1OC ADM GROUPS(1)                   June 2016                  OC ADM GROUPS(1)
2
3
4

NAME

6       oc  adm  groups prune - Remove old OpenShift groups referencing missing
7       records on an external provider
8
9
10

SYNOPSIS

12       oc adm groups prune [OPTIONS]
13
14
15

DESCRIPTION

17       Prune OpenShift Groups referencing missing records on from an  external
18       provider.
19
20
21       In  order to prune OpenShift Group records using those from an external
22       provider, determine which Groups you wish to prune. For  instance,  all
23       or  some groups may be selected from the current Groups stored in Open‐
24       Shift that have been synced previously. Any combination  of  a  literal
25       whitelist, a whitelist file and a blacklist file is supported. The path
26       to a sync configuration file that was used for syncing  the  groups  in
27       question  is  required  in order to describe how data is requested from
28       the external record store. Default behavior is to  indicate  all  Open‐
29       Shift  groups  for which the external record does not exist, to run the
30       pruning process and commit the results, use the --confirm flag.
31
32
33

OPTIONS

35       --blacklist=""
36           path to the group blacklist file
37
38
39       --confirm=false
40           if true, modify OpenShift groups; if false, display groups
41
42
43       --sync-config=""
44           path to the sync config
45
46
47       --whitelist=""
48           path to the group whitelist file
49
50
51

OPTIONS INHERITED FROM PARENT COMMANDS

53       --allow_verification_with_non_compliant_keys=false
54           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
55       non-compliant with RFC6962.
56
57
58       --alsologtostderr=false
59           log to standard error as well as files
60
61
62       --application_metrics_count_limit=100
63           Max number of application metrics to store (per container)
64
65
66       --as=""
67           Username to impersonate for the operation
68
69
70       --as-group=[]
71           Group  to  impersonate for the operation, this flag can be repeated
72       to specify multiple groups.
73
74
75       --azure-container-registry-config=""
76           Path to the file containing Azure container registry  configuration
77       information.
78
79
80       --boot_id_file="/proc/sys/kernel/random/boot_id"
81           Comma-separated  list  of files to check for boot-id. Use the first
82       one that exists.
83
84
85       --cache-dir="/builddir/.kube/http-cache"
86           Default HTTP cache directory
87
88
89       --certificate-authority=""
90           Path to a cert file for the certificate authority
91
92
93       --client-certificate=""
94           Path to a client certificate file for TLS
95
96
97       --client-key=""
98           Path to a client key file for TLS
99
100
101       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
102           CIDRs opened in GCE firewall for LB traffic proxy  health checks
103
104
105       --cluster=""
106           The name of the kubeconfig cluster to use
107
108
109       --container_hints="/etc/cadvisor/container_hints.json"
110           location of the container hints file
111
112
113       --containerd="unix:///var/run/containerd.sock"
114           containerd endpoint
115
116
117       --context=""
118           The name of the kubeconfig context to use
119
120
121       --default-not-ready-toleration-seconds=300
122           Indicates    the    tolerationSeconds   of   the   toleration   for
123       notReady:NoExecute that is added by default to every pod that does  not
124       already have such a toleration.
125
126
127       --default-unreachable-toleration-seconds=300
128           Indicates  the  tolerationSeconds  of  the  toleration for unreach‐
129       able:NoExecute that is added by default to  every  pod  that  does  not
130       already have such a toleration.
131
132
133       --docker="unix:///var/run/docker.sock"
134           docker endpoint
135
136
137       --docker-tls=false
138           use TLS to connect to docker
139
140
141       --docker-tls-ca="ca.pem"
142           path to trusted CA
143
144
145       --docker-tls-cert="cert.pem"
146           path to client certificate
147
148
149       --docker-tls-key="key.pem"
150           path to private key
151
152
153       --docker_env_metadata_whitelist=""
154           a  comma-separated  list of environment variable keys that needs to
155       be collected for docker containers
156
157
158       --docker_only=false
159           Only report docker containers in addition to root stats
160
161
162       --docker_root="/var/lib/docker"
163           DEPRECATED: docker root is read from docker info (this is  a  fall‐
164       back, default: /var/lib/docker)
165
166
167       --enable_load_reader=false
168           Whether to enable cpu load reader
169
170
171       --event_storage_age_limit="default=24h"
172           Max length of time for which to store events (per type). Value is a
173       comma separated list of key values, where  the  keys  are  event  types
174       (e.g.: creation, oom) or "default" and the value is a duration. Default
175       is applied to all non-specified event types
176
177
178       --event_storage_event_limit="default=100000"
179           Max number of events to store (per type). Value is  a  comma  sepa‐
180       rated  list  of  key values, where the keys are event types (e.g.: cre‐
181       ation, oom) or "default" and  the  value  is  an  integer.  Default  is
182       applied to all non-specified event types
183
184
185       --global_housekeeping_interval=0
186           Interval between global housekeepings
187
188
189       --housekeeping_interval=0
190           Interval between container housekeepings
191
192
193       --insecure-skip-tls-verify=false
194           If true, the server's certificate will not be checked for validity.
195       This will make your HTTPS connections insecure
196
197
198       --kubeconfig=""
199           Path to the kubeconfig file to use for CLI requests.
200
201
202       --log-flush-frequency=0
203           Maximum number of seconds between log flushes
204
205
206       --log_backtrace_at=:0
207           when logging hits line file:N, emit a stack trace
208
209
210       --log_cadvisor_usage=false
211           Whether to log the usage of the cAdvisor container
212
213
214       --log_dir=""
215           If non-empty, write log files in this directory
216
217
218       --logtostderr=true
219           log to standard error instead of files
220
221
222       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
223           Comma-separated list of files to  check  for  machine-id.  Use  the
224       first one that exists.
225
226
227       --match-server-version=false
228           Require server version to match client version
229
230
231       -n, --namespace=""
232           If present, the namespace scope for this CLI request
233
234
235       --request-timeout="0"
236           The  length  of  time  to  wait before giving up on a single server
237       request. Non-zero values should contain a corresponding time unit (e.g.
238       1s, 2m, 3h). A value of zero means don't timeout requests.
239
240
241       -s, --server=""
242           The address and port of the Kubernetes API server
243
244
245       --stderrthreshold=2
246           logs at or above this threshold go to stderr
247
248
249       --storage_driver_buffer_duration=0
250           Writes  in  the  storage driver will be buffered for this duration,
251       and committed to the non memory backends as a single transaction
252
253
254       --storage_driver_db="cadvisor"
255           database name
256
257
258       --storage_driver_host="localhost:8086"
259           database host:port
260
261
262       --storage_driver_password="root"
263           database password
264
265
266       --storage_driver_secure=false
267           use secure connection with database
268
269
270       --storage_driver_table="stats"
271           table name
272
273
274       --storage_driver_user="root"
275           database username
276
277
278       --token=""
279           Bearer token for authentication to the API server
280
281
282       --user=""
283           The name of the kubeconfig user to use
284
285
286       -v, --v=0
287           log level for V logs
288
289
290       --version=false
291           Print version information and quit
292
293
294       --vmodule=
295           comma-separated list of pattern=N settings for  file-filtered  log‐
296       ging
297
298
299

EXAMPLE

301                # Prune all orphaned groups
302                oc adm groups prune --sync-config=/path/to/ldap-sync-config.yaml --confirm
303
304                # Prune all orphaned groups except the ones from the blacklist file
305                oc adm groups prune --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
306
307                # Prune all orphaned groups from a list of specific groups specified in a whitelist file
308                oc adm groups prune --whitelist=/path/to/whitelist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
309
310                # Prune all orphaned groups from a list of specific groups specified in a whitelist
311                oc adm groups prune groups/group_name groups/other_name --sync-config=/path/to/ldap-sync-config.yaml --confirm
312
313
314
315

SEE ALSO

317       oc-adm-groups(1),
318
319
320

HISTORY

322       June 2016, Ported from the Kubernetes man-doc generator
323
324
325
326Openshift                  Openshift CLI User Manuals         OC ADM GROUPS(1)
Impressum