1OC(1)                              June 2016                             OC(1)
2
3
4

NAME

6       oc proxy - Run a proxy to the Kubernetes API server
7
8
9

SYNOPSIS

11       oc proxy [OPTIONS]
12
13
14

DESCRIPTION

16       Run a proxy to the API server
17
18
19

OPTIONS

21       --accept-hosts="^localhost$,^127\.0\.0\.1$,^\[::1\]$"
22           Regular expression for hosts that the proxy should accept.
23
24
25       --accept-paths="^.*"
26           Regular expression for paths that the proxy should accept.
27
28
29       --address="127.0.0.1"
30           The IP address on which to serve on.
31
32
33       --api-prefix="/"
34           Prefix to serve the proxied API under.
35
36
37       --disable-filter=false
38           If true, disable request filtering in the proxy. This is dangerous,
39       and can leave you vulnerable to XSRF attacks, when used with an  acces‐
40       sible port.
41
42
43       -p, --port=8001
44           The port on which to run the proxy. Set to 0 to pick a random port.
45
46
47       --reject-methods="^$"
48           Regular  expression  for  HTTP methods that the proxy should reject
49       (example --reject-methods='POST,PUT,PATCH').
50
51
52       --reject-paths="^/api/./pods/./exec,^/api/./pods/./attach"
53           Regular expression for paths that the proxy  should  reject.  Paths
54       specified here will be rejected even accepted by --accept-paths.
55
56
57       -u, --unix-socket=""
58           Unix socket on which to run the proxy.
59
60
61       -w, --www=""
62           Also  serve  static files from the given directory under the speci‐
63       fied prefix.
64
65
66       -P, --www-prefix="/static/"
67           Prefix to serve static files under, if  static  file  directory  is
68       specified.
69
70
71

OPTIONS INHERITED FROM PARENT COMMANDS

73       --allow_verification_with_non_compliant_keys=false
74           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
75       non-compliant with RFC6962.
76
77
78       --alsologtostderr=false
79           log to standard error as well as files
80
81
82       --application_metrics_count_limit=100
83           Max number of application metrics to store (per container)
84
85
86       --as=""
87           Username to impersonate for the operation
88
89
90       --as-group=[]
91           Group to impersonate for the operation, this flag can  be  repeated
92       to specify multiple groups.
93
94
95       --azure-container-registry-config=""
96           Path  to the file containing Azure container registry configuration
97       information.
98
99
100       --boot_id_file="/proc/sys/kernel/random/boot_id"
101           Comma-separated list of files to check for boot-id. Use  the  first
102       one that exists.
103
104
105       --cache-dir="/builddir/.kube/http-cache"
106           Default HTTP cache directory
107
108
109       --certificate-authority=""
110           Path to a cert file for the certificate authority
111
112
113       --client-certificate=""
114           Path to a client certificate file for TLS
115
116
117       --client-key=""
118           Path to a client key file for TLS
119
120
121       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
122           CIDRs opened in GCE firewall for LB traffic proxy  health checks
123
124
125       --cluster=""
126           The name of the kubeconfig cluster to use
127
128
129       --container_hints="/etc/cadvisor/container_hints.json"
130           location of the container hints file
131
132
133       --containerd="unix:///var/run/containerd.sock"
134           containerd endpoint
135
136
137       --context=""
138           The name of the kubeconfig context to use
139
140
141       --default-not-ready-toleration-seconds=300
142           Indicates   the   tolerationSeconds   of   the    toleration    for
143       notReady:NoExecute  that is added by default to every pod that does not
144       already have such a toleration.
145
146
147       --default-unreachable-toleration-seconds=300
148           Indicates the tolerationSeconds  of  the  toleration  for  unreach‐
149       able:NoExecute  that  is  added  by  default to every pod that does not
150       already have such a toleration.
151
152
153       --docker="unix:///var/run/docker.sock"
154           docker endpoint
155
156
157       --docker-tls=false
158           use TLS to connect to docker
159
160
161       --docker-tls-ca="ca.pem"
162           path to trusted CA
163
164
165       --docker-tls-cert="cert.pem"
166           path to client certificate
167
168
169       --docker-tls-key="key.pem"
170           path to private key
171
172
173       --docker_env_metadata_whitelist=""
174           a comma-separated list of environment variable keys that  needs  to
175       be collected for docker containers
176
177
178       --docker_only=false
179           Only report docker containers in addition to root stats
180
181
182       --docker_root="/var/lib/docker"
183           DEPRECATED:  docker  root is read from docker info (this is a fall‐
184       back, default: /var/lib/docker)
185
186
187       --enable_load_reader=false
188           Whether to enable cpu load reader
189
190
191       --event_storage_age_limit="default=24h"
192           Max length of time for which to store events (per type). Value is a
193       comma  separated  list  of  key  values, where the keys are event types
194       (e.g.: creation, oom) or "default" and the value is a duration. Default
195       is applied to all non-specified event types
196
197
198       --event_storage_event_limit="default=100000"
199           Max  number  of  events to store (per type). Value is a comma sepa‐
200       rated list of key values, where the keys are event  types  (e.g.:  cre‐
201       ation,  oom)  or  "default"  and  the  value  is an integer. Default is
202       applied to all non-specified event types
203
204
205       --global_housekeeping_interval=0
206           Interval between global housekeepings
207
208
209       --housekeeping_interval=0
210           Interval between container housekeepings
211
212
213       --httptest.serve=""
214           if non-empty, httptest.NewServer serves on this address and blocks
215
216
217       --insecure-skip-tls-verify=false
218           If true, the server's certificate will not be checked for validity.
219       This will make your HTTPS connections insecure
220
221
222       --kubeconfig=""
223           Path to the kubeconfig file to use for CLI requests.
224
225
226       --log-flush-frequency=0
227           Maximum number of seconds between log flushes
228
229
230       --log_backtrace_at=:0
231           when logging hits line file:N, emit a stack trace
232
233
234       --log_cadvisor_usage=false
235           Whether to log the usage of the cAdvisor container
236
237
238       --log_dir=""
239           If non-empty, write log files in this directory
240
241
242       --logtostderr=true
243           log to standard error instead of files
244
245
246       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
247           Comma-separated  list  of  files  to  check for machine-id. Use the
248       first one that exists.
249
250
251       --match-server-version=false
252           Require server version to match client version
253
254
255       -n, --namespace=""
256           If present, the namespace scope for this CLI request
257
258
259       --request-timeout="0"
260           The length of time to wait before giving  up  on  a  single  server
261       request. Non-zero values should contain a corresponding time unit (e.g.
262       1s, 2m, 3h). A value of zero means don't timeout requests.
263
264
265       -s, --server=""
266           The address and port of the Kubernetes API server
267
268
269       --stderrthreshold=2
270           logs at or above this threshold go to stderr
271
272
273       --storage_driver_buffer_duration=0
274           Writes in the storage driver will be buffered  for  this  duration,
275       and committed to the non memory backends as a single transaction
276
277
278       --storage_driver_db="cadvisor"
279           database name
280
281
282       --storage_driver_host="localhost:8086"
283           database host:port
284
285
286       --storage_driver_password="root"
287           database password
288
289
290       --storage_driver_secure=false
291           use secure connection with database
292
293
294       --storage_driver_table="stats"
295           table name
296
297
298       --storage_driver_user="root"
299           database username
300
301
302       --token=""
303           Bearer token for authentication to the API server
304
305
306       --user=""
307           The name of the kubeconfig user to use
308
309
310       -v, --v=0
311           log level for V logs
312
313
314       --version=false
315           Print version information and quit
316
317
318       --vmodule=
319           comma-separated  list  of pattern=N settings for file-filtered log‐
320       ging
321
322
323

EXAMPLE

325                # Run a proxy to the api server on port 8011, serving static content from ./local/www/
326                oc proxy --port=8011 --www=./local/www/
327
328                # Run a proxy to the api server on an arbitrary local port.
329                # The chosen port for the server will be output to stdout.
330                oc proxy --port=0
331
332                # Run a proxy to the api server, changing the api prefix to my-api
333                # This makes e.g. the pods api available at localhost:8011/my-api/api/v1/pods/
334                oc proxy --api-prefix=/my-api
335
336
337
338

SEE ALSO

340       oc(1),
341
342
343

HISTORY

345       June 2016, Ported from the Kubernetes man-doc generator
346
347
348
349Openshift                  Openshift CLI User Manuals                    OC(1)
Impressum