1OC SERVICEACCOUNTS(1) June 2016 OC SERVICEACCOUNTS(1)
2
3
4
6 oc serviceaccounts new-token - Generate a new token for a service
7 account.
8
9
10
12 oc serviceaccounts new-token [OPTIONS]
13
14
15
17 Generate a new token for a service account.
18
19
20 Service account API tokens are used by service accounts to authenticate
21 to the API. This command will generate a new token, which could be used
22 to compartmentalize service account actions by executing them with dis‐
23 tinct tokens, to rotate out pre-existing token on the service account,
24 or for use by an external client. If a label is provided, it will be
25 applied to any created token so that tokens created with this command
26 can be idenitifed.
27
28
29
31 -l, --labels=""
32 labels to set in all resources for this application, given as a
33 comma-delimited list of key-value pairs
34
35
36 --timeout=0
37 the maximum time allowed to generate a token
38
39
40
42 --allow_verification_with_non_compliant_keys=false
43 Allow a SignatureVerifier to use keys which are technically
44 non-compliant with RFC6962.
45
46
47 --alsologtostderr=false
48 log to standard error as well as files
49
50
51 --application_metrics_count_limit=100
52 Max number of application metrics to store (per container)
53
54
55 --as=""
56 Username to impersonate for the operation
57
58
59 --as-group=[]
60 Group to impersonate for the operation, this flag can be repeated
61 to specify multiple groups.
62
63
64 --azure-container-registry-config=""
65 Path to the file containing Azure container registry configuration
66 information.
67
68
69 --boot_id_file="/proc/sys/kernel/random/boot_id"
70 Comma-separated list of files to check for boot-id. Use the first
71 one that exists.
72
73
74 --cache-dir="/builddir/.kube/http-cache"
75 Default HTTP cache directory
76
77
78 --certificate-authority=""
79 Path to a cert file for the certificate authority
80
81
82 --client-certificate=""
83 Path to a client certificate file for TLS
84
85
86 --client-key=""
87 Path to a client key file for TLS
88
89
90 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
91 CIDRs opened in GCE firewall for LB traffic proxy health checks
92
93
94 --cluster=""
95 The name of the kubeconfig cluster to use
96
97
98 --container_hints="/etc/cadvisor/container_hints.json"
99 location of the container hints file
100
101
102 --containerd="unix:///var/run/containerd.sock"
103 containerd endpoint
104
105
106 --context=""
107 The name of the kubeconfig context to use
108
109
110 --default-not-ready-toleration-seconds=300
111 Indicates the tolerationSeconds of the toleration for
112 notReady:NoExecute that is added by default to every pod that does not
113 already have such a toleration.
114
115
116 --default-unreachable-toleration-seconds=300
117 Indicates the tolerationSeconds of the toleration for unreach‐
118 able:NoExecute that is added by default to every pod that does not
119 already have such a toleration.
120
121
122 --docker="unix:///var/run/docker.sock"
123 docker endpoint
124
125
126 --docker-tls=false
127 use TLS to connect to docker
128
129
130 --docker-tls-ca="ca.pem"
131 path to trusted CA
132
133
134 --docker-tls-cert="cert.pem"
135 path to client certificate
136
137
138 --docker-tls-key="key.pem"
139 path to private key
140
141
142 --docker_env_metadata_whitelist=""
143 a comma-separated list of environment variable keys that needs to
144 be collected for docker containers
145
146
147 --docker_only=false
148 Only report docker containers in addition to root stats
149
150
151 --docker_root="/var/lib/docker"
152 DEPRECATED: docker root is read from docker info (this is a fall‐
153 back, default: /var/lib/docker)
154
155
156 --enable_load_reader=false
157 Whether to enable cpu load reader
158
159
160 --event_storage_age_limit="default=24h"
161 Max length of time for which to store events (per type). Value is a
162 comma separated list of key values, where the keys are event types
163 (e.g.: creation, oom) or "default" and the value is a duration. Default
164 is applied to all non-specified event types
165
166
167 --event_storage_event_limit="default=100000"
168 Max number of events to store (per type). Value is a comma sepa‐
169 rated list of key values, where the keys are event types (e.g.: cre‐
170 ation, oom) or "default" and the value is an integer. Default is
171 applied to all non-specified event types
172
173
174 --global_housekeeping_interval=0
175 Interval between global housekeepings
176
177
178 --housekeeping_interval=0
179 Interval between container housekeepings
180
181
182 --insecure-skip-tls-verify=false
183 If true, the server's certificate will not be checked for validity.
184 This will make your HTTPS connections insecure
185
186
187 --kubeconfig=""
188 Path to the kubeconfig file to use for CLI requests.
189
190
191 --log-flush-frequency=0
192 Maximum number of seconds between log flushes
193
194
195 --log_backtrace_at=:0
196 when logging hits line file:N, emit a stack trace
197
198
199 --log_cadvisor_usage=false
200 Whether to log the usage of the cAdvisor container
201
202
203 --log_dir=""
204 If non-empty, write log files in this directory
205
206
207 --logtostderr=true
208 log to standard error instead of files
209
210
211 --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
212 Comma-separated list of files to check for machine-id. Use the
213 first one that exists.
214
215
216 --match-server-version=false
217 Require server version to match client version
218
219
220 -n, --namespace=""
221 If present, the namespace scope for this CLI request
222
223
224 --request-timeout="0"
225 The length of time to wait before giving up on a single server
226 request. Non-zero values should contain a corresponding time unit (e.g.
227 1s, 2m, 3h). A value of zero means don't timeout requests.
228
229
230 -s, --server=""
231 The address and port of the Kubernetes API server
232
233
234 --stderrthreshold=2
235 logs at or above this threshold go to stderr
236
237
238 --storage_driver_buffer_duration=0
239 Writes in the storage driver will be buffered for this duration,
240 and committed to the non memory backends as a single transaction
241
242
243 --storage_driver_db="cadvisor"
244 database name
245
246
247 --storage_driver_host="localhost:8086"
248 database host:port
249
250
251 --storage_driver_password="root"
252 database password
253
254
255 --storage_driver_secure=false
256 use secure connection with database
257
258
259 --storage_driver_table="stats"
260 table name
261
262
263 --storage_driver_user="root"
264 database username
265
266
267 --token=""
268 Bearer token for authentication to the API server
269
270
271 --user=""
272 The name of the kubeconfig user to use
273
274
275 -v, --v=0
276 log level for V logs
277
278
279 --version=false
280 Print version information and quit
281
282
283 --vmodule=
284 comma-separated list of pattern=N settings for file-filtered log‐
285 ging
286
287
288
290 # Generate a new token for service account 'default'
291 oc serviceaccounts new-token 'default'
292
293 # Generate a new token for service account 'default' and apply
294 # labels 'foo' and 'bar' to the new token for identification
295 # oc serviceaccounts new-token 'default' --labels foo=foo-value,bar=bar-value
296
297
298
299
301 oc-serviceaccounts(1),
302
303
304
306 June 2016, Ported from the Kubernetes man-doc generator
307
308
309
310Openshift Openshift CLI User Manuals OC SERVICEACCOUNTS(1)