1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl config set-credentials - Sets a user entry in kubeconfig
10
14 kubectl config set-credentials [OPTIONS]
15
19 Sets a user entry in kubeconfig
20 Specifying a name that already exists will merge new fields on top of
23 existing values.
24 Client-certificate flags:
27 --client-certificate=certfile --client-key=keyfile
28 Bearer token flags:
31 --token=bearer_token
32 Basic auth flags:
35 --username=basic_user --password=basic_password
36 Bearer token and basic auth are mutually exclusive.
39
43 --auth-provider="" Auth provider for the user entry in kubeconfig
44 --auth-provider-arg=[] 'key=value' arguments for the auth provider
47 --embed-certs=false Embed client cert/key for the user entry in
50 kubeconfig
51 --exec-api-version="" API version of the exec credential plugin
54 for the user entry in kubeconfig
55 --exec-arg=[] New arguments for the exec credential plugin command
58 for the user entry in kubeconfig
59 --exec-command="" Command for the exec credential plugin for the
62 user entry in kubeconfig
63 --exec-env=[] 'key=value' environment values for the exec creden‐
66 tial plugin
67
71 --add-dir-header=false If true, adds the file directory to the
72 header of the log messages
73 --alsologtostderr=false log to standard error as well as files
76 --application-metrics-count-limit=100 Max number of application
79 metrics to store (per container)
80 --as="" Username to impersonate for the operation
83 --as-group=[] Group to impersonate for the operation, this flag
86 can be repeated to specify multiple groups.
87 --azure-container-registry-config="" Path to the file containing
90 Azure container registry configuration information.
91 --boot-id-file="/proc/sys/kernel/random/boot_id" Comma-separated
94 list of files to check for boot-id. Use the first one that exists.
95 --cache-dir="/builddir/.kube/cache" Default cache directory
98 --certificate-authority="" Path to a cert file for the certificate
101 authority
102 --client-certificate="" Path to a client certificate file for TLS
105 --client-key="" Path to a client key file for TLS
108 --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
111 CIDRs opened in GCE firewall for L7 LB traffic proxy health
112 checks
113 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
116 CIDRs opened in GCE firewall for L4 LB traffic proxy health
117 checks
118 --cluster="" The name of the kubeconfig cluster to use
121 --container-hints="/etc/cadvisor/container_hints.json" location of
124 the container hints file
125 --containerd="/run/containerd/containerd.sock" containerd endpoint
128 --containerd-namespace="k8s.io" containerd namespace
131 --context="" The name of the kubeconfig context to use
134 --default-not-ready-toleration-seconds=300 Indicates the tolera‐
137 tionSeconds of the toleration for notReady:NoExecute that is added by
138 default to every pod that does not already have such a toleration.
139 --default-unreachable-toleration-seconds=300 Indicates the tolera‐
142 tionSeconds of the toleration for unreachable:NoExecute that is added
143 by default to every pod that does not already have such a toleration.
144 --disable-root-cgroup-stats=false Disable collecting root Cgroup
147 stats
148 --docker="unix:///var/run/docker.sock" docker endpoint
151 --docker-env-metadata-whitelist="" a comma-separated list of envi‐
154 ronment variable keys matched with specified prefix that needs to be
155 collected for docker containers
156 --docker-only=false Only report docker containers in addition to
159 root stats
160 --docker-root="/var/lib/docker" DEPRECATED: docker root is read
163 from docker info (this is a fallback, default: /var/lib/docker)
164 --docker-tls=false use TLS to connect to docker
167 --docker-tls-ca="ca.pem" path to trusted CA
170 --docker-tls-cert="cert.pem" path to client certificate
173 --docker-tls-key="key.pem" path to private key
176 --enable-load-reader=false Whether to enable cpu load reader
179 --event-storage-age-limit="default=0" Max length of time for which
182 to store events (per type). Value is a comma separated list of key val‐
183 ues, where the keys are event types (e.g.: creation, oom) or "default"
184 and the value is a duration. Default is applied to all non-specified
185 event types
186 --event-storage-event-limit="default=0" Max number of events to
189 store (per type). Value is a comma separated list of key values, where
190 the keys are event types (e.g.: creation, oom) or "default" and the
191 value is an integer. Default is applied to all non-specified event
192 types
193 --global-housekeeping-interval=1m0s Interval between global house‐
196 keepings
197 --housekeeping-interval=10s Interval between container housekeep‐
200 ings
201 --insecure-skip-tls-verify=false If true, the server's certificate
204 will not be checked for validity. This will make your HTTPS connections
205 insecure
206 --kubeconfig="" use a particular kubeconfig file
209 --log-backtrace-at=:0 when logging hits line file:N, emit a stack
212 trace
213 --log-cadvisor-usage=false Whether to log the usage of the cAdvi‐
216 sor container
217 --log-dir="" If non-empty, write log files in this directory
220 --log-file="" If non-empty, use this log file
223 --log-file-max-size=1800 Defines the maximum size a log file can
226 grow to. Unit is megabytes. If the value is 0, the maximum file size is
227 unlimited.
228 --log-flush-frequency=5s Maximum number of seconds between log
231 flushes
232 --logtostderr=true log to standard error instead of files
235 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
238 Comma-separated list of files to check for machine-id. Use the
239 first one that exists.
240 --match-server-version=false Require server version to match
243 client version
244 -n, --namespace="" If present, the namespace scope for this CLI
247 request
248 --one-output=false If true, only write logs to their native sever‐
251 ity level (vs also writing to each lower severity level)
252 --password="" Password for basic authentication to the API server
255 --profile="none" Name of profile to capture. One of
258 (none|cpu|heap|goroutine|threadcreate|block|mutex)
259 --profile-output="profile.pprof" Name of the file to write the
262 profile to
263 --referenced-reset-interval=0 Reset interval for referenced bytes
266 (container_referenced_bytes metric), number of measurement cycles after
267 which referenced bytes are cleared, if set to 0 referenced bytes are
268 never cleared (default: 0)
269 --request-timeout="0" The length of time to wait before giving up
272 on a single server request. Non-zero values should contain a corre‐
273 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
274 out requests.
275 -s, --server="" The address and port of the Kubernetes API server
278 --skip-headers=false If true, avoid header prefixes in the log
281 messages
282 --skip-log-headers=false If true, avoid headers when opening log
285 files
286 --stderrthreshold=2 logs at or above this threshold go to stderr
289 --storage-driver-buffer-duration=1m0s Writes in the storage driver
292 will be buffered for this duration, and committed to the non memory
293 backends as a single transaction
294 --storage-driver-db="cadvisor" database name
297 --storage-driver-host="localhost:8086" database host:port
300 --storage-driver-password="root" database password
303 --storage-driver-secure=false use secure connection with database
306 --storage-driver-table="stats" table name
309 --storage-driver-user="root" database username
312 --tls-server-name="" Server name to use for server certificate
315 validation. If it is not provided, the hostname used to contact the
316 server is used
317 --token="" Bearer token for authentication to the API server
320 --update-machine-info-interval=5m0s Interval between machine info
323 updates.
324 --user="" The name of the kubeconfig user to use
327 --username="" Username for basic authentication to the API server
330 -v, --v=0 number for the log level verbosity
333 --version=false Print version information and quit
336 --vmodule= comma-separated list of pattern=N settings for
339 file-filtered logging
340 --warnings-as-errors=false Treat warnings received from the server
343 as errors and exit with a non-zero exit code
344
348 # Set only the "client-key" field on the "cluster-admin"
349 # entry, without touching other values:
350 kubectl config set-credentials cluster-admin --client-key= /.kube/admin.key
351 # Set basic auth for the "cluster-admin" entry
353 kubectl config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif
354 # Embed client certificate data in the "cluster-admin" entry
356 kubectl config set-credentials cluster-admin --client-certificate= /.kube/admin.crt --embed-certs=true
357 # Enable the Google Compute Platform auth provider for the "cluster-admin" entry
359 kubectl config set-credentials cluster-admin --auth-provider=gcp
360 # Enable the OpenID Connect auth provider for the "cluster-admin" entry with additional args
362 kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar
363 # Remove the "client-secret" config value for the OpenID Connect auth provider for the "cluster-admin" entry
365 kubectl config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret-
366 # Enable new exec auth plugin for the "cluster-admin" entry
368 kubectl config set-credentials cluster-admin --exec-command=/path/to/the/executable --exec-api-version=client.authentication.k8s.io/v1beta1
369 # Define new exec auth plugin args for the "cluster-admin" entry
371 kubectl config set-credentials cluster-admin --exec-arg=arg1 --exec-arg=arg2
372 # Create or update exec auth plugin environment variables for the "cluster-admin" entry
374 kubectl config set-credentials cluster-admin --exec-env=key1=val1 --exec-env=key2=val2
375 # Remove exec auth plugin environment variables for the "cluster-admin" entry
377 kubectl config set-credentials cluster-admin --exec-env=var-to-remove-
378
383 kubectl-config(1),
384
388 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
389 com) based on the kubernetes source material, but hopefully they have
390 been automatically generated since!
391Manuals User KUBERNETES(1)(kubernetes)