1OC ADM PRUNE(1) June 2016 OC ADM PRUNE(1)
2
6 oc adm prune groups - Remove old OpenShift groups referencing missing
7 records on an external provider
8
12 oc adm prune groups [OPTIONS]
13
17 Prune OpenShift Groups referencing missing records on from an external
18 provider.
19 In order to prune OpenShift Group records using those from an external
22 provider, determine which Groups you wish to prune. For instance, all
23 or some groups may be selected from the current Groups stored in Open‐
24 Shift that have been synced previously. Any combination of a literal
25 whitelist, a whitelist file and a blacklist file is supported. The path
26 to a sync configuration file that was used for syncing the groups in
27 question is required in order to describe how data is requested from
28 the external record store. Default behavior is to indicate all Open‐
29 Shift groups for which the external record does not exist, to run the
30 pruning process and commit the results, use the --confirm flag.
31
35 --blacklist=""
36 path to the group blacklist file
37 --confirm=false
40 if true, modify OpenShift groups; if false, display groups
41 --sync-config=""
44 path to the sync config
45 --whitelist=""
48 path to the group whitelist file
49
53 --allow_verification_with_non_compliant_keys=false
54 Allow a SignatureVerifier to use keys which are technically
55 non-compliant with RFC6962.
56 --alsologtostderr=false
59 log to standard error as well as files
60 --application_metrics_count_limit=100
63 Max number of application metrics to store (per container)
64 --as=""
67 Username to impersonate for the operation
68 --as-group=[]
71 Group to impersonate for the operation, this flag can be repeated
72 to specify multiple groups.
73 --azure-container-registry-config=""
76 Path to the file containing Azure container registry configuration
77 information.
78 --boot_id_file="/proc/sys/kernel/random/boot_id"
81 Comma-separated list of files to check for boot-id. Use the first
82 one that exists.
83 --cache-dir="/builddir/.kube/http-cache"
86 Default HTTP cache directory
87 --certificate-authority=""
90 Path to a cert file for the certificate authority
91 --client-certificate=""
94 Path to a client certificate file for TLS
95 --client-key=""
98 Path to a client key file for TLS
99 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
102 CIDRs opened in GCE firewall for LB traffic proxy health checks
103 --cluster=""
106 The name of the kubeconfig cluster to use
107 --container_hints="/etc/cadvisor/container_hints.json"
110 location of the container hints file
111 --containerd="unix:///var/run/containerd.sock"
114 containerd endpoint
115 --context=""
118 The name of the kubeconfig context to use
119 --default-not-ready-toleration-seconds=300
122 Indicates the tolerationSeconds of the toleration for
123 notReady:NoExecute that is added by default to every pod that does not
124 already have such a toleration.
125 --default-unreachable-toleration-seconds=300
128 Indicates the tolerationSeconds of the toleration for unreach‐
129 able:NoExecute that is added by default to every pod that does not
130 already have such a toleration.
131 --docker="unix:///var/run/docker.sock"
134 docker endpoint
135 --docker-tls=false
138 use TLS to connect to docker
139 --docker-tls-ca="ca.pem"
142 path to trusted CA
143 --docker-tls-cert="cert.pem"
146 path to client certificate
147 --docker-tls-key="key.pem"
150 path to private key
151 --docker_env_metadata_whitelist=""
154 a comma-separated list of environment variable keys that needs to
155 be collected for docker containers
156 --docker_only=false
159 Only report docker containers in addition to root stats
160 --docker_root="/var/lib/docker"
163 DEPRECATED: docker root is read from docker info (this is a fall‐
164 back, default: /var/lib/docker)
165 --enable_load_reader=false
168 Whether to enable cpu load reader
169 --event_storage_age_limit="default=24h"
172 Max length of time for which to store events (per type). Value is a
173 comma separated list of key values, where the keys are event types
174 (e.g.: creation, oom) or "default" and the value is a duration. Default
175 is applied to all non-specified event types
176 --event_storage_event_limit="default=100000"
179 Max number of events to store (per type). Value is a comma sepa‐
180 rated list of key values, where the keys are event types (e.g.: cre‐
181 ation, oom) or "default" and the value is an integer. Default is
182 applied to all non-specified event types
183 --global_housekeeping_interval=0
186 Interval between global housekeepings
187 --housekeeping_interval=0
190 Interval between container housekeepings
191 --httptest.serve=""
194 if non-empty, httptest.NewServer serves on this address and blocks
195 --insecure-skip-tls-verify=false
198 If true, the server's certificate will not be checked for validity.
199 This will make your HTTPS connections insecure
200 --kubeconfig=""
203 Path to the kubeconfig file to use for CLI requests.
204 --log-flush-frequency=0
207 Maximum number of seconds between log flushes
208 --log_backtrace_at=:0
211 when logging hits line file:N, emit a stack trace
212 --log_cadvisor_usage=false
215 Whether to log the usage of the cAdvisor container
216 --log_dir=""
219 If non-empty, write log files in this directory
220 --logtostderr=true
223 log to standard error instead of files
224 --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
227 Comma-separated list of files to check for machine-id. Use the
228 first one that exists.
229 --match-server-version=false
232 Require server version to match client version
233 -n, --namespace=""
236 If present, the namespace scope for this CLI request
237 --request-timeout="0"
240 The length of time to wait before giving up on a single server
241 request. Non-zero values should contain a corresponding time unit (e.g.
242 1s, 2m, 3h). A value of zero means don't timeout requests.
243 -s, --server=""
246 The address and port of the Kubernetes API server
247 --stderrthreshold=2
250 logs at or above this threshold go to stderr
251 --storage_driver_buffer_duration=0
254 Writes in the storage driver will be buffered for this duration,
255 and committed to the non memory backends as a single transaction
256 --storage_driver_db="cadvisor"
259 database name
260 --storage_driver_host="localhost:8086"
263 database host:port
264 --storage_driver_password="root"
267 database password
268 --storage_driver_secure=false
271 use secure connection with database
272 --storage_driver_table="stats"
275 table name
276 --storage_driver_user="root"
279 database username
280 --token=""
283 Bearer token for authentication to the API server
284 --user=""
287 The name of the kubeconfig user to use
288 -v, --v=0
291 log level for V logs
292 --version=false
295 Print version information and quit
296 --vmodule=
299 comma-separated list of pattern=N settings for file-filtered log‐
300 ging
301
305 # Prune all orphaned groups
306 oc adm prune groups --sync-config=/path/to/ldap-sync-config.yaml --confirm
307 # Prune all orphaned groups except the ones from the blacklist file
309 oc adm prune groups --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
310 # Prune all orphaned groups from a list of specific groups specified in a whitelist file
312 oc adm prune groups --whitelist=/path/to/whitelist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
313 # Prune all orphaned groups from a list of specific groups specified in a whitelist
315 oc adm prune groups groups/group_name groups/other_name --sync-config=/path/to/ldap-sync-config.yaml --confirm
316
321 oc-adm-prune(1),
322
326 June 2016, Ported from the Kubernetes man-doc generator
327Openshift Openshift CLI User Manuals OC ADM PRUNE(1)