1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl config set-credentials - Sets a user entry in kubeconfig
10
11
12

SYNOPSIS

14       kubectl config set-credentials [OPTIONS]
15
16
17

DESCRIPTION

19       Sets a user entry in kubeconfig
20
21
22       Specifying  a  name that already exists will merge new fields on top of
23       existing values.
24
25
26       Client-certificate flags:
27         --client-certificate=certfile --client-key=keyfile
28
29
30       Bearer token flags:
31           --token=bearer_token
32
33
34       Basic auth flags:
35           --username=basic_user --password=basic_password
36
37
38       Bearer token and basic auth are mutually exclusive.
39
40
41

OPTIONS

43       --auth-provider=""      Auth provider for the user entry in kubeconfig
44
45
46       --auth-provider-arg=[]      'key=value' arguments for the auth provider
47
48
49       --embed-certs=false      Embed client cert/key for the  user  entry  in
50       kubeconfig
51
52
53       --exec-api-version=""       API  version  of the exec credential plugin
54       for the user entry in kubeconfig
55
56
57       --exec-arg=[]      New arguments for the exec credential plugin command
58       for the user entry in kubeconfig
59
60
61       --exec-command=""       Command  for the exec credential plugin for the
62       user entry in kubeconfig
63
64
65       --exec-env=[]      'key=value' environment values for the exec  creden‐
66       tial plugin
67
68
69

OPTIONS INHERITED FROM PARENT COMMANDS

71       --add-dir-header=false       If  true,  adds  the file directory to the
72       header of the log messages
73
74
75       --alsologtostderr=false      log to standard error as well as files
76
77
78       --application-metrics-count-limit=100      Max  number  of  application
79       metrics to store (per container)
80
81
82       --as=""      Username to impersonate for the operation
83
84
85       --as-group=[]       Group  to  impersonate for the operation, this flag
86       can be repeated to specify multiple groups.
87
88
89       --azure-container-registry-config=""      Path to the  file  containing
90       Azure container registry configuration information.
91
92
93       --boot-id-file="/proc/sys/kernel/random/boot_id"        Comma-separated
94       list of files to check for boot-id. Use the first one that exists.
95
96
97       --cache-dir="/builddir/.kube/cache"      Default cache directory
98
99
100       --certificate-authority=""      Path to a cert file for the certificate
101       authority
102
103
104       --client-certificate=""      Path to a client certificate file for TLS
105
106
107       --client-key=""      Path to a client key file for TLS
108
109
110       --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
111            CIDRs opened in GCE firewall for  L7  LB  traffic  proxy    health
112       checks
113
114
115       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
116            CIDRs opened in GCE firewall for  L4  LB  traffic  proxy    health
117       checks
118
119
120       --cluster=""      The name of the kubeconfig cluster to use
121
122
123       --container-hints="/etc/cadvisor/container_hints.json"      location of
124       the container hints file
125
126
127       --containerd="/run/containerd/containerd.sock"      containerd endpoint
128
129
130       --containerd-namespace="k8s.io"      containerd namespace
131
132
133       --context=""      The name of the kubeconfig context to use
134
135
136       --default-not-ready-toleration-seconds=300      Indicates  the  tolera‐
137       tionSeconds  of  the toleration for notReady:NoExecute that is added by
138       default to every pod that does not already have such a toleration.
139
140
141       --default-unreachable-toleration-seconds=300      Indicates the tolera‐
142       tionSeconds  of  the toleration for unreachable:NoExecute that is added
143       by default to every pod that does not already have such a toleration.
144
145
146       --disable-root-cgroup-stats=false      Disable collecting  root  Cgroup
147       stats
148
149
150       --docker="unix:///var/run/docker.sock"      docker endpoint
151
152
153       --docker-env-metadata-whitelist=""      a comma-separated list of envi‐
154       ronment variable keys matched with specified prefix that  needs  to  be
155       collected for docker containers
156
157
158       --docker-only=false       Only  report docker containers in addition to
159       root stats
160
161
162       --docker-root="/var/lib/docker"      DEPRECATED: docker  root  is  read
163       from docker info (this is a fallback, default: /var/lib/docker)
164
165
166       --docker-tls=false      use TLS to connect to docker
167
168
169       --docker-tls-ca="ca.pem"      path to trusted CA
170
171
172       --docker-tls-cert="cert.pem"      path to client certificate
173
174
175       --docker-tls-key="key.pem"      path to private key
176
177
178       --enable-load-reader=false      Whether to enable cpu load reader
179
180
181       --event-storage-age-limit="default=0"      Max length of time for which
182       to store events (per type). Value is a comma separated list of key val‐
183       ues,  where the keys are event types (e.g.: creation, oom) or "default"
184       and the value is a duration. Default is applied  to  all  non-specified
185       event types
186
187
188       --event-storage-event-limit="default=0"       Max  number  of events to
189       store (per type). Value is a comma separated list of key values,  where
190       the  keys  are  event  types (e.g.: creation, oom) or "default" and the
191       value is an integer. Default is  applied  to  all  non-specified  event
192       types
193
194
195       --global-housekeeping-interval=1m0s      Interval between global house‐
196       keepings
197
198
199       --housekeeping-interval=10s      Interval between container  housekeep‐
200       ings
201
202
203       --insecure-skip-tls-verify=false      If true, the server's certificate
204       will not be checked for validity. This will make your HTTPS connections
205       insecure
206
207
208       --kubeconfig=""      use a particular kubeconfig file
209
210
211       --log-backtrace-at=:0       when logging hits line file:N, emit a stack
212       trace
213
214
215       --log-cadvisor-usage=false      Whether to log the usage of the  cAdvi‐
216       sor container
217
218
219       --log-dir=""      If non-empty, write log files in this directory
220
221
222       --log-file=""      If non-empty, use this log file
223
224
225       --log-file-max-size=1800       Defines  the maximum size a log file can
226       grow to. Unit is megabytes. If the value is 0, the maximum file size is
227       unlimited.
228
229
230       --log-flush-frequency=5s       Maximum  number  of  seconds between log
231       flushes
232
233
234       --logtostderr=true      log to standard error instead of files
235
236
237       --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
238            Comma-separated  list  of  files  to check for machine-id. Use the
239       first one that exists.
240
241
242       --match-server-version=false       Require  server  version  to   match
243       client version
244
245
246       -n,  --namespace=""       If  present, the namespace scope for this CLI
247       request
248
249
250       --one-output=false      If true, only write logs to their native sever‐
251       ity level (vs also writing to each lower severity level)
252
253
254       --password=""      Password for basic authentication to the API server
255
256
257       --profile="none"         Name   of   profile   to   capture.   One   of
258       (none|cpu|heap|goroutine|threadcreate|block|mutex)
259
260
261       --profile-output="profile.pprof"      Name of the  file  to  write  the
262       profile to
263
264
265       --referenced-reset-interval=0       Reset interval for referenced bytes
266       (container_referenced_bytes metric), number of measurement cycles after
267       which  referenced  bytes  are cleared, if set to 0 referenced bytes are
268       never cleared (default: 0)
269
270
271       --request-timeout="0"      The length of time to wait before giving  up
272       on  a  single  server  request. Non-zero values should contain a corre‐
273       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
274       out requests.
275
276
277       -s, --server=""      The address and port of the Kubernetes API server
278
279
280       --skip-headers=false       If  true,  avoid  header prefixes in the log
281       messages
282
283
284       --skip-log-headers=false      If true, avoid headers when  opening  log
285       files
286
287
288       --stderrthreshold=2      logs at or above this threshold go to stderr
289
290
291       --storage-driver-buffer-duration=1m0s      Writes in the storage driver
292       will be buffered for this duration, and committed  to  the  non  memory
293       backends as a single transaction
294
295
296       --storage-driver-db="cadvisor"      database name
297
298
299       --storage-driver-host="localhost:8086"      database host:port
300
301
302       --storage-driver-password="root"      database password
303
304
305       --storage-driver-secure=false      use secure connection with database
306
307
308       --storage-driver-table="stats"      table name
309
310
311       --storage-driver-user="root"      database username
312
313
314       --tls-server-name=""       Server  name  to  use for server certificate
315       validation. If it is not provided, the hostname  used  to  contact  the
316       server is used
317
318
319       --token=""      Bearer token for authentication to the API server
320
321
322       --update-machine-info-interval=5m0s       Interval between machine info
323       updates.
324
325
326       --user=""      The name of the kubeconfig user to use
327
328
329       --username=""      Username for basic authentication to the API server
330
331
332       -v, --v=0      number for the log level verbosity
333
334
335       --version=false      Print version information and quit
336
337
338       --vmodule=       comma-separated  list  of   pattern=N   settings   for
339       file-filtered logging
340
341
342       --warnings-as-errors=false      Treat warnings received from the server
343       as errors and exit with a non-zero exit code
344
345
346

EXAMPLE

348                # Set only the "client-key" field on the "cluster-admin"
349                # entry, without touching other values:
350                kubectl config set-credentials cluster-admin --client-key= /.kube/admin.key
351
352                # Set basic auth for the "cluster-admin" entry
353                kubectl config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif
354
355                # Embed client certificate data in the "cluster-admin" entry
356                kubectl config set-credentials cluster-admin --client-certificate= /.kube/admin.crt --embed-certs=true
357
358                # Enable the Google Compute Platform auth provider for the "cluster-admin" entry
359                kubectl config set-credentials cluster-admin --auth-provider=gcp
360
361                # Enable the OpenID Connect auth provider for the "cluster-admin" entry with additional args
362                kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar
363
364                # Remove the "client-secret" config value for the OpenID Connect auth provider for the "cluster-admin" entry
365                kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret-
366
367                # Enable new exec auth plugin for the "cluster-admin" entry
368                kubectl config set-credentials cluster-admin --exec-command=/path/to/the/executable --exec-api-version=client.authentication.k8s.io/v1beta1
369
370                # Define new exec auth plugin args for the "cluster-admin" entry
371                kubectl config set-credentials cluster-admin --exec-arg=arg1 --exec-arg=arg2
372
373                # Create or update exec auth plugin environment variables for the "cluster-admin" entry
374                kubectl config set-credentials cluster-admin --exec-env=key1=val1 --exec-env=key2=val2
375
376                # Remove exec auth plugin environment variables for the "cluster-admin" entry
377                kubectl config set-credentials cluster-admin --exec-env=var-to-remove-
378
379
380
381

SEE ALSO

383       kubectl-config(1),
384
385
386

HISTORY

388       January 2015, Originally compiled by Eric Paris (eparis at  redhat  dot
389       com)  based  on the kubernetes source material, but hopefully they have
390       been automatically generated since!
391
392
393
394Manuals                              User            KUBERNETES(1)(kubernetes)
Impressum