1OC AUTH(1) June 2016 OC AUTH(1)
2
6 oc auth reconcile - Reconciles rules for RBAC Role, RoleBinding, Clus‐
7 terRole, and ClusterRole binding objects
8
12 oc auth reconcile [OPTIONS]
13
17 Reconciles rules for RBAC Role, RoleBinding, ClusterRole, and Cluster‐
18 Role binding objects.
19 This is preferred to 'apply' for RBAC resources so that proper rule
22 coverage checks are done.
23
27 --allow-missing-template-keys=true
28 If true, ignore any errors in templates when a field or map key is
29 missing in the template. Only applies to golang and jsonpath output
30 formats.
31 --dry-run=false
34 If true, display results but do not submit changes
35 -f, --filename=[]
38 Filename, directory, or URL to files identifying the resource to
39 reconcile.
40 -o, --output=""
43 Output format. One of: json|yaml|name|go-template|go-tem‐
44 plate-file|templatefile|template|jsonpath-file|jsonpath.
45 -R, --recursive=false
48 Process the directory used in -f, --filename recursively. Useful
49 when you want to manage related manifests organized within the same
50 directory.
51 --remove-extra-permissions=false
54 If true, removes extra permissions added to roles
55 --remove-extra-subjects=false
58 If true, removes extra subjects added to rolebindings
59 --template=""
62 Template string or path to template file to use when -o=go-tem‐
63 plate, -o=go-template-file. The template format is golang templates [
64 ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
65
69 --allow_verification_with_non_compliant_keys=false
70 Allow a SignatureVerifier to use keys which are technically
71 non-compliant with RFC6962.
72 --alsologtostderr=false
75 log to standard error as well as files
76 --application_metrics_count_limit=100
79 Max number of application metrics to store (per container)
80 --as=""
83 Username to impersonate for the operation
84 --as-group=[]
87 Group to impersonate for the operation, this flag can be repeated
88 to specify multiple groups.
89 --azure-container-registry-config=""
92 Path to the file containing Azure container registry configuration
93 information.
94 --boot_id_file="/proc/sys/kernel/random/boot_id"
97 Comma-separated list of files to check for boot-id. Use the first
98 one that exists.
99 --cache-dir="/builddir/.kube/http-cache"
102 Default HTTP cache directory
103 --certificate-authority=""
106 Path to a cert file for the certificate authority
107 --client-certificate=""
110 Path to a client certificate file for TLS
111 --client-key=""
114 Path to a client key file for TLS
115 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
118 CIDRs opened in GCE firewall for LB traffic proxy health checks
119 --cluster=""
122 The name of the kubeconfig cluster to use
123 --container_hints="/etc/cadvisor/container_hints.json"
126 location of the container hints file
127 --containerd="unix:///var/run/containerd.sock"
130 containerd endpoint
131 --context=""
134 The name of the kubeconfig context to use
135 --default-not-ready-toleration-seconds=300
138 Indicates the tolerationSeconds of the toleration for
139 notReady:NoExecute that is added by default to every pod that does not
140 already have such a toleration.
141 --default-unreachable-toleration-seconds=300
144 Indicates the tolerationSeconds of the toleration for unreach‐
145 able:NoExecute that is added by default to every pod that does not
146 already have such a toleration.
147 --docker="unix:///var/run/docker.sock"
150 docker endpoint
151 --docker-tls=false
154 use TLS to connect to docker
155 --docker-tls-ca="ca.pem"
158 path to trusted CA
159 --docker-tls-cert="cert.pem"
162 path to client certificate
163 --docker-tls-key="key.pem"
166 path to private key
167 --docker_env_metadata_whitelist=""
170 a comma-separated list of environment variable keys that needs to
171 be collected for docker containers
172 --docker_only=false
175 Only report docker containers in addition to root stats
176 --docker_root="/var/lib/docker"
179 DEPRECATED: docker root is read from docker info (this is a fall‐
180 back, default: /var/lib/docker)
181 --enable_load_reader=false
184 Whether to enable cpu load reader
185 --event_storage_age_limit="default=24h"
188 Max length of time for which to store events (per type). Value is a
189 comma separated list of key values, where the keys are event types
190 (e.g.: creation, oom) or "default" and the value is a duration. Default
191 is applied to all non-specified event types
192 --event_storage_event_limit="default=100000"
195 Max number of events to store (per type). Value is a comma sepa‐
196 rated list of key values, where the keys are event types (e.g.: cre‐
197 ation, oom) or "default" and the value is an integer. Default is
198 applied to all non-specified event types
199 --global_housekeeping_interval=0
202 Interval between global housekeepings
203 --housekeeping_interval=0
206 Interval between container housekeepings
207 --httptest.serve=""
210 if non-empty, httptest.NewServer serves on this address and blocks
211 --insecure-skip-tls-verify=false
214 If true, the server's certificate will not be checked for validity.
215 This will make your HTTPS connections insecure
216 --kubeconfig=""
219 Path to the kubeconfig file to use for CLI requests.
220 --log-flush-frequency=0
223 Maximum number of seconds between log flushes
224 --log_backtrace_at=:0
227 when logging hits line file:N, emit a stack trace
228 --log_cadvisor_usage=false
231 Whether to log the usage of the cAdvisor container
232 --log_dir=""
235 If non-empty, write log files in this directory
236 --logtostderr=true
239 log to standard error instead of files
240 --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
243 Comma-separated list of files to check for machine-id. Use the
244 first one that exists.
245 --match-server-version=false
248 Require server version to match client version
249 -n, --namespace=""
252 If present, the namespace scope for this CLI request
253 --request-timeout="0"
256 The length of time to wait before giving up on a single server
257 request. Non-zero values should contain a corresponding time unit (e.g.
258 1s, 2m, 3h). A value of zero means don't timeout requests.
259 -s, --server=""
262 The address and port of the Kubernetes API server
263 --stderrthreshold=2
266 logs at or above this threshold go to stderr
267 --storage_driver_buffer_duration=0
270 Writes in the storage driver will be buffered for this duration,
271 and committed to the non memory backends as a single transaction
272 --storage_driver_db="cadvisor"
275 database name
276 --storage_driver_host="localhost:8086"
279 database host:port
280 --storage_driver_password="root"
283 database password
284 --storage_driver_secure=false
287 use secure connection with database
288 --storage_driver_table="stats"
291 table name
292 --storage_driver_user="root"
295 database username
296 --token=""
299 Bearer token for authentication to the API server
300 --user=""
303 The name of the kubeconfig user to use
304 -v, --v=0
307 log level for V logs
308 --version=false
311 Print version information and quit
312 --vmodule=
315 comma-separated list of pattern=N settings for file-filtered log‐
316 ging
317
321 # Reconcile rbac resources from a file
322 oc auth reconcile -f my-rbac-rules.yaml
323
328 oc-auth(1),
329
333 June 2016, Ported from the Kubernetes man-doc generator
334Openshift Openshift CLI User Manuals OC AUTH(1)