1OC SECRETS(1) June 2016 OC SECRETS(1)
2
3
4
6 oc secrets link - Link secrets to a ServiceAccount
7
8
9
11 oc secrets link [OPTIONS]
12
13
14
16 Link secrets to a service account
17
18
19 Linking a secret enables a service account to automatically use that
20 secret for some forms of authentication.
21
22
23
25 --for=[mount]
26 type of secret to link: mount or pull
27
28
29
31 --allow_verification_with_non_compliant_keys=false
32 Allow a SignatureVerifier to use keys which are technically
33 non-compliant with RFC6962.
34
35
36 --alsologtostderr=false
37 log to standard error as well as files
38
39
40 --application_metrics_count_limit=100
41 Max number of application metrics to store (per container)
42
43
44 --as=""
45 Username to impersonate for the operation
46
47
48 --as-group=[]
49 Group to impersonate for the operation, this flag can be repeated
50 to specify multiple groups.
51
52
53 --azure-container-registry-config=""
54 Path to the file containing Azure container registry configuration
55 information.
56
57
58 --boot_id_file="/proc/sys/kernel/random/boot_id"
59 Comma-separated list of files to check for boot-id. Use the first
60 one that exists.
61
62
63 --cache-dir="/builddir/.kube/http-cache"
64 Default HTTP cache directory
65
66
67 --certificate-authority=""
68 Path to a cert file for the certificate authority
69
70
71 --client-certificate=""
72 Path to a client certificate file for TLS
73
74
75 --client-key=""
76 Path to a client key file for TLS
77
78
79 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
80 CIDRs opened in GCE firewall for LB traffic proxy health checks
81
82
83 --cluster=""
84 The name of the kubeconfig cluster to use
85
86
87 --container_hints="/etc/cadvisor/container_hints.json"
88 location of the container hints file
89
90
91 --containerd="unix:///var/run/containerd.sock"
92 containerd endpoint
93
94
95 --context=""
96 The name of the kubeconfig context to use
97
98
99 --default-not-ready-toleration-seconds=300
100 Indicates the tolerationSeconds of the toleration for
101 notReady:NoExecute that is added by default to every pod that does not
102 already have such a toleration.
103
104
105 --default-unreachable-toleration-seconds=300
106 Indicates the tolerationSeconds of the toleration for unreach‐
107 able:NoExecute that is added by default to every pod that does not
108 already have such a toleration.
109
110
111 --docker="unix:///var/run/docker.sock"
112 docker endpoint
113
114
115 --docker-tls=false
116 use TLS to connect to docker
117
118
119 --docker-tls-ca="ca.pem"
120 path to trusted CA
121
122
123 --docker-tls-cert="cert.pem"
124 path to client certificate
125
126
127 --docker-tls-key="key.pem"
128 path to private key
129
130
131 --docker_env_metadata_whitelist=""
132 a comma-separated list of environment variable keys that needs to
133 be collected for docker containers
134
135
136 --docker_only=false
137 Only report docker containers in addition to root stats
138
139
140 --docker_root="/var/lib/docker"
141 DEPRECATED: docker root is read from docker info (this is a fall‐
142 back, default: /var/lib/docker)
143
144
145 --enable_load_reader=false
146 Whether to enable cpu load reader
147
148
149 --event_storage_age_limit="default=24h"
150 Max length of time for which to store events (per type). Value is a
151 comma separated list of key values, where the keys are event types
152 (e.g.: creation, oom) or "default" and the value is a duration. Default
153 is applied to all non-specified event types
154
155
156 --event_storage_event_limit="default=100000"
157 Max number of events to store (per type). Value is a comma sepa‐
158 rated list of key values, where the keys are event types (e.g.: cre‐
159 ation, oom) or "default" and the value is an integer. Default is
160 applied to all non-specified event types
161
162
163 --global_housekeeping_interval=0
164 Interval between global housekeepings
165
166
167 --housekeeping_interval=0
168 Interval between container housekeepings
169
170
171 --insecure-skip-tls-verify=false
172 If true, the server's certificate will not be checked for validity.
173 This will make your HTTPS connections insecure
174
175
176 --kubeconfig=""
177 Path to the kubeconfig file to use for CLI requests.
178
179
180 --log-flush-frequency=0
181 Maximum number of seconds between log flushes
182
183
184 --log_backtrace_at=:0
185 when logging hits line file:N, emit a stack trace
186
187
188 --log_cadvisor_usage=false
189 Whether to log the usage of the cAdvisor container
190
191
192 --log_dir=""
193 If non-empty, write log files in this directory
194
195
196 --logtostderr=true
197 log to standard error instead of files
198
199
200 --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
201 Comma-separated list of files to check for machine-id. Use the
202 first one that exists.
203
204
205 --match-server-version=false
206 Require server version to match client version
207
208
209 -n, --namespace=""
210 If present, the namespace scope for this CLI request
211
212
213 --request-timeout="0"
214 The length of time to wait before giving up on a single server
215 request. Non-zero values should contain a corresponding time unit (e.g.
216 1s, 2m, 3h). A value of zero means don't timeout requests.
217
218
219 -s, --server=""
220 The address and port of the Kubernetes API server
221
222
223 --stderrthreshold=2
224 logs at or above this threshold go to stderr
225
226
227 --storage_driver_buffer_duration=0
228 Writes in the storage driver will be buffered for this duration,
229 and committed to the non memory backends as a single transaction
230
231
232 --storage_driver_db="cadvisor"
233 database name
234
235
236 --storage_driver_host="localhost:8086"
237 database host:port
238
239
240 --storage_driver_password="root"
241 database password
242
243
244 --storage_driver_secure=false
245 use secure connection with database
246
247
248 --storage_driver_table="stats"
249 table name
250
251
252 --storage_driver_user="root"
253 database username
254
255
256 --token=""
257 Bearer token for authentication to the API server
258
259
260 --user=""
261 The name of the kubeconfig user to use
262
263
264 -v, --v=0
265 log level for V logs
266
267
268 --version=false
269 Print version information and quit
270
271
272 --vmodule=
273 comma-separated list of pattern=N settings for file-filtered log‐
274 ging
275
276
277
279 # Add an image pull secret to a service account to automatically use it for pulling pod images:
280 oc secrets link serviceaccount-name pull-secret --for=pull
281
282 # Add an image pull secret to a service account to automatically use it for both pulling and pushing build images:
283 oc secrets link builder builder-image-secret --for=pull,mount
284
285 # If the cluster's serviceAccountConfig is operating with limitSecretReferences: True, secrets must be added to the pod's service account whitelist in order to be available to the pod:
286 oc secrets link pod-sa pod-secret
287
288
289
290
292 oc-secrets(1),
293
294
295
297 June 2016, Ported from the Kubernetes man-doc generator
298
299
300
301Openshift Openshift CLI User Manuals OC SECRETS(1)