1OC ADM GROUPS(1) June 2016 OC ADM GROUPS(1)
2
3
4
6 oc adm groups prune - Remove old OpenShift groups referencing missing
7 records on an external provider
8
9
10
12 oc adm groups prune [OPTIONS]
13
14
15
17 Prune OpenShift Groups referencing missing records on from an external
18 provider.
19
20
21 In order to prune OpenShift Group records using those from an external
22 provider, determine which Groups you wish to prune. For instance, all
23 or some groups may be selected from the current Groups stored in Open‐
24 Shift that have been synced previously. Any combination of a literal
25 whitelist, a whitelist file and a blacklist file is supported. The path
26 to a sync configuration file that was used for syncing the groups in
27 question is required in order to describe how data is requested from
28 the external record store. Default behavior is to indicate all Open‐
29 Shift groups for which the external record does not exist, to run the
30 pruning process and commit the results, use the --confirm flag.
31
32
33
35 --blacklist=""
36 path to the group blacklist file
37
38
39 --confirm=false
40 if true, modify OpenShift groups; if false, display groups
41
42
43 --sync-config=""
44 path to the sync config
45
46
47 --whitelist=""
48 path to the group whitelist file
49
50
51
53 --allow_verification_with_non_compliant_keys=false
54 Allow a SignatureVerifier to use keys which are technically
55 non-compliant with RFC6962.
56
57
58 --alsologtostderr=false
59 log to standard error as well as files
60
61
62 --application_metrics_count_limit=100
63 Max number of application metrics to store (per container)
64
65
66 --as=""
67 Username to impersonate for the operation
68
69
70 --as-group=[]
71 Group to impersonate for the operation, this flag can be repeated
72 to specify multiple groups.
73
74
75 --azure-container-registry-config=""
76 Path to the file containing Azure container registry configuration
77 information.
78
79
80 --boot_id_file="/proc/sys/kernel/random/boot_id"
81 Comma-separated list of files to check for boot-id. Use the first
82 one that exists.
83
84
85 --cache-dir="/builddir/.kube/http-cache"
86 Default HTTP cache directory
87
88
89 --certificate-authority=""
90 Path to a cert file for the certificate authority
91
92
93 --client-certificate=""
94 Path to a client certificate file for TLS
95
96
97 --client-key=""
98 Path to a client key file for TLS
99
100
101 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
102 CIDRs opened in GCE firewall for LB traffic proxy health checks
103
104
105 --cluster=""
106 The name of the kubeconfig cluster to use
107
108
109 --container_hints="/etc/cadvisor/container_hints.json"
110 location of the container hints file
111
112
113 --containerd="unix:///var/run/containerd.sock"
114 containerd endpoint
115
116
117 --context=""
118 The name of the kubeconfig context to use
119
120
121 --default-not-ready-toleration-seconds=300
122 Indicates the tolerationSeconds of the toleration for
123 notReady:NoExecute that is added by default to every pod that does not
124 already have such a toleration.
125
126
127 --default-unreachable-toleration-seconds=300
128 Indicates the tolerationSeconds of the toleration for unreach‐
129 able:NoExecute that is added by default to every pod that does not
130 already have such a toleration.
131
132
133 --docker="unix:///var/run/docker.sock"
134 docker endpoint
135
136
137 --docker-tls=false
138 use TLS to connect to docker
139
140
141 --docker-tls-ca="ca.pem"
142 path to trusted CA
143
144
145 --docker-tls-cert="cert.pem"
146 path to client certificate
147
148
149 --docker-tls-key="key.pem"
150 path to private key
151
152
153 --docker_env_metadata_whitelist=""
154 a comma-separated list of environment variable keys that needs to
155 be collected for docker containers
156
157
158 --docker_only=false
159 Only report docker containers in addition to root stats
160
161
162 --docker_root="/var/lib/docker"
163 DEPRECATED: docker root is read from docker info (this is a fall‐
164 back, default: /var/lib/docker)
165
166
167 --enable_load_reader=false
168 Whether to enable cpu load reader
169
170
171 --event_storage_age_limit="default=24h"
172 Max length of time for which to store events (per type). Value is a
173 comma separated list of key values, where the keys are event types
174 (e.g.: creation, oom) or "default" and the value is a duration. Default
175 is applied to all non-specified event types
176
177
178 --event_storage_event_limit="default=100000"
179 Max number of events to store (per type). Value is a comma sepa‐
180 rated list of key values, where the keys are event types (e.g.: cre‐
181 ation, oom) or "default" and the value is an integer. Default is
182 applied to all non-specified event types
183
184
185 --global_housekeeping_interval=0
186 Interval between global housekeepings
187
188
189 --housekeeping_interval=0
190 Interval between container housekeepings
191
192
193 --insecure-skip-tls-verify=false
194 If true, the server's certificate will not be checked for validity.
195 This will make your HTTPS connections insecure
196
197
198 --kubeconfig=""
199 Path to the kubeconfig file to use for CLI requests.
200
201
202 --log-flush-frequency=0
203 Maximum number of seconds between log flushes
204
205
206 --log_backtrace_at=:0
207 when logging hits line file:N, emit a stack trace
208
209
210 --log_cadvisor_usage=false
211 Whether to log the usage of the cAdvisor container
212
213
214 --log_dir=""
215 If non-empty, write log files in this directory
216
217
218 --logtostderr=true
219 log to standard error instead of files
220
221
222 --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
223 Comma-separated list of files to check for machine-id. Use the
224 first one that exists.
225
226
227 --match-server-version=false
228 Require server version to match client version
229
230
231 -n, --namespace=""
232 If present, the namespace scope for this CLI request
233
234
235 --request-timeout="0"
236 The length of time to wait before giving up on a single server
237 request. Non-zero values should contain a corresponding time unit (e.g.
238 1s, 2m, 3h). A value of zero means don't timeout requests.
239
240
241 -s, --server=""
242 The address and port of the Kubernetes API server
243
244
245 --stderrthreshold=2
246 logs at or above this threshold go to stderr
247
248
249 --storage_driver_buffer_duration=0
250 Writes in the storage driver will be buffered for this duration,
251 and committed to the non memory backends as a single transaction
252
253
254 --storage_driver_db="cadvisor"
255 database name
256
257
258 --storage_driver_host="localhost:8086"
259 database host:port
260
261
262 --storage_driver_password="root"
263 database password
264
265
266 --storage_driver_secure=false
267 use secure connection with database
268
269
270 --storage_driver_table="stats"
271 table name
272
273
274 --storage_driver_user="root"
275 database username
276
277
278 --token=""
279 Bearer token for authentication to the API server
280
281
282 --user=""
283 The name of the kubeconfig user to use
284
285
286 -v, --v=0
287 log level for V logs
288
289
290 --version=false
291 Print version information and quit
292
293
294 --vmodule=
295 comma-separated list of pattern=N settings for file-filtered log‐
296 ging
297
298
299
301 # Prune all orphaned groups
302 oc adm groups prune --sync-config=/path/to/ldap-sync-config.yaml --confirm
303
304 # Prune all orphaned groups except the ones from the blacklist file
305 oc adm groups prune --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
306
307 # Prune all orphaned groups from a list of specific groups specified in a whitelist file
308 oc adm groups prune --whitelist=/path/to/whitelist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
309
310 # Prune all orphaned groups from a list of specific groups specified in a whitelist
311 oc adm groups prune groups/group_name groups/other_name --sync-config=/path/to/ldap-sync-config.yaml --confirm
312
313
314
315
317 oc-adm-groups(1),
318
319
320
322 June 2016, Ported from the Kubernetes man-doc generator
323
324
325
326Openshift Openshift CLI User Manuals OC ADM GROUPS(1)