1OC ADM GROUPS(1)                   June 2016                  OC ADM GROUPS(1)
2
3
4

NAME

6       oc  adm  groups prune - Remove old OpenShift groups referencing missing
7       records on an external provider
8
9
10

SYNOPSIS

12       oc adm groups prune [OPTIONS]
13
14
15

DESCRIPTION

17       Prune OpenShift Groups referencing missing records on from an  external
18       provider.
19
20
21       In  order to prune OpenShift Group records using those from an external
22       provider, determine which Groups you wish to prune. For  instance,  all
23       or  some groups may be selected from the current Groups stored in Open‐
24       Shift that have been synced previously. Any combination  of  a  literal
25       whitelist, a whitelist file and a blacklist file is supported. The path
26       to a sync configuration file that was used for syncing  the  groups  in
27       question  is  required  in order to describe how data is requested from
28       the external record store. Default behavior is to  indicate  all  Open‐
29       Shift  groups  for which the external record does not exist, to run the
30       pruning process and commit the results, use the --confirm flag.
31
32
33

OPTIONS

35       --blacklist=""
36           path to the group blacklist file
37
38
39       --confirm=false
40           if true, modify OpenShift groups; if false, display groups
41
42
43       --sync-config=""
44           path to the sync config
45
46
47       --whitelist=""
48           path to the group whitelist file
49
50
51

OPTIONS INHERITED FROM PARENT COMMANDS

53       --allow_verification_with_non_compliant_keys=false
54           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
55       non-compliant with RFC6962.
56
57
58       --alsologtostderr=false
59           log to standard error as well as files
60
61
62       --application_metrics_count_limit=100
63           Max number of application metrics to store (per container)
64
65
66       --as=""
67           Username to impersonate for the operation
68
69
70       --as-group=[]
71           Group  to  impersonate for the operation, this flag can be repeated
72       to specify multiple groups.
73
74
75       --azure-container-registry-config=""
76           Path to the file containing Azure container registry  configuration
77       information.
78
79
80       --boot_id_file="/proc/sys/kernel/random/boot_id"
81           Comma-separated  list  of files to check for boot-id. Use the first
82       one that exists.
83
84
85       --cache-dir="/builddir/.kube/http-cache"
86           Default HTTP cache directory
87
88
89       --certificate-authority=""
90           Path to a cert file for the certificate authority
91
92
93       --client-certificate=""
94           Path to a client certificate file for TLS
95
96
97       --client-key=""
98           Path to a client key file for TLS
99
100
101       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
102           CIDRs opened in GCE firewall for LB traffic proxy  health checks
103
104
105       --cluster=""
106           The name of the kubeconfig cluster to use
107
108
109       --container_hints="/etc/cadvisor/container_hints.json"
110           location of the container hints file
111
112
113       --containerd="unix:///var/run/containerd.sock"
114           containerd endpoint
115
116
117       --context=""
118           The name of the kubeconfig context to use
119
120
121       --default-not-ready-toleration-seconds=300
122           Indicates    the    tolerationSeconds   of   the   toleration   for
123       notReady:NoExecute that is added by default to every pod that does  not
124       already have such a toleration.
125
126
127       --default-unreachable-toleration-seconds=300
128           Indicates  the  tolerationSeconds  of  the  toleration for unreach‐
129       able:NoExecute that is added by default to  every  pod  that  does  not
130       already have such a toleration.
131
132
133       --docker="unix:///var/run/docker.sock"
134           docker endpoint
135
136
137       --docker-tls=false
138           use TLS to connect to docker
139
140
141       --docker-tls-ca="ca.pem"
142           path to trusted CA
143
144
145       --docker-tls-cert="cert.pem"
146           path to client certificate
147
148
149       --docker-tls-key="key.pem"
150           path to private key
151
152
153       --docker_env_metadata_whitelist=""
154           a  comma-separated  list of environment variable keys that needs to
155       be collected for docker containers
156
157
158       --docker_only=false
159           Only report docker containers in addition to root stats
160
161
162       --docker_root="/var/lib/docker"
163           DEPRECATED: docker root is read from docker info (this is  a  fall‐
164       back, default: /var/lib/docker)
165
166
167       --enable_load_reader=false
168           Whether to enable cpu load reader
169
170
171       --event_storage_age_limit="default=24h"
172           Max length of time for which to store events (per type). Value is a
173       comma separated list of key values, where  the  keys  are  event  types
174       (e.g.: creation, oom) or "default" and the value is a duration. Default
175       is applied to all non-specified event types
176
177
178       --event_storage_event_limit="default=100000"
179           Max number of events to store (per type). Value is  a  comma  sepa‐
180       rated  list  of  key values, where the keys are event types (e.g.: cre‐
181       ation, oom) or "default" and  the  value  is  an  integer.  Default  is
182       applied to all non-specified event types
183
184
185       --global_housekeeping_interval=0
186           Interval between global housekeepings
187
188
189       --housekeeping_interval=0
190           Interval between container housekeepings
191
192
193       --httptest.serve=""
194           if non-empty, httptest.NewServer serves on this address and blocks
195
196
197       --insecure-skip-tls-verify=false
198           If true, the server's certificate will not be checked for validity.
199       This will make your HTTPS connections insecure
200
201
202       --kubeconfig=""
203           Path to the kubeconfig file to use for CLI requests.
204
205
206       --log-flush-frequency=0
207           Maximum number of seconds between log flushes
208
209
210       --log_backtrace_at=:0
211           when logging hits line file:N, emit a stack trace
212
213
214       --log_cadvisor_usage=false
215           Whether to log the usage of the cAdvisor container
216
217
218       --log_dir=""
219           If non-empty, write log files in this directory
220
221
222       --logtostderr=true
223           log to standard error instead of files
224
225
226       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
227           Comma-separated list of files to  check  for  machine-id.  Use  the
228       first one that exists.
229
230
231       --match-server-version=false
232           Require server version to match client version
233
234
235       -n, --namespace=""
236           If present, the namespace scope for this CLI request
237
238
239       --request-timeout="0"
240           The  length  of  time  to  wait before giving up on a single server
241       request. Non-zero values should contain a corresponding time unit (e.g.
242       1s, 2m, 3h). A value of zero means don't timeout requests.
243
244
245       -s, --server=""
246           The address and port of the Kubernetes API server
247
248
249       --stderrthreshold=2
250           logs at or above this threshold go to stderr
251
252
253       --storage_driver_buffer_duration=0
254           Writes  in  the  storage driver will be buffered for this duration,
255       and committed to the non memory backends as a single transaction
256
257
258       --storage_driver_db="cadvisor"
259           database name
260
261
262       --storage_driver_host="localhost:8086"
263           database host:port
264
265
266       --storage_driver_password="root"
267           database password
268
269
270       --storage_driver_secure=false
271           use secure connection with database
272
273
274       --storage_driver_table="stats"
275           table name
276
277
278       --storage_driver_user="root"
279           database username
280
281
282       --token=""
283           Bearer token for authentication to the API server
284
285
286       --user=""
287           The name of the kubeconfig user to use
288
289
290       -v, --v=0
291           log level for V logs
292
293
294       --version=false
295           Print version information and quit
296
297
298       --vmodule=
299           comma-separated list of pattern=N settings for  file-filtered  log‐
300       ging
301
302
303

EXAMPLE

305                # Prune all orphaned groups
306                oc adm groups prune --sync-config=/path/to/ldap-sync-config.yaml --confirm
307
308                # Prune all orphaned groups except the ones from the blacklist file
309                oc adm groups prune --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
310
311                # Prune all orphaned groups from a list of specific groups specified in a whitelist file
312                oc adm groups prune --whitelist=/path/to/whitelist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
313
314                # Prune all orphaned groups from a list of specific groups specified in a whitelist
315                oc adm groups prune groups/group_name groups/other_name --sync-config=/path/to/ldap-sync-config.yaml --confirm
316
317
318
319

SEE ALSO

321       oc-adm-groups(1),
322
323
324

HISTORY

326       June 2016, Ported from the Kubernetes man-doc generator
327
328
329
330Openshift                  Openshift CLI User Manuals         OC ADM GROUPS(1)
Impressum