1OC(1)                              June 2016                             OC(1)
2
3
4

NAME

6       oc proxy - Run a proxy to the Kubernetes API server
7
8
9

SYNOPSIS

11       oc proxy [OPTIONS]
12
13
14

DESCRIPTION

16       Run a proxy to the API server
17
18
19

OPTIONS

21       --accept-hosts="^localhost$,^127\.0\.0\.1$,^\[::1\]$"
22           Regular expression for hosts that the proxy should accept.
23
24
25       --accept-paths="^.*"
26           Regular expression for paths that the proxy should accept.
27
28
29       --address="127.0.0.1"
30           The IP address on which to serve on.
31
32
33       --api-prefix="/"
34           Prefix to serve the proxied API under.
35
36
37       --disable-filter=false
38           If true, disable request filtering in the proxy. This is dangerous,
39       and can leave you vulnerable to XSRF attacks, when used with an  acces‐
40       sible port.
41
42
43       -p, --port=8001
44           The port on which to run the proxy. Set to 0 to pick a random port.
45
46
47       --reject-methods="^$"
48           Regular  expression  for  HTTP methods that the proxy should reject
49       (example --reject-methods='POST,PUT,PATCH').
50
51
52       --reject-paths="^/api/./pods/./exec,^/api/./pods/./attach"
53           Regular expression for paths that the proxy  should  reject.  Paths
54       specified here will be rejected even accepted by --accept-paths.
55
56
57       -u, --unix-socket=""
58           Unix socket on which to run the proxy.
59
60
61       -w, --www=""
62           Also  serve  static files from the given directory under the speci‐
63       fied prefix.
64
65
66       -P, --www-prefix="/static/"
67           Prefix to serve static files under, if  static  file  directory  is
68       specified.
69
70
71

OPTIONS INHERITED FROM PARENT COMMANDS

73       --allow_verification_with_non_compliant_keys=false
74           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
75       non-compliant with RFC6962.
76
77
78       --alsologtostderr=false
79           log to standard error as well as files
80
81
82       --application_metrics_count_limit=100
83           Max number of application metrics to store (per container)
84
85
86       --as=""
87           Username to impersonate for the operation
88
89
90       --as-group=[]
91           Group to impersonate for the operation, this flag can  be  repeated
92       to specify multiple groups.
93
94
95       --azure-container-registry-config=""
96           Path  to the file containing Azure container registry configuration
97       information.
98
99
100       --boot_id_file="/proc/sys/kernel/random/boot_id"
101           Comma-separated list of files to check for boot-id. Use  the  first
102       one that exists.
103
104
105       --cache-dir="/builddir/.kube/http-cache"
106           Default HTTP cache directory
107
108
109       --certificate-authority=""
110           Path to a cert file for the certificate authority
111
112
113       --client-certificate=""
114           Path to a client certificate file for TLS
115
116
117       --client-key=""
118           Path to a client key file for TLS
119
120
121       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
122           CIDRs opened in GCE firewall for LB traffic proxy  health checks
123
124
125       --cluster=""
126           The name of the kubeconfig cluster to use
127
128
129       --container_hints="/etc/cadvisor/container_hints.json"
130           location of the container hints file
131
132
133       --containerd="unix:///var/run/containerd.sock"
134           containerd endpoint
135
136
137       --context=""
138           The name of the kubeconfig context to use
139
140
141       --default-not-ready-toleration-seconds=300
142           Indicates   the   tolerationSeconds   of   the    toleration    for
143       notReady:NoExecute  that is added by default to every pod that does not
144       already have such a toleration.
145
146
147       --default-unreachable-toleration-seconds=300
148           Indicates the tolerationSeconds  of  the  toleration  for  unreach‐
149       able:NoExecute  that  is  added  by  default to every pod that does not
150       already have such a toleration.
151
152
153       --docker="unix:///var/run/docker.sock"
154           docker endpoint
155
156
157       --docker-tls=false
158           use TLS to connect to docker
159
160
161       --docker-tls-ca="ca.pem"
162           path to trusted CA
163
164
165       --docker-tls-cert="cert.pem"
166           path to client certificate
167
168
169       --docker-tls-key="key.pem"
170           path to private key
171
172
173       --docker_env_metadata_whitelist=""
174           a comma-separated list of environment variable keys that  needs  to
175       be collected for docker containers
176
177
178       --docker_only=false
179           Only report docker containers in addition to root stats
180
181
182       --docker_root="/var/lib/docker"
183           DEPRECATED:  docker  root is read from docker info (this is a fall‐
184       back, default: /var/lib/docker)
185
186
187       --enable_load_reader=false
188           Whether to enable cpu load reader
189
190
191       --event_storage_age_limit="default=24h"
192           Max length of time for which to store events (per type). Value is a
193       comma  separated  list  of  key  values, where the keys are event types
194       (e.g.: creation, oom) or "default" and the value is a duration. Default
195       is applied to all non-specified event types
196
197
198       --event_storage_event_limit="default=100000"
199           Max  number  of  events to store (per type). Value is a comma sepa‐
200       rated list of key values, where the keys are event  types  (e.g.:  cre‐
201       ation,  oom)  or  "default"  and  the  value  is an integer. Default is
202       applied to all non-specified event types
203
204
205       --global_housekeeping_interval=0
206           Interval between global housekeepings
207
208
209       --housekeeping_interval=0
210           Interval between container housekeepings
211
212
213       --insecure-skip-tls-verify=false
214           If true, the server's certificate will not be checked for validity.
215       This will make your HTTPS connections insecure
216
217
218       --kubeconfig=""
219           Path to the kubeconfig file to use for CLI requests.
220
221
222       --log-flush-frequency=0
223           Maximum number of seconds between log flushes
224
225
226       --log_backtrace_at=:0
227           when logging hits line file:N, emit a stack trace
228
229
230       --log_cadvisor_usage=false
231           Whether to log the usage of the cAdvisor container
232
233
234       --log_dir=""
235           If non-empty, write log files in this directory
236
237
238       --logtostderr=true
239           log to standard error instead of files
240
241
242       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
243           Comma-separated  list  of  files  to  check for machine-id. Use the
244       first one that exists.
245
246
247       --match-server-version=false
248           Require server version to match client version
249
250
251       -n, --namespace=""
252           If present, the namespace scope for this CLI request
253
254
255       --request-timeout="0"
256           The length of time to wait before giving  up  on  a  single  server
257       request. Non-zero values should contain a corresponding time unit (e.g.
258       1s, 2m, 3h). A value of zero means don't timeout requests.
259
260
261       -s, --server=""
262           The address and port of the Kubernetes API server
263
264
265       --stderrthreshold=2
266           logs at or above this threshold go to stderr
267
268
269       --storage_driver_buffer_duration=0
270           Writes in the storage driver will be buffered  for  this  duration,
271       and committed to the non memory backends as a single transaction
272
273
274       --storage_driver_db="cadvisor"
275           database name
276
277
278       --storage_driver_host="localhost:8086"
279           database host:port
280
281
282       --storage_driver_password="root"
283           database password
284
285
286       --storage_driver_secure=false
287           use secure connection with database
288
289
290       --storage_driver_table="stats"
291           table name
292
293
294       --storage_driver_user="root"
295           database username
296
297
298       --token=""
299           Bearer token for authentication to the API server
300
301
302       --user=""
303           The name of the kubeconfig user to use
304
305
306       -v, --v=0
307           log level for V logs
308
309
310       --version=false
311           Print version information and quit
312
313
314       --vmodule=
315           comma-separated  list  of pattern=N settings for file-filtered log‐
316       ging
317
318
319

EXAMPLE

321                # Run a proxy to the api server on port 8011, serving static content from ./local/www/
322                oc proxy --port=8011 --www=./local/www/
323
324                # Run a proxy to the api server on an arbitrary local port.
325                # The chosen port for the server will be output to stdout.
326                oc proxy --port=0
327
328                # Run a proxy to the api server, changing the api prefix to my-api
329                # This makes e.g. the pods api available at localhost:8011/my-api/api/v1/pods/
330                oc proxy --api-prefix=/my-api
331
332
333
334

SEE ALSO

336       oc(1),
337
338
339

HISTORY

341       June 2016, Ported from the Kubernetes man-doc generator
342
343
344
345Openshift                  Openshift CLI User Manuals                    OC(1)
Impressum