1KUBERNETES(1) Jan 2015 KUBERNETES(1)
2
3
4
6 kubectl auth - Inspect authorization
7
8
9
11 kubectl auth [OPTIONS]
12
13
14
16 Inspect authorization
17
18
19
21 --alsologtostderr=false
22 log to standard error as well as files
23
24
25 --application-metrics-count-limit=100
26 Max number of application metrics to store (per container)
27
28
29 --as=""
30 Username to impersonate for the operation
31
32
33 --as-group=[]
34 Group to impersonate for the operation, this flag can be repeated
35 to specify multiple groups.
36
37
38 --azure-container-registry-config=""
39 Path to the file containing Azure container registry configuration
40 information.
41
42
43 --boot-id-file="/proc/sys/kernel/random/boot_id"
44 Comma-separated list of files to check for boot-id. Use the first
45 one that exists.
46
47
48 --cache-dir="/builddir/.kube/http-cache"
49 Default HTTP cache directory
50
51
52 --certificate-authority=""
53 Path to a cert file for the certificate authority
54
55
56 --client-certificate=""
57 Path to a client certificate file for TLS
58
59
60 --client-key=""
61 Path to a client key file for TLS
62
63
64 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
65 CIDRs opened in GCE firewall for LB traffic proxy health checks
66
67
68 --cluster=""
69 The name of the kubeconfig cluster to use
70
71
72 --container-hints="/etc/cadvisor/container_hints.json"
73 location of the container hints file
74
75
76 --containerd="unix:///var/run/containerd.sock"
77 containerd endpoint
78
79
80 --context=""
81 The name of the kubeconfig context to use
82
83
84 --default-not-ready-toleration-seconds=300
85 Indicates the tolerationSeconds of the toleration for
86 notReady:NoExecute that is added by default to every pod that does not
87 already have such a toleration.
88
89
90 --default-unreachable-toleration-seconds=300
91 Indicates the tolerationSeconds of the toleration for unreach‐
92 able:NoExecute that is added by default to every pod that does not
93 already have such a toleration.
94
95
96 --docker="unix:///var/run/docker.sock"
97 docker endpoint
98
99
100 --docker-env-metadata-whitelist=""
101 a comma-separated list of environment variable keys that needs to
102 be collected for docker containers
103
104
105 --docker-only=false
106 Only report docker containers in addition to root stats
107
108
109 --docker-root="/var/lib/docker"
110 DEPRECATED: docker root is read from docker info (this is a fall‐
111 back, default: /var/lib/docker)
112
113
114 --docker-tls=false
115 use TLS to connect to docker
116
117
118 --docker-tls-ca="ca.pem"
119 path to trusted CA
120
121
122 --docker-tls-cert="cert.pem"
123 path to client certificate
124
125
126 --docker-tls-key="key.pem"
127 path to private key
128
129
130 --enable-load-reader=false
131 Whether to enable cpu load reader
132
133
134 --event-storage-age-limit="default=0"
135 Max length of time for which to store events (per type). Value is a
136 comma separated list of key values, where the keys are event types
137 (e.g.: creation, oom) or "default" and the value is a duration. Default
138 is applied to all non-specified event types
139
140
141 --event-storage-event-limit="default=0"
142 Max number of events to store (per type). Value is a comma sepa‐
143 rated list of key values, where the keys are event types (e.g.: cre‐
144 ation, oom) or "default" and the value is an integer. Default is
145 applied to all non-specified event types
146
147
148 --global-housekeeping-interval=1m0s
149 Interval between global housekeepings
150
151
152 --housekeeping-interval=10s
153 Interval between container housekeepings
154
155
156 --insecure-skip-tls-verify=false
157 If true, the server's certificate will not be checked for validity.
158 This will make your HTTPS connections insecure
159
160
161 --kubeconfig=""
162 Path to the kubeconfig file to use for CLI requests.
163
164
165 --log-backtrace-at=:0
166 when logging hits line file:N, emit a stack trace
167
168
169 --log-cadvisor-usage=false
170 Whether to log the usage of the cAdvisor container
171
172
173 --log-dir=""
174 If non-empty, write log files in this directory
175
176
177 --log-file=""
178 If non-empty, use this log file
179
180
181 --log-flush-frequency=5s
182 Maximum number of seconds between log flushes
183
184
185 --logtostderr=true
186 log to standard error instead of files
187
188
189 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
190 Comma-separated list of files to check for machine-id. Use the
191 first one that exists.
192
193
194 --match-server-version=false
195 Require server version to match client version
196
197
198 --mesos-agent="127.0.0.1:5051"
199 Mesos agent address
200
201
202 --mesos-agent-timeout=10s
203 Mesos agent timeout
204
205
206 -n, --namespace=""
207 If present, the namespace scope for this CLI request
208
209
210 --password=""
211 Password for basic authentication to the API server
212
213
214 --profile="none"
215 Name of profile to capture. One of (none|cpu|heap|goroutine|thread‐
216 create|block|mutex)
217
218
219 --profile-output="profile.pprof"
220 Name of the file to write the profile to
221
222
223 --request-timeout="0"
224 The length of time to wait before giving up on a single server
225 request. Non-zero values should contain a corresponding time unit (e.g.
226 1s, 2m, 3h). A value of zero means don't timeout requests.
227
228
229 -s, --server=""
230 The address and port of the Kubernetes API server
231
232
233 --skip-headers=false
234 If true, avoid header prefixes in the log messages
235
236
237 --stderrthreshold=2
238 logs at or above this threshold go to stderr
239
240
241 --storage-driver-buffer-duration=1m0s
242 Writes in the storage driver will be buffered for this duration,
243 and committed to the non memory backends as a single transaction
244
245
246 --storage-driver-db="cadvisor"
247 database name
248
249
250 --storage-driver-host="localhost:8086"
251 database host:port
252
253
254 --storage-driver-password="root"
255 database password
256
257
258 --storage-driver-secure=false
259 use secure connection with database
260
261
262 --storage-driver-table="stats"
263 table name
264
265
266 --storage-driver-user="root"
267 database username
268
269
270 --token=""
271 Bearer token for authentication to the API server
272
273
274 --user=""
275 The name of the kubeconfig user to use
276
277
278 --username=""
279 Username for basic authentication to the API server
280
281
282 -v, --v=0
283 log level for V logs
284
285
286 --version=false
287 Print version information and quit
288
289
290 --vmodule=
291 comma-separated list of pattern=N settings for file-filtered log‐
292 ging
293
294
295
297 kubectl(1), kubectl-auth-can-i(1), kubectl-auth-reconcile(1),
298
299
300
302 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
303 com) based on the kubernetes source material, but hopefully they have
304 been automatically generated since!
305
306
307
308Eric Paris kubernetes User Manuals KUBERNETES(1)