2.6. OpenShift CLI 관리자 명령 참조
이 참조는 OpenShift CLI (oc
) 관리자 명령에 대한 설명 및 예제 명령을 제공합니다. 이러한 명령을 사용하려면 cluster-admin
또는 이와 동등한 권한이 있어야 합니다.
개발자 명령의 경우 OpenShift CLI 개발자 명령 참조를 참조하십시오.
oc adm -h
를 실행하여 모든 관리자 명령을 나열하거나 oc <command> --help
를 실행하여 특정 명령에 대한 추가 세부 정보를 가져옵니다.
2.6.1. OpenShift CLI (oc) 관리자 명령
2.6.1.1. oc adm build-chain
빌드의 입력 및 종속 항목을 출력
사용 예
# Build the dependency tree for the 'latest' tag in <image-stream> oc adm build-chain <image-stream> # Build the dependency tree for the 'v2' tag in dot format and visualize it via the dot utility oc adm build-chain <image-stream>:v2 -o dot | dot -T svg -o deps.svg # Build the dependency tree across all namespaces for the specified image stream tag found in the 'test' namespace oc adm build-chain <image-stream> -n test --all
2.6.1.2. oc adm catalog mirror
operator-registry 카탈로그 미러링
사용 예
# Mirror an operator-registry image and its contents to a registry oc adm catalog mirror quay.io/my/image:latest myregistry.com # Mirror an operator-registry image and its contents to a particular namespace in a registry oc adm catalog mirror quay.io/my/image:latest myregistry.com/my-namespace # Mirror to an airgapped registry by first mirroring to files oc adm catalog mirror quay.io/my/image:latest file:///local/index oc adm catalog mirror file:///local/index/my/image:latest my-airgapped-registry.com # Configure a cluster to use a mirrored registry oc apply -f manifests/imageContentSourcePolicy.yaml # Edit the mirroring mappings and mirror with "oc image mirror" manually oc adm catalog mirror --manifests-only quay.io/my/image:latest myregistry.com oc image mirror -f manifests/mapping.txt # Delete all ImageContentSourcePolicies generated by oc adm catalog mirror oc delete imagecontentsourcepolicy -l operators.openshift.org/catalog=true
2.6.1.3. oc adm completion
지정된 쉘에 대한 쉘 완료 코드를 출력 (bash 또는 zsh)
사용 예
# Installing bash completion on macOS using homebrew ## If running Bash 3.2 included with macOS brew install bash-completion ## or, if running Bash 4.1+ brew install bash-completion@2 ## If oc is installed via homebrew, this should start working immediately. ## If you've installed via other means, you may need add the completion to your completion directory oc completion bash > $(brew --prefix)/etc/bash_completion.d/oc # Installing bash completion on Linux ## If bash-completion is not installed on Linux, please install the 'bash-completion' package ## via your distribution's package manager. ## Load the oc completion code for bash into the current shell source <(oc completion bash) ## Write bash completion code to a file and source it from .bash_profile oc completion bash > ~/.kube/completion.bash.inc printf " # Kubectl shell completion source '$HOME/.kube/completion.bash.inc' " >> $HOME/.bash_profile source $HOME/.bash_profile # Load the oc completion code for zsh[1] into the current shell source <(oc completion zsh) # Set the oc completion code for zsh[1] to autoload on startup oc completion zsh > "${fpath[1]}/_oc"
2.6.1.4. oc adm config current-context
current-context를 표시
사용 예
# Display the current-context oc config current-context
2.6.1.5. oc adm config delete-cluster
kubeconfig에서 지정된 클러스터를 삭제
사용 예
# Delete the minikube cluster oc config delete-cluster minikube
2.6.1.6. oc adm config delete-context
kubeconfig에서 지정된 컨텍스트를 삭제
사용 예
# Delete the context for the minikube cluster oc config delete-context minikube
2.6.1.7. oc adm config delete-user
kubeconfig에서 지정된 사용자를 삭제
사용 예
# Delete the minikube user oc config delete-user minikube
2.6.1.8. oc adm config get-clusters
kubeconfig에 정의된 클러스터를 표시
사용 예
# List the clusters oc knows about oc config get-clusters
2.6.1.9. oc adm config get-contexts
하나 또는 여러 컨텍스트를 설명
사용 예
# List all the contexts in your kubeconfig file oc config get-contexts # Describe one context in your kubeconfig file. oc config get-contexts my-context
2.6.1.10. oc adm config get-users
kubeconfig에 정의된 사용자를 표시
사용 예
# List the users oc knows about oc config get-users
2.6.1.11. oc adm config rename-context
kubeconfig 파일에서 컨텍스트의 이름을 변경
사용 예
# Rename the context 'old-name' to 'new-name' in your kubeconfig file oc config rename-context old-name new-name
2.6.1.12. oc adm config set
kubeconfig 파일에서 개별 값을 설정
사용 예
# Set server field on the my-cluster cluster to https://1.2.3.4 oc config set clusters.my-cluster.server https://1.2.3.4 # Set certificate-authority-data field on the my-cluster cluster. oc config set clusters.my-cluster.certificate-authority-data $(echo "cert_data_here" | base64 -i -) # Set cluster field in the my-context context to my-cluster. oc config set contexts.my-context.cluster my-cluster # Set client-key-data field in the cluster-admin user using --set-raw-bytes option. oc config set users.cluster-admin.client-key-data cert_data_here --set-raw-bytes=true
2.6.1.13. oc adm config set-cluster
kubeconfig에서 클러스터 항목을 설정
사용 예
# Set only the server field on the e2e cluster entry without touching other values. oc config set-cluster e2e --server=https://1.2.3.4 # Embed certificate authority data for the e2e cluster entry oc config set-cluster e2e --embed-certs --certificate-authority=~/.kube/e2e/kubernetes.ca.crt # Disable cert checking for the dev cluster entry oc config set-cluster e2e --insecure-skip-tls-verify=true # Set custom TLS server name to use for validation for the e2e cluster entry oc config set-cluster e2e --tls-server-name=my-cluster-name
2.6.1.14. oc adm config set-context
kubeconfig에서 컨텍스트 항목을 설정
사용 예
# Set the user field on the gce context entry without touching other values oc config set-context gce --user=cluster-admin
2.6.1.15. oc adm config set-credentials
kubeconfig에서 사용자 항목을 설정
사용 예
# Set only the "client-key" field on the "cluster-admin" # entry, without touching other values: oc config set-credentials cluster-admin --client-key=~/.kube/admin.key # Set basic auth for the "cluster-admin" entry oc config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif # Embed client certificate data in the "cluster-admin" entry oc config set-credentials cluster-admin --client-certificate=~/.kube/admin.crt --embed-certs=true # Enable the Google Compute Platform auth provider for the "cluster-admin" entry oc config set-credentials cluster-admin --auth-provider=gcp # Enable the OpenID Connect auth provider for the "cluster-admin" entry with additional args oc config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar # Remove the "client-secret" config value for the OpenID Connect auth provider for the "cluster-admin" entry oc config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret- # Enable new exec auth plugin for the "cluster-admin" entry oc config set-credentials cluster-admin --exec-command=/path/to/the/executable --exec-api-version=client.authentication.k8s.io/v1beta1 # Define new exec auth plugin args for the "cluster-admin" entry oc config set-credentials cluster-admin --exec-arg=arg1 --exec-arg=arg2 # Create or update exec auth plugin environment variables for the "cluster-admin" entry oc config set-credentials cluster-admin --exec-env=key1=val1 --exec-env=key2=val2 # Remove exec auth plugin environment variables for the "cluster-admin" entry oc config set-credentials cluster-admin --exec-env=var-to-remove-
2.6.1.16. oc adm config unset
kubeconfig 파일에서 개별 값 설정을 해제
사용 예
# Unset the current-context. oc config unset current-context # Unset namespace in foo context. oc config unset contexts.foo.namespace
2.6.1.17. oc adm config use-context
kubeconfig 파일에서 current-context를 설정
사용 예
# Use the context for the minikube cluster oc config use-context minikube
2.6.1.18. oc adm config view
병합된 kubeconfig 설정 또는 지정된 kubeconfig 파일을 표시
사용 예
# Show merged kubeconfig settings. oc config view # Show merged kubeconfig settings and raw certificate data. oc config view --raw # Get the password for the e2e user oc config view -o jsonpath='{.users[?(@.name == "e2e")].user.password}'
2.6.1.19. oc adm cordon
노드를 예약 불가로 표시
사용 예
# Mark node "foo" as unschedulable. oc adm cordon foo
2.6.1.20. oc adm create-bootstrap-project-template
부트스트랩 프로젝트 템플릿을 생성
사용 예
# Output a bootstrap project template in YAML format to stdout oc adm create-bootstrap-project-template -o yaml
2.6.1.21. oc adm create-error-template
오류 페이지 템플릿 생성
사용 예
# Output a template for the error page to stdout oc adm create-error-template
2.6.1.22. oc adm create-login-template
로그인 템플릿 생성
사용 예
# Output a template for the login page to stdout oc adm create-login-template
2.6.1.23. oc adm create-provider-selection-template
공급자 선택 템플릿 생성
사용 예
# Output a template for the provider selection page to stdout oc adm create-provider-selection-template
2.6.1.24. oc adm drain
유지 관리를 위해 노드를 드레이닝
사용 예
# Drain node "foo", even if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet on it. $ oc adm drain foo --force # As above, but abort if there are pods not managed by a ReplicationController, ReplicaSet, Job, DaemonSet or StatefulSet, and use a grace period of 15 minutes. $ oc adm drain foo --grace-period=900
2.6.1.25. oc adm groups add-users
그룹에 사용자 추가
사용 예
# Add user1 and user2 to my-group oc adm groups add-users my-group user1 user2
2.6.1.26. oc adm groups new
새 그룹 생성
사용 예
# Add a group with no users oc adm groups new my-group # Add a group with two users oc adm groups new my-group user1 user2 # Add a group with one user and shorter output oc adm groups new my-group user1 -o name
2.6.1.27. oc adm groups prune
외부 공급자에서 누락된 레코드를 참조하는 이전 OpenShift 그룹 제거
사용 예
# Prune all orphaned groups oc adm groups prune --sync-config=/path/to/ldap-sync-config.yaml --confirm # Prune all orphaned groups except the ones from the blacklist file oc adm groups prune --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm # Prune all orphaned groups from a list of specific groups specified in a whitelist file oc adm groups prune --whitelist=/path/to/whitelist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm # Prune all orphaned groups from a list of specific groups specified in a whitelist oc adm groups prune groups/group_name groups/other_name --sync-config=/path/to/ldap-sync-config.yaml --confirm
2.6.1.28. oc adm groups remove-users
그룹에서 사용자 제거
사용 예
# Remove user1 and user2 from my-group oc adm groups remove-users my-group user1 user2
2.6.1.29. oc adm groups sync
외부 공급자에서 레코드와 OpenShift 그룹 동기화
사용 예
# Sync all groups with an LDAP server oc adm groups sync --sync-config=/path/to/ldap-sync-config.yaml --confirm # Sync all groups except the ones from the blacklist file with an LDAP server oc adm groups sync --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm # Sync specific groups specified in a whitelist file with an LDAP server oc adm groups sync --whitelist=/path/to/whitelist.txt --sync-config=/path/to/sync-config.yaml --confirm # Sync all OpenShift groups that have been synced previously with an LDAP server oc adm groups sync --type=openshift --sync-config=/path/to/ldap-sync-config.yaml --confirm # Sync specific OpenShift groups if they have been synced previously with an LDAP server oc adm groups sync groups/group1 groups/group2 groups/group3 --sync-config=/path/to/sync-config.yaml --confirm
2.6.1.30. oc adm inspect
지정된 리소스에 대한 디버깅 데이터 수집
사용 예
# Collect debugging data for the "openshift-apiserver" clusteroperator oc adm inspect clusteroperator/openshift-apiserver # Collect debugging data for the "openshift-apiserver" and "kube-apiserver" clusteroperators oc adm inspect clusteroperator/openshift-apiserver clusteroperator/kube-apiserver # Collect debugging data for all clusteroperators oc adm inspect clusteroperator # Collect debugging data for all clusteroperators and clusterversions oc adm inspect clusteroperators,clusterversions
2.6.1.31. oc adm migrate template-instances
최신 group-version-kinds를 가리키도록 템플릿 인스턴스를 업데이트
사용 예
# Perform a dry-run of updating all objects oc adm migrate template-instances # To actually perform the update, the confirm flag must be appended oc adm migrate template-instances --confirm
2.6.1.32. oc adm must-gather
디버그 정보 수집을 위해 Pod의 새 인스턴스를 시작
사용 예
# Gather information using the default plug-in image and command, writing into ./must-gather.local.<rand> oc adm must-gather # Gather information with a specific local folder to copy to oc adm must-gather --dest-dir=/local/directory # Gather audit information oc adm must-gather -- /usr/bin/gather_audit_logs # Gather information using multiple plug-in images oc adm must-gather --image=quay.io/kubevirt/must-gather --image=quay.io/openshift/origin-must-gather # Gather information using a specific image stream plug-in oc adm must-gather --image-stream=openshift/must-gather:latest # Gather information using a specific image, command, and pod-dir oc adm must-gather --image=my/image:tag --source-dir=/pod/directory -- myspecial-command.sh
2.6.1.33. oc adm new-project
새 프로젝트 만들기
사용 예
# Create a new project using a node selector oc adm new-project myproject --node-selector='type=user-node,region=east'
2.6.1.34. oc adm node-logs
노드 로그를 표시하고 필터링
사용 예
# Show kubelet logs from all masters oc adm node-logs --role master -u kubelet # See what logs are available in masters in /var/logs oc adm node-logs --role master --path=/ # Display cron log file from all masters oc adm node-logs --role master --path=cron
2.6.1.35. oc adm pod-network isolate-projects
프로젝트 네트워크 격리
사용 예
# Provide isolation for project p1 oc adm pod-network isolate-projects <p1> # Allow all projects with label name=top-secret to have their own isolated project network oc adm pod-network isolate-projects --selector='name=top-secret'
2.6.1.36. oc adm pod-network join-projects
프로젝트 네트워크 참여
사용 예
# Allow project p2 to use project p1 network oc adm pod-network join-projects --to=<p1> <p2> # Allow all projects with label name=top-secret to use project p1 network oc adm pod-network join-projects --to=<p1> --selector='name=top-secret'
2.6.1.37. oc adm pod-network make-projects-global
프로젝트 네트워크 글로벌 만들기
사용 예
# Allow project p1 to access all pods in the cluster and vice versa oc adm pod-network make-projects-global <p1> # Allow all projects with label name=share to access all pods in the cluster and vice versa oc adm pod-network make-projects-global --selector='name=share'
2.6.1.38. oc adm policy add-role-to-user
현재 프로젝트의 사용자 또는 서비스 계정에 역할을 추가
사용 예
# Add the 'view' role to user1 for the current project oc policy add-role-to-user view user1 # Add the 'edit' role to serviceaccount1 for the current project oc policy add-role-to-user edit -z serviceaccount1
2.6.1.39. oc adm policy add-scc-to-group
그룹에 보안 컨텍스트 제한 조건 추가
사용 예
# Add the 'restricted' security context constraint to group1 and group2 oc adm policy add-scc-to-group restricted group1 group2
2.6.1.40. oc adm policy add-scc-to-user
사용자 또는 서비스 계정에 보안 컨텍스트 제약 조건 추가
사용 예
# Add the 'restricted' security context constraint to user1 and user2 oc adm policy add-scc-to-user restricted user1 user2 # Add the 'privileged' security context constraint to serviceaccount1 in the current namespace oc adm policy add-scc-to-user privileged -z serviceaccount1
2.6.1.41. oc adm policy scc-review
Pod를 생성할 수 있는 서비스 계정을 확인
사용 예
# Check whether service accounts sa1 and sa2 can admit a pod with a template pod spec specified in my_resource.yaml # Service Account specified in myresource.yaml file is ignored oc policy scc-review -z sa1,sa2 -f my_resource.yaml # Check whether service accounts system:serviceaccount:bob:default can admit a pod with a template pod spec specified in my_resource.yaml oc policy scc-review -z system:serviceaccount:bob:default -f my_resource.yaml # Check whether the service account specified in my_resource_with_sa.yaml can admit the pod oc policy scc-review -f my_resource_with_sa.yaml # Check whether the default service account can admit the pod; default is taken since no service account is defined in myresource_with_no_sa.yaml oc policy scc-review -f myresource_with_no_sa.yaml
2.6.1.42. oc adm policy scc-subject-review
사용자 또는 서비스 계정의 Pod 생성 가능 여부 확인
사용 예
# Check whether user bob can create a pod specified in myresource.yaml oc policy scc-subject-review -u bob -f myresource.yaml # Check whether user bob who belongs to projectAdmin group can create a pod specified in myresource.yaml oc policy scc-subject-review -u bob -g projectAdmin -f myresource.yaml # Check whether a service account specified in the pod template spec in myresourcewithsa.yaml can create the pod oc policy scc-subject-review -f myresourcewithsa.yaml
2.6.1.43. oc adm prune 빌드
이전 빌드 및 실패한 빌드 삭제
사용 예
# Dry run deleting older completed and failed builds and also including # all builds whose associated build config no longer exists oc adm prune builds --orphans # To actually perform the prune operation, the confirm flag must be appended oc adm prune builds --orphans --confirm
2.6.1.44. oc adm prune deployment
이전 완료 및 실패한 배포 구성 제거
사용 예
# Dry run deleting all but the last complete deployment for every deployment config oc adm prune deployments --keep-complete=1 # To actually perform the prune operation, the confirm flag must be appended oc adm prune deployments --keep-complete=1 --confirm
2.6.1.45. oc adm prune groups
외부 공급자에서 누락된 레코드를 참조하는 이전 OpenShift 그룹 제거
사용 예
# Prune all orphaned groups oc adm prune groups --sync-config=/path/to/ldap-sync-config.yaml --confirm # Prune all orphaned groups except the ones from the blacklist file oc adm prune groups --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm # Prune all orphaned groups from a list of specific groups specified in a whitelist file oc adm prune groups --whitelist=/path/to/whitelist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm # Prune all orphaned groups from a list of specific groups specified in a whitelist oc adm prune groups groups/group_name groups/other_name --sync-config=/path/to/ldap-sync-config.yaml --confirm
2.6.1.46. oc adm prune images
권장되지 않은 이미지 제거
사용 예
# See what the prune command would delete if only images and their referrers were more than an hour old # and obsoleted by 3 newer revisions under the same tag were considered oc adm prune images --keep-tag-revisions=3 --keep-younger-than=60m # To actually perform the prune operation, the confirm flag must be appended oc adm prune images --keep-tag-revisions=3 --keep-younger-than=60m --confirm # See what the prune command would delete if we are interested in removing images # exceeding currently set limit ranges ('openshift.io/Image') oc adm prune images --prune-over-size-limit # To actually perform the prune operation, the confirm flag must be appended oc adm prune images --prune-over-size-limit --confirm # Force the insecure http protocol with the particular registry host name oc adm prune images --registry-url=http://registry.example.org --confirm # Force a secure connection with a custom certificate authority to the particular registry host name oc adm prune images --registry-url=registry.example.org --certificate-authority=/path/to/custom/ca.crt --confirm
2.6.1.47. oc adm release extract
업데이트 페이로드 내용을 디스크에 추출
사용 예
# Use git to check out the source code for the current cluster release to DIR oc adm release extract --git=DIR # Extract cloud credential requests for AWS oc adm release extract --credentials-requests --cloud=aws
2.6.1.48. oc adm release info
릴리스에 대한 정보 표시
사용 예
# Show information about the cluster's current release oc adm release info # Show the source code that comprises a release oc adm release info 4.2.2 --commit-urls # Show the source code difference between two releases oc adm release info 4.2.0 4.2.2 --commits # Show where the images referenced by the release are located oc adm release info quay.io/openshift-release-dev/ocp-release:4.2.2 --pullspecs
2.6.1.49. oc adm release mirror
다른 이미지 레지스트리 위치에 릴리스 미러링
사용 예
# Perform a dry run showing what would be mirrored, including the mirror objects oc adm release mirror 4.3.0 --to myregistry.local/openshift/release \ --release-image-signature-to-dir /tmp/releases --dry-run # Mirror a release into the current directory oc adm release mirror 4.3.0 --to file://openshift/release \ --release-image-signature-to-dir /tmp/releases # Mirror a release to another directory in the default location oc adm release mirror 4.3.0 --to-dir /tmp/releases # Upload a release from the current directory to another server oc adm release mirror --from file://openshift/release --to myregistry.com/openshift/release \ --release-image-signature-to-dir /tmp/releases # Mirror the 4.3.0 release to repository registry.example.com and apply signatures to connected cluster oc adm release mirror --from=quay.io/openshift-release-dev/ocp-release:4.3.0-x86_64 \ --to=registry.example.com/your/repository --apply-release-image-signature
2.6.1.50. oc adm release new
새 OpenShift 릴리스 생성
사용 예
# Create a release from the latest origin images and push to a DockerHub repo oc adm release new --from-image-stream=4.1 -n origin --to-image docker.io/mycompany/myrepo:latest # Create a new release with updated metadata from a previous release oc adm release new --from-release registry.svc.ci.openshift.org/origin/release:v4.1 --name 4.1.1 \ --previous 4.1.0 --metadata ... --to-image docker.io/mycompany/myrepo:latest # Create a new release and override a single image oc adm release new --from-release registry.svc.ci.openshift.org/origin/release:v4.1 \ cli=docker.io/mycompany/cli:latest --to-image docker.io/mycompany/myrepo:latest # Run a verification pass to ensure the release can be reproduced oc adm release new --from-release registry.svc.ci.openshift.org/origin/release:v4.1
2.6.1.51. oc adm taint
하나 이상의 노드에서 테인트를 업데이트
사용 예
# Update node 'foo' with a taint with key 'dedicated' and value 'special-user' and effect 'NoSchedule'. # If a taint with that key and effect already exists, its value is replaced as specified. oc adm taint nodes foo dedicated=special-user:NoSchedule # Remove from node 'foo' the taint with key 'dedicated' and effect 'NoSchedule' if one exists. oc adm taint nodes foo dedicated:NoSchedule- # Remove from node 'foo' all the taints with key 'dedicated' oc adm taint nodes foo dedicated- # Add a taint with key 'dedicated' on nodes having label mylabel=X oc adm taint node -l myLabel=X dedicated=foo:PreferNoSchedule # Add to node 'foo' a taint with key 'bar' and no value oc adm taint nodes foo bar:NoSchedule
2.6.1.52. oc adm top images
이미지에 대한 사용량 통계 표시
사용 예
# Show usage statistics for images oc adm top images
2.6.1.53. oc adm top imagestreams
이미지 스트림에 대한 사용량 통계 표시
사용 예
# Show usage statistics for image streams oc adm top imagestreams
2.6.1.54. oc adm top node
노드의 리소스 (CPU/Memory) 사용 표시
사용 예
# Show metrics for all nodes oc adm top node # Show metrics for a given node oc adm top node NODE_NAME
2.6.1.55. oc adm top pod
Pod의 리소스 (CPU/Memory) 사용 표시
사용 예
# Show metrics for all pods in the default namespace oc adm top pod # Show metrics for all pods in the given namespace oc adm top pod --namespace=NAMESPACE # Show metrics for a given pod and its containers oc adm top pod POD_NAME --containers # Show metrics for the pods defined by label name=myLabel oc adm top pod -l name=myLabel
2.6.1.56. oc adm uncordon
노드를 예약 가능으로 표시
사용 예
# Mark node "foo" as schedulable. $ oc adm uncordon foo
2.6.1.57. oc adm verify-image-signature
이미지 서명에 포함된 이미지 ID 확인
사용 예
# Verify the image signature and identity using the local GPG keychain oc adm verify-image-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 \ --expected-identity=registry.local:5000/foo/bar:v1 # Verify the image signature and identity using the local GPG keychain and save the status oc adm verify-image-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 \ --expected-identity=registry.local:5000/foo/bar:v1 --save # Verify the image signature and identity via exposed registry route oc adm verify-image-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 \ --expected-identity=registry.local:5000/foo/bar:v1 \ --registry-url=docker-registry.foo.com # Remove all signature verifications from the image oc adm verify-image-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 --remove-all