1OC SERVICEACCOUNTS(1)              June 2016             OC SERVICEACCOUNTS(1)
2
3
4

NAME

6       oc  serviceaccounts  new-token  -  Generate  a  new token for a service
7       account.
8
9
10

SYNOPSIS

12       oc serviceaccounts new-token [OPTIONS]
13
14
15

DESCRIPTION

17       Generate a new token for a service account.
18
19
20       Service account API tokens are used by service accounts to authenticate
21       to the API. This command will generate a new token, which could be used
22       to compartmentalize service account actions by executing them with dis‐
23       tinct  tokens, to rotate out pre-existing token on the service account,
24       or for use by an external client. If a label is provided,  it  will  be
25       applied  to  any created token so that tokens created with this command
26       can be idenitifed.
27
28
29

OPTIONS

31       -l, --labels=""
32           labels to set in all resources for this  application,  given  as  a
33       comma-delimited list of key-value pairs
34
35
36       --timeout=0
37           the maximum time allowed to generate a token
38
39
40

OPTIONS INHERITED FROM PARENT COMMANDS

42       --allow_verification_with_non_compliant_keys=false
43           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
44       non-compliant with RFC6962.
45
46
47       --alsologtostderr=false
48           log to standard error as well as files
49
50
51       --application_metrics_count_limit=100
52           Max number of application metrics to store (per container)
53
54
55       --as=""
56           Username to impersonate for the operation
57
58
59       --as-group=[]
60           Group to impersonate for the operation, this flag can  be  repeated
61       to specify multiple groups.
62
63
64       --azure-container-registry-config=""
65           Path  to the file containing Azure container registry configuration
66       information.
67
68
69       --boot_id_file="/proc/sys/kernel/random/boot_id"
70           Comma-separated list of files to check for boot-id. Use  the  first
71       one that exists.
72
73
74       --cache-dir="/builddir/.kube/http-cache"
75           Default HTTP cache directory
76
77
78       --certificate-authority=""
79           Path to a cert file for the certificate authority
80
81
82       --client-certificate=""
83           Path to a client certificate file for TLS
84
85
86       --client-key=""
87           Path to a client key file for TLS
88
89
90       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
91           CIDRs opened in GCE firewall for LB traffic proxy  health checks
92
93
94       --cluster=""
95           The name of the kubeconfig cluster to use
96
97
98       --container_hints="/etc/cadvisor/container_hints.json"
99           location of the container hints file
100
101
102       --containerd="unix:///var/run/containerd.sock"
103           containerd endpoint
104
105
106       --context=""
107           The name of the kubeconfig context to use
108
109
110       --default-not-ready-toleration-seconds=300
111           Indicates   the   tolerationSeconds   of   the    toleration    for
112       notReady:NoExecute  that is added by default to every pod that does not
113       already have such a toleration.
114
115
116       --default-unreachable-toleration-seconds=300
117           Indicates the tolerationSeconds  of  the  toleration  for  unreach‐
118       able:NoExecute  that  is  added  by  default to every pod that does not
119       already have such a toleration.
120
121
122       --docker="unix:///var/run/docker.sock"
123           docker endpoint
124
125
126       --docker-tls=false
127           use TLS to connect to docker
128
129
130       --docker-tls-ca="ca.pem"
131           path to trusted CA
132
133
134       --docker-tls-cert="cert.pem"
135           path to client certificate
136
137
138       --docker-tls-key="key.pem"
139           path to private key
140
141
142       --docker_env_metadata_whitelist=""
143           a comma-separated list of environment variable keys that  needs  to
144       be collected for docker containers
145
146
147       --docker_only=false
148           Only report docker containers in addition to root stats
149
150
151       --docker_root="/var/lib/docker"
152           DEPRECATED:  docker  root is read from docker info (this is a fall‐
153       back, default: /var/lib/docker)
154
155
156       --enable_load_reader=false
157           Whether to enable cpu load reader
158
159
160       --event_storage_age_limit="default=24h"
161           Max length of time for which to store events (per type). Value is a
162       comma  separated  list  of  key  values, where the keys are event types
163       (e.g.: creation, oom) or "default" and the value is a duration. Default
164       is applied to all non-specified event types
165
166
167       --event_storage_event_limit="default=100000"
168           Max  number  of  events to store (per type). Value is a comma sepa‐
169       rated list of key values, where the keys are event  types  (e.g.:  cre‐
170       ation,  oom)  or  "default"  and  the  value  is an integer. Default is
171       applied to all non-specified event types
172
173
174       --global_housekeeping_interval=0
175           Interval between global housekeepings
176
177
178       --housekeeping_interval=0
179           Interval between container housekeepings
180
181
182       --insecure-skip-tls-verify=false
183           If true, the server's certificate will not be checked for validity.
184       This will make your HTTPS connections insecure
185
186
187       --kubeconfig=""
188           Path to the kubeconfig file to use for CLI requests.
189
190
191       --log-flush-frequency=0
192           Maximum number of seconds between log flushes
193
194
195       --log_backtrace_at=:0
196           when logging hits line file:N, emit a stack trace
197
198
199       --log_cadvisor_usage=false
200           Whether to log the usage of the cAdvisor container
201
202
203       --log_dir=""
204           If non-empty, write log files in this directory
205
206
207       --logtostderr=true
208           log to standard error instead of files
209
210
211       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
212           Comma-separated  list  of  files  to  check for machine-id. Use the
213       first one that exists.
214
215
216       --match-server-version=false
217           Require server version to match client version
218
219
220       -n, --namespace=""
221           If present, the namespace scope for this CLI request
222
223
224       --request-timeout="0"
225           The length of time to wait before giving  up  on  a  single  server
226       request. Non-zero values should contain a corresponding time unit (e.g.
227       1s, 2m, 3h). A value of zero means don't timeout requests.
228
229
230       -s, --server=""
231           The address and port of the Kubernetes API server
232
233
234       --stderrthreshold=2
235           logs at or above this threshold go to stderr
236
237
238       --storage_driver_buffer_duration=0
239           Writes in the storage driver will be buffered  for  this  duration,
240       and committed to the non memory backends as a single transaction
241
242
243       --storage_driver_db="cadvisor"
244           database name
245
246
247       --storage_driver_host="localhost:8086"
248           database host:port
249
250
251       --storage_driver_password="root"
252           database password
253
254
255       --storage_driver_secure=false
256           use secure connection with database
257
258
259       --storage_driver_table="stats"
260           table name
261
262
263       --storage_driver_user="root"
264           database username
265
266
267       --token=""
268           Bearer token for authentication to the API server
269
270
271       --user=""
272           The name of the kubeconfig user to use
273
274
275       -v, --v=0
276           log level for V logs
277
278
279       --version=false
280           Print version information and quit
281
282
283       --vmodule=
284           comma-separated  list  of pattern=N settings for file-filtered log‐
285       ging
286
287
288

EXAMPLE

290                # Generate a new token for service account 'default'
291                oc serviceaccounts new-token 'default'
292
293                # Generate a new token for service account 'default' and apply
294                # labels 'foo' and 'bar' to the new token for identification
295                # oc serviceaccounts new-token 'default' --labels foo=foo-value,bar=bar-value
296
297
298
299

SEE ALSO

301       oc-serviceaccounts(1),
302
303
304

HISTORY

306       June 2016, Ported from the Kubernetes man-doc generator
307
308
309
310Openshift                  Openshift CLI User Manuals    OC SERVICEACCOUNTS(1)
Impressum