1OC ADM CONFIG(1)                   June 2016                  OC ADM CONFIG(1)
2
3
4

NAME

6       oc adm config set-credentials - Sets a user entry in kubeconfig
7
8
9

SYNOPSIS

11       oc adm config set-credentials [OPTIONS]
12
13
14

DESCRIPTION

16       Sets a user entry in kubeconfig
17
18
19       Specifying  a  name that already exists will merge new fields on top of
20       existing values.
21
22
23       Client-certificate         flags:         --client-certificate=certfile
24       --client-key=keyfile
25
26
27       Bearer token flags: --token=bearer _token
28
29
30       Basic auth flags: --username=basic user --password=basic password
31
32
33       Bearer token and basic auth are mutually exclusive.
34
35
36

OPTIONS

38       --auth-provider=""
39           Auth provider for the user entry in kubeconfig
40
41
42       --auth-provider-arg=[]
43           'key=value' arguments for the auth provider
44
45
46       --embed-certs=false
47           Embed client cert/key for the user entry in kubeconfig
48
49
50       --password=""
51           password for the user entry in kubeconfig
52
53
54       --username=""
55           username for the user entry in kubeconfig
56
57
58

OPTIONS INHERITED FROM PARENT COMMANDS

60       --allow_verification_with_non_compliant_keys=false
61           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
62       non-compliant with RFC6962.
63
64
65       --alsologtostderr=false
66           log to standard error as well as files
67
68
69       --application_metrics_count_limit=100
70           Max number of application metrics to store (per container)
71
72
73       --as=""
74           Username to impersonate for the operation
75
76
77       --as-group=[]
78           Group to impersonate for the operation, this flag can  be  repeated
79       to specify multiple groups.
80
81
82       --azure-container-registry-config=""
83           Path  to the file containing Azure container registry configuration
84       information.
85
86
87       --boot_id_file="/proc/sys/kernel/random/boot_id"
88           Comma-separated list of files to check for boot-id. Use  the  first
89       one that exists.
90
91
92       --cache-dir="/builddir/.kube/http-cache"
93           Default HTTP cache directory
94
95
96       --certificate-authority=""
97           Path to a cert file for the certificate authority
98
99
100       --client-certificate=""
101           Path to a client certificate file for TLS
102
103
104       --client-key=""
105           Path to a client key file for TLS
106
107
108       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
109           CIDRs opened in GCE firewall for LB traffic proxy  health checks
110
111
112       --cluster=""
113           The name of the kubeconfig cluster to use
114
115
116       --config=""
117           use a particular kubeconfig file
118
119
120       --container_hints="/etc/cadvisor/container_hints.json"
121           location of the container hints file
122
123
124       --containerd="unix:///var/run/containerd.sock"
125           containerd endpoint
126
127
128       --context=""
129           The name of the kubeconfig context to use
130
131
132       --default-not-ready-toleration-seconds=300
133           Indicates   the   tolerationSeconds   of   the    toleration    for
134       notReady:NoExecute  that is added by default to every pod that does not
135       already have such a toleration.
136
137
138       --default-unreachable-toleration-seconds=300
139           Indicates the tolerationSeconds  of  the  toleration  for  unreach‐
140       able:NoExecute  that  is  added  by  default to every pod that does not
141       already have such a toleration.
142
143
144       --docker="unix:///var/run/docker.sock"
145           docker endpoint
146
147
148       --docker-tls=false
149           use TLS to connect to docker
150
151
152       --docker-tls-ca="ca.pem"
153           path to trusted CA
154
155
156       --docker-tls-cert="cert.pem"
157           path to client certificate
158
159
160       --docker-tls-key="key.pem"
161           path to private key
162
163
164       --docker_env_metadata_whitelist=""
165           a comma-separated list of environment variable keys that  needs  to
166       be collected for docker containers
167
168
169       --docker_only=false
170           Only report docker containers in addition to root stats
171
172
173       --docker_root="/var/lib/docker"
174           DEPRECATED:  docker  root is read from docker info (this is a fall‐
175       back, default: /var/lib/docker)
176
177
178       --enable_load_reader=false
179           Whether to enable cpu load reader
180
181
182       --event_storage_age_limit="default=24h"
183           Max length of time for which to store events (per type). Value is a
184       comma  separated  list  of  key  values, where the keys are event types
185       (e.g.: creation, oom) or "default" and the value is a duration. Default
186       is applied to all non-specified event types
187
188
189       --event_storage_event_limit="default=100000"
190           Max  number  of  events to store (per type). Value is a comma sepa‐
191       rated list of key values, where the keys are event  types  (e.g.:  cre‐
192       ation,  oom)  or  "default"  and  the  value  is an integer. Default is
193       applied to all non-specified event types
194
195
196       --global_housekeeping_interval=0
197           Interval between global housekeepings
198
199
200       --housekeeping_interval=0
201           Interval between container housekeepings
202
203
204       --insecure-skip-tls-verify=false
205           If true, the server's certificate will not be checked for validity.
206       This will make your HTTPS connections insecure
207
208
209       --kubeconfig=""
210           Path to the kubeconfig file to use for CLI requests.
211
212
213       --log-flush-frequency=0
214           Maximum number of seconds between log flushes
215
216
217       --log_backtrace_at=:0
218           when logging hits line file:N, emit a stack trace
219
220
221       --log_cadvisor_usage=false
222           Whether to log the usage of the cAdvisor container
223
224
225       --log_dir=""
226           If non-empty, write log files in this directory
227
228
229       --logtostderr=true
230           log to standard error instead of files
231
232
233       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
234           Comma-separated  list  of  files  to  check for machine-id. Use the
235       first one that exists.
236
237
238       --match-server-version=false
239           Require server version to match client version
240
241
242       -n, --namespace=""
243           If present, the namespace scope for this CLI request
244
245
246       --request-timeout="0"
247           The length of time to wait before giving  up  on  a  single  server
248       request. Non-zero values should contain a corresponding time unit (e.g.
249       1s, 2m, 3h). A value of zero means don't timeout requests.
250
251
252       -s, --server=""
253           The address and port of the Kubernetes API server
254
255
256       --stderrthreshold=2
257           logs at or above this threshold go to stderr
258
259
260       --storage_driver_buffer_duration=0
261           Writes in the storage driver will be buffered  for  this  duration,
262       and committed to the non memory backends as a single transaction
263
264
265       --storage_driver_db="cadvisor"
266           database name
267
268
269       --storage_driver_host="localhost:8086"
270           database host:port
271
272
273       --storage_driver_password="root"
274           database password
275
276
277       --storage_driver_secure=false
278           use secure connection with database
279
280
281       --storage_driver_table="stats"
282           table name
283
284
285       --storage_driver_user="root"
286           database username
287
288
289       --token=""
290           Bearer token for authentication to the API server
291
292
293       --user=""
294           The name of the kubeconfig user to use
295
296
297       -v, --v=0
298           log level for V logs
299
300
301       --version=false
302           Print version information and quit
303
304
305       --vmodule=
306           comma-separated  list  of pattern=N settings for file-filtered log‐
307       ging
308
309
310

EXAMPLE

312                # Set only the "client-key" field on the "cluster-admin"
313                # entry, without touching other values:
314                oc adm config set-credentials cluster-admin --client-key= /.kube/admin.key
315
316                # Set basic auth for the "cluster-admin" entry
317                oc adm config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif
318
319                # Embed client certificate data in the "cluster-admin" entry
320                oc adm config set-credentials cluster-admin --client-certificate= /.kube/admin.crt --embed-certs=true
321
322                # Enable the Google Compute Platform auth provider for the "cluster-admin" entry
323                oc adm config set-credentials cluster-admin --auth-provider=gcp
324
325                # Enable the OpenID Connect auth provider for the "cluster-admin" entry with additional args
326                oc adm config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar
327
328                # Remove the "client-secret" config value for the OpenID Connect auth provider for the "cluster-admin" entry
329                oc adm config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret-
330
331
332
333

SEE ALSO

335       oc-adm-config(1),
336
337
338

HISTORY

340       June 2016, Ported from the Kubernetes man-doc generator
341
342
343
344Openshift                  Openshift CLI User Manuals         OC ADM CONFIG(1)
Impressum