This documentation is for a release that is no longer maintained
See documentation for the latest supported version 3 or the latest supported version 4.Este contenido no está disponible en el idioma seleccionado.
Chapter 3. Managing CLI Profiles
3.1. Overview
A CLI configuration file allows you to configure different profiles, or contexts, for use with the OpenShift CLI. A context consists of user authentication and OpenShift Container Platform server information associated with a nickname.
3.2. Switching Between CLI Profiles
Contexts allow you to easily switch between multiple users across multiple OpenShift Container Platform servers, or clusters, when using issuing CLI operations. Nicknames make managing CLI configuration easier by providing short-hand references to contexts, user credentials, and cluster details.
				After logging in with the CLI for the first time, OpenShift Container Platform creates a ~/.kube/config file if one does not already exist. As more authentication and connection details are provided to the CLI, either automatically during an oc login operation or by setting them explicitly, the updated information is stored in the configuration file:
			
Example 3.1. CLI Configuration File
- 1
- Theclusterssection defines connection details for OpenShift Container Platform clusters, including the address for their master server. In this example, one cluster is nicknamed openshift1.example.com:8443 and another is nicknamed openshift2.example.com:8443.
- 2
- Thiscontextssection defines two contexts: one nicknamed alice-project/openshift1.example.com:8443/alice, using the alice-project project, openshift1.example.com:8443 cluster, and alice user, and another nicknamed joe-project/openshift1.example.com:8443/alice, using the joe-project project, openshift1.example.com:8443 cluster and alice user.
- 3
- Thecurrent-contextparameter shows that the joe-project/openshift1.example.com:8443/alice context is currently in use, allowing the alice user to work in the joe-project project on the openshift1.example.com:8443 cluster.
- 4
- Theuserssection defines user credentials. In this example, the user nickname alice/openshift1.example.com:8443 uses an access token.
The CLI can support multiple configuration files; they are loaded at runtime and merged together along with any override options specified from the command line.
				After you are logged in, you can use the oc status command or the oc project command to verify your current working environment:
			
Example 3.2. Verifying the Current Working Environment
oc project
$ oc project
Using project "joe-project" from context named "joe-project/openshift1.example.com:8443/alice" on server "https://openshift1.example.com:8443".
				To log in using any other combination of user credentials and cluster details, run the oc login command again and supply the relevant information during the interactive process. A context is constructed based on the supplied information if one does not already exist.
			
				If you are already logged in and want to switch to another project the current user already has access to, use the oc project command and supply the name of the project:
			
oc project alice-project
$ oc project alice-project
Now using project "alice-project" on server "https://openshift1.example.com:8443".
				At any time, you can use the oc config view command to view your current, full CLI configuration, as seen in the output.
			
Additional CLI configuration commands are also available for more advanced usage.
If you have access to administrator credentials but are no longer logged in as the default system user system:admin, you can log back in as this user at any time as long as the credentials are still present in your CLI configuration file. The following command logs in and switches to the default project:
oc login -u system:admin -n default
$ oc login -u system:admin -n default3.3. Manually Configuring CLI Profiles
					This section covers more advanced usage of CLI configurations. In most situations, you can simply use the oc login and oc project commands to log in and switch between contexts and projects.
				
				If you want to manually configure your CLI configuration files, you can use the oc config command instead of modifying the files themselves. The oc config command includes a number of helpful subcommands for this purpose:
			
| Subcommand | Usage | 
|---|---|
| 
								 | Sets a cluster entry in the CLI configuration file. If the referenced cluster nickname already exists, the specified information is merged in. oc config set-cluster <cluster_nickname> [--server=<master_ip_or_fqdn>]  | 
| 
								 | Sets a context entry in the CLI configuration file. If the referenced context nickname already exists, the specified information is merged in. oc config set-context <context_nickname> [--cluster=<cluster_nickname>]  | 
| 
								 | Sets the current context using the specified context nickname. oc config use-context <context_nickname>  | 
| 
								 | Sets an individual value in the CLI configuration file. oc config set <property_name> <property_value> 
								The  | 
| 
								 | Unsets individual values in the CLI configuration file. oc config unset <property_name> 
								The  | 
| 
								 | Displays the merged CLI configuration currently in use. oc config view Displays the result of the specified CLI configuration file. oc config view --config=<specific_filename>  | 
Example Usage
Consider the following configuration workflow. First, login as a user that uses an access token. This token is used by the alice user:
oc login https://openshift1.example.com --token=ns7yVhuRNpDM9cgzfhhxQ7bM5s7N2ZVrkZepSRf4LC0
$ oc login https://openshift1.example.com --token=ns7yVhuRNpDM9cgzfhhxQ7bM5s7N2ZVrkZepSRf4LC0View the cluster entry automatically created:
Update the current context to have users login to the desired namespace:
oc config set-context `oc config current-context` --namespace=<project_name>
$ oc config set-context `oc config current-context` --namespace=<project_name>To confirm that the changes have taken effect, examine the current context:
oc whoami -c
$ oc whoami -cAll subsequent CLI operations will use the new context, unless otherwise specified by overriding CLI options or until the context is switched.
3.4. Loading and Merging Rules
When issuing CLI operations, the loading and merging order for the CLI configuration follows these rules:
- CLI configuration files are retrieved from your workstation, using the following hierarchy and merge rules: - 
								If the --configoption is set, then only that file is loaded. The flag may only be set once and no merging takes place.
- 
								If $KUBECONFIGenvironment variable is set, then it is used. The variable can be a list of paths, and if so the paths are merged together. When a value is modified, it is modified in the file that defines the stanza. When a value is created, it is created in the first file that exists. If no files in the chain exist, then it creates the last file in the list.
- 
								Otherwise, the ~/.kube/config file is used and no merging takes place. 
 
 
- 
								If the 
- The context to use is determined based on the first hit in the following chain: - 
								The value of the --contextoption.
- 
								The current-contextvalue from the CLI configuration file.
- 
								An empty value is allowed at this stage. 
 
 
- 
								The value of the 
- The user and cluster to use is determined. At this point, you may or may not have a context; they are built based on the first hit in the following chain, which is run once for the user and once for the cluster: - 
								The value of the --useroption for user name and the--clusteroption for cluster name.
- 
								If the --contextoption is present, then use the context’s value.
- 
								An empty value is allowed at this stage. 
 
 
- 
								The value of the 
- The actual cluster information to use is determined. At this point, you may or may not have cluster information. Each piece of the cluster information is built based on the first hit in the following chain: - The values of any of the following command line options: - 
										--server,
- 
										--api-version
- 
										--certificate-authority
- 
										--insecure-skip-tls-verify
 
- 
										
- If cluster information and a value for the attribute is present, then use it.
- 
								If you do not have a server location, then there is an error. 
 
 
- The actual user information to use is determined. Users are built using the same rules as clusters, except that you can only have one authentication technique per user; conflicting techniques cause the operation to fail. Command line options take precedence over configuration file values. Valid command line options are: - 
								--auth-path
- 
								--client-certificate
- 
								--client-key
- 
								--token
 
 
- 
								
- For any information that is still missing, default values are used and prompts are given for additional information.