1OC(1) June 2016 OC(1)
2
3
4
6 oc extract - Extract secrets or config maps to disk
7
8
9
11 oc extract [OPTIONS]
12
13
14
16 Extract files out of secrets and config maps
17
18
19 The extract command makes it easy to download the contents of a config
20 map or secret into a directory. Each key in the config map or secret is
21 created as a separate file with the name of the key, as it is when you
22 mount a secret or config map into a container.
23
24
25 You may extract the contents of a secret or config map to standard out
26 by passing '-' to --to. The names of each key will be written to stdan‐
27 dard error.
28
29
30 You can limit which keys are extracted with the --keys=NAME flag, or
31 set the directory to extract to with --to=DIRECTORY.
32
33
34
36 --allow-missing-template-keys=true
37 If true, ignore any errors in templates when a field or map key is
38 missing in the template. Only applies to golang and jsonpath output
39 formats.
40
41
42 --confirm=false
43 If true, overwrite files that already exist.
44
45
46 -f, --filename=[]
47 Filename, directory, or URL to file to identify to extract the
48 resource.
49
50
51 --keys=[]
52 An optional list of keys to extract (default is all keys).
53
54
55 --no-headers=false
56 When using the default or custom-column output format, don't print
57 headers (default print headers).
58
59
60 -o, --output=""
61 Output format. One of: json|yaml|wide|name|custom-columns=...|cus‐
62 tom-columns-file=...|go-template=...|go-template-file=...|json‐
63 path=...|jsonpath-file=... See custom columns [ ⟨http://kuber‐
64 netes.io/docs/user-guide/kubectl-overview/#custom-columns⟩], golang
65 template [ ⟨http://golang.org/pkg/text/template/#pkg-overview⟩] and
66 jsonpath template [ ⟨http://kubernetes.io/docs/user-guide/jsonpath⟩].
67
68
69 --show-labels=false
70 When printing, show all labels as the last column (default hide
71 labels column)
72
73
74 --sort-by=""
75 If non-empty, sort list types using this field specification. The
76 field specification is expressed as a JSONPath expression (e.g.
77 '{.metadata.name}'). The field in the API resource specified by this
78 JSONPath expression must be an integer or a string.
79
80
81 --template=""
82 Template string or path to template file to use when -o=go-tem‐
83 plate, -o=go-template-file. The template format is golang templates [
84 ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
85
86
87 --to="."
88 Directory to extract files to.
89
90
91
93 --allow_verification_with_non_compliant_keys=false
94 Allow a SignatureVerifier to use keys which are technically
95 non-compliant with RFC6962.
96
97
98 --alsologtostderr=false
99 log to standard error as well as files
100
101
102 --application_metrics_count_limit=100
103 Max number of application metrics to store (per container)
104
105
106 --as=""
107 Username to impersonate for the operation
108
109
110 --as-group=[]
111 Group to impersonate for the operation, this flag can be repeated
112 to specify multiple groups.
113
114
115 --azure-container-registry-config=""
116 Path to the file containing Azure container registry configuration
117 information.
118
119
120 --boot_id_file="/proc/sys/kernel/random/boot_id"
121 Comma-separated list of files to check for boot-id. Use the first
122 one that exists.
123
124
125 --cache-dir="/builddir/.kube/http-cache"
126 Default HTTP cache directory
127
128
129 --certificate-authority=""
130 Path to a cert file for the certificate authority
131
132
133 --client-certificate=""
134 Path to a client certificate file for TLS
135
136
137 --client-key=""
138 Path to a client key file for TLS
139
140
141 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
142 CIDRs opened in GCE firewall for LB traffic proxy health checks
143
144
145 --cluster=""
146 The name of the kubeconfig cluster to use
147
148
149 --container_hints="/etc/cadvisor/container_hints.json"
150 location of the container hints file
151
152
153 --containerd="unix:///var/run/containerd.sock"
154 containerd endpoint
155
156
157 --context=""
158 The name of the kubeconfig context to use
159
160
161 --default-not-ready-toleration-seconds=300
162 Indicates the tolerationSeconds of the toleration for
163 notReady:NoExecute that is added by default to every pod that does not
164 already have such a toleration.
165
166
167 --default-unreachable-toleration-seconds=300
168 Indicates the tolerationSeconds of the toleration for unreach‐
169 able:NoExecute that is added by default to every pod that does not
170 already have such a toleration.
171
172
173 --docker="unix:///var/run/docker.sock"
174 docker endpoint
175
176
177 --docker-tls=false
178 use TLS to connect to docker
179
180
181 --docker-tls-ca="ca.pem"
182 path to trusted CA
183
184
185 --docker-tls-cert="cert.pem"
186 path to client certificate
187
188
189 --docker-tls-key="key.pem"
190 path to private key
191
192
193 --docker_env_metadata_whitelist=""
194 a comma-separated list of environment variable keys that needs to
195 be collected for docker containers
196
197
198 --docker_only=false
199 Only report docker containers in addition to root stats
200
201
202 --docker_root="/var/lib/docker"
203 DEPRECATED: docker root is read from docker info (this is a fall‐
204 back, default: /var/lib/docker)
205
206
207 --enable_load_reader=false
208 Whether to enable cpu load reader
209
210
211 --event_storage_age_limit="default=24h"
212 Max length of time for which to store events (per type). Value is a
213 comma separated list of key values, where the keys are event types
214 (e.g.: creation, oom) or "default" and the value is a duration. Default
215 is applied to all non-specified event types
216
217
218 --event_storage_event_limit="default=100000"
219 Max number of events to store (per type). Value is a comma sepa‐
220 rated list of key values, where the keys are event types (e.g.: cre‐
221 ation, oom) or "default" and the value is an integer. Default is
222 applied to all non-specified event types
223
224
225 --global_housekeeping_interval=0
226 Interval between global housekeepings
227
228
229 --housekeeping_interval=0
230 Interval between container housekeepings
231
232
233 --insecure-skip-tls-verify=false
234 If true, the server's certificate will not be checked for validity.
235 This will make your HTTPS connections insecure
236
237
238 --kubeconfig=""
239 Path to the kubeconfig file to use for CLI requests.
240
241
242 --log-flush-frequency=0
243 Maximum number of seconds between log flushes
244
245
246 --log_backtrace_at=:0
247 when logging hits line file:N, emit a stack trace
248
249
250 --log_cadvisor_usage=false
251 Whether to log the usage of the cAdvisor container
252
253
254 --log_dir=""
255 If non-empty, write log files in this directory
256
257
258 --logtostderr=true
259 log to standard error instead of files
260
261
262 --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
263 Comma-separated list of files to check for machine-id. Use the
264 first one that exists.
265
266
267 --match-server-version=false
268 Require server version to match client version
269
270
271 -n, --namespace=""
272 If present, the namespace scope for this CLI request
273
274
275 --request-timeout="0"
276 The length of time to wait before giving up on a single server
277 request. Non-zero values should contain a corresponding time unit (e.g.
278 1s, 2m, 3h). A value of zero means don't timeout requests.
279
280
281 -s, --server=""
282 The address and port of the Kubernetes API server
283
284
285 --stderrthreshold=2
286 logs at or above this threshold go to stderr
287
288
289 --storage_driver_buffer_duration=0
290 Writes in the storage driver will be buffered for this duration,
291 and committed to the non memory backends as a single transaction
292
293
294 --storage_driver_db="cadvisor"
295 database name
296
297
298 --storage_driver_host="localhost:8086"
299 database host:port
300
301
302 --storage_driver_password="root"
303 database password
304
305
306 --storage_driver_secure=false
307 use secure connection with database
308
309
310 --storage_driver_table="stats"
311 table name
312
313
314 --storage_driver_user="root"
315 database username
316
317
318 --token=""
319 Bearer token for authentication to the API server
320
321
322 --user=""
323 The name of the kubeconfig user to use
324
325
326 -v, --v=0
327 log level for V logs
328
329
330 --version=false
331 Print version information and quit
332
333
334 --vmodule=
335 comma-separated list of pattern=N settings for file-filtered log‐
336 ging
337
338
339
341 # extract the secret "test" to the current directory
342 oc extract secret/test
343
344 # extract the config map "nginx" to the /tmp directory
345 oc extract configmap/nginx --to=/tmp
346
347 # extract the config map "nginx" to STDOUT
348 oc extract configmap/nginx --to=-
349
350 # extract only the key "nginx.conf" from config map "nginx" to the /tmp directory
351 oc extract configmap/nginx --to=/tmp --keys=nginx.conf
352
353
354
355
357 oc(1),
358
359
360
362 June 2016, Ported from the Kubernetes man-doc generator
363
364
365
366Openshift Openshift CLI User Manuals OC(1)