Red Hat SummitThis documentation is for a release that is no longer maintained
See documentation for the latest supported version 3 or the latest supported version 4.Chapter 5. Administrator CLI commands
5.1. Cluster management CLI commands
5.1.1. must-gather
Bulk collect data about the current state of your cluster to debug issues.
Example: Gather debugging information
oc adm must-gather
$ oc adm must-gather5.1.2. top
Show usage statistics of resources on the server.
Example: Show CPU and memory usage for Pods
oc adm top pods
$ oc adm top podsExample: Show usage statistics for images
oc adm top images
$ oc adm top images5.2. Node management CLI commands
5.2.1. cordon
Mark a node as unschedulable. Manually marking a node as unschedulable blocks any new pods from being scheduled on the node, but does not affect existing pods on the node.
Example: Mark node1 as unschedulable
oc adm cordon node1
$ oc adm cordon node15.2.2. drain
Drain a node in preparation for maintenance.
Example: Drain node1
oc adm drain node1
$ oc adm drain node15.2.3. node-logs
Display and filter node logs.
Example: Get logs for NetworkManager
oc adm node-logs --role master -u NetworkManager.service
$ oc adm node-logs --role master -u NetworkManager.service5.2.4. taint
Update the taints on one or more nodes.
Example: Add a taint to dedicate a node for a set of users
oc adm taint nodes node1 dedicated=groupName:NoSchedule
$ oc adm taint nodes node1 dedicated=groupName:NoScheduleExample: Remove the taints with key dedicated from node node1
oc adm taint nodes node1 dedicated-
$ oc adm taint nodes node1 dedicated-5.2.5. uncordon
Mark a node as schedulable.
Example: Mark node1 as schedulable
oc adm uncordon node1
$ oc adm uncordon node15.3. Security and policy CLI commands
5.3.1. certificate
Approve or reject certificate signing requests (CSRs).
Example: Approve a CSR
oc adm certificate approve csr-sqgzp
$ oc adm certificate approve csr-sqgzp5.3.2. groups
Manage groups in your cluster.
Example: Create a new group
oc adm groups new my-group
$ oc adm groups new my-group5.3.3. new-project
Create a new project and specify administrative options.
Example: Create a new project using a node selector
oc adm new-project myproject --node-selector='type=user-node,region=east'
$ oc adm new-project myproject --node-selector='type=user-node,region=east'5.3.4. pod-network
Manage Pod networks in the cluster.
Example: Isolate project1 and project2 from other non-global projects
oc adm pod-network isolate-projects project1 project2
$ oc adm pod-network isolate-projects project1 project25.3.5. policy
Manage roles and policies on the cluster.
Example: Add the edit role to user1 for all projects
oc adm policy add-cluster-role-to-user edit user1
$ oc adm policy add-cluster-role-to-user edit user1Example: Add the privileged security context constraint to a service account
oc adm policy add-scc-to-user privileged -z myserviceaccount
$ oc adm policy add-scc-to-user privileged -z myserviceaccount5.4. Maintenance CLI commands
5.4.1. migrate
Migrate resources on the cluster to a new version or format depending on the subcommand used.
Example: Perform an update of all stored objects
oc adm migrate storage
$ oc adm migrate storageExample: Perform an update of only Pods
oc adm migrate storage --include=pods
$ oc adm migrate storage --include=pods5.4.2. prune
Remove older versions of resources from the server.
Example: Prune older builds including those whose BuildConfigs no longer exist
oc adm prune builds --orphans
$ oc adm prune builds --orphans5.5. Configuration CLI commands
5.5.1. create-api-client-config
Create a client configuration for connecting to the server. This creates a folder containing a client certificate, a client key, a server certificate authority, and a kubeconfig file for connecting to the master as the provided user.
Example: Generate a client certificate for a proxy
5.5.2. create-bootstrap-policy-file
Create the default bootstrap policy.
Example: Create a file called policy.json with the default bootstrap policy
oc adm create-bootstrap-policy-file --filename=policy.json
$ oc adm create-bootstrap-policy-file --filename=policy.json5.5.3. create-bootstrap-project-template
Create a bootstrap project template.
Example: Output a bootstrap project template in YAML format to stdout
oc adm create-bootstrap-project-template -o yaml
$ oc adm create-bootstrap-project-template -o yaml5.5.4. create-error-template
Create a template for customizing the error page.
Example: Output a template for the error page to stdout
oc adm create-error-template
$ oc adm create-error-template5.5.5. create-kubeconfig
Creates a basic .kubeconfig file from client certificates.
Example: Create a .kubeconfig file with the provided client certificates
oc adm create-kubeconfig \ --client-certificate=/path/to/client.crt \ --client-key=/path/to/client.key \ --certificate-authority=/path/to/ca.crt
$ oc adm create-kubeconfig \
--client-certificate=/path/to/client.crt \
--client-key=/path/to/client.key \
--certificate-authority=/path/to/ca.crt5.5.6. create-login-template
Create a template for customizing the login page.
Example: Output a template for the login page to stdout
oc adm create-login-template
$ oc adm create-login-template5.5.7. create-provider-selection-template
Create a template for customizing the provider selection page.
Example: Output a template for the provider selection page to stdout
oc adm create-provider-selection-template
$ oc adm create-provider-selection-template5.6. Other Administrator CLI commands
5.6.1. build-chain
Output the inputs and dependencies of any builds.
Example: Output dependencies for the perl imagestream
oc adm build-chain perl
$ oc adm build-chain perl5.6.2. completion
Output shell completion code for the oc adm commands for the specified shell.
Example: Display oc adm completion code for Bash
oc adm completion bash
$ oc adm completion bash5.6.3. config
Manage the client configuration files. This command has the same behavior as the oc config command.
Example: Display the current configuration
oc adm config view
$ oc adm config viewExample: Switch to a different context
oc adm config use-context test-context
$ oc adm config use-context test-context5.6.4. release
Manage various aspects of the OpenShift Container Platform release process, such as viewing information about a release or inspecting the contents of a release.
Example: Generate a changelog between two releases and save to changelog.md
oc adm release info --changelog=/tmp/git \
quay.io/openshift-release-dev/ocp-release:4.1.0-rc.7 \
quay.io/openshift-release-dev/ocp-release:4.1.0 \
> changelog.md
$ oc adm release info --changelog=/tmp/git \
quay.io/openshift-release-dev/ocp-release:4.1.0-rc.7 \
quay.io/openshift-release-dev/ocp-release:4.1.0 \
> changelog.md5.6.5. verify-image-signature
Verify the image signature of an image imported to the internal registry using the local public GPG key.
Example: Verify the nodejs image signature
oc adm verify-image-signature \
sha256:2bba968aedb7dd2aafe5fa8c7453f5ac36a0b9639f1bf5b03f95de325238b288 \
--expected-identity 172.30.1.1:5000/openshift/nodejs:latest \
--public-key /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release \
--save
$ oc adm verify-image-signature \
sha256:2bba968aedb7dd2aafe5fa8c7453f5ac36a0b9639f1bf5b03f95de325238b288 \
--expected-identity 172.30.1.1:5000/openshift/nodejs:latest \
--public-key /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release \
--save
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}