4

I was passed the following, which does a dry run of the creation of a kubernetes secret from an appsettings.json file, which is then piped to a kubernetes apply. I think that the -f will take the filename of the --dry-run created secret and use that when applying the secret, but I'm wondering if the trailing - has any significance or if it's just a typo?

kubectl create secret generic test --from-file=appsettings.json --dry-run -oyaml | kubectl apply -f -

Chris Halcrow
  • 223
  • 2
  • 10

2 Answers2

17

The - is a parameter to the -f option, which means to accept input from standard input instead of a named file. Hundreds of UNIX/Linux commands have options like this.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • ... and this is particularly useful for commands that would not use `stdin` as input by default – Hagen von Eitzen Nov 25 '20 at 20:45
  • 1
    Just to add to this, but its also there to say "this is the end of the arguments list, what comes next is content" just incase the first few characters in that content resemble more arguments. – Moo Nov 26 '20 at 00:36
  • 5
    Don't confuse `-` (single dash) with `--` (double dash). Single dash is often use as this answer says, for directing an application to use `stdin`. Double dash works as the comment says, telling the application not to consider any remaining arguments as options. Works for files that start with dashes, or when an application might pass on further arguments to whatever it is running (for example, a scripting language that reads command arguments.) – Andrakis Nov 26 '20 at 06:24
  • Note that this is not standard Unix functionality at the kernel layer. The convention is explicitly coded in each of the many commands. – Thorbjørn Ravn Andersen Nov 26 '20 at 10:17
7

The - character can be understood as a placeholder for the output of the command which is piped ( using | character ). By using it, we instruct very specifically the subsequent command ( to which the output is piped ), where the standard output of the first command ( it's execution result ) should be placed, in other words how it should be taken or parsed.

So rather than piping the result of:

kubectl create secret generic test --from-file=appsettings.json --dry-run -oyaml

(which happens to be a yaml manifest)

directly to:

kubectl apply -f

which doesn't know what to do with such input (as it expects a file after -f flag), we indicate very precisely where it fits:

                
kubectl apply -f -

In this case, we instruct kubectl apply command that the piped output from the previous command should be taken instead of a file, which is expected after providing -f flag.

mario
  • 525
  • 3
  • 8