oc-extract(1)

1OC(1)                              June 2016                             OC(1)
2
3
4

NAME

6       oc extract - Extract secrets or config maps to disk
7
8
9

SYNOPSIS

11       oc extract [OPTIONS]
12
13
14

DESCRIPTION

16       Extract files out of secrets and config maps
17
18
19       The  extract command makes it easy to download the contents of a config
20       map or secret into a directory. Each key in the config map or secret is
21       created  as a separate file with the name of the key, as it is when you
22       mount a secret or config map into a container.
23
24
25       You may extract the contents of a secret or config map to standard  out
26       by passing '-' to --to. The names of each key will be written to stdan‐
27       dard error.
28
29
30       You can limit which keys are extracted with the  --keys=NAME  flag,  or
31       set the directory to extract to with --to=DIRECTORY.
32
33
34

OPTIONS

36       --allow-missing-template-keys=true
37           If  true, ignore any errors in templates when a field or map key is
38       missing in the template. Only applies to  golang  and  jsonpath  output
39       formats.
40
41
42       --confirm=false
43           If true, overwrite files that already exist.
44
45
46       -f, --filename=[]
47           Filename,  directory,  or  URL  to  file to identify to extract the
48       resource.
49
50
51       --keys=[]
52           An optional list of keys to extract (default is all keys).
53
54
55       --no-headers=false
56           When using the default or custom-column output format, don't  print
57       headers (default print headers).
58
59
60       -o, --output=""
61           Output  format. One of: json|yaml|wide|name|custom-columns=...|cus‐
62       tom-columns-file=...|go-template=...|go-template-file=...|json‐
63       path=...|jsonpath-file=...   See   custom   columns   [  ⟨http://kuber‐
64       netes.io/docs/user-guide/kubectl-overview/#custom-columns⟩],     golang
65       template   [  ⟨http://golang.org/pkg/text/template/#pkg-overview⟩]  and
66       jsonpath template [ ⟨http://kubernetes.io/docs/user-guide/jsonpath⟩].
67
68
69       --show-labels=false
70           When printing, show all labels as the  last  column  (default  hide
71       labels column)
72
73
74       --sort-by=""
75           If  non-empty, sort list types using this field specification.  The
76       field  specification  is  expressed  as  a  JSONPath  expression  (e.g.
77       '{.metadata.name}').  The  field  in the API resource specified by this
78       JSONPath expression must be an integer or a string.
79
80
81       --template=""
82           Template string or path to template file  to  use  when  -o=go-tem‐
83       plate,  -o=go-template-file.  The template format is golang templates [
84       ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
85
86
87       --to="."
88           Directory to extract files to.
89
90
91

OPTIONS INHERITED FROM PARENT COMMANDS

93       --allow_verification_with_non_compliant_keys=false
94           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
95       non-compliant with RFC6962.
96
97
98       --alsologtostderr=false
99           log to standard error as well as files
100
101
102       --application_metrics_count_limit=100
103           Max number of application metrics to store (per container)
104
105
106       --as=""
107           Username to impersonate for the operation
108
109
110       --as-group=[]
111           Group  to  impersonate for the operation, this flag can be repeated
112       to specify multiple groups.
113
114
115       --azure-container-registry-config=""
116           Path to the file containing Azure container registry  configuration
117       information.
118
119
120       --boot_id_file="/proc/sys/kernel/random/boot_id"
121           Comma-separated  list  of files to check for boot-id. Use the first
122       one that exists.
123
124
125       --cache-dir="/builddir/.kube/http-cache"
126           Default HTTP cache directory
127
128
129       --certificate-authority=""
130           Path to a cert file for the certificate authority
131
132
133       --client-certificate=""
134           Path to a client certificate file for TLS
135
136
137       --client-key=""
138           Path to a client key file for TLS
139
140
141       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
142           CIDRs opened in GCE firewall for LB traffic proxy  health checks
143
144
145       --cluster=""
146           The name of the kubeconfig cluster to use
147
148
149       --container_hints="/etc/cadvisor/container_hints.json"
150           location of the container hints file
151
152
153       --containerd="unix:///var/run/containerd.sock"
154           containerd endpoint
155
156
157       --context=""
158           The name of the kubeconfig context to use
159
160
161       --default-not-ready-toleration-seconds=300
162           Indicates    the    tolerationSeconds   of   the   toleration   for
163       notReady:NoExecute that is added by default to every pod that does  not
164       already have such a toleration.
165
166
167       --default-unreachable-toleration-seconds=300
168           Indicates  the  tolerationSeconds  of  the  toleration for unreach‐
169       able:NoExecute that is added by default to  every  pod  that  does  not
170       already have such a toleration.
171
172
173       --docker="unix:///var/run/docker.sock"
174           docker endpoint
175
176
177       --docker-tls=false
178           use TLS to connect to docker
179
180
181       --docker-tls-ca="ca.pem"
182           path to trusted CA
183
184
185       --docker-tls-cert="cert.pem"
186           path to client certificate
187
188
189       --docker-tls-key="key.pem"
190           path to private key
191
192
193       --docker_env_metadata_whitelist=""
194           a  comma-separated  list of environment variable keys that needs to
195       be collected for docker containers
196
197
198       --docker_only=false
199           Only report docker containers in addition to root stats
200
201
202       --docker_root="/var/lib/docker"
203           DEPRECATED: docker root is read from docker info (this is  a  fall‐
204       back, default: /var/lib/docker)
205
206
207       --enable_load_reader=false
208           Whether to enable cpu load reader
209
210
211       --event_storage_age_limit="default=24h"
212           Max length of time for which to store events (per type). Value is a
213       comma separated list of key values, where  the  keys  are  event  types
214       (e.g.: creation, oom) or "default" and the value is a duration. Default
215       is applied to all non-specified event types
216
217
218       --event_storage_event_limit="default=100000"
219           Max number of events to store (per type). Value is  a  comma  sepa‐
220       rated  list  of  key values, where the keys are event types (e.g.: cre‐
221       ation, oom) or "default" and  the  value  is  an  integer.  Default  is
222       applied to all non-specified event types
223
224
225       --global_housekeeping_interval=0
226           Interval between global housekeepings
227
228
229       --housekeeping_interval=0
230           Interval between container housekeepings
231
232
233       --insecure-skip-tls-verify=false
234           If true, the server's certificate will not be checked for validity.
235       This will make your HTTPS connections insecure
236
237
238       --kubeconfig=""
239           Path to the kubeconfig file to use for CLI requests.
240
241
242       --log-flush-frequency=0
243           Maximum number of seconds between log flushes
244
245
246       --log_backtrace_at=:0
247           when logging hits line file:N, emit a stack trace
248
249
250       --log_cadvisor_usage=false
251           Whether to log the usage of the cAdvisor container
252
253
254       --log_dir=""
255           If non-empty, write log files in this directory
256
257
258       --logtostderr=true
259           log to standard error instead of files
260
261
262       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
263           Comma-separated list of files to  check  for  machine-id.  Use  the
264       first one that exists.
265
266
267       --match-server-version=false
268           Require server version to match client version
269
270
271       -n, --namespace=""
272           If present, the namespace scope for this CLI request
273
274
275       --request-timeout="0"
276           The  length  of  time  to  wait before giving up on a single server
277       request. Non-zero values should contain a corresponding time unit (e.g.
278       1s, 2m, 3h). A value of zero means don't timeout requests.
279
280
281       -s, --server=""
282           The address and port of the Kubernetes API server
283
284
285       --stderrthreshold=2
286           logs at or above this threshold go to stderr
287
288
289       --storage_driver_buffer_duration=0
290           Writes  in  the  storage driver will be buffered for this duration,
291       and committed to the non memory backends as a single transaction
292
293
294       --storage_driver_db="cadvisor"
295           database name
296
297
298       --storage_driver_host="localhost:8086"
299           database host:port
300
301
302       --storage_driver_password="root"
303           database password
304
305
306       --storage_driver_secure=false
307           use secure connection with database
308
309
310       --storage_driver_table="stats"
311           table name
312
313
314       --storage_driver_user="root"
315           database username
316
317
318       --token=""
319           Bearer token for authentication to the API server
320
321
322       --user=""
323           The name of the kubeconfig user to use
324
325
326       -v, --v=0
327           log level for V logs
328
329
330       --version=false
331           Print version information and quit
332
333
334       --vmodule=
335           comma-separated list of pattern=N settings for  file-filtered  log‐
336       ging
337
338
339

EXAMPLE

341                # extract the secret "test" to the current directory
342                oc extract secret/test
343
344                # extract the config map "nginx" to the /tmp directory
345                oc extract configmap/nginx --to=/tmp
346
347                # extract the config map "nginx" to STDOUT
348                oc extract configmap/nginx --to=-
349
350                # extract only the key "nginx.conf" from config map "nginx" to the /tmp directory
351                oc extract configmap/nginx --to=/tmp --keys=nginx.conf
352
353
354
355

HISTORY

362       June 2016, Ported from the Kubernetes man-doc generator
363
364
365
366Openshift                  Openshift CLI User Manuals                    OC(1)