1OC ADM(1)                          June 2016                         OC ADM(1)
2
3
4

NAME

6       oc  adm  create-api-client-config - Create a config file for connecting
7       to the server as a user
8
9
10

SYNOPSIS

12       oc adm create-api-client-config [OPTIONS]
13
14
15

DESCRIPTION

17       Create a client configuration for connecting to the server
18
19
20       This command creates a folder containing a client certificate, a client
21       key,  a  server  certificate authority, and a .kubeconfig file for con‐
22       necting to the master as the provided user.
23
24
25

OPTIONS

27       --basename=""
28           The base filename to use for the .crt, .key, and .kubeconfig files.
29       Defaults to the username.
30
31
32       --client-dir=""
33           The client data directory.
34
35
36       --expire-days=730
37           Validity  of  the certificates in days (defaults to 2 years). WARN‐
38       ING: extending this above default value is highly discouraged.
39
40
41       --groups=[]
42           The list of groups this user belongs to. Comma delimited list
43
44
45       --master=" ⟨https://localhost:8443"⟩
46           The API server's URL.
47
48
49       --public-master=""
50           The API public facing server's URL (if applicable).
51
52
53       --signer-cert="openshift.local.config/master/ca.crt"
54           The certificate file.
55
56
57       --signer-key="openshift.local.config/master/ca.key"
58           The key file.
59
60
61       --signer-serial="openshift.local.config/master/ca.serial.txt"
62           The serial file that keeps  track  of  how  many  certs  have  been
63       signed.
64
65
66

OPTIONS INHERITED FROM PARENT COMMANDS

68       --allow_verification_with_non_compliant_keys=false
69           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
70       non-compliant with RFC6962.
71
72
73       --alsologtostderr=false
74           log to standard error as well as files
75
76
77       --application_metrics_count_limit=100
78           Max number of application metrics to store (per container)
79
80
81       --as=""
82           Username to impersonate for the operation
83
84
85       --as-group=[]
86           Group to impersonate for the operation, this flag can  be  repeated
87       to specify multiple groups.
88
89
90       --azure-container-registry-config=""
91           Path  to the file containing Azure container registry configuration
92       information.
93
94
95       --boot_id_file="/proc/sys/kernel/random/boot_id"
96           Comma-separated list of files to check for boot-id. Use  the  first
97       one that exists.
98
99
100       --cache-dir="/builddir/.kube/http-cache"
101           Default HTTP cache directory
102
103
104       --certificate-authority=""
105           Path to a cert file for the certificate authority
106
107
108       --client-certificate=""
109           Path to a client certificate file for TLS
110
111
112       --client-key=""
113           Path to a client key file for TLS
114
115
116       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
117           CIDRs opened in GCE firewall for LB traffic proxy  health checks
118
119
120       --cluster=""
121           The name of the kubeconfig cluster to use
122
123
124       --container_hints="/etc/cadvisor/container_hints.json"
125           location of the container hints file
126
127
128       --containerd="unix:///var/run/containerd.sock"
129           containerd endpoint
130
131
132       --context=""
133           The name of the kubeconfig context to use
134
135
136       --default-not-ready-toleration-seconds=300
137           Indicates   the   tolerationSeconds   of   the    toleration    for
138       notReady:NoExecute  that is added by default to every pod that does not
139       already have such a toleration.
140
141
142       --default-unreachable-toleration-seconds=300
143           Indicates the tolerationSeconds  of  the  toleration  for  unreach‐
144       able:NoExecute  that  is  added  by  default to every pod that does not
145       already have such a toleration.
146
147
148       --docker="unix:///var/run/docker.sock"
149           docker endpoint
150
151
152       --docker-tls=false
153           use TLS to connect to docker
154
155
156       --docker-tls-ca="ca.pem"
157           path to trusted CA
158
159
160       --docker-tls-cert="cert.pem"
161           path to client certificate
162
163
164       --docker-tls-key="key.pem"
165           path to private key
166
167
168       --docker_env_metadata_whitelist=""
169           a comma-separated list of environment variable keys that  needs  to
170       be collected for docker containers
171
172
173       --docker_only=false
174           Only report docker containers in addition to root stats
175
176
177       --docker_root="/var/lib/docker"
178           DEPRECATED:  docker  root is read from docker info (this is a fall‐
179       back, default: /var/lib/docker)
180
181
182       --enable_load_reader=false
183           Whether to enable cpu load reader
184
185
186       --event_storage_age_limit="default=24h"
187           Max length of time for which to store events (per type). Value is a
188       comma  separated  list  of  key  values, where the keys are event types
189       (e.g.: creation, oom) or "default" and the value is a duration. Default
190       is applied to all non-specified event types
191
192
193       --event_storage_event_limit="default=100000"
194           Max  number  of  events to store (per type). Value is a comma sepa‐
195       rated list of key values, where the keys are event  types  (e.g.:  cre‐
196       ation,  oom)  or  "default"  and  the  value  is an integer. Default is
197       applied to all non-specified event types
198
199
200       --global_housekeeping_interval=0
201           Interval between global housekeepings
202
203
204       --housekeeping_interval=0
205           Interval between container housekeepings
206
207
208       --insecure-skip-tls-verify=false
209           If true, the server's certificate will not be checked for validity.
210       This will make your HTTPS connections insecure
211
212
213       --kubeconfig=""
214           Path to the kubeconfig file to use for CLI requests.
215
216
217       --log-flush-frequency=0
218           Maximum number of seconds between log flushes
219
220
221       --log_backtrace_at=:0
222           when logging hits line file:N, emit a stack trace
223
224
225       --log_cadvisor_usage=false
226           Whether to log the usage of the cAdvisor container
227
228
229       --log_dir=""
230           If non-empty, write log files in this directory
231
232
233       --logtostderr=true
234           log to standard error instead of files
235
236
237       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
238           Comma-separated  list  of  files  to  check for machine-id. Use the
239       first one that exists.
240
241
242       --match-server-version=false
243           Require server version to match client version
244
245
246       -n, --namespace=""
247           If present, the namespace scope for this CLI request
248
249
250       --request-timeout="0"
251           The length of time to wait before giving  up  on  a  single  server
252       request. Non-zero values should contain a corresponding time unit (e.g.
253       1s, 2m, 3h). A value of zero means don't timeout requests.
254
255
256       -s, --server=""
257           The address and port of the Kubernetes API server
258
259
260       --stderrthreshold=2
261           logs at or above this threshold go to stderr
262
263
264       --storage_driver_buffer_duration=0
265           Writes in the storage driver will be buffered  for  this  duration,
266       and committed to the non memory backends as a single transaction
267
268
269       --storage_driver_db="cadvisor"
270           database name
271
272
273       --storage_driver_host="localhost:8086"
274           database host:port
275
276
277       --storage_driver_password="root"
278           database password
279
280
281       --storage_driver_secure=false
282           use secure connection with database
283
284
285       --storage_driver_table="stats"
286           table name
287
288
289       --storage_driver_user="root"
290           database username
291
292
293       --token=""
294           Bearer token for authentication to the API server
295
296
297       --user=""
298           The name of the kubeconfig user to use
299
300
301       -v, --v=0
302           log level for V logs
303
304
305       --version=false
306           Print version information and quit
307
308
309       --vmodule=
310           comma-separated  list  of pattern=N settings for file-filtered log‐
311       ging
312
313
314

SEE ALSO

316       oc-adm(1),
317
318
319

HISTORY

321       June 2016, Ported from the Kubernetes man-doc generator
322
323
324
325Openshift                  Openshift CLI User Manuals                OC ADM(1)
Impressum