# kubectl set subject 命令详解
更新 RoleBinding / ClusterRoleBinding 中 User、Group 或 ServiceAccount。
# 语法
$ subject (-f FILENAME | TYPE NAME) [--user=username] [--group=groupname] [--serviceaccount=namespace:serviceaccountname] [--dry-run]
# 示例
更新一个 ClusterRoleBinding 的 serviceaccount1
kubectl set subject clusterrolebinding admin --serviceaccount=namespace:serviceaccount1
更新 RoleBinding 的 user1,user2 和 group1
kubectl set subject rolebinding admin --user=user1 --user=user2 --group=group1
# Flags
| Name | Shorthand | Default | Usage |
|---|---|---|---|
| all | false | select all resources in the namespace of the specified resource types | |
| allow-missing-template-keys | true | If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. | |
| dry-run | false | If true, only print the object that would be sent, without sending it. | |
| filename | f | [] | Filename, directory, or URL to files the resource to update the subjects |
| group | [] | groups to bind to the role | |
| local | false | If true, set resources will NOT contact api-server but run locally. | |
| no-headers | false | When using the default or custom-column output format, don't print headers (default print headers). | |
| output | o | Output format. One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=... See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template [http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template [http://kubernetes.io/docs/user-guide/jsonpath]. | |
| output-version | DEPRECATED: To use a specific API version, fully-qualify the resource, version, and group (for example: 'jobs.v1.batch/myjob'). | ||
| recursive | R | false | Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory. |
| selector | l | Selector (label query) to filter on, supports '=', '==', and '!='. | |
| serviceaccount | [] | service accounts to bind to the role | |
| show-all | a | false | When printing, show all resources (default hide terminated pods.) |
| show-labels | false | When printing, show all labels as the last column (default hide labels column) | |
| sort-by | If non-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string. | ||
| template | Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview]. | ||
| user | [] | usernames to bind to the role |