
– nightfury1204
Nov 14 '18 at 9:00
1
Also--dry-rundoes not include namespace. there is issue related to this: github.com/kubernetes/kubernetes/issues/51068
– nightfury1204
Nov 14 '18 at 9:18
Thanks for the link, you're a boss!
– Muhammad Rehan Saeed
Nov 14 '18 at 9:24
add a comment |
kubectl apply -f can submit an arbitrary Kubernetes YAML file like what you have in the question.
I’d specifically suggest this here because you can commit these YAML files to source control, and if you’re using Helm anyways then this is far from the only Kubernetes YAML file you have. That gives you a consistent path even to bootstrap your Helm setup.
answered Nov 13 '18 at 18:50
David MazeDavid Maze
13.8k31327
if you have specific object definitions you want, creating them from manifests is strongly recommended
– Jordan Liggitt
Nov 13 '18 at 22:38
Only trouble is, I want to do variable substitution for CI/CD purposes. It's much easier if I can just use somekubectlcommands.
– Muhammad Rehan Saeed
Nov 14 '18 at 8:41
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53286010%2fwhat-are-the-equivelant-kubectl-commands-to-this-yaml%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
For Role:
kubectl create role tiller-manager-foo --verb=* --resource=*.batch,*.extensions,*.apps,*. -n foo
--resource=*support added on kubectl 1.12 version
For Rolebinding:
kubectl create rolebinding tiller-binding-foo --role=tiller-manager-foo --serviceaccount=foo:tiller-foo -n foo
answered Nov 13 '18 at 18:08
nightfury1204nightfury1204
1,70949
For theRole, thenamespaceis missing,-ndoesn't seem to work when I runkubectl create role tiller-manager-foo --namespace foo --verb=* --resource=*.,*.apps,*.batch,*. extensions -n foo --dry-run -o yaml.
– Muhammad Rehan Saeed
Nov 14 '18 at 8:39
1
-n fooworked for me(i just tested it). Also you have to havefoonamespace in the cluster. if-ndoesn't work, then you can use--namespace
– nightfury1204
Nov 14 '18 at 9:00
1
Also--dry-rundoes not include namespace. there is issue related to this: github.com/kubernetes/kubernetes/issues/51068
– nightfury1204
Nov 14 '18 at 9:18
Thanks for the link, you're a boss!
– Muhammad Rehan Saeed
Nov 14 '18 at 9:24
add a comment |
For Role:
kubectl create role tiller-manager-foo --verb=* --resource=*.batch,*.extensions,*.apps,*. -n foo
--resource=*support added on kubectl 1.12 version
For Rolebinding:
kubectl create rolebinding tiller-binding-foo --role=tiller-manager-foo --serviceaccount=foo:tiller-foo -n foo
answered Nov 13 '18 at 18:08
nightfury1204nightfury1204
1,70949
For theRole, thenamespaceis missing,-ndoesn't seem to work when I runkubectl create role tiller-manager-foo --namespace foo --verb=* --resource=*.,*.apps,*.batch,*. extensions -n foo --dry-run -o yaml.
– Muhammad Rehan Saeed
Nov 14 '18 at 8:39
1
-n fooworked for me(i just tested it). Also you have to havefoonamespace in the cluster. if-ndoesn't work, then you can use--namespace
– nightfury1204
Nov 14 '18 at 9:00
1
Also--dry-rundoes not include namespace. there is issue related to this: github.com/kubernetes/kubernetes/issues/51068
– nightfury1204
Nov 14 '18 at 9:18
Thanks for the link, you're a boss!
– Muhammad Rehan Saeed
Nov 14 '18 at 9:24
add a comment |
For Role:
kubectl create role tiller-manager-foo --verb=* --resource=*.batch,*.extensions,*.apps,*. -n foo
--resource=*support added on kubectl 1.12 version
For Rolebinding:
kubectl create rolebinding tiller-binding-foo --role=tiller-manager-foo --serviceaccount=foo:tiller-foo -n foo
answered Nov 13 '18 at 18:08
nightfury1204nightfury1204
1,70949
For Role:
kubectl create role tiller-manager-foo --verb=* --resource=*.batch,*.extensions,*.apps,*. -n foo
--resource=*support added on kubectl 1.12 version
For Rolebinding:
kubectl create rolebinding tiller-binding-foo --role=tiller-manager-foo --serviceaccount=foo:tiller-foo -n foo
answered Nov 13 '18 at 18:08
nightfury1204nightfury1204
1,70949
answered Nov 13 '18 at 18:08
nightfury1204nightfury1204
1,70949
answered Nov 13 '18 at 18:08
nightfury1204nightfury1204
1,70949
answered Nov 13 '18 at 18:08
nightfury1204nightfury1204
1,70949
1,70949
For theRole, thenamespaceis missing,-ndoesn't seem to work when I runkubectl create role tiller-manager-foo --namespace foo --verb=* --resource=*.,*.apps,*.batch,*. extensions -n foo --dry-run -o yaml.
– Muhammad Rehan Saeed
Nov 14 '18 at 8:39
1
-n fooworked for me(i just tested it). Also you have to havefoonamespace in the cluster. if-ndoesn't work, then you can use--namespace
– nightfury1204
Nov 14 '18 at 9:00
1
Also--dry-rundoes not include namespace. there is issue related to this: github.com/kubernetes/kubernetes/issues/51068
– nightfury1204
Nov 14 '18 at 9:18
Thanks for the link, you're a boss!
– Muhammad Rehan Saeed
Nov 14 '18 at 9:24
add a comment |
For theRole, thenamespaceis missing,-ndoesn't seem to work when I runkubectl create role tiller-manager-foo --namespace foo --verb=* --resource=*.,*.apps,*.batch,*. extensions -n foo --dry-run -o yaml.
– Muhammad Rehan Saeed
Nov 14 '18 at 8:39
1
-n fooworked for me(i just tested it). Also you have to havefoonamespace in the cluster. if-ndoesn't work, then you can use--namespace
– nightfury1204
Nov 14 '18 at 9:00
1
Also--dry-rundoes not include namespace. there is issue related to this: github.com/kubernetes/kubernetes/issues/51068
– nightfury1204
Nov 14 '18 at 9:18
Thanks for the link, you're a boss!
– Muhammad Rehan Saeed
Nov 14 '18 at 9:24
For the
Role, the namespace is missing, -n doesn't seem to work when I run kubectl create role tiller-manager-foo --namespace foo --verb=* --resource=*.,*.apps,*.batch,*. extensions -n foo --dry-run -o yaml.– Muhammad Rehan Saeed
Nov 14 '18 at 8:39
For the
Role, the namespace is missing, -n doesn't seem to work when I run kubectl create role tiller-manager-foo --namespace foo --verb=* --resource=*.,*.apps,*.batch,*. extensions -n foo --dry-run -o yaml.– Muhammad Rehan Saeed
Nov 14 '18 at 8:39
1
1
-n foo worked for me(i just tested it). Also you have to have foo namespace in the cluster. if -n doesn't work, then you can use --namespace– nightfury1204
Nov 14 '18 at 9:00
-n foo worked for me(i just tested it). Also you have to have foo namespace in the cluster. if -n doesn't work, then you can use --namespace– nightfury1204
Nov 14 '18 at 9:00
1
1
Also
--dry-run does not include namespace. there is issue related to this: github.com/kubernetes/kubernetes/issues/51068– nightfury1204
Nov 14 '18 at 9:18
Also
--dry-run does not include namespace. there is issue related to this: github.com/kubernetes/kubernetes/issues/51068– nightfury1204
Nov 14 '18 at 9:18
Thanks for the link, you're a boss!
– Muhammad Rehan Saeed
Nov 14 '18 at 9:24
Thanks for the link, you're a boss!
– Muhammad Rehan Saeed
Nov 14 '18 at 9:24
add a comment |
kubectl apply -f can submit an arbitrary Kubernetes YAML file like what you have in the question.
I’d specifically suggest this here because you can commit these YAML files to source control, and if you’re using Helm anyways then this is far from the only Kubernetes YAML file you have. That gives you a consistent path even to bootstrap your Helm setup.
answered Nov 13 '18 at 18:50
David MazeDavid Maze
13.8k31327
if you have specific object definitions you want, creating them from manifests is strongly recommended
– Jordan Liggitt
Nov 13 '18 at 22:38
Only trouble is, I want to do variable substitution for CI/CD purposes. It's much easier if I can just use somekubectlcommands.
– Muhammad Rehan Saeed
Nov 14 '18 at 8:41
add a comment |
kubectl apply -f can submit an arbitrary Kubernetes YAML file like what you have in the question.
I’d specifically suggest this here because you can commit these YAML files to source control, and if you’re using Helm anyways then this is far from the only Kubernetes YAML file you have. That gives you a consistent path even to bootstrap your Helm setup.
answered Nov 13 '18 at 18:50
David MazeDavid Maze
13.8k31327
if you have specific object definitions you want, creating them from manifests is strongly recommended
– Jordan Liggitt
Nov 13 '18 at 22:38
Only trouble is, I want to do variable substitution for CI/CD purposes. It's much easier if I can just use somekubectlcommands.
– Muhammad Rehan Saeed
Nov 14 '18 at 8:41
add a comment |
kubectl apply -f can submit an arbitrary Kubernetes YAML file like what you have in the question.
I’d specifically suggest this here because you can commit these YAML files to source control, and if you’re using Helm anyways then this is far from the only Kubernetes YAML file you have. That gives you a consistent path even to bootstrap your Helm setup.
answered Nov 13 '18 at 18:50
David MazeDavid Maze
13.8k31327
kubectl apply -f can submit an arbitrary Kubernetes YAML file like what you have in the question.
I’d specifically suggest this here because you can commit these YAML files to source control, and if you’re using Helm anyways then this is far from the only Kubernetes YAML file you have. That gives you a consistent path even to bootstrap your Helm setup.
answered Nov 13 '18 at 18:50
David MazeDavid Maze
13.8k31327
answered Nov 13 '18 at 18:50
David MazeDavid Maze
13.8k31327
answered Nov 13 '18 at 18:50
David MazeDavid Maze
13.8k31327
answered Nov 13 '18 at 18:50
David MazeDavid Maze
13.8k31327
13.8k31327
if you have specific object definitions you want, creating them from manifests is strongly recommended
– Jordan Liggitt
Nov 13 '18 at 22:38
Only trouble is, I want to do variable substitution for CI/CD purposes. It's much easier if I can just use somekubectlcommands.
– Muhammad Rehan Saeed
Nov 14 '18 at 8:41
add a comment |
if you have specific object definitions you want, creating them from manifests is strongly recommended
– Jordan Liggitt
Nov 13 '18 at 22:38
Only trouble is, I want to do variable substitution for CI/CD purposes. It's much easier if I can just use somekubectlcommands.
– Muhammad Rehan Saeed
Nov 14 '18 at 8:41
if you have specific object definitions you want, creating them from manifests is strongly recommended
– Jordan Liggitt
Nov 13 '18 at 22:38
if you have specific object definitions you want, creating them from manifests is strongly recommended
– Jordan Liggitt
Nov 13 '18 at 22:38
Only trouble is, I want to do variable substitution for CI/CD purposes. It's much easier if I can just use some
kubectl commands.– Muhammad Rehan Saeed
Nov 14 '18 at 8:41
Only trouble is, I want to do variable substitution for CI/CD purposes. It's much easier if I can just use some
kubectl commands.– Muhammad Rehan Saeed
Nov 14 '18 at 8:41
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53286010%2fwhat-are-the-equivelant-kubectl-commands-to-this-yaml%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
