1KUBERNETES(1) Jan 2015 KUBERNETES(1)
2
3
4
6 kubectl auth - Inspect authorization
7
8
9
11 kubectl auth [OPTIONS]
12
13
14
16 Inspect authorization
17
18
19
21 --allow-verification-with-non-compliant-keys=false
22 Allow a SignatureVerifier to use keys which are technically
23 non-compliant with RFC6962.
24
25
26 --alsologtostderr=false
27 log to standard error as well as files
28
29
30 --application-metrics-count-limit=100
31 Max number of application metrics to store (per container)
32
33
34 --as=""
35 Username to impersonate for the operation
36
37
38 --as-group=[]
39 Group to impersonate for the operation, this flag can be repeated
40 to specify multiple groups.
41
42
43 --azure-container-registry-config=""
44 Path to the file containing Azure container registry configuration
45 information.
46
47
48 --boot-id-file="/proc/sys/kernel/random/boot_id"
49 Comma-separated list of files to check for boot-id. Use the first
50 one that exists.
51
52
53 --cache-dir="/builddir/.kube/http-cache"
54 Default HTTP cache directory
55
56
57 --certificate-authority=""
58 Path to a cert file for the certificate authority
59
60
61 --client-certificate=""
62 Path to a client certificate file for TLS
63
64
65 --client-key=""
66 Path to a client key file for TLS
67
68
69 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
70 CIDRs opened in GCE firewall for LB traffic proxy health checks
71
72
73 --cluster=""
74 The name of the kubeconfig cluster to use
75
76
77 --container-hints="/etc/cadvisor/container_hints.json"
78 location of the container hints file
79
80
81 --containerd="unix:///var/run/containerd.sock"
82 containerd endpoint
83
84
85 --context=""
86 The name of the kubeconfig context to use
87
88
89 --default-not-ready-toleration-seconds=300
90 Indicates the tolerationSeconds of the toleration for
91 notReady:NoExecute that is added by default to every pod that does not
92 already have such a toleration.
93
94
95 --default-unreachable-toleration-seconds=300
96 Indicates the tolerationSeconds of the toleration for unreach‐
97 able:NoExecute that is added by default to every pod that does not
98 already have such a toleration.
99
100
101 --docker="unix:///var/run/docker.sock"
102 docker endpoint
103
104
105 --docker-env-metadata-whitelist=""
106 a comma-separated list of environment variable keys that needs to
107 be collected for docker containers
108
109
110 --docker-only=false
111 Only report docker containers in addition to root stats
112
113
114 --docker-root="/var/lib/docker"
115 DEPRECATED: docker root is read from docker info (this is a fall‐
116 back, default: /var/lib/docker)
117
118
119 --docker-tls=false
120 use TLS to connect to docker
121
122
123 --docker-tls-ca="ca.pem"
124 path to trusted CA
125
126
127 --docker-tls-cert="cert.pem"
128 path to client certificate
129
130
131 --docker-tls-key="key.pem"
132 path to private key
133
134
135 --enable-load-reader=false
136 Whether to enable cpu load reader
137
138
139 --event-storage-age-limit="default=0"
140 Max length of time for which to store events (per type). Value is a
141 comma separated list of key values, where the keys are event types
142 (e.g.: creation, oom) or "default" and the value is a duration. Default
143 is applied to all non-specified event types
144
145
146 --event-storage-event-limit="default=0"
147 Max number of events to store (per type). Value is a comma sepa‐
148 rated list of key values, where the keys are event types (e.g.: cre‐
149 ation, oom) or "default" and the value is an integer. Default is
150 applied to all non-specified event types
151
152
153 --global-housekeeping-interval=1m0s
154 Interval between global housekeepings
155
156
157 --google-json-key=""
158 The Google Cloud Platform Service Account JSON Key to use for
159 authentication.
160
161
162 --housekeeping-interval=10s
163 Interval between container housekeepings
164
165
166 --insecure-skip-tls-verify=false
167 If true, the server's certificate will not be checked for validity.
168 This will make your HTTPS connections insecure
169
170
171 --kubeconfig=""
172 Path to the kubeconfig file to use for CLI requests.
173
174
175 --log-backtrace-at=:0
176 when logging hits line file:N, emit a stack trace
177
178
179 --log-cadvisor-usage=false
180 Whether to log the usage of the cAdvisor container
181
182
183 --log-dir=""
184 If non-empty, write log files in this directory
185
186
187 --log-flush-frequency=5s
188 Maximum number of seconds between log flushes
189
190
191 --logtostderr=true
192 log to standard error instead of files
193
194
195 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
196 Comma-separated list of files to check for machine-id. Use the
197 first one that exists.
198
199
200 --match-server-version=false
201 Require server version to match client version
202
203
204 --mesos-agent="127.0.0.1:5051"
205 Mesos agent address
206
207
208 --mesos-agent-timeout=10s
209 Mesos agent timeout
210
211
212 -n, --namespace=""
213 If present, the namespace scope for this CLI request
214
215
216 --request-timeout="0"
217 The length of time to wait before giving up on a single server
218 request. Non-zero values should contain a corresponding time unit (e.g.
219 1s, 2m, 3h). A value of zero means don't timeout requests.
220
221
222 -s, --server=""
223 The address and port of the Kubernetes API server
224
225
226 --stderrthreshold=2
227 logs at or above this threshold go to stderr
228
229
230 --storage-driver-buffer-duration=1m0s
231 Writes in the storage driver will be buffered for this duration,
232 and committed to the non memory backends as a single transaction
233
234
235 --storage-driver-db="cadvisor"
236 database name
237
238
239 --storage-driver-host="localhost:8086"
240 database host:port
241
242
243 --storage-driver-password="root"
244 database password
245
246
247 --storage-driver-secure=false
248 use secure connection with database
249
250
251 --storage-driver-table="stats"
252 table name
253
254
255 --storage-driver-user="root"
256 database username
257
258
259 --token=""
260 Bearer token for authentication to the API server
261
262
263 --user=""
264 The name of the kubeconfig user to use
265
266
267 -v, --v=0
268 log level for V logs
269
270
271 --version=false
272 Print version information and quit
273
274
275 --vmodule=
276 comma-separated list of pattern=N settings for file-filtered log‐
277 ging
278
279
280
282 kubectl(1), kubectl-auth-can-i(1), kubectl-auth-reconcile(1),
283
284
285
287 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
288 com) based on the kubernetes source material, but hopefully they have
289 been automatically generated since!
290
291
292
293Eric Paris kubernetes User Manuals KUBERNETES(1)