1KUBERNETES(1)                      Jan 2015                      KUBERNETES(1)
2
3
4

NAME

6       kubectl auth - Inspect authorization
7
8
9

SYNOPSIS

11       kubectl auth [OPTIONS]
12
13
14

DESCRIPTION

16       Inspect authorization
17
18
19

OPTIONS INHERITED FROM PARENT COMMANDS

21       --alsologtostderr=false
22           log to standard error as well as files
23
24
25       --application-metrics-count-limit=100
26           Max number of application metrics to store (per container)
27
28
29       --as=""
30           Username to impersonate for the operation
31
32
33       --as-group=[]
34           Group  to  impersonate for the operation, this flag can be repeated
35       to specify multiple groups.
36
37
38       --azure-container-registry-config=""
39           Path to the file containing Azure container registry  configuration
40       information.
41
42
43       --boot-id-file="/proc/sys/kernel/random/boot_id"
44           Comma-separated  list  of files to check for boot-id. Use the first
45       one that exists.
46
47
48       --cache-dir="/builddir/.kube/http-cache"
49           Default HTTP cache directory
50
51
52       --certificate-authority=""
53           Path to a cert file for the certificate authority
54
55
56       --client-certificate=""
57           Path to a client certificate file for TLS
58
59
60       --client-key=""
61           Path to a client key file for TLS
62
63
64       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
65           CIDRs opened in GCE firewall for LB traffic proxy  health checks
66
67
68       --cluster=""
69           The name of the kubeconfig cluster to use
70
71
72       --container-hints="/etc/cadvisor/container_hints.json"
73           location of the container hints file
74
75
76       --containerd="unix:///var/run/containerd.sock"
77           containerd endpoint
78
79
80       --context=""
81           The name of the kubeconfig context to use
82
83
84       --default-not-ready-toleration-seconds=300
85           Indicates    the    tolerationSeconds   of   the   toleration   for
86       notReady:NoExecute that is added by default to every pod that does  not
87       already have such a toleration.
88
89
90       --default-unreachable-toleration-seconds=300
91           Indicates  the  tolerationSeconds  of  the  toleration for unreach‐
92       able:NoExecute that is added by default to  every  pod  that  does  not
93       already have such a toleration.
94
95
96       --docker="unix:///var/run/docker.sock"
97           docker endpoint
98
99
100       --docker-env-metadata-whitelist=""
101           a  comma-separated  list of environment variable keys that needs to
102       be collected for docker containers
103
104
105       --docker-only=false
106           Only report docker containers in addition to root stats
107
108
109       --docker-root="/var/lib/docker"
110           DEPRECATED: docker root is read from docker info (this is  a  fall‐
111       back, default: /var/lib/docker)
112
113
114       --docker-tls=false
115           use TLS to connect to docker
116
117
118       --docker-tls-ca="ca.pem"
119           path to trusted CA
120
121
122       --docker-tls-cert="cert.pem"
123           path to client certificate
124
125
126       --docker-tls-key="key.pem"
127           path to private key
128
129
130       --enable-load-reader=false
131           Whether to enable cpu load reader
132
133
134       --event-storage-age-limit="default=0"
135           Max length of time for which to store events (per type). Value is a
136       comma separated list of key values, where  the  keys  are  event  types
137       (e.g.: creation, oom) or "default" and the value is a duration. Default
138       is applied to all non-specified event types
139
140
141       --event-storage-event-limit="default=0"
142           Max number of events to store (per type). Value is  a  comma  sepa‐
143       rated  list  of  key values, where the keys are event types (e.g.: cre‐
144       ation, oom) or "default" and  the  value  is  an  integer.  Default  is
145       applied to all non-specified event types
146
147
148       --global-housekeeping-interval=1m0s
149           Interval between global housekeepings
150
151
152       --housekeeping-interval=10s
153           Interval between container housekeepings
154
155
156       --insecure-skip-tls-verify=false
157           If true, the server's certificate will not be checked for validity.
158       This will make your HTTPS connections insecure
159
160
161       --kubeconfig=""
162           Path to the kubeconfig file to use for CLI requests.
163
164
165       --log-backtrace-at=:0
166           when logging hits line file:N, emit a stack trace
167
168
169       --log-cadvisor-usage=false
170           Whether to log the usage of the cAdvisor container
171
172
173       --log-dir=""
174           If non-empty, write log files in this directory
175
176
177       --log-file=""
178           If non-empty, use this log file
179
180
181       --log-flush-frequency=5s
182           Maximum number of seconds between log flushes
183
184
185       --logtostderr=true
186           log to standard error instead of files
187
188
189       --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
190           Comma-separated list of files to  check  for  machine-id.  Use  the
191       first one that exists.
192
193
194       --match-server-version=false
195           Require server version to match client version
196
197
198       --mesos-agent="127.0.0.1:5051"
199           Mesos agent address
200
201
202       --mesos-agent-timeout=10s
203           Mesos agent timeout
204
205
206       -n, --namespace=""
207           If present, the namespace scope for this CLI request
208
209
210       --password=""
211           Password for basic authentication to the API server
212
213
214       --profile="none"
215           Name of profile to capture. One of (none|cpu|heap|goroutine|thread‐
216       create|block|mutex)
217
218
219       --profile-output="profile.pprof"
220           Name of the file to write the profile to
221
222
223       --request-timeout="0"
224           The length of time to wait before giving  up  on  a  single  server
225       request. Non-zero values should contain a corresponding time unit (e.g.
226       1s, 2m, 3h). A value of zero means don't timeout requests.
227
228
229       -s, --server=""
230           The address and port of the Kubernetes API server
231
232
233       --skip-headers=false
234           If true, avoid header prefixes in the log messages
235
236
237       --stderrthreshold=2
238           logs at or above this threshold go to stderr
239
240
241       --storage-driver-buffer-duration=1m0s
242           Writes in the storage driver will be buffered  for  this  duration,
243       and committed to the non memory backends as a single transaction
244
245
246       --storage-driver-db="cadvisor"
247           database name
248
249
250       --storage-driver-host="localhost:8086"
251           database host:port
252
253
254       --storage-driver-password="root"
255           database password
256
257
258       --storage-driver-secure=false
259           use secure connection with database
260
261
262       --storage-driver-table="stats"
263           table name
264
265
266       --storage-driver-user="root"
267           database username
268
269
270       --token=""
271           Bearer token for authentication to the API server
272
273
274       --user=""
275           The name of the kubeconfig user to use
276
277
278       --username=""
279           Username for basic authentication to the API server
280
281
282       -v, --v=0
283           log level for V logs
284
285
286       --version=false
287           Print version information and quit
288
289
290       --vmodule=
291           comma-separated  list  of pattern=N settings for file-filtered log‐
292       ging
293
294
295

SEE ALSO

297       kubectl(1), kubectl-auth-can-i(1), kubectl-auth-reconcile(1),
298
299
300

HISTORY

302       January 2015, Originally compiled by Eric Paris (eparis at  redhat  dot
303       com)  based  on the kubernetes source material, but hopefully they have
304       been automatically generated since!
305
306
307
308Eric Paris                  kubernetes User Manuals              KUBERNETES(1)
Impressum