Reference
Standardized Glossary
Kubernetes Issues and Security
Using the Kubernetes API
Accessing the API
Controlling Access to the Kubernetes API
Authenticating
Authenticating with Bootstrap Tokens
Certificate Signing Requests
Using Admission Controllers
Dynamic Admission Control
Managing Service Accounts
Authorization Overview
Using RBAC Authorization
Using ABAC Authorization
Using Node Authorization
Webhook Mode
API Reference
Setup tools reference
Command line tools reference
kubectl CLI
Scheduling
Tools
kubectl
Synopsis
kubectl controls the Kubernetes cluster manager.
Find more information at: https://kubernetes.io/docs/reference/kubectl/overview/
kubectl [flags]
Options
| --add-dir-header | |
| If true, adds the file directory to the header | |
| --alsologtostderr | |
| log to standard error as well as files | |
| --application-metrics-count-limit int Default: 100 | |
| Max number of application metrics to store (per container) | |
| --as string | |
| Username to impersonate for the operation | |
| --as-group stringArray | |
| Group to impersonate for the operation, this flag can be repeated to specify multiple groups. | |
| --azure-container-registry-config string | |
| Path to the file containing Azure container registry configuration information. | |
| --boot-id-file string Default: "/proc/sys/kernel/random/boot_id" | |
| Comma-separated list of files to check for boot-id. Use the first one that exists. | |
| --cache-dir string Default: "$HOME/.kube/http-cache" | |
| Default HTTP cache directory | |
| --certificate-authority string | |
| Path to a cert file for the certificate authority | |
| --client-certificate string | |
| Path to a client certificate file for TLS | |
| --client-key string | |
| Path to a client key file for TLS | |
| --cloud-provider-gce-l7lb-src-cidrs cidrs Default: 130.211.0.0/22,35.191.0.0/16 | |
| CIDRs opened in GCE firewall for L7 LB traffic proxy & health checks | |
| --cloud-provider-gce-lb-src-cidrs cidrs Default: 130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 | |
| CIDRs opened in GCE firewall for L4 LB traffic proxy & health checks | |
| --cluster string | |
| The name of the kubeconfig cluster to use | |
| --container-hints string Default: "/etc/cadvisor/container_hints.json" | |
| location of the container hints file | |
| --containerd string Default: "/run/containerd/containerd.sock" | |
| containerd endpoint | |
| --containerd-namespace string Default: "k8s.io" | |
| containerd namespace | |
| --context string | |
| The name of the kubeconfig context to use | |
| --default-not-ready-toleration-seconds int Default: 300 | |
| Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. | |
| --default-unreachable-toleration-seconds int Default: 300 | |
| Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. | |
| --disable-root-cgroup-stats | |
| Disable collecting root Cgroup stats | |
| --docker string Default: "unix:///var/run/docker.sock" | |
| docker endpoint | |
| --docker-env-metadata-whitelist string | |
| a comma-separated list of environment variable keys that needs to be collected for docker containers | |
| --docker-only | |
| Only report docker containers in addition to root stats | |
| --docker-root string Default: "/var/lib/docker" | |
| DEPRECATED: docker root is read from docker info (this is a fallback, default: /var/lib/docker) | |
| --docker-tls | |
| use TLS to connect to docker | |
| --docker-tls-ca string Default: "ca.pem" | |
| path to trusted CA | |
| --docker-tls-cert string Default: "cert.pem" | |
| path to client certificate | |
| --docker-tls-key string Default: "key.pem" | |
| path to private key | |
| --enable-load-reader | |
| Whether to enable cpu load reader | |
| --event-storage-age-limit string Default: "default=0" | |
| Max length of time for which to store events (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is a duration. Default is applied to all non-specified event types | |
| --event-storage-event-limit string Default: "default=0" | |
| Max number of events to store (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is an integer. Default is applied to all non-specified event types | |
| --global-housekeeping-interval duration Default: 1m0s | |
| Interval between global housekeepings | |
| -h, --help | |
| help for kubectl | |
| --housekeeping-interval duration Default: 10s | |
| Interval between container housekeepings | |
| --insecure-skip-tls-verify | |
| If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure | |
| --kubeconfig string | |
| Path to the kubeconfig file to use for CLI requests. | |
| --log-backtrace-at traceLocation Default: :0 | |
| when logging hits line file:N, emit a stack trace | |
| --log-cadvisor-usage | |
| Whether to log the usage of the cAdvisor container | |
| --log-dir string | |
| If non-empty, write log files in this directory | |
| --log-file string | |
| If non-empty, use this log file | |
| --log-file-max-size uint Default: 1800 | |
| Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. | |
| --log-flush-frequency duration Default: 5s | |
| Maximum number of seconds between log flushes | |
| --logtostderr Default: true | |
| log to standard error instead of files | |
| --machine-id-file string Default: "/etc/machine-id,/var/lib/dbus/machine-id" | |
| Comma-separated list of files to check for machine-id. Use the first one that exists. | |
| --match-server-version | |
| Require server version to match client version | |
| -n, --namespace string | |
| If present, the namespace scope for this CLI request | |
| --password string | |
| Password for basic authentication to the API server | |
| --profile string Default: "none" | |
| Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) | |
| --profile-output string Default: "profile.pprof" | |
| Name of the file to write the profile to | |
| --request-timeout string Default: "0" | |
| The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. | |
| -s, --server string | |
| The address and port of the Kubernetes API server | |
| --skip-headers | |
| If true, avoid header prefixes in the log messages | |
| --skip-log-headers | |
| If true, avoid headers when opening log files | |
| --stderrthreshold severity Default: 2 | |
| logs at or above this threshold go to stderr | |
| --storage-driver-buffer-duration duration Default: 1m0s | |
| Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction | |
| --storage-driver-db string Default: "cadvisor" | |
| database name | |
| --storage-driver-host string Default: "localhost:8086" | |
| database host:port | |
| --storage-driver-password string Default: "root" | |
| database password | |
| --storage-driver-secure | |
| use secure connection with database | |
| --storage-driver-table string Default: "stats" | |
| table name | |
| --storage-driver-user string Default: "root" | |
| database username | |
| --tls-server-name string | |
| Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used | |
| --token string | |
| Bearer token for authentication to the API server | |
| --update-machine-info-interval duration Default: 5m0s | |
| Interval between machine info updates. | |
| --user string | |
| The name of the kubeconfig user to use | |
| --username string | |
| Username for basic authentication to the API server | |
| -v, --v Level | |
| number for the log level verbosity | |
| --version version[=true] | |
| Print version information and quit | |
| --vmodule moduleSpec | |
| comma-separated list of pattern=N settings for file-filtered logging | |
See Also
- kubectl alpha - Commands for features in alpha
- kubectl annotate - Update the annotations on a resource
- kubectl api-resources - Print the supported API resources on the server
- kubectl api-versions - Print the supported API versions on the server, in the form of “group/version”
- kubectl apply - Apply a configuration to a resource by filename or stdin
- kubectl attach - Attach to a running container
- kubectl auth - Inspect authorization
- kubectl autoscale - Auto-scale a Deployment, ReplicaSet, or ReplicationController
- kubectl certificate - Modify certificate resources.
- kubectl cluster-info - Display cluster info
- kubectl completion - Output shell completion code for the specified shell (bash or zsh)
- kubectl config - Modify kubeconfig files
- kubectl convert - Convert config files between different API versions
- kubectl cordon - Mark node as unschedulable
- kubectl cp - Copy files and directories to and from containers.
- kubectl create - Create a resource from a file or from stdin.
- kubectl delete - Delete resources by filenames, stdin, resources and names, or by resources and label selector
- kubectl describe - Show details of a specific resource or group of resources
- kubectl diff - Diff live version against would-be applied version
- kubectl drain - Drain node in preparation for maintenance
- kubectl edit - Edit a resource on the server
- kubectl exec - Execute a command in a container
- kubectl explain - Documentation of resources
- kubectl expose - Take a replication controller, service, deployment or pod and expose it as a new Kubernetes Service
- kubectl get - Display one or many resources
- kubectl kustomize - Build a kustomization target from a directory or a remote url.
- kubectl label - Update the labels on a resource
- kubectl logs - Print the logs for a container in a pod
- kubectl options - Print the list of flags inherited by all commands
- kubectl patch - Update field(s) of a resource using strategic merge patch
- kubectl plugin - Provides utilities for interacting with plugins.
- kubectl port-forward - Forward one or more local ports to a pod
- kubectl proxy - Run a proxy to the Kubernetes API server
- kubectl replace - Replace a resource by filename or stdin
- kubectl rollout - Manage the rollout of a resource
- kubectl run - Run a particular image on the cluster
- kubectl scale - Set a new size for a Deployment, ReplicaSet or Replication Controller
- kubectl set - Set specific features on objects
- kubectl taint - Update the taints on one or more nodes
- kubectl top - Display Resource (CPU/Memory/Storage) usage.
- kubectl uncordon - Mark node as schedulable
- kubectl version - Print the client and server version information
- kubectl wait - Experimental: Wait for a specific condition on one or many resources.
Feedback
Was this page helpful?
Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on Stack Overflow. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.
Page last modified on March 25, 2020 at 3:20 PM PST by
generated 1.18 tool, kubectl refs (#19813) (Page History)