From 2fd10764c848e580a78c94b7cc4359f5c9e8083c Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <liggitt@google.com>
Date: Sat, 24 Nov 2018 09:38:19 -0500
Subject: [PATCH] Clarify reconcile command documentation

---
 pkg/kubectl/cmd/auth/reconcile.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkg/kubectl/cmd/auth/reconcile.go b/pkg/kubectl/cmd/auth/reconcile.go
index e2dafca743..b551c591b8 100644
--- a/pkg/kubectl/cmd/auth/reconcile.go
+++ b/pkg/kubectl/cmd/auth/reconcile.go
@@ -59,7 +59,15 @@ var (
 	reconcileLong = templates.LongDesc(`
 		Reconciles rules for RBAC Role, RoleBinding, ClusterRole, and ClusterRole binding objects.
 
-		This is preferred to 'apply' for RBAC resources so that proper rule coverage checks are done.`)
+		Missing objects are created, and the containing namespace is created for namespaced objects, if required.
+		
+		Existing roles are updated to include the permissions in the input objects,
+		and remove extra permissions if --remove-extra-permissions is specified.
+
+		Existing bindings are updated to include the subjects in the input objects,
+		and remove extra subjects if --remove-extra-subjects is specified.
+
+		This is preferred to 'apply' for RBAC resources so that semantically-aware merging of rules and subjects is done.`)
 
 	reconcileExample = templates.Examples(`
 		# Reconcile rbac resources from a file