1KUBERNETES(1) Jan 2015 KUBERNETES(1)
2
6 kubectl config set-credentials - Sets a user entry in kubeconfig
7
11 kubectl config set-credentials [OPTIONS]
12
16 Sets a user entry in kubeconfig
17 Specifying a name that already exists will merge new fields on top of
20 existing values.
21 Client-certificate flags:
24 --client-certificate=certfile --client-key=keyfile
25 Bearer token flags:
28 --token=bearer_token
29 Basic auth flags:
32 --username=basic_user --password=basic_password
33 Bearer token and basic auth are mutually exclusive.
36
40 --auth-provider=""
41 Auth provider for the user entry in kubeconfig
42 --auth-provider-arg=[]
45 'key=value' arguments for the auth provider
46 --embed-certs=false
49 Embed client cert/key for the user entry in kubeconfig
50 --exec-api-version=""
53 API version of the exec credential plugin for the user entry in
54 kubeconfig
55 --exec-arg=[]
58 New arguments for the exec credential plugin command for the user
59 entry in kubeconfig
60 --exec-command=""
63 Command for the exec credential plugin for the user entry in kube‐
64 config
65 --exec-env=[]
68 'key=value' environment values for the exec credential plugin
69
73 --alsologtostderr=false
74 log to standard error as well as files
75 --application-metrics-count-limit=100
78 Max number of application metrics to store (per container)
79 --as=""
82 Username to impersonate for the operation
83 --as-group=[]
86 Group to impersonate for the operation, this flag can be repeated
87 to specify multiple groups.
88 --azure-container-registry-config=""
91 Path to the file containing Azure container registry configuration
92 information.
93 --boot-id-file="/proc/sys/kernel/random/boot_id"
96 Comma-separated list of files to check for boot-id. Use the first
97 one that exists.
98 --cache-dir="/builddir/.kube/http-cache"
101 Default HTTP cache directory
102 --certificate-authority=""
105 Path to a cert file for the certificate authority
106 --client-certificate=""
109 Path to a client certificate file for TLS
110 --client-key=""
113 Path to a client key file for TLS
114 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
117 CIDRs opened in GCE firewall for LB traffic proxy health checks
118 --cluster=""
121 The name of the kubeconfig cluster to use
122 --container-hints="/etc/cadvisor/container_hints.json"
125 location of the container hints file
126 --containerd="/run/containerd/containerd.sock"
129 containerd endpoint
130 --containerd-namespace="k8s.io"
133 containerd namespace
134 --context=""
137 The name of the kubeconfig context to use
138 --default-not-ready-toleration-seconds=300
141 Indicates the tolerationSeconds of the toleration for
142 notReady:NoExecute that is added by default to every pod that does not
143 already have such a toleration.
144 --default-unreachable-toleration-seconds=300
147 Indicates the tolerationSeconds of the toleration for unreach‐
148 able:NoExecute that is added by default to every pod that does not
149 already have such a toleration.
150 --docker="unix:///var/run/docker.sock"
153 docker endpoint
154 --docker-env-metadata-whitelist=""
157 a comma-separated list of environment variable keys that needs to
158 be collected for docker containers
159 --docker-only=false
162 Only report docker containers in addition to root stats
163 --docker-root="/var/lib/docker"
166 DEPRECATED: docker root is read from docker info (this is a fall‐
167 back, default: /var/lib/docker)
168 --docker-tls=false
171 use TLS to connect to docker
172 --docker-tls-ca="ca.pem"
175 path to trusted CA
176 --docker-tls-cert="cert.pem"
179 path to client certificate
180 --docker-tls-key="key.pem"
183 path to private key
184 --enable-load-reader=false
187 Whether to enable cpu load reader
188 --event-storage-age-limit="default=0"
191 Max length of time for which to store events (per type). Value is a
192 comma separated list of key values, where the keys are event types
193 (e.g.: creation, oom) or "default" and the value is a duration. Default
194 is applied to all non-specified event types
195 --event-storage-event-limit="default=0"
198 Max number of events to store (per type). Value is a comma sepa‐
199 rated list of key values, where the keys are event types (e.g.: cre‐
200 ation, oom) or "default" and the value is an integer. Default is
201 applied to all non-specified event types
202 --global-housekeeping-interval=1m0s
205 Interval between global housekeepings
206 --housekeeping-interval=10s
209 Interval between container housekeepings
210 --insecure-skip-tls-verify=false
213 If true, the server's certificate will not be checked for validity.
214 This will make your HTTPS connections insecure
215 --kubeconfig=""
218 use a particular kubeconfig file
219 --log-backtrace-at=:0
222 when logging hits line file:N, emit a stack trace
223 --log-cadvisor-usage=false
226 Whether to log the usage of the cAdvisor container
227 --log-dir=""
230 If non-empty, write log files in this directory
231 --log-file=""
234 If non-empty, use this log file
235 --log-file-max-size=1800
238 Defines the maximum size a log file can grow to. Unit is megabytes.
239 If the value is 0, the maximum file size is unlimited.
240 --log-flush-frequency=5s
243 Maximum number of seconds between log flushes
244 --logtostderr=true
247 log to standard error instead of files
248 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
251 Comma-separated list of files to check for machine-id. Use the
252 first one that exists.
253 --match-server-version=false
256 Require server version to match client version
257 -n, --namespace=""
260 If present, the namespace scope for this CLI request
261 --password=""
264 Password for basic authentication to the API server
265 --profile="none"
268 Name of profile to capture. One of (none|cpu|heap|goroutine|thread‐
269 create|block|mutex)
270 --profile-output="profile.pprof"
273 Name of the file to write the profile to
274 --request-timeout="0"
277 The length of time to wait before giving up on a single server
278 request. Non-zero values should contain a corresponding time unit (e.g.
279 1s, 2m, 3h). A value of zero means don't timeout requests.
280 -s, --server=""
283 The address and port of the Kubernetes API server
284 --skip-headers=false
287 If true, avoid header prefixes in the log messages
288 --skip-log-headers=false
291 If true, avoid headers when opening log files
292 --stderrthreshold=2
295 logs at or above this threshold go to stderr
296 --storage-driver-buffer-duration=1m0s
299 Writes in the storage driver will be buffered for this duration,
300 and committed to the non memory backends as a single transaction
301 --storage-driver-db="cadvisor"
304 database name
305 --storage-driver-host="localhost:8086"
308 database host:port
309 --storage-driver-password="root"
312 database password
313 --storage-driver-secure=false
316 use secure connection with database
317 --storage-driver-table="stats"
320 table name
321 --storage-driver-user="root"
324 database username
325 --token=""
328 Bearer token for authentication to the API server
329 --update-machine-info-interval=5m0s
332 Interval between machine info updates.
333 --user=""
336 The name of the kubeconfig user to use
337 --username=""
340 Username for basic authentication to the API server
341 -v, --v=0
344 number for the log level verbosity
345 --version=false
348 Print version information and quit
349 --vmodule=
352 comma-separated list of pattern=N settings for file-filtered log‐
353 ging
354
358 # Set only the "client-key" field on the "cluster-admin"
359 # entry, without touching other values:
360 kubectl config set-credentials cluster-admin --client-key= /.kube/admin.key
361 # Set basic auth for the "cluster-admin" entry
363 kubectl config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif
364 # Embed client certificate data in the "cluster-admin" entry
366 kubectl config set-credentials cluster-admin --client-certificate= /.kube/admin.crt --embed-certs=true
367 # Enable the Google Compute Platform auth provider for the "cluster-admin" entry
369 kubectl config set-credentials cluster-admin --auth-provider=gcp
370 # Enable the OpenID Connect auth provider for the "cluster-admin" entry with additional args
372 kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar
373 # Remove the "client-secret" config value for the OpenID Connect auth provider for the "cluster-admin" entry
375 kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret-
376 # Enable new exec auth plugin for the "cluster-admin" entry
378 kubectl config set-credentials cluster-admin --exec-command=/path/to/the/executable --exec-api-version=client.authentication.k8s.io/v1beta
379 # Define new exec auth plugin args for the "cluster-admin" entry
381 kubectl config set-credentials cluster-admin --exec-arg=arg1 --exec-arg=arg2
382 # Create or update exec auth plugin environment variables for the "cluster-admin" entry
384 kubectl config set-credentials cluster-admin --exec-env=key1=val1 --exec-env=key2=val2
385 # Remove exec auth plugin environment variables for the "cluster-admin" entry
387 kubectl config set-credentials cluster-admin --exec-env=var-to-remove-
388
393 kubectl-config(1),
394
398 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
399 com) based on the kubernetes source material, but hopefully they have
400 been automatically generated since!
401Eric Paris kubernetes User Manuals KUBERNETES(1)