1OC ADM POLICY(1)                   June 2016                  OC ADM POLICY(1)
2
3
4

NAME

6       oc  adm policy add-role-to-group - Add a role to groups for the current
7       project
8
9
10

SYNOPSIS

12       oc adm policy add-role-to-group [OPTIONS]
13
14
15

DESCRIPTION

17       Add a role to groups for the current project
18
19
20       This command allows you to grant a group access to  specific  resources
21       and actions within the current project, by assigning them to a role. It
22       creates or modifies a RoleBinding referencing the specified role adding
23       the group(s) to the list of subjects. The command does not require that
24       the matching role or group resources exist and will create the  binding
25       successfully  even when the role or group do not exist or when the user
26       does not have access to view them.
27
28
29       If the --rolebinding-name argument is supplied, it  will  look  for  an
30       existing rolebinding with that name. The role on the matching rolebind‐
31       ing MUST match the role name supplied to the command. If no rolebinding
32       name is given, a default name will be used. When --role-namespace argu‐
33       ment is specified as a non-empty  value,  it  MUST  match  the  current
34       namespace.  When role-namespace is specified, the rolebinding will ref‐
35       erence a namespaced Role. Otherwise, the rolebinding will  reference  a
36       ClusterRole resource.
37
38
39       To  learn more, see information about RBAC and policy, or use the 'get'
40       and 'describe' commands on  the  following  resources:  'clusterroles',
41       'clusterrolebindings',  'roles', 'rolebindings', 'users', 'groups', and
42       'serviceaccounts'.
43
44
45

OPTIONS

47       --allow-missing-template-keys=true
48           If true, ignore any errors in templates when a field or map key  is
49       missing  in  the  template.  Only applies to golang and jsonpath output
50       formats.
51
52
53       --dry-run=false
54           If true, only print the object that would be sent, without  sending
55       it.
56
57
58       --no-headers=false
59           When  using the default or custom-column output format, don't print
60       headers (default print headers).
61
62
63       -o, --output=""
64           Output format. One of:  json|yaml|wide|name|custom-columns=...|cus‐
65       tom-columns-file=...|go-template=...|go-template-file=...|json‐
66       path=...|jsonpath-file=...  See   custom   columns   [   ⟨http://kuber‐
67       netes.io/docs/user-guide/kubectl-overview/#custom-columns⟩],     golang
68       template  [  ⟨http://golang.org/pkg/text/template/#pkg-overview⟩]   and
69       jsonpath template [ ⟨http://kubernetes.io/docs/user-guide/jsonpath⟩].
70
71
72       --role-namespace=""
73           namespace  where the role is located: empty means a role defined in
74       cluster policy
75
76
77       --rolebinding-name=""
78           Name of the rolebinding to modify or create. If left empty  creates
79       a new rolebinding with a default name
80
81
82       --show-labels=false
83           When  printing,  show  all  labels as the last column (default hide
84       labels column)
85
86
87       --sort-by=""
88           If non-empty, sort list types using this field specification.   The
89       field  specification  is  expressed  as  a  JSONPath  expression  (e.g.
90       '{.metadata.name}'). The field in the API resource  specified  by  this
91       JSONPath expression must be an integer or a string.
92
93
94       --template=""
95           Template  string  or  path  to template file to use when -o=go-tem‐
96       plate, -o=go-template-file. The template format is golang  templates  [
97       ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
98
99
100

OPTIONS INHERITED FROM PARENT COMMANDS

102       --allow_verification_with_non_compliant_keys=false
103           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
104       non-compliant with RFC6962.
105
106
107       --alsologtostderr=false
108           log to standard error as well as files
109
110
111       --application_metrics_count_limit=100
112           Max number of application metrics to store (per container)
113
114
115       --as=""
116           Username to impersonate for the operation
117
118
119       --as-group=[]
120           Group to impersonate for the operation, this flag can  be  repeated
121       to specify multiple groups.
122
123
124       --azure-container-registry-config=""
125           Path  to the file containing Azure container registry configuration
126       information.
127
128
129       --boot_id_file="/proc/sys/kernel/random/boot_id"
130           Comma-separated list of files to check for boot-id. Use  the  first
131       one that exists.
132
133
134       --cache-dir="/builddir/.kube/http-cache"
135           Default HTTP cache directory
136
137
138       --certificate-authority=""
139           Path to a cert file for the certificate authority
140
141
142       --client-certificate=""
143           Path to a client certificate file for TLS
144
145
146       --client-key=""
147           Path to a client key file for TLS
148
149
150       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
151           CIDRs opened in GCE firewall for LB traffic proxy  health checks
152
153
154       --cluster=""
155           The name of the kubeconfig cluster to use
156
157
158       --container_hints="/etc/cadvisor/container_hints.json"
159           location of the container hints file
160
161
162       --containerd="unix:///var/run/containerd.sock"
163           containerd endpoint
164
165
166       --context=""
167           The name of the kubeconfig context to use
168
169
170       --default-not-ready-toleration-seconds=300
171           Indicates   the   tolerationSeconds   of   the    toleration    for
172       notReady:NoExecute  that is added by default to every pod that does not
173       already have such a toleration.
174
175
176       --default-unreachable-toleration-seconds=300
177           Indicates the tolerationSeconds  of  the  toleration  for  unreach‐
178       able:NoExecute  that  is  added  by  default to every pod that does not
179       already have such a toleration.
180
181
182       --docker="unix:///var/run/docker.sock"
183           docker endpoint
184
185
186       --docker-tls=false
187           use TLS to connect to docker
188
189
190       --docker-tls-ca="ca.pem"
191           path to trusted CA
192
193
194       --docker-tls-cert="cert.pem"
195           path to client certificate
196
197
198       --docker-tls-key="key.pem"
199           path to private key
200
201
202       --docker_env_metadata_whitelist=""
203           a comma-separated list of environment variable keys that  needs  to
204       be collected for docker containers
205
206
207       --docker_only=false
208           Only report docker containers in addition to root stats
209
210
211       --docker_root="/var/lib/docker"
212           DEPRECATED:  docker  root is read from docker info (this is a fall‐
213       back, default: /var/lib/docker)
214
215
216       --enable_load_reader=false
217           Whether to enable cpu load reader
218
219
220       --event_storage_age_limit="default=24h"
221           Max length of time for which to store events (per type). Value is a
222       comma  separated  list  of  key  values, where the keys are event types
223       (e.g.: creation, oom) or "default" and the value is a duration. Default
224       is applied to all non-specified event types
225
226
227       --event_storage_event_limit="default=100000"
228           Max  number  of  events to store (per type). Value is a comma sepa‐
229       rated list of key values, where the keys are event  types  (e.g.:  cre‐
230       ation,  oom)  or  "default"  and  the  value  is an integer. Default is
231       applied to all non-specified event types
232
233
234       --global_housekeeping_interval=0
235           Interval between global housekeepings
236
237
238       --housekeeping_interval=0
239           Interval between container housekeepings
240
241
242       --insecure-skip-tls-verify=false
243           If true, the server's certificate will not be checked for validity.
244       This will make your HTTPS connections insecure
245
246
247       --kubeconfig=""
248           Path to the kubeconfig file to use for CLI requests.
249
250
251       --log-flush-frequency=0
252           Maximum number of seconds between log flushes
253
254
255       --log_backtrace_at=:0
256           when logging hits line file:N, emit a stack trace
257
258
259       --log_cadvisor_usage=false
260           Whether to log the usage of the cAdvisor container
261
262
263       --log_dir=""
264           If non-empty, write log files in this directory
265
266
267       --logtostderr=true
268           log to standard error instead of files
269
270
271       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
272           Comma-separated  list  of  files  to  check for machine-id. Use the
273       first one that exists.
274
275
276       --match-server-version=false
277           Require server version to match client version
278
279
280       -n, --namespace=""
281           If present, the namespace scope for this CLI request
282
283
284       --request-timeout="0"
285           The length of time to wait before giving  up  on  a  single  server
286       request. Non-zero values should contain a corresponding time unit (e.g.
287       1s, 2m, 3h). A value of zero means don't timeout requests.
288
289
290       -s, --server=""
291           The address and port of the Kubernetes API server
292
293
294       --stderrthreshold=2
295           logs at or above this threshold go to stderr
296
297
298       --storage_driver_buffer_duration=0
299           Writes in the storage driver will be buffered  for  this  duration,
300       and committed to the non memory backends as a single transaction
301
302
303       --storage_driver_db="cadvisor"
304           database name
305
306
307       --storage_driver_host="localhost:8086"
308           database host:port
309
310
311       --storage_driver_password="root"
312           database password
313
314
315       --storage_driver_secure=false
316           use secure connection with database
317
318
319       --storage_driver_table="stats"
320           table name
321
322
323       --storage_driver_user="root"
324           database username
325
326
327       --token=""
328           Bearer token for authentication to the API server
329
330
331       --user=""
332           The name of the kubeconfig user to use
333
334
335       -v, --v=0
336           log level for V logs
337
338
339       --version=false
340           Print version information and quit
341
342
343       --vmodule=
344           comma-separated  list  of pattern=N settings for file-filtered log‐
345       ging
346
347
348

SEE ALSO

350       oc-adm-policy(1),
351
352
353

HISTORY

355       June 2016, Ported from the Kubernetes man-doc generator
356
357
358
359Openshift                  Openshift CLI User Manuals         OC ADM POLICY(1)