1OC ADM CONFIG(1) June 2016 OC ADM CONFIG(1)
2
6 oc adm config set-credentials - Sets a user entry in kubeconfig
7
11 oc adm config set-credentials [OPTIONS]
12
16 Sets a user entry in kubeconfig
17 Specifying a name that already exists will merge new fields on top of
20 existing values.
21 Client-certificate flags: --client-certificate=certfile
24 --client-key=keyfile
25 Bearer token flags: --token=bearer _token
28 Basic auth flags: --username=basic user --password=basic password
31 Bearer token and basic auth are mutually exclusive.
34
38 --auth-provider=""
39 Auth provider for the user entry in kubeconfig
40 --auth-provider-arg=[]
43 'key=value' arguments for the auth provider
44 --embed-certs=false
47 Embed client cert/key for the user entry in kubeconfig
48 --password=""
51 password for the user entry in kubeconfig
52 --username=""
55 username for the user entry in kubeconfig
56
60 --allow_verification_with_non_compliant_keys=false
61 Allow a SignatureVerifier to use keys which are technically
62 non-compliant with RFC6962.
63 --alsologtostderr=false
66 log to standard error as well as files
67 --application_metrics_count_limit=100
70 Max number of application metrics to store (per container)
71 --as=""
74 Username to impersonate for the operation
75 --as-group=[]
78 Group to impersonate for the operation, this flag can be repeated
79 to specify multiple groups.
80 --azure-container-registry-config=""
83 Path to the file containing Azure container registry configuration
84 information.
85 --boot_id_file="/proc/sys/kernel/random/boot_id"
88 Comma-separated list of files to check for boot-id. Use the first
89 one that exists.
90 --cache-dir="/builddir/.kube/http-cache"
93 Default HTTP cache directory
94 --certificate-authority=""
97 Path to a cert file for the certificate authority
98 --client-certificate=""
101 Path to a client certificate file for TLS
102 --client-key=""
105 Path to a client key file for TLS
106 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
109 CIDRs opened in GCE firewall for LB traffic proxy health checks
110 --cluster=""
113 The name of the kubeconfig cluster to use
114 --config=""
117 use a particular kubeconfig file
118 --container_hints="/etc/cadvisor/container_hints.json"
121 location of the container hints file
122 --containerd="unix:///var/run/containerd.sock"
125 containerd endpoint
126 --context=""
129 The name of the kubeconfig context to use
130 --default-not-ready-toleration-seconds=300
133 Indicates the tolerationSeconds of the toleration for
134 notReady:NoExecute that is added by default to every pod that does not
135 already have such a toleration.
136 --default-unreachable-toleration-seconds=300
139 Indicates the tolerationSeconds of the toleration for unreach‐
140 able:NoExecute that is added by default to every pod that does not
141 already have such a toleration.
142 --docker="unix:///var/run/docker.sock"
145 docker endpoint
146 --docker-tls=false
149 use TLS to connect to docker
150 --docker-tls-ca="ca.pem"
153 path to trusted CA
154 --docker-tls-cert="cert.pem"
157 path to client certificate
158 --docker-tls-key="key.pem"
161 path to private key
162 --docker_env_metadata_whitelist=""
165 a comma-separated list of environment variable keys that needs to
166 be collected for docker containers
167 --docker_only=false
170 Only report docker containers in addition to root stats
171 --docker_root="/var/lib/docker"
174 DEPRECATED: docker root is read from docker info (this is a fall‐
175 back, default: /var/lib/docker)
176 --enable_load_reader=false
179 Whether to enable cpu load reader
180 --event_storage_age_limit="default=24h"
183 Max length of time for which to store events (per type). Value is a
184 comma separated list of key values, where the keys are event types
185 (e.g.: creation, oom) or "default" and the value is a duration. Default
186 is applied to all non-specified event types
187 --event_storage_event_limit="default=100000"
190 Max number of events to store (per type). Value is a comma sepa‐
191 rated list of key values, where the keys are event types (e.g.: cre‐
192 ation, oom) or "default" and the value is an integer. Default is
193 applied to all non-specified event types
194 --global_housekeeping_interval=0
197 Interval between global housekeepings
198 --housekeeping_interval=0
201 Interval between container housekeepings
202 --insecure-skip-tls-verify=false
205 If true, the server's certificate will not be checked for validity.
206 This will make your HTTPS connections insecure
207 --kubeconfig=""
210 Path to the kubeconfig file to use for CLI requests.
211 --log-flush-frequency=0
214 Maximum number of seconds between log flushes
215 --log_backtrace_at=:0
218 when logging hits line file:N, emit a stack trace
219 --log_cadvisor_usage=false
222 Whether to log the usage of the cAdvisor container
223 --log_dir=""
226 If non-empty, write log files in this directory
227 --logtostderr=true
230 log to standard error instead of files
231 --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
234 Comma-separated list of files to check for machine-id. Use the
235 first one that exists.
236 --match-server-version=false
239 Require server version to match client version
240 -n, --namespace=""
243 If present, the namespace scope for this CLI request
244 --request-timeout="0"
247 The length of time to wait before giving up on a single server
248 request. Non-zero values should contain a corresponding time unit (e.g.
249 1s, 2m, 3h). A value of zero means don't timeout requests.
250 -s, --server=""
253 The address and port of the Kubernetes API server
254 --stderrthreshold=2
257 logs at or above this threshold go to stderr
258 --storage_driver_buffer_duration=0
261 Writes in the storage driver will be buffered for this duration,
262 and committed to the non memory backends as a single transaction
263 --storage_driver_db="cadvisor"
266 database name
267 --storage_driver_host="localhost:8086"
270 database host:port
271 --storage_driver_password="root"
274 database password
275 --storage_driver_secure=false
278 use secure connection with database
279 --storage_driver_table="stats"
282 table name
283 --storage_driver_user="root"
286 database username
287 --token=""
290 Bearer token for authentication to the API server
291 --user=""
294 The name of the kubeconfig user to use
295 -v, --v=0
298 log level for V logs
299 --version=false
302 Print version information and quit
303 --vmodule=
306 comma-separated list of pattern=N settings for file-filtered log‐
307 ging
308
312 # Set only the "client-key" field on the "cluster-admin"
313 # entry, without touching other values:
314 oc adm config set-credentials cluster-admin --client-key= /.kube/admin.key
315 # Set basic auth for the "cluster-admin" entry
317 oc adm config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif
318 # Embed client certificate data in the "cluster-admin" entry
320 oc adm config set-credentials cluster-admin --client-certificate= /.kube/admin.crt --embed-certs=true
321 # Enable the Google Compute Platform auth provider for the "cluster-admin" entry
323 oc adm config set-credentials cluster-admin --auth-provider=gcp
324 # Enable the OpenID Connect auth provider for the "cluster-admin" entry with additional args
326 oc adm config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar
327 # Remove the "client-secret" config value for the OpenID Connect auth provider for the "cluster-admin" entry
329 oc adm config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret-
330
335 oc-adm-config(1),
336
340 June 2016, Ported from the Kubernetes man-doc generator
341Openshift Openshift CLI User Manuals OC ADM CONFIG(1)