1OC ADM(1) June 2016 OC ADM(1)
2
3
4
6 oc adm policy - Manage policy
7
8
9
11 oc adm policy [OPTIONS]
12
13
14
16 Manage policy on the cluster
17
18
19 These commands allow you to assign and manage the roles and policies
20 that apply to users. The reconcile commands allow you to reset and
21 upgrade your system policies to the latest default policies.
22
23
24 To see more information on roles and policies, use the 'get' and
25 'describe' commands on the following resources: 'clusterroles', 'clus‐
26 terpolicy', 'clusterrolebindings', 'roles', 'policy', 'rolebindings',
27 and 'scc'.
28
29
30
32 --allow_verification_with_non_compliant_keys=false
33 Allow a SignatureVerifier to use keys which are technically
34 non-compliant with RFC6962.
35
36
37 --alsologtostderr=false
38 log to standard error as well as files
39
40
41 --application_metrics_count_limit=100
42 Max number of application metrics to store (per container)
43
44
45 --as=""
46 Username to impersonate for the operation
47
48
49 --as-group=[]
50 Group to impersonate for the operation, this flag can be repeated
51 to specify multiple groups.
52
53
54 --azure-container-registry-config=""
55 Path to the file containing Azure container registry configuration
56 information.
57
58
59 --boot_id_file="/proc/sys/kernel/random/boot_id"
60 Comma-separated list of files to check for boot-id. Use the first
61 one that exists.
62
63
64 --cache-dir="/builddir/.kube/http-cache"
65 Default HTTP cache directory
66
67
68 --certificate-authority=""
69 Path to a cert file for the certificate authority
70
71
72 --client-certificate=""
73 Path to a client certificate file for TLS
74
75
76 --client-key=""
77 Path to a client key file for TLS
78
79
80 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
81 CIDRs opened in GCE firewall for LB traffic proxy health checks
82
83
84 --cluster=""
85 The name of the kubeconfig cluster to use
86
87
88 --container_hints="/etc/cadvisor/container_hints.json"
89 location of the container hints file
90
91
92 --containerd="unix:///var/run/containerd.sock"
93 containerd endpoint
94
95
96 --context=""
97 The name of the kubeconfig context to use
98
99
100 --default-not-ready-toleration-seconds=300
101 Indicates the tolerationSeconds of the toleration for
102 notReady:NoExecute that is added by default to every pod that does not
103 already have such a toleration.
104
105
106 --default-unreachable-toleration-seconds=300
107 Indicates the tolerationSeconds of the toleration for unreach‐
108 able:NoExecute that is added by default to every pod that does not
109 already have such a toleration.
110
111
112 --docker="unix:///var/run/docker.sock"
113 docker endpoint
114
115
116 --docker-tls=false
117 use TLS to connect to docker
118
119
120 --docker-tls-ca="ca.pem"
121 path to trusted CA
122
123
124 --docker-tls-cert="cert.pem"
125 path to client certificate
126
127
128 --docker-tls-key="key.pem"
129 path to private key
130
131
132 --docker_env_metadata_whitelist=""
133 a comma-separated list of environment variable keys that needs to
134 be collected for docker containers
135
136
137 --docker_only=false
138 Only report docker containers in addition to root stats
139
140
141 --docker_root="/var/lib/docker"
142 DEPRECATED: docker root is read from docker info (this is a fall‐
143 back, default: /var/lib/docker)
144
145
146 --enable_load_reader=false
147 Whether to enable cpu load reader
148
149
150 --event_storage_age_limit="default=24h"
151 Max length of time for which to store events (per type). Value is a
152 comma separated list of key values, where the keys are event types
153 (e.g.: creation, oom) or "default" and the value is a duration. Default
154 is applied to all non-specified event types
155
156
157 --event_storage_event_limit="default=100000"
158 Max number of events to store (per type). Value is a comma sepa‐
159 rated list of key values, where the keys are event types (e.g.: cre‐
160 ation, oom) or "default" and the value is an integer. Default is
161 applied to all non-specified event types
162
163
164 --global_housekeeping_interval=0
165 Interval between global housekeepings
166
167
168 --housekeeping_interval=0
169 Interval between container housekeepings
170
171
172 --insecure-skip-tls-verify=false
173 If true, the server's certificate will not be checked for validity.
174 This will make your HTTPS connections insecure
175
176
177 --kubeconfig=""
178 Path to the kubeconfig file to use for CLI requests.
179
180
181 --log-flush-frequency=0
182 Maximum number of seconds between log flushes
183
184
185 --log_backtrace_at=:0
186 when logging hits line file:N, emit a stack trace
187
188
189 --log_cadvisor_usage=false
190 Whether to log the usage of the cAdvisor container
191
192
193 --log_dir=""
194 If non-empty, write log files in this directory
195
196
197 --logtostderr=true
198 log to standard error instead of files
199
200
201 --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
202 Comma-separated list of files to check for machine-id. Use the
203 first one that exists.
204
205
206 --match-server-version=false
207 Require server version to match client version
208
209
210 -n, --namespace=""
211 If present, the namespace scope for this CLI request
212
213
214 --request-timeout="0"
215 The length of time to wait before giving up on a single server
216 request. Non-zero values should contain a corresponding time unit (e.g.
217 1s, 2m, 3h). A value of zero means don't timeout requests.
218
219
220 -s, --server=""
221 The address and port of the Kubernetes API server
222
223
224 --stderrthreshold=2
225 logs at or above this threshold go to stderr
226
227
228 --storage_driver_buffer_duration=0
229 Writes in the storage driver will be buffered for this duration,
230 and committed to the non memory backends as a single transaction
231
232
233 --storage_driver_db="cadvisor"
234 database name
235
236
237 --storage_driver_host="localhost:8086"
238 database host:port
239
240
241 --storage_driver_password="root"
242 database password
243
244
245 --storage_driver_secure=false
246 use secure connection with database
247
248
249 --storage_driver_table="stats"
250 table name
251
252
253 --storage_driver_user="root"
254 database username
255
256
257 --token=""
258 Bearer token for authentication to the API server
259
260
261 --user=""
262 The name of the kubeconfig user to use
263
264
265 -v, --v=0
266 log level for V logs
267
268
269 --version=false
270 Print version information and quit
271
272
273 --vmodule=
274 comma-separated list of pattern=N settings for file-filtered log‐
275 ging
276
277
278
280 oc-adm(1), oc-adm-policy-add-cluster-role-to-group(1), oc-adm-pol‐
281 icy-add-cluster-role-to-user(1), oc-adm-policy-add-role-to-group(1),
282 oc-adm-policy-add-role-to-user(1), oc-adm-policy-add-scc-to-group(1),
283 oc-adm-policy-add-scc-to-user(1), oc-adm-policy-reconcile-clus‐
284 ter-role-bindings(1), oc-adm-policy-reconcile-cluster-roles(1),
285 oc-adm-policy-reconcile-sccs(1), oc-adm-policy-remove-clus‐
286 ter-role-from-group(1), oc-adm-policy-remove-cluster-role-from-user(1),
287 oc-adm-policy-remove-group(1), oc-adm-policy-remove-role-from-group(1),
288 oc-adm-policy-remove-role-from-user(1), oc-adm-pol‐
289 icy-remove-scc-from-group(1), oc-adm-policy-remove-scc-from-user(1),
290 oc-adm-policy-remove-user(1), oc-adm-policy-scc-review(1), oc-adm-pol‐
291 icy-scc-subject-review(1), oc-adm-policy-who-can(1),
292
293
294
296 June 2016, Ported from the Kubernetes man-doc generator
297
298
299
300Openshift Openshift CLI User Manuals OC ADM(1)