CLI Reference
Complete command-line reference for k8s-provisioner
Global Flags
k8s-provisioner [command] [flags]
Flags:
-c, --config string Path to config file (default "config.yaml")
-h, --help Help for k8s-provisioner
-v, --verbose Verbose output
Commands
version
Show version information.
k8s-provisioner version
Example output:
k8s-provisioner v1.9.0
Git Commit: 988c0a1
Build Date: 2026-02-17T14:30:00Z
Go Version: go1.22
Platform: darwin/arm64
status
Show cluster status.
k8s-provisioner status
provision
Provision Kubernetes components.
# Install common components (CRI-O, kubeadm, kubelet)
k8s-provisioner provision common
# Initialize control plane
k8s-provisioner provision controlplane
# Join as worker node
k8s-provisioner provision worker
# Full provisioning (auto-detect role)
k8s-provisioner provision all
vbox
VirtualBox management commands (run from host machine).
# Enable promiscuous mode on all VMs
k8s-provisioner vbox promisc
# Show promiscuous mode status
k8s-provisioner vbox status
# List all VirtualBox VMs
k8s-provisioner vbox list
User Management
Create and manage Kubernetes users with X.509 certificate-based authentication.
user create
Create a new user with RBAC bindings.
# Create user with cluster-wide view access
k8s-provisioner user create joao --cluster-role view
# Create user with edit access to a specific namespace
k8s-provisioner user create maria --namespace dev --cluster-role edit
# Create user in a group with admin access
k8s-provisioner user create pedro --group developers --cluster-role admin
# Create user with custom certificate expiration (default: 365 days)
k8s-provisioner user create ana --cluster-role view --expiration 30
user create-role
Create a custom role in a namespace.
# Create a developer role in a namespace
k8s-provisioner user create-role developer --namespace dev
# Assign user to a custom role
k8s-provisioner user create carlos --namespace dev --role developer
user list
List all created users.
k8s-provisioner user list
user delete
Delete a user and their RBAC bindings.
k8s-provisioner user delete joao
What Gets Created
When you create a user, the following files are generated:
| File | Description |
|---|---|
~/.k8s-users/<username>/<username>.key | RSA private key |
~/.k8s-users/<username>/<username>.crt | X.509 certificate |
~/.k8s-users/<username>/<username>.kubeconfig | Kubeconfig file |
Plus RBAC bindings (ClusterRoleBinding or RoleBinding).
Using the Generated Kubeconfig
# Option 1: Direct use
kubectl --kubeconfig=~/.k8s-users/joao/joao.kubeconfig get pods
# Option 2: Export KUBECONFIG
export KUBECONFIG=~/.k8s-users/joao/joao.kubeconfig
kubectl get pods
# Option 3: Merge with existing config
KUBECONFIG=~/.kube/config:~/.k8s-users/joao/joao.kubeconfig kubectl config view --flatten > ~/.kube/config-merged
mv ~/.kube/config-merged ~/.kube/config
kubectl config use-context joao@k8s-lab
Built-in ClusterRoles
| ClusterRole | Permissions |
|---|---|
view | Read-only access to most resources |
edit | Read/write access (no RBAC) |
admin | Full access within namespace |
cluster-admin | Full cluster access |