oc-adm-policy-add-scc-to-group(1)

1OC ADM POLICY(1)                   June 2016                  OC ADM POLICY(1)
2
3
4

NAME

6       oc  adm  policy  add-scc-to-group  - Add security context constraint to
7       groups
8
9
10

SYNOPSIS

12       oc adm policy add-scc-to-group [OPTIONS]
13
14
15

DESCRIPTION

17       Add security context constraint to groups
18
19
20

OPTIONS

22       --allow-missing-template-keys=true
23           If true, ignore any errors in templates when a field or map key  is
24       missing  in  the  template.  Only applies to golang and jsonpath output
25       formats.
26
27
28       --dry-run=false
29           If true, only print the object that would be sent, without  sending
30       it.
31
32
33       --no-headers=false
34           When  using the default or custom-column output format, don't print
35       headers (default print headers).
36
37
38       -o, --output=""
39           Output format. One of:  json|yaml|wide|name|custom-columns=...|cus‐
40       tom-columns-file=...|go-template=...|go-template-file=...|json‐
41       path=...|jsonpath-file=...  See   custom   columns   [   ⟨http://kuber‐
42       netes.io/docs/user-guide/kubectl-overview/#custom-columns⟩],     golang
43       template  [  ⟨http://golang.org/pkg/text/template/#pkg-overview⟩]   and
44       jsonpath template [ ⟨http://kubernetes.io/docs/user-guide/jsonpath⟩].
45
46
47       --show-labels=false
48           When  printing,  show  all  labels as the last column (default hide
49       labels column)
50
51
52       --sort-by=""
53           If non-empty, sort list types using this field specification.   The
54       field  specification  is  expressed  as  a  JSONPath  expression  (e.g.
55       '{.metadata.name}'). The field in the API resource  specified  by  this
56       JSONPath expression must be an integer or a string.
57
58
59       --template=""
60           Template  string  or  path  to template file to use when -o=go-tem‐
61       plate, -o=go-template-file. The template format is golang  templates  [
62       ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
63
64
65

OPTIONS INHERITED FROM PARENT COMMANDS

67       --allow_verification_with_non_compliant_keys=false
68           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
69       non-compliant with RFC6962.
70
71
72       --alsologtostderr=false
73           log to standard error as well as files
74
75
76       --application_metrics_count_limit=100
77           Max number of application metrics to store (per container)
78
79
80       --as=""
81           Username to impersonate for the operation
82
83
84       --as-group=[]
85           Group to impersonate for the operation, this flag can  be  repeated
86       to specify multiple groups.
87
88
89       --azure-container-registry-config=""
90           Path  to the file containing Azure container registry configuration
91       information.
92
93
94       --boot_id_file="/proc/sys/kernel/random/boot_id"
95           Comma-separated list of files to check for boot-id. Use  the  first
96       one that exists.
97
98
99       --cache-dir="/builddir/.kube/http-cache"
100           Default HTTP cache directory
101
102
103       --certificate-authority=""
104           Path to a cert file for the certificate authority
105
106
107       --client-certificate=""
108           Path to a client certificate file for TLS
109
110
111       --client-key=""
112           Path to a client key file for TLS
113
114
115       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
116           CIDRs opened in GCE firewall for LB traffic proxy  health checks
117
118
119       --cluster=""
120           The name of the kubeconfig cluster to use
121
122
123       --container_hints="/etc/cadvisor/container_hints.json"
124           location of the container hints file
125
126
127       --containerd="unix:///var/run/containerd.sock"
128           containerd endpoint
129
130
131       --context=""
132           The name of the kubeconfig context to use
133
134
135       --default-not-ready-toleration-seconds=300
136           Indicates   the   tolerationSeconds   of   the    toleration    for
137       notReady:NoExecute  that is added by default to every pod that does not
138       already have such a toleration.
139
140
141       --default-unreachable-toleration-seconds=300
142           Indicates the tolerationSeconds  of  the  toleration  for  unreach‐
143       able:NoExecute  that  is  added  by  default to every pod that does not
144       already have such a toleration.
145
146
147       --docker="unix:///var/run/docker.sock"
148           docker endpoint
149
150
151       --docker-tls=false
152           use TLS to connect to docker
153
154
155       --docker-tls-ca="ca.pem"
156           path to trusted CA
157
158
159       --docker-tls-cert="cert.pem"
160           path to client certificate
161
162
163       --docker-tls-key="key.pem"
164           path to private key
165
166
167       --docker_env_metadata_whitelist=""
168           a comma-separated list of environment variable keys that  needs  to
169       be collected for docker containers
170
171
172       --docker_only=false
173           Only report docker containers in addition to root stats
174
175
176       --docker_root="/var/lib/docker"
177           DEPRECATED:  docker  root is read from docker info (this is a fall‐
178       back, default: /var/lib/docker)
179
180
181       --enable_load_reader=false
182           Whether to enable cpu load reader
183
184
185       --event_storage_age_limit="default=24h"
186           Max length of time for which to store events (per type). Value is a
187       comma  separated  list  of  key  values, where the keys are event types
188       (e.g.: creation, oom) or "default" and the value is a duration. Default
189       is applied to all non-specified event types
190
191
192       --event_storage_event_limit="default=100000"
193           Max  number  of  events to store (per type). Value is a comma sepa‐
194       rated list of key values, where the keys are event  types  (e.g.:  cre‐
195       ation,  oom)  or  "default"  and  the  value  is an integer. Default is
196       applied to all non-specified event types
197
198
199       --global_housekeeping_interval=0
200           Interval between global housekeepings
201
202
203       --housekeeping_interval=0
204           Interval between container housekeepings
205
206
207       --httptest.serve=""
208           if non-empty, httptest.NewServer serves on this address and blocks
209
210
211       --insecure-skip-tls-verify=false
212           If true, the server's certificate will not be checked for validity.
213       This will make your HTTPS connections insecure
214
215
216       --kubeconfig=""
217           Path to the kubeconfig file to use for CLI requests.
218
219
220       --log-flush-frequency=0
221           Maximum number of seconds between log flushes
222
223
224       --log_backtrace_at=:0
225           when logging hits line file:N, emit a stack trace
226
227
228       --log_cadvisor_usage=false
229           Whether to log the usage of the cAdvisor container
230
231
232       --log_dir=""
233           If non-empty, write log files in this directory
234
235
236       --logtostderr=true
237           log to standard error instead of files
238
239
240       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
241           Comma-separated  list  of  files  to  check for machine-id. Use the
242       first one that exists.
243
244
245       --match-server-version=false
246           Require server version to match client version
247
248
249       -n, --namespace=""
250           If present, the namespace scope for this CLI request
251
252
253       --request-timeout="0"
254           The length of time to wait before giving  up  on  a  single  server
255       request. Non-zero values should contain a corresponding time unit (e.g.
256       1s, 2m, 3h). A value of zero means don't timeout requests.
257
258
259       -s, --server=""
260           The address and port of the Kubernetes API server
261
262
263       --stderrthreshold=2
264           logs at or above this threshold go to stderr
265
266
267       --storage_driver_buffer_duration=0
268           Writes in the storage driver will be buffered  for  this  duration,
269       and committed to the non memory backends as a single transaction
270
271
272       --storage_driver_db="cadvisor"
273           database name
274
275
276       --storage_driver_host="localhost:8086"
277           database host:port
278
279
280       --storage_driver_password="root"
281           database password
282
283
284       --storage_driver_secure=false
285           use secure connection with database
286
287
288       --storage_driver_table="stats"
289           table name
290
291
292       --storage_driver_user="root"
293           database username
294
295
296       --token=""
297           Bearer token for authentication to the API server
298
299
300       --user=""
301           The name of the kubeconfig user to use
302
303
304       -v, --v=0
305           log level for V logs
306
307
308       --version=false
309           Print version information and quit
310
311
312       --vmodule=
313           comma-separated  list  of pattern=N settings for file-filtered log‐
314       ging
315
316
317

EXAMPLE

319                # Add the 'restricted' security context contraint to group1 and group2
320                oc adm policy add-scc-to-group restricted group1 group2
321
322
323
324

HISTORY

331       June 2016, Ported from the Kubernetes man-doc generator
332
333
334
335Openshift                  Openshift CLI User Manuals         OC ADM POLICY(1)