1OC(1)                              June 2016                             OC(1)
2
3
4

NAME

6       oc policy - Manage authorization policy
7
8
9

SYNOPSIS

11       oc policy [OPTIONS]
12
13
14

DESCRIPTION

16       Manage authorization policy
17
18
19

OPTIONS INHERITED FROM PARENT COMMANDS

21       --allow_verification_with_non_compliant_keys=false
22           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
23       non-compliant with RFC6962.
24
25
26       --alsologtostderr=false
27           log to standard error as well as files
28
29
30       --application_metrics_count_limit=100
31           Max number of application metrics to store (per container)
32
33
34       --as=""
35           Username to impersonate for the operation
36
37
38       --as-group=[]
39           Group to impersonate for the operation, this flag can  be  repeated
40       to specify multiple groups.
41
42
43       --azure-container-registry-config=""
44           Path  to the file containing Azure container registry configuration
45       information.
46
47
48       --boot_id_file="/proc/sys/kernel/random/boot_id"
49           Comma-separated list of files to check for boot-id. Use  the  first
50       one that exists.
51
52
53       --cache-dir="/builddir/.kube/http-cache"
54           Default HTTP cache directory
55
56
57       --certificate-authority=""
58           Path to a cert file for the certificate authority
59
60
61       --client-certificate=""
62           Path to a client certificate file for TLS
63
64
65       --client-key=""
66           Path to a client key file for TLS
67
68
69       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
70           CIDRs opened in GCE firewall for LB traffic proxy  health checks
71
72
73       --cluster=""
74           The name of the kubeconfig cluster to use
75
76
77       --container_hints="/etc/cadvisor/container_hints.json"
78           location of the container hints file
79
80
81       --containerd="unix:///var/run/containerd.sock"
82           containerd endpoint
83
84
85       --context=""
86           The name of the kubeconfig context to use
87
88
89       --default-not-ready-toleration-seconds=300
90           Indicates   the   tolerationSeconds   of   the    toleration    for
91       notReady:NoExecute  that is added by default to every pod that does not
92       already have such a toleration.
93
94
95       --default-unreachable-toleration-seconds=300
96           Indicates the tolerationSeconds  of  the  toleration  for  unreach‐
97       able:NoExecute  that  is  added  by  default to every pod that does not
98       already have such a toleration.
99
100
101       --docker="unix:///var/run/docker.sock"
102           docker endpoint
103
104
105       --docker-tls=false
106           use TLS to connect to docker
107
108
109       --docker-tls-ca="ca.pem"
110           path to trusted CA
111
112
113       --docker-tls-cert="cert.pem"
114           path to client certificate
115
116
117       --docker-tls-key="key.pem"
118           path to private key
119
120
121       --docker_env_metadata_whitelist=""
122           a comma-separated list of environment variable keys that  needs  to
123       be collected for docker containers
124
125
126       --docker_only=false
127           Only report docker containers in addition to root stats
128
129
130       --docker_root="/var/lib/docker"
131           DEPRECATED:  docker  root is read from docker info (this is a fall‐
132       back, default: /var/lib/docker)
133
134
135       --enable_load_reader=false
136           Whether to enable cpu load reader
137
138
139       --event_storage_age_limit="default=24h"
140           Max length of time for which to store events (per type). Value is a
141       comma  separated  list  of  key  values, where the keys are event types
142       (e.g.: creation, oom) or "default" and the value is a duration. Default
143       is applied to all non-specified event types
144
145
146       --event_storage_event_limit="default=100000"
147           Max  number  of  events to store (per type). Value is a comma sepa‐
148       rated list of key values, where the keys are event  types  (e.g.:  cre‐
149       ation,  oom)  or  "default"  and  the  value  is an integer. Default is
150       applied to all non-specified event types
151
152
153       --global_housekeeping_interval=0
154           Interval between global housekeepings
155
156
157       --housekeeping_interval=0
158           Interval between container housekeepings
159
160
161       --httptest.serve=""
162           if non-empty, httptest.NewServer serves on this address and blocks
163
164
165       --insecure-skip-tls-verify=false
166           If true, the server's certificate will not be checked for validity.
167       This will make your HTTPS connections insecure
168
169
170       --kubeconfig=""
171           Path to the kubeconfig file to use for CLI requests.
172
173
174       --log-flush-frequency=0
175           Maximum number of seconds between log flushes
176
177
178       --log_backtrace_at=:0
179           when logging hits line file:N, emit a stack trace
180
181
182       --log_cadvisor_usage=false
183           Whether to log the usage of the cAdvisor container
184
185
186       --log_dir=""
187           If non-empty, write log files in this directory
188
189
190       --logtostderr=true
191           log to standard error instead of files
192
193
194       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
195           Comma-separated  list  of  files  to  check for machine-id. Use the
196       first one that exists.
197
198
199       --match-server-version=false
200           Require server version to match client version
201
202
203       -n, --namespace=""
204           If present, the namespace scope for this CLI request
205
206
207       --request-timeout="0"
208           The length of time to wait before giving  up  on  a  single  server
209       request. Non-zero values should contain a corresponding time unit (e.g.
210       1s, 2m, 3h). A value of zero means don't timeout requests.
211
212
213       -s, --server=""
214           The address and port of the Kubernetes API server
215
216
217       --stderrthreshold=2
218           logs at or above this threshold go to stderr
219
220
221       --storage_driver_buffer_duration=0
222           Writes in the storage driver will be buffered  for  this  duration,
223       and committed to the non memory backends as a single transaction
224
225
226       --storage_driver_db="cadvisor"
227           database name
228
229
230       --storage_driver_host="localhost:8086"
231           database host:port
232
233
234       --storage_driver_password="root"
235           database password
236
237
238       --storage_driver_secure=false
239           use secure connection with database
240
241
242       --storage_driver_table="stats"
243           table name
244
245
246       --storage_driver_user="root"
247           database username
248
249
250       --token=""
251           Bearer token for authentication to the API server
252
253
254       --user=""
255           The name of the kubeconfig user to use
256
257
258       -v, --v=0
259           log level for V logs
260
261
262       --version=false
263           Print version information and quit
264
265
266       --vmodule=
267           comma-separated  list  of pattern=N settings for file-filtered log‐
268       ging
269
270
271

SEE ALSO

273       oc(1),  oc-policy-add-role-to-group(1),  oc-policy-add-role-to-user(1),
274       oc-policy-can-i(1),          oc-policy-remove-group(1),         oc-pol‐
275       icy-remove-role-from-group(1),      oc-policy-remove-role-from-user(1),
276       oc-policy-remove-user(1),  oc-policy-scc-review(1),  oc-policy-scc-sub‐
277       ject-review(1), oc-policy-who-can(1),
278
279
280

HISTORY

282       June 2016, Ported from the Kubernetes man-doc generator
283
284
285
286Openshift                  Openshift CLI User Manuals                    OC(1)
Impressum