1OC ADM GROUPS(1) June 2016 OC ADM GROUPS(1)
2
3
4
6 oc adm groups prune - Remove old OpenShift groups referencing missing
7 records on an external provider
8
9
10
12 oc adm groups prune [OPTIONS]
13
14
15
17 Prune OpenShift Groups referencing missing records on from an external
18 provider.
19
20
21 In order to prune OpenShift Group records using those from an external
22 provider, determine which Groups you wish to prune. For instance, all
23 or some groups may be selected from the current Groups stored in Open‐
24 Shift that have been synced previously. Any combination of a literal
25 whitelist, a whitelist file and a blacklist file is supported. The path
26 to a sync configuration file that was used for syncing the groups in
27 question is required in order to describe how data is requested from
28 the external record store. Default behavior is to indicate all Open‐
29 Shift groups for which the external record does not exist, to run the
30 pruning process and commit the results, use the --confirm flag.
31
32
33
35 --blacklist=""
36 path to the group blacklist file
37
38
39 --confirm=false
40 if true, modify OpenShift groups; if false, display groups
41
42
43 --sync-config=""
44 path to the sync config
45
46
47 --whitelist=""
48 path to the group whitelist file
49
50
51
53 --allow_verification_with_non_compliant_keys=false
54 Allow a SignatureVerifier to use keys which are technically
55 non-compliant with RFC6962.
56
57
58 --alsologtostderr=false
59 log to standard error as well as files
60
61
62 --application_metrics_count_limit=100
63 Max number of application metrics to store (per container)
64
65
66 --as=""
67 Username to impersonate for the operation
68
69
70 --as-group=[]
71 Group to impersonate for the operation, this flag can be repeated
72 to specify multiple groups.
73
74
75 --azure-container-registry-config=""
76 Path to the file containing Azure container registry configuration
77 information.
78
79
80 --boot_id_file="/proc/sys/kernel/random/boot_id"
81 Comma-separated list of files to check for boot-id. Use the first
82 one that exists.
83
84
85 --cache-dir="/builddir/.kube/http-cache"
86 Default HTTP cache directory
87
88
89 --certificate-authority=""
90 Path to a cert file for the certificate authority
91
92
93 --client-certificate=""
94 Path to a client certificate file for TLS
95
96
97 --client-key=""
98 Path to a client key file for TLS
99
100
101 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
102 CIDRs opened in GCE firewall for LB traffic proxy health checks
103
104
105 --cluster=""
106 The name of the kubeconfig cluster to use
107
108
109 --container_hints="/etc/cadvisor/container_hints.json"
110 location of the container hints file
111
112
113 --containerd="unix:///var/run/containerd.sock"
114 containerd endpoint
115
116
117 --context=""
118 The name of the kubeconfig context to use
119
120
121 --default-not-ready-toleration-seconds=300
122 Indicates the tolerationSeconds of the toleration for
123 notReady:NoExecute that is added by default to every pod that does not
124 already have such a toleration.
125
126
127 --default-unreachable-toleration-seconds=300
128 Indicates the tolerationSeconds of the toleration for unreach‐
129 able:NoExecute that is added by default to every pod that does not
130 already have such a toleration.
131
132
133 --docker="unix:///var/run/docker.sock"
134 docker endpoint
135
136
137 --docker-tls=false
138 use TLS to connect to docker
139
140
141 --docker-tls-ca="ca.pem"
142 path to trusted CA
143
144
145 --docker-tls-cert="cert.pem"
146 path to client certificate
147
148
149 --docker-tls-key="key.pem"
150 path to private key
151
152
153 --docker_env_metadata_whitelist=""
154 a comma-separated list of environment variable keys that needs to
155 be collected for docker containers
156
157
158 --docker_only=false
159 Only report docker containers in addition to root stats
160
161
162 --docker_root="/var/lib/docker"
163 DEPRECATED: docker root is read from docker info (this is a fall‐
164 back, default: /var/lib/docker)
165
166
167 --enable_load_reader=false
168 Whether to enable cpu load reader
169
170
171 --event_storage_age_limit="default=24h"
172 Max length of time for which to store events (per type). Value is a
173 comma separated list of key values, where the keys are event types
174 (e.g.: creation, oom) or "default" and the value is a duration. Default
175 is applied to all non-specified event types
176
177
178 --event_storage_event_limit="default=100000"
179 Max number of events to store (per type). Value is a comma sepa‐
180 rated list of key values, where the keys are event types (e.g.: cre‐
181 ation, oom) or "default" and the value is an integer. Default is
182 applied to all non-specified event types
183
184
185 --global_housekeeping_interval=0
186 Interval between global housekeepings
187
188
189 --housekeeping_interval=0
190 Interval between container housekeepings
191
192
193 --httptest.serve=""
194 if non-empty, httptest.NewServer serves on this address and blocks
195
196
197 --insecure-skip-tls-verify=false
198 If true, the server's certificate will not be checked for validity.
199 This will make your HTTPS connections insecure
200
201
202 --kubeconfig=""
203 Path to the kubeconfig file to use for CLI requests.
204
205
206 --log-flush-frequency=0
207 Maximum number of seconds between log flushes
208
209
210 --log_backtrace_at=:0
211 when logging hits line file:N, emit a stack trace
212
213
214 --log_cadvisor_usage=false
215 Whether to log the usage of the cAdvisor container
216
217
218 --log_dir=""
219 If non-empty, write log files in this directory
220
221
222 --logtostderr=true
223 log to standard error instead of files
224
225
226 --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
227 Comma-separated list of files to check for machine-id. Use the
228 first one that exists.
229
230
231 --match-server-version=false
232 Require server version to match client version
233
234
235 -n, --namespace=""
236 If present, the namespace scope for this CLI request
237
238
239 --request-timeout="0"
240 The length of time to wait before giving up on a single server
241 request. Non-zero values should contain a corresponding time unit (e.g.
242 1s, 2m, 3h). A value of zero means don't timeout requests.
243
244
245 -s, --server=""
246 The address and port of the Kubernetes API server
247
248
249 --stderrthreshold=2
250 logs at or above this threshold go to stderr
251
252
253 --storage_driver_buffer_duration=0
254 Writes in the storage driver will be buffered for this duration,
255 and committed to the non memory backends as a single transaction
256
257
258 --storage_driver_db="cadvisor"
259 database name
260
261
262 --storage_driver_host="localhost:8086"
263 database host:port
264
265
266 --storage_driver_password="root"
267 database password
268
269
270 --storage_driver_secure=false
271 use secure connection with database
272
273
274 --storage_driver_table="stats"
275 table name
276
277
278 --storage_driver_user="root"
279 database username
280
281
282 --token=""
283 Bearer token for authentication to the API server
284
285
286 --user=""
287 The name of the kubeconfig user to use
288
289
290 -v, --v=0
291 log level for V logs
292
293
294 --version=false
295 Print version information and quit
296
297
298 --vmodule=
299 comma-separated list of pattern=N settings for file-filtered log‐
300 ging
301
302
303
305 # Prune all orphaned groups
306 oc adm groups prune --sync-config=/path/to/ldap-sync-config.yaml --confirm
307
308 # Prune all orphaned groups except the ones from the blacklist file
309 oc adm groups prune --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
310
311 # Prune all orphaned groups from a list of specific groups specified in a whitelist file
312 oc adm groups prune --whitelist=/path/to/whitelist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
313
314 # Prune all orphaned groups from a list of specific groups specified in a whitelist
315 oc adm groups prune groups/group_name groups/other_name --sync-config=/path/to/ldap-sync-config.yaml --confirm
316
317
318
319
321 oc-adm-groups(1),
322
323
324
326 June 2016, Ported from the Kubernetes man-doc generator
327
328
329
330Openshift Openshift CLI User Manuals OC ADM GROUPS(1)