Este conteúdo não está disponível no idioma selecionado.
CLI tools
Learning how to use the command-line tools for Red Hat OpenShift Service on AWS
Abstract
Chapter 1. Red Hat OpenShift Service on AWS CLI tools overview Copiar o linkLink copiado para a área de transferência!
A user performs a range of operations while working on Red Hat OpenShift Service on AWS such as the following:
- Managing clusters
- Building, deploying, and managing applications
- Managing deployment processes
- Creating and maintaining Operator catalogs
Red Hat OpenShift Service on AWS offers a set of command-line interface (CLI) tools that simplify these tasks by enabling users to perform various administration and development operations from the terminal. These tools expose simple commands to manage the applications, as well as interact with each component of the system.
1.1. List of CLI tools Copiar o linkLink copiado para a área de transferência!
The following set of CLI tools are available in Red Hat OpenShift Service on AWS:
-
OpenShift CLI (
oc
): This is the most commonly used CLI tool by Red Hat OpenShift Service on AWS users. It helps both cluster administrators and developers to perform end-to-end operations across Red Hat OpenShift Service on AWS using the terminal. Unlike the web console, it allows the user to work directly with the project source code using command scripts. -
Knative CLI (kn): The Knative (
kn
) CLI tool provides simple and intuitive terminal commands that can be used to interact with OpenShift Serverless components, such as Knative Serving and Eventing. -
Pipelines CLI (tkn): OpenShift Pipelines is a continuous integration and continuous delivery (CI/CD) solution in Red Hat OpenShift Service on AWS, which internally uses Tekton. The
tkn
CLI tool provides simple and intuitive commands to interact with OpenShift Pipelines using the terminal. -
opm CLI: The
opm
CLI tool helps the Operator developers and cluster administrators to create and maintain the catalogs of Operators from the terminal. -
ROSA CLI (
rosa
): Use therosa
CLI to create, update, manage, and delete Red Hat OpenShift Service on AWS clusters and resources.
Chapter 2. OpenShift CLI (oc) Copiar o linkLink copiado para a área de transferência!
2.1. Getting started with the OpenShift CLI Copiar o linkLink copiado para a área de transferência!
2.1.1. About the OpenShift CLI Copiar o linkLink copiado para a área de transferência!
With the OpenShift CLI (oc
), you can create applications and manage Red Hat OpenShift Service on AWS projects from a terminal. The OpenShift CLI is ideal in the following situations:
- Working directly with project source code.
- Scripting Red Hat OpenShift Service on AWS operations
- Managing projects while restricted by bandwidth resources and the web console is unavailable.
2.1.2. Installing the OpenShift CLI Copiar o linkLink copiado para a área de transferência!
You can install the OpenShift CLI (oc
) either by downloading the binary or by using an RPM.
2.1.2.1. Installing the OpenShift CLI Copiar o linkLink copiado para a área de transferência!
You can install the OpenShift CLI (oc
) to interact with Red Hat OpenShift Service on AWS from a command-line interface. You can install oc
on Linux, Windows, or macOS.
If you installed an earlier version of oc
, you cannot use it to complete all of the commands in Red Hat OpenShift Service on AWS.
Download and install the new version of oc
.
2.1.2.1.1. Installing the OpenShift CLI on Linux Copiar o linkLink copiado para a área de transferência!
You can install the OpenShift CLI (oc
) binary on Linux by using the following procedure.
Procedure
- Navigate to the Download OpenShift Container Platform page on the Red Hat Customer Portal.
- Select the architecture from the Product Variant list.
- Select the appropriate version from the Version list.
- Click Download Now next to the OpenShift v4 Linux Clients entry and save the file.
Unpack the archive:
tar xvf <file>
$ tar xvf <file>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Place the
oc
binary in a directory that is on yourPATH
.To check your
PATH
, execute the following command:echo $PATH
$ echo $PATH
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Verification
After you install the OpenShift CLI, it is available using the
oc
command:oc <command>
$ oc <command>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.1.2.1.2. Installing the OpenShift CLI on Windows Copiar o linkLink copiado para a área de transferência!
You can install the OpenShift CLI (oc
) binary on Windows by using the following procedure.
Procedure
- Navigate to the Download OpenShift Container Platform page on the Red Hat Customer Portal.
- Select the appropriate version from the Version list.
- Click Download Now next to the OpenShift v4 Windows Client entry and save the file.
- Unzip the archive with a ZIP program.
Move the
oc
binary to a directory that is on yourPATH
.To check your
PATH
, open the command prompt and execute the following command:path
C:\> path
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Verification
After you install the OpenShift CLI, it is available using the
oc
command:oc <command>
C:\> oc <command>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.1.2.1.3. Installing the OpenShift CLI on macOS Copiar o linkLink copiado para a área de transferência!
You can install the OpenShift CLI (oc
) binary on macOS by using the following procedure.
Procedure
- Navigate to the Download OpenShift Container Platform on the Red Hat Customer Portal.
- Select the appropriate version from the Version drop-down list.
- Click Download Now next to the OpenShift v4 macOS Clients entry and save the file.
- Unpack and unzip the archive.
Move the
oc
binary to a directory on your PATH.To check your
PATH
, open a terminal and execute the following command:echo $PATH
$ echo $PATH
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Verification
Verify your installation by using an
oc
command:oc <command>
$ oc <command>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.1.2.2. Installing the OpenShift CLI by using the web console Copiar o linkLink copiado para a área de transferência!
You can install the OpenShift CLI (oc
) to interact with Red Hat OpenShift Service on AWS clusters from a web console. You can install oc
on Linux, Windows, or macOS.
If you installed an earlier version of oc
, you cannot use it to complete all of the commands in Red Hat OpenShift Service on AWS. Download and install the new version of oc
.
2.1.2.2.1. Installing the OpenShift CLI on Linux using the web console Copiar o linkLink copiado para a área de transferência!
You can install the OpenShift CLI (oc
) binary on Linux by using the following procedure.
Procedure
From the web console, click ?.
Click Command Line Tools.
-
Select appropriate
oc
binary for your Linux platform, and then click Download oc for Linux. - Save the file.
Unpack the archive.
tar xvf <file>
$ tar xvf <file>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Move the
oc
binary to a directory that is on yourPATH
.To check your
PATH
, execute the following command:echo $PATH
$ echo $PATH
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
After you install the OpenShift CLI, it is available using the oc
command:
oc <command>
$ oc <command>
2.1.2.2.2. Installing the OpenShift CLI on Windows using the web console Copiar o linkLink copiado para a área de transferência!
You can install the OpenShift CLI (oc
) binary on Windows by using the following procedure.
Procedure
From the web console, click ?.
Click Command Line Tools.
-
Select the
oc
binary for Windows platform, and then click Download oc for Windows for x86_64. - Save the file.
- Unzip the archive with a ZIP program.
Move the
oc
binary to a directory that is on yourPATH
.To check your
PATH
, open the command prompt and execute the following command:path
C:\> path
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
After you install the OpenShift CLI, it is available using the oc
command:
oc <command>
C:\> oc <command>
2.1.2.2.3. Installing the OpenShift CLI on macOS using the web console Copiar o linkLink copiado para a área de transferência!
You can install the OpenShift CLI (oc
) binary on macOS by using the following procedure.
Procedure
From the web console, click ?.
Click Command Line Tools.
Select the
oc
binary for macOS platform, and then click Download oc for Mac for x86_64.NoteFor macOS arm64, click Download oc for Mac for ARM 64.
- Save the file.
- Unpack and unzip the archive.
Move the
oc
binary to a directory on your PATH.To check your
PATH
, open a terminal and execute the following command:echo $PATH
$ echo $PATH
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
After you install the OpenShift CLI, it is available using the oc
command:
oc <command>
$ oc <command>
2.1.2.3. Installing the OpenShift CLI by using an RPM Copiar o linkLink copiado para a área de transferência!
For Red Hat Enterprise Linux (RHEL), you can install the OpenShift CLI (oc
) as an RPM if you have an active Red Hat OpenShift Service on AWS subscription on your Red Hat account.
You must install oc
for RHEL 9 by downloading the binary. Installing oc
by using an RPM package is not supported on Red Hat Enterprise Linux (RHEL) 9.
Prerequisites
- Must have root or sudo privileges.
Procedure
Register with Red Hat Subscription Manager:
subscription-manager register
# subscription-manager register
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Pull the latest subscription data:
subscription-manager refresh
# subscription-manager refresh
Copy to Clipboard Copied! Toggle word wrap Toggle overflow List the available subscriptions:
subscription-manager list --available --matches '*OpenShift*'
# subscription-manager list --available --matches '*OpenShift*'
Copy to Clipboard Copied! Toggle word wrap Toggle overflow In the output for the previous command, find the pool ID for an Red Hat OpenShift Service on AWS subscription and attach the subscription to the registered system:
subscription-manager attach --pool=<pool_id>
# subscription-manager attach --pool=<pool_id>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Enable the repositories required by Red Hat OpenShift Service on AWS 4.
subscription-manager repos --enable="rhocp-4-for-rhel-8-x86_64-rpms"
# subscription-manager repos --enable="rhocp-4-for-rhel-8-x86_64-rpms"
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Install the
openshift-clients
package:yum install openshift-clients
# yum install openshift-clients
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Verification
-
Verify your installation by using an
oc
command:
oc <command>
$ oc <command>
2.1.2.4. Installing the OpenShift CLI by using Homebrew Copiar o linkLink copiado para a área de transferência!
For macOS, you can install the OpenShift CLI (oc
) by using the Homebrew package manager.
Prerequisites
-
You must have Homebrew (
brew
) installed.
Procedure
Install the openshift-cli package by running the following command:
brew install openshift-cli
$ brew install openshift-cli
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Verification
-
Verify your installation by using an
oc
command:
oc <command>
$ oc <command>
2.1.3. Logging in to the OpenShift CLI Copiar o linkLink copiado para a área de transferência!
You can log in to the OpenShift CLI (oc
) to access and manage your cluster.
Prerequisites
- You must have access to a Red Hat OpenShift Service on AWS cluster.
-
The OpenShift CLI (
oc
) is installed.
To access a cluster that is accessible only over an HTTP proxy server, you can set the HTTP_PROXY
, HTTPS_PROXY
and NO_PROXY
variables. These environment variables are respected by the oc
CLI so that all communication with the cluster goes through the HTTP proxy.
Authentication headers are sent only when using HTTPS transport.
Procedure
Enter the
oc login
command and pass in a user name:oc login -u user1
$ oc login -u user1
Copy to Clipboard Copied! Toggle word wrap Toggle overflow When prompted, enter the required information:
Example output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
If you are logged in to the web console, you can generate an oc login
command that includes your token and server information. You can use the command to log in to the OpenShift CLI (oc
) without the interactive prompts. To generate the command, select Copy login command from the username drop-down menu at the top right of the web console.
You can now create a project or issue other commands for managing your cluster.
2.1.4. Logging in to the OpenShift CLI using a web browser Copiar o linkLink copiado para a área de transferência!
You can log in to the OpenShift CLI (oc
) with the help of a web browser to access and manage your cluster. This allows users to avoid inserting their access token into the command line.
Logging in to the CLI through the web browser runs a server on localhost with HTTP, not HTTPS; use with caution on multi-user workstations.
Prerequisites
- You must have access to an Red Hat OpenShift Service on AWS cluster.
-
You must have installed the OpenShift CLI (
oc
). - You must have a browser installed.
Procedure
Enter the
oc login
command with the--web
flag:oc login <cluster_url> --web
$ oc login <cluster_url> --web
1 Copy to Clipboard Copied! Toggle word wrap Toggle overflow - 1
- Optionally, you can specify the server URL and callback port. For example,
oc login <cluster_url> --web --callback-port 8280 localhost:8443
.
The web browser opens automatically. If it does not, click the link in the command output. If you do not specify the Red Hat OpenShift Service on AWS server
oc
tries to open the web console of the cluster specified in the currentoc
configuration file. If nooc
configuration exists,oc
prompts interactively for the server URL.Example output
Opening login URL in the default browser: https://openshift.example.com Opening in existing browser session.
Opening login URL in the default browser: https://openshift.example.com Opening in existing browser session.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - If more than one identity provider is available, select your choice from the options provided.
-
Enter your username and password into the corresponding browser fields. After you are logged in, the browser displays the text
access token received successfully; please return to your terminal
. Check the CLI for a login confirmation.
Example output
Login successful. You don't have any projects. You can try to create a new project, by running oc new-project <projectname>
Login successful. You don't have any projects. You can try to create a new project, by running oc new-project <projectname>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
The web console defaults to the profile used in the previous session. To switch between Administrator and Developer profiles, log out of the Red Hat OpenShift Service on AWS web console and clear the cache.
You can now create a project or issue other commands for managing your cluster.
2.1.5. Using the OpenShift CLI Copiar o linkLink copiado para a área de transferência!
Review the following sections to learn how to complete common tasks using the CLI.
2.1.5.1. Creating a project Copiar o linkLink copiado para a área de transferência!
Use the oc new-project
command to create a new project.
oc new-project my-project
$ oc new-project my-project
Example output
Now using project "my-project" on server "https://openshift.example.com:6443".
Now using project "my-project" on server "https://openshift.example.com:6443".
2.1.5.2. Creating a new app Copiar o linkLink copiado para a área de transferência!
Use the oc new-app
command to create a new application.
oc new-app https://github.com/sclorg/cakephp-ex
$ oc new-app https://github.com/sclorg/cakephp-ex
Example output
--> Found image 40de956 (9 days old) in imagestream "openshift/php" under tag "7.2" for "php" ... Run 'oc status' to view your app.
--> Found image 40de956 (9 days old) in imagestream "openshift/php" under tag "7.2" for "php"
...
Run 'oc status' to view your app.
2.1.5.3. Viewing pods Copiar o linkLink copiado para a área de transferência!
Use the oc get pods
command to view the pods for the current project.
When you run oc
inside a pod and do not specify a namespace, the namespace of the pod is used by default.
oc get pods -o wide
$ oc get pods -o wide
Example output
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE cakephp-ex-1-build 0/1 Completed 0 5m45s 10.131.0.10 ip-10-0-141-74.ec2.internal <none> cakephp-ex-1-deploy 0/1 Completed 0 3m44s 10.129.2.9 ip-10-0-147-65.ec2.internal <none> cakephp-ex-1-ktz97 1/1 Running 0 3m33s 10.128.2.11 ip-10-0-168-105.ec2.internal <none>
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
cakephp-ex-1-build 0/1 Completed 0 5m45s 10.131.0.10 ip-10-0-141-74.ec2.internal <none>
cakephp-ex-1-deploy 0/1 Completed 0 3m44s 10.129.2.9 ip-10-0-147-65.ec2.internal <none>
cakephp-ex-1-ktz97 1/1 Running 0 3m33s 10.128.2.11 ip-10-0-168-105.ec2.internal <none>
2.1.5.4. Viewing pod logs Copiar o linkLink copiado para a área de transferência!
Use the oc logs
command to view logs for a particular pod.
oc logs cakephp-ex-1-deploy
$ oc logs cakephp-ex-1-deploy
Example output
--> Scaling cakephp-ex-1 to 1 --> Success
--> Scaling cakephp-ex-1 to 1
--> Success
2.1.5.5. Viewing the current project Copiar o linkLink copiado para a área de transferência!
Use the oc project
command to view the current project.
oc project
$ oc project
Example output
Using project "my-project" on server "https://openshift.example.com:6443".
Using project "my-project" on server "https://openshift.example.com:6443".
2.1.5.6. Viewing the status for the current project Copiar o linkLink copiado para a área de transferência!
Use the oc status
command to view information about the current project, such as services, deployments, and build configs.
oc status
$ oc status
Example output
2.1.5.7. Listing supported API resources Copiar o linkLink copiado para a área de transferência!
Use the oc api-resources
command to view the list of supported API resources on the server.
oc api-resources
$ oc api-resources
Example output
NAME SHORTNAMES APIGROUP NAMESPACED KIND bindings true Binding componentstatuses cs false ComponentStatus configmaps cm true ConfigMap ...
NAME SHORTNAMES APIGROUP NAMESPACED KIND
bindings true Binding
componentstatuses cs false ComponentStatus
configmaps cm true ConfigMap
...
2.1.6. Getting help Copiar o linkLink copiado para a área de transferência!
You can get help with CLI commands and Red Hat OpenShift Service on AWS resources in the following ways:
Use
oc help
to get a list and description of all available CLI commands:Example: Get general help for the CLI
oc help
$ oc help
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Use the
--help
flag to get help about a specific CLI command:Example: Get help for the
oc create
commandoc create --help
$ oc create --help
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Use the
oc explain
command to view the description and fields for a particular resource:Example: View documentation for the
Pod
resourceoc explain pods
$ oc explain pods
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.1.7. Logging out of the OpenShift CLI Copiar o linkLink copiado para a área de transferência!
You can log out the OpenShift CLI to end your current session.
Use the
oc logout
command.oc logout
$ oc logout
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
Logged "user1" out on "https://openshift.example.com"
Logged "user1" out on "https://openshift.example.com"
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
This deletes the saved authentication token from the server and removes it from your configuration file.
2.2. Configuring the OpenShift CLI Copiar o linkLink copiado para a área de transferência!
2.2.1. Enabling tab completion Copiar o linkLink copiado para a área de transferência!
You can enable tab completion for the Bash or Zsh shells.
2.2.1.1. Enabling tab completion for Bash Copiar o linkLink copiado para a área de transferência!
After you install the OpenShift CLI (oc
), you can enable tab completion to automatically complete oc
commands or suggest options when you press Tab. The following procedure enables tab completion for the Bash shell.
Prerequisites
-
You must have the OpenShift CLI (
oc
) installed. -
You must have the package
bash-completion
installed.
Procedure
Save the Bash completion code to a file:
oc completion bash > oc_bash_completion
$ oc completion bash > oc_bash_completion
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Copy the file to
/etc/bash_completion.d/
:sudo cp oc_bash_completion /etc/bash_completion.d/
$ sudo cp oc_bash_completion /etc/bash_completion.d/
Copy to Clipboard Copied! Toggle word wrap Toggle overflow You can also save the file to a local directory and source it from your
.bashrc
file instead.
Tab completion is enabled when you open a new terminal.
2.2.1.2. Enabling tab completion for Zsh Copiar o linkLink copiado para a área de transferência!
After you install the OpenShift CLI (oc
), you can enable tab completion to automatically complete oc
commands or suggest options when you press Tab. The following procedure enables tab completion for the Zsh shell.
Prerequisites
-
You must have the OpenShift CLI (
oc
) installed.
Procedure
To add tab completion for
oc
to your.zshrc
file, run the following command:Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Tab completion is enabled when you open a new terminal.
2.2.2. Accessing kubeconfig by using the oc CLI Copiar o linkLink copiado para a área de transferência!
You can use the oc
CLI to log in to your OpenShift cluster and retrieve a kubeconfig file for accessing the cluster from the command line.
Prerequisites
- You have access to the Red Hat OpenShift Service on AWS web console or API server endpoint.
Procedure
Log in to your OpenShift cluster by running the following command:
oc login <api-server-url> -u <username> -p <password>
$ oc login <api-server-url> -u <username> -p <password>
1 2 3 Copy to Clipboard Copied! Toggle word wrap Toggle overflow - 1
- Specify the full API server URL. For example:
https://api.my-cluster.example.com:6443
. - 2
- Specify a valid username. For example:
kubeadmin
. - 3
- Provide the password for the specified user. For example, the
kubeadmin
password generated during cluster installation.
Save the cluster configuration to a local file by running the following command:
oc config view --raw > kubeconfig
$ oc config view --raw > kubeconfig
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Set the
KUBECONFIG
environment variable to point to the exported file by running the following command:export KUBECONFIG=./kubeconfig
$ export KUBECONFIG=./kubeconfig
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Use
oc
to interact with your OpenShift cluster by running the following command:oc get nodes
$ oc get nodes
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
If you plan to reuse the exported kubeconfig
file across sessions or machines, store it securely and avoid committing it to source control.
2.3. Usage of oc and kubectl commands Copiar o linkLink copiado para a área de transferência!
The Kubernetes command-line interface (CLI), kubectl
, can be used to run commands against a Kubernetes cluster. Because Red Hat OpenShift Service on AWS is a certified Kubernetes distribution, you can use the supported kubectl
binaries that ship with Red Hat OpenShift Service on AWS, or you can gain extended functionality by using the oc
binary.
2.3.1. The oc binary Copiar o linkLink copiado para a área de transferência!
The oc
binary offers the same capabilities as the kubectl
binary, but it extends to natively support additional Red Hat OpenShift Service on AWS features, including:
Full support for Red Hat OpenShift Service on AWS resources
Resources such as
DeploymentConfig
,BuildConfig
,Route
,ImageStream
, andImageStreamTag
objects are specific to Red Hat OpenShift Service on AWS distributions, and build upon standard Kubernetes primitives.- Authentication
Additional commands
The additional command
oc new-app
, for example, makes it easier to get new applications started using existing source code or pre-built images. Similarly, the additional commandoc new-project
makes it easier to start a project that you can switch to as your default.
If you installed an earlier version of the oc
binary, you cannot use it to complete all of the commands in Red Hat OpenShift Service on AWS . If you want the latest features, you must download and install the latest version of the oc
binary corresponding to your Red Hat OpenShift Service on AWS server version.
Non-security API changes will involve, at minimum, two minor releases (4.1 to 4.2 to 4.3, for example) to allow older oc
binaries to update. Using new capabilities might require newer oc
binaries. A 4.3 server might have additional capabilities that a 4.2 oc
binary cannot use and a 4.3 oc
binary might have additional capabilities that are unsupported by a 4.2 server.
X.Y ( |
X.Y+N [a] ( | |
X.Y (Server) |
|
|
X.Y+N [a] (Server) |
|
|
[a]
Where N is a number greater than or equal to 1.
|
Fully compatible.
oc
client might not be able to access server features.
oc
client might provide options and features that might not be compatible with the accessed server.
2.3.2. The kubectl binary Copiar o linkLink copiado para a área de transferência!
The kubectl
binary is provided as a means to support existing workflows and scripts for new Red Hat OpenShift Service on AWS users coming from a standard Kubernetes environment, or for those who prefer to use the kubectl
CLI. Existing users of kubectl
can continue to use the binary to interact with Kubernetes primitives, with no changes required to the Red Hat OpenShift Service on AWS cluster.
You can install the supported kubectl
binary by following the steps to Install the OpenShift CLI. The kubectl
binary is included in the archive if you download the binary, or is installed when you install the CLI by using an RPM.
For more information, see the kubectl documentation.
2.4. Managing CLI profiles Copiar o linkLink copiado para a área de transferência!
A CLI configuration file allows you to configure different profiles, or contexts, for use with the CLI tools overview. A context consists of a Red Hat OpenShift Service on AWS server information associated with a nickname.
2.4.1. About switches between CLI profiles Copiar o linkLink copiado para a área de transferência!
Contexts allow you to easily switch between multiple users across multiple Red Hat OpenShift Service on AWS servers, or clusters, when using CLI operations. Nicknames make managing CLI configurations easier by providing short-hand references to contexts, user credentials, and cluster details. After a user logs in with the oc
CLI for the first time, Red Hat OpenShift Service on AWS creates a ~/.kube/config
file if one does not already exist. As more authentication and connection details are provided to the CLI, either automatically during an oc login
operation or by manually configuring CLI profiles, the updated information is stored in the configuration file:
CLI config file
- 1
- The
clusters
section defines connection details for Red Hat OpenShift Service on AWS clusters, including the address for their master server. In this example, one cluster is nicknamedopenshift1.example.com:8443
and another is nicknamedopenshift2.example.com:8443
. - 2
- This
contexts
section defines two contexts: one nicknamedalice-project/openshift1.example.com:8443/alice
, using thealice-project
project,openshift1.example.com:8443
cluster, andalice
user, and another nicknamedjoe-project/openshift1.example.com:8443/alice
, using thejoe-project
project,openshift1.example.com:8443
cluster andalice
user. - 3
- The
current-context
parameter shows that thejoe-project/openshift1.example.com:8443/alice
context is currently in use, allowing thealice
user to work in thejoe-project
project on theopenshift1.example.com:8443
cluster. - 4
- The
users
section defines user credentials. In this example, the user nicknamealice/openshift1.example.com:8443
uses an access token.
The CLI can support multiple configuration files which are loaded at runtime and merged together along with any override options specified from the command line. After you are logged in, you can use the oc status
or oc project
command to verify your current working environment:
Verify the current working environment
oc status
$ oc status
Example output
List the current project
oc project
$ oc project
Example output
Using project "joe-project" from context named "joe-project/openshift1.example.com:8443/alice" on server "https://openshift1.example.com:8443".
Using project "joe-project" from context named "joe-project/openshift1.example.com:8443/alice" on server "https://openshift1.example.com:8443".
You can run the oc login
command again and supply the required information during the interactive process, to log in using any other combination of user credentials and cluster details. A context is constructed based on the supplied information if one does not already exist. If you are already logged in and want to switch to another project the current user already has access to, use the oc project
command and enter the name of the project:
oc project alice-project
$ oc project alice-project
Example output
Now using project "alice-project" on server "https://openshift1.example.com:8443".
Now using project "alice-project" on server "https://openshift1.example.com:8443".
At any time, you can use the oc config view
command to view your current CLI configuration, as seen in the output. Additional CLI configuration commands are also available for more advanced usage.
If you have access to administrator credentials but are no longer logged in as the default system user system:admin
, you can log back in as this user at any time as long as the credentials are still present in your CLI config file. The following command logs in and switches to the default project:
oc login -u system:admin -n default
$ oc login -u system:admin -n default
2.4.2. Manual configuration of CLI profiles Copiar o linkLink copiado para a área de transferência!
This section covers more advanced usage of CLI configurations. In most situations, you can use the oc login
and oc project
commands to log in and switch between contexts and projects.
If you want to manually configure your CLI config files, you can use the oc config
command instead of directly modifying the files. The oc config
command includes a number of helpful sub-commands for this purpose:
Subcommand | Usage |
---|---|
| Sets a cluster entry in the CLI config file. If the referenced cluster nickname already exists, the specified information is merged in. oc config set-cluster <cluster_nickname> [--server=<master_ip_or_fqdn>]
|
| Sets a context entry in the CLI config file. If the referenced context nickname already exists, the specified information is merged in. oc config set-context <context_nickname> [--cluster=<cluster_nickname>]
|
| Sets the current context using the specified context nickname. oc config use-context <context_nickname>
|
| Sets an individual value in the CLI config file. oc config set <property_name> <property_value>
The |
| Unsets individual values in the CLI config file. oc config unset <property_name>
The |
| Displays the merged CLI configuration currently in use. oc config view
Displays the result of the specified CLI config file. oc config view --config=<specific_filename>
|
Example usage
-
Log in as a user that uses an access token. This token is used by the
alice
user:
oc login https://openshift1.example.com --token=ns7yVhuRNpDM9cgzfhhxQ7bM5s7N2ZVrkZepSRf4LC0
$ oc login https://openshift1.example.com --token=ns7yVhuRNpDM9cgzfhhxQ7bM5s7N2ZVrkZepSRf4LC0
- View the cluster entry automatically created:
oc config view
$ oc config view
Example output
- Update the current context to have users log in to the desired namespace:
oc config set-context `oc config current-context` --namespace=<project_name>
$ oc config set-context `oc config current-context` --namespace=<project_name>
- Examine the current context, to confirm that the changes are implemented:
oc whoami -c
$ oc whoami -c
All subsequent CLI operations uses the new context, unless otherwise specified by overriding CLI options or until the context is switched.
2.4.3. Load and merge rules Copiar o linkLink copiado para a área de transferência!
You can follow these rules, when issuing CLI operations for the loading and merging order for the CLI configuration:
CLI config files are retrieved from your workstation, using the following hierarchy and merge rules:
-
If the
--config
option is set, then only that file is loaded. The flag is set once and no merging takes place. -
If the
$KUBECONFIG
environment variable is set, then it is used. The variable can be a list of paths, and if so the paths are merged together. When a value is modified, it is modified in the file that defines the stanza. When a value is created, it is created in the first file that exists. If no files in the chain exist, then it creates the last file in the list. -
Otherwise, the
~/.kube/config
file is used and no merging takes place.
-
If the
The context to use is determined based on the first match in the following flow:
-
The value of the
--context
option. -
The
current-context
value from the CLI config file. - An empty value is allowed at this stage.
-
The value of the
The user and cluster to use is determined. At this point, you may or may not have a context; they are built based on the first match in the following flow, which is run once for the user and once for the cluster:
-
The value of the
--user
for user name and--cluster
option for cluster name. -
If the
--context
option is present, then use the context’s value. - An empty value is allowed at this stage.
-
The value of the
The actual cluster information to use is determined. At this point, you may or may not have cluster information. Each piece of the cluster information is built based on the first match in the following flow:
The values of any of the following command-line options:
-
--server
, -
--api-version
-
--certificate-authority
-
--insecure-skip-tls-verify
-
- If cluster information and a value for the attribute is present, then use it.
- If you do not have a server location, then there is an error.
The actual user information to use is determined. Users are built using the same rules as clusters, except that you can only have one authentication technique per user; conflicting techniques cause the operation to fail. Command-line options take precedence over config file values. Valid command-line options are:
-
--auth-path
-
--client-certificate
-
--client-key
-
--token
-
- For any information that is still missing, default values are used and prompts are given for additional information.
2.5. Extending the OpenShift CLI with plugins Copiar o linkLink copiado para a área de transferência!
You can write and install plugins to build on the default oc
commands, allowing you to perform new and more complex tasks with the OpenShift CLI.
2.5.1. Writing CLI plugins Copiar o linkLink copiado para a área de transferência!
You can write a plugin for the OpenShift CLI in any programming language or script that allows you to write command-line commands. Note that you can not use a plugin to overwrite an existing oc
command.
Procedure
This procedure creates a simple Bash plugin that prints a message to the terminal when the oc foo
command is issued.
Create a file called
oc-foo
.When naming your plugin file, keep the following in mind:
-
The file must begin with
oc-
orkubectl-
to be recognized as a plugin. -
The file name determines the command that invokes the plugin. For example, a plugin with the file name
oc-foo-bar
can be invoked by a command ofoc foo bar
. You can also use underscores if you want the command to contain dashes. For example, a plugin with the file nameoc-foo_bar
can be invoked by a command ofoc foo-bar
.
-
The file must begin with
Add the following contents to the file.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
After you install this plugin for the OpenShift CLI, it can be invoked using the oc foo
command.
2.5.2. Installing and using CLI plugins Copiar o linkLink copiado para a área de transferência!
After you write a custom plugin for the OpenShift CLI, you must install the plugin before use.
Prerequisites
-
You must have the
oc
CLI tool installed. -
You must have a CLI plugin file that begins with
oc-
orkubectl-
.
Procedure
If necessary, update the plugin file to be executable.
chmod +x <plugin_file>
$ chmod +x <plugin_file>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Place the file anywhere in your
PATH
, such as/usr/local/bin/
.sudo mv <plugin_file> /usr/local/bin/.
$ sudo mv <plugin_file> /usr/local/bin/.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Run
oc plugin list
to make sure that the plugin is listed.oc plugin list
$ oc plugin list
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
The following compatible plugins are available: /usr/local/bin/<plugin_file>
The following compatible plugins are available: /usr/local/bin/<plugin_file>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow If your plugin is not listed here, verify that the file begins with
oc-
orkubectl-
, is executable, and is on yourPATH
.Invoke the new command or option introduced by the plugin.
For example, if you built and installed the
kubectl-ns
plugin from the Sample plugin repository, you can use the following command to view the current namespace.oc ns
$ oc ns
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Note that the command to invoke the plugin depends on the plugin file name. For example, a plugin with the file name of
oc-foo-bar
is invoked by theoc foo bar
command.
2.6. OpenShift CLI developer command reference Copiar o linkLink copiado para a área de transferência!
This reference provides descriptions and example commands for OpenShift CLI (oc
) developer commands.
Run oc help
to list all commands or run oc <command> --help
to get additional details for a specific command.
2.6.1. OpenShift CLI (oc) developer commands Copiar o linkLink copiado para a área de transferência!
2.6.1.1. oc annotate Copiar o linkLink copiado para a área de transferência!
Update the annotations on a resource
Example usage
2.6.1.2. oc api-resources Copiar o linkLink copiado para a área de transferência!
Print the supported API resources on the server
Example usage
2.6.1.3. oc api-versions Copiar o linkLink copiado para a área de transferência!
Print the supported API versions on the server, in the form of "group/version"
Example usage
Print the supported API versions
# Print the supported API versions
oc api-versions
2.6.1.4. oc apply Copiar o linkLink copiado para a área de transferência!
Apply a configuration to a resource by file name or stdin
Example usage
2.6.1.5. oc apply edit-last-applied Copiar o linkLink copiado para a área de transferência!
Edit latest last-applied-configuration annotations of a resource/object
Example usage
Edit the last-applied-configuration annotations by type/name in YAML
# Edit the last-applied-configuration annotations by type/name in YAML
oc apply edit-last-applied deployment/nginx
# Edit the last-applied-configuration annotations by file in JSON
oc apply edit-last-applied -f deploy.yaml -o json
2.6.1.6. oc apply set-last-applied Copiar o linkLink copiado para a área de transferência!
Set the last-applied-configuration annotation on a live object to match the contents of a file
Example usage
2.6.1.7. oc apply view-last-applied Copiar o linkLink copiado para a área de transferência!
View the latest last-applied-configuration annotations of a resource/object
Example usage
View the last-applied-configuration annotations by type/name in YAML
# View the last-applied-configuration annotations by type/name in YAML
oc apply view-last-applied deployment/nginx
# View the last-applied-configuration annotations by file in JSON
oc apply view-last-applied -f deploy.yaml -o json
2.6.1.8. oc attach Copiar o linkLink copiado para a área de transferência!
Attach to a running container
Example usage
2.6.1.9. oc auth can-i Copiar o linkLink copiado para a área de transferência!
Check whether an action is allowed
Example usage
2.6.1.10. oc auth reconcile Copiar o linkLink copiado para a área de transferência!
Reconciles rules for RBAC role, role binding, cluster role, and cluster role binding objects
Example usage
Reconcile RBAC resources from a file
# Reconcile RBAC resources from a file
oc auth reconcile -f my-rbac-rules.yaml
2.6.1.11. oc auth whoami Copiar o linkLink copiado para a área de transferência!
Experimental: Check self subject attributes
Example usage
Get your subject attributes
# Get your subject attributes
oc auth whoami
# Get your subject attributes in JSON format
oc auth whoami -o json
2.6.1.12. oc autoscale Copiar o linkLink copiado para a área de transferência!
Autoscale a deployment config, deployment, replica set, stateful set, or replication controller
Example usage
Auto scale a deployment "foo", with the number of pods between 2 and 10, no target CPU utilization specified so a default autoscaling policy will be used
# Auto scale a deployment "foo", with the number of pods between 2 and 10, no target CPU utilization specified so a default autoscaling policy will be used
oc autoscale deployment foo --min=2 --max=10
# Auto scale a replication controller "foo", with the number of pods between 1 and 5, target CPU utilization at 80%
oc autoscale rc foo --max=5 --cpu-percent=80
2.6.1.13. oc cancel-build Copiar o linkLink copiado para a área de transferência!
Cancel running, pending, or new builds
Example usage
2.6.1.14. oc cluster-info Copiar o linkLink copiado para a área de transferência!
Display cluster information
Example usage
Print the address of the control plane and cluster services
# Print the address of the control plane and cluster services
oc cluster-info
2.6.1.15. oc cluster-info dump Copiar o linkLink copiado para a área de transferência!
Dump relevant information for debugging and diagnosis
Example usage
2.6.1.16. oc completion Copiar o linkLink copiado para a área de transferência!
Output shell completion code for the specified shell (bash, zsh, fish, or powershell)
Example usage
2.6.1.17. oc config current-context Copiar o linkLink copiado para a área de transferência!
Display the current-context
Example usage
Display the current-context
# Display the current-context
oc config current-context
2.6.1.18. oc config delete-cluster Copiar o linkLink copiado para a área de transferência!
Delete the specified cluster from the kubeconfig
Example usage
Delete the minikube cluster
# Delete the minikube cluster
oc config delete-cluster minikube
2.6.1.19. oc config delete-context Copiar o linkLink copiado para a área de transferência!
Delete the specified context from the kubeconfig
Example usage
Delete the context for the minikube cluster
# Delete the context for the minikube cluster
oc config delete-context minikube
2.6.1.20. oc config delete-user Copiar o linkLink copiado para a área de transferência!
Delete the specified user from the kubeconfig
Example usage
Delete the minikube user
# Delete the minikube user
oc config delete-user minikube
2.6.1.21. oc config get-clusters Copiar o linkLink copiado para a área de transferência!
Display clusters defined in the kubeconfig
Example usage
List the clusters that oc knows about
# List the clusters that oc knows about
oc config get-clusters
2.6.1.22. oc config get-contexts Copiar o linkLink copiado para a área de transferência!
Describe one or many contexts
Example usage
List all the contexts in your kubeconfig file
# List all the contexts in your kubeconfig file
oc config get-contexts
# Describe one context in your kubeconfig file
oc config get-contexts my-context
2.6.1.23. oc config get-users Copiar o linkLink copiado para a área de transferência!
Display users defined in the kubeconfig
Example usage
List the users that oc knows about
# List the users that oc knows about
oc config get-users
2.6.1.24. oc config new-admin-kubeconfig Copiar o linkLink copiado para a área de transferência!
Generate, make the server trust, and display a new admin.kubeconfig
Example usage
Generate a new admin kubeconfig
# Generate a new admin kubeconfig
oc config new-admin-kubeconfig
2.6.1.25. oc config new-kubelet-bootstrap-kubeconfig Copiar o linkLink copiado para a área de transferência!
Generate, make the server trust, and display a new kubelet /etc/kubernetes/kubeconfig
Example usage
Generate a new kubelet bootstrap kubeconfig
# Generate a new kubelet bootstrap kubeconfig
oc config new-kubelet-bootstrap-kubeconfig
2.6.1.26. oc config refresh-ca-bundle Copiar o linkLink copiado para a área de transferência!
Update the OpenShift CA bundle by contacting the API server
Example usage
2.6.1.27. oc config rename-context Copiar o linkLink copiado para a área de transferência!
Rename a context from the kubeconfig file
Example usage
Rename the context 'old-name' to 'new-name' in your kubeconfig file
# Rename the context 'old-name' to 'new-name' in your kubeconfig file
oc config rename-context old-name new-name
2.6.1.28. oc config set Copiar o linkLink copiado para a área de transferência!
Set an individual value in a kubeconfig file
Example usage
2.6.1.29. oc config set-cluster Copiar o linkLink copiado para a área de transferência!
Set a cluster entry in kubeconfig
Example usage
2.6.1.30. oc config set-context Copiar o linkLink copiado para a área de transferência!
Set a context entry in kubeconfig
Example usage
Set the user field on the gce context entry without touching other values
# Set the user field on the gce context entry without touching other values
oc config set-context gce --user=cluster-admin
2.6.1.31. oc config set-credentials Copiar o linkLink copiado para a área de transferência!
Set a user entry in kubeconfig
Example usage
2.6.1.32. oc config unset Copiar o linkLink copiado para a área de transferência!
Unset an individual value in a kubeconfig file
Example usage
Unset the current-context
# Unset the current-context
oc config unset current-context
# Unset namespace in foo context
oc config unset contexts.foo.namespace
2.6.1.33. oc config use-context Copiar o linkLink copiado para a área de transferência!
Set the current-context in a kubeconfig file
Example usage
Use the context for the minikube cluster
# Use the context for the minikube cluster
oc config use-context minikube
2.6.1.34. oc config view Copiar o linkLink copiado para a área de transferência!
Display merged kubeconfig settings or a specified kubeconfig file
Example usage
2.6.1.35. oc cp Copiar o linkLink copiado para a área de transferência!
Copy files and directories to and from containers
Example usage
2.6.1.36. oc create Copiar o linkLink copiado para a área de transferência!
Create a resource from a file or from stdin
Example usage
2.6.1.37. oc create build Copiar o linkLink copiado para a área de transferência!
Create a new build
Example usage
Create a new build
# Create a new build
oc create build myapp
2.6.1.38. oc create clusterresourcequota Copiar o linkLink copiado para a área de transferência!
Create a cluster resource quota
Example usage
Create a cluster resource quota limited to 10 pods
# Create a cluster resource quota limited to 10 pods
oc create clusterresourcequota limit-bob --project-annotation-selector=openshift.io/requester=user-bob --hard=pods=10
2.6.1.39. oc create clusterrole Copiar o linkLink copiado para a área de transferência!
Create a cluster role
Example usage
2.6.1.40. oc create clusterrolebinding Copiar o linkLink copiado para a área de transferência!
Create a cluster role binding for a particular cluster role
Example usage
Create a cluster role binding for user1, user2, and group1 using the cluster-admin cluster role
# Create a cluster role binding for user1, user2, and group1 using the cluster-admin cluster role
oc create clusterrolebinding cluster-admin --clusterrole=cluster-admin --user=user1 --user=user2 --group=group1
2.6.1.41. oc create configmap Copiar o linkLink copiado para a área de transferência!
Create a config map from a local file, directory or literal value
Example usage
2.6.1.42. oc create cronjob Copiar o linkLink copiado para a área de transferência!
Create a cron job with the specified name
Example usage
Create a cron job
# Create a cron job
oc create cronjob my-job --image=busybox --schedule="*/1 * * * *"
# Create a cron job with a command
oc create cronjob my-job --image=busybox --schedule="*/1 * * * *" -- date
2.6.1.43. oc create deployment Copiar o linkLink copiado para a área de transferência!
Create a deployment with the specified name
Example usage
2.6.1.44. oc create deploymentconfig Copiar o linkLink copiado para a área de transferência!
Create a deployment config with default options that uses a given image
Example usage
Create an nginx deployment config named my-nginx
# Create an nginx deployment config named my-nginx
oc create deploymentconfig my-nginx --image=nginx
2.6.1.45. oc create identity Copiar o linkLink copiado para a área de transferência!
Manually create an identity (only needed if automatic creation is disabled)
Example usage
Create an identity with identity provider "acme_ldap" and the identity provider username "adamjones"
# Create an identity with identity provider "acme_ldap" and the identity provider username "adamjones"
oc create identity acme_ldap:adamjones
2.6.1.46. oc create imagestream Copiar o linkLink copiado para a área de transferência!
Create a new empty image stream
Example usage
Create a new image stream
# Create a new image stream
oc create imagestream mysql
2.6.1.47. oc create imagestreamtag Copiar o linkLink copiado para a área de transferência!
Create a new image stream tag
Example usage
Create a new image stream tag based on an image in a remote registry
# Create a new image stream tag based on an image in a remote registry
oc create imagestreamtag mysql:latest --from-image=myregistry.local/mysql/mysql:5.0
2.6.1.48. oc create ingress Copiar o linkLink copiado para a área de transferência!
Create an ingress with the specified name
Example usage
2.6.1.49. oc create job Copiar o linkLink copiado para a área de transferência!
Create a job with the specified name
Example usage
2.6.1.50. oc create namespace Copiar o linkLink copiado para a área de transferência!
Create a namespace with the specified name
Example usage
Create a new namespace named my-namespace
# Create a new namespace named my-namespace
oc create namespace my-namespace
2.6.1.51. oc create poddisruptionbudget Copiar o linkLink copiado para a área de transferência!
Create a pod disruption budget with the specified name
Example usage
2.6.1.52. oc create priorityclass Copiar o linkLink copiado para a área de transferência!
Create a priority class with the specified name
Example usage
2.6.1.53. oc create quota Copiar o linkLink copiado para a área de transferência!
Create a quota with the specified name
Example usage
Create a new resource quota named my-quota
# Create a new resource quota named my-quota
oc create quota my-quota --hard=cpu=1,memory=1G,pods=2,services=3,replicationcontrollers=2,resourcequotas=1,secrets=5,persistentvolumeclaims=10
# Create a new resource quota named best-effort
oc create quota best-effort --hard=pods=100 --scopes=BestEffort
2.6.1.54. oc create role Copiar o linkLink copiado para a área de transferência!
Create a role with single rule
Example usage
2.6.1.55. oc create rolebinding Copiar o linkLink copiado para a área de transferência!
Create a role binding for a particular role or cluster role
Example usage
Create a role binding for user1, user2, and group1 using the admin cluster role
# Create a role binding for user1, user2, and group1 using the admin cluster role
oc create rolebinding admin --clusterrole=admin --user=user1 --user=user2 --group=group1
# Create a role binding for service account monitoring:sa-dev using the admin role
oc create rolebinding admin-binding --role=admin --serviceaccount=monitoring:sa-dev
2.6.1.56. oc create route edge Copiar o linkLink copiado para a área de transferência!
Create a route that uses edge TLS termination
Example usage
2.6.1.57. oc create route passthrough Copiar o linkLink copiado para a área de transferência!
Create a route that uses passthrough TLS termination
Example usage
2.6.1.58. oc create route reencrypt Copiar o linkLink copiado para a área de transferência!
Create a route that uses reencrypt TLS termination
Example usage
2.6.1.59. oc create secret docker-registry Copiar o linkLink copiado para a área de transferência!
Create a secret for use with a Docker registry
Example usage
If you do not already have a .dockercfg file, create a dockercfg secret directly
# If you do not already have a .dockercfg file, create a dockercfg secret directly
oc create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
# Create a new secret named my-secret from ~/.docker/config.json
oc create secret docker-registry my-secret --from-file=path/to/.docker/config.json
2.6.1.60. oc create secret generic Copiar o linkLink copiado para a área de transferência!
Create a secret from a local file, directory, or literal value
Example usage
2.6.1.61. oc create secret tls Copiar o linkLink copiado para a área de transferência!
Create a TLS secret
Example usage
Create a new TLS secret named tls-secret with the given key pair
# Create a new TLS secret named tls-secret with the given key pair
oc create secret tls tls-secret --cert=path/to/tls.crt --key=path/to/tls.key
2.6.1.62. oc create service clusterip Copiar o linkLink copiado para a área de transferência!
Create a ClusterIP service
Example usage
Create a new ClusterIP service named my-cs
# Create a new ClusterIP service named my-cs
oc create service clusterip my-cs --tcp=5678:8080
# Create a new ClusterIP service named my-cs (in headless mode)
oc create service clusterip my-cs --clusterip="None"
2.6.1.63. oc create service externalname Copiar o linkLink copiado para a área de transferência!
Create an ExternalName service
Example usage
Create a new ExternalName service named my-ns
# Create a new ExternalName service named my-ns
oc create service externalname my-ns --external-name bar.com
2.6.1.64. oc create service loadbalancer Copiar o linkLink copiado para a área de transferência!
Create a LoadBalancer service
Example usage
Create a new LoadBalancer service named my-lbs
# Create a new LoadBalancer service named my-lbs
oc create service loadbalancer my-lbs --tcp=5678:8080
2.6.1.65. oc create service nodeport Copiar o linkLink copiado para a área de transferência!
Create a NodePort service
Example usage
Create a new NodePort service named my-ns
# Create a new NodePort service named my-ns
oc create service nodeport my-ns --tcp=5678:8080
2.6.1.66. oc create serviceaccount Copiar o linkLink copiado para a área de transferência!
Create a service account with the specified name
Example usage
Create a new service account named my-service-account
# Create a new service account named my-service-account
oc create serviceaccount my-service-account
2.6.1.67. oc create token Copiar o linkLink copiado para a área de transferência!
Request a service account token
Example usage
2.6.1.68. oc create user Copiar o linkLink copiado para a área de transferência!
Manually create a user (only needed if automatic creation is disabled)
Example usage
Create a user with the username "ajones" and the display name "Adam Jones"
# Create a user with the username "ajones" and the display name "Adam Jones"
oc create user ajones --full-name="Adam Jones"
2.6.1.69. oc create useridentitymapping Copiar o linkLink copiado para a área de transferência!
Manually map an identity to a user
Example usage
Map the identity "acme_ldap:adamjones" to the user "ajones"
# Map the identity "acme_ldap:adamjones" to the user "ajones"
oc create useridentitymapping acme_ldap:adamjones ajones
2.6.1.70. oc debug Copiar o linkLink copiado para a área de transferência!
Launch a new instance of a pod for debugging
Example usage
2.6.1.71. oc delete Copiar o linkLink copiado para a área de transferência!
Delete resources by file names, stdin, resources and names, or by resources and label selector
Example usage
2.6.1.72. oc describe Copiar o linkLink copiado para a área de transferência!
Show details of a specific resource or group of resources
Example usage
2.6.1.73. oc diff Copiar o linkLink copiado para a área de transferência!
Diff the live version against a would-be applied version
Example usage
Diff resources included in pod.json
# Diff resources included in pod.json
oc diff -f pod.json
# Diff file read from stdin
cat service.yaml | oc diff -f -
2.6.1.74. oc edit Copiar o linkLink copiado para a área de transferência!
Edit a resource on the server
Example usage
2.6.1.75. oc events Copiar o linkLink copiado para a área de transferência!
List events
Example usage
2.6.1.76. oc exec Copiar o linkLink copiado para a área de transferência!
Execute a command in a container
Example usage
2.6.1.77. oc explain Copiar o linkLink copiado para a área de transferência!
Get documentation for a resource
Example usage
2.6.1.78. oc expose Copiar o linkLink copiado para a área de transferência!
Expose a replicated application as a service or route
Example usage
2.6.1.79. oc extract Copiar o linkLink copiado para a área de transferência!
Extract secrets or config maps to disk
Example usage
2.6.1.80. oc get Copiar o linkLink copiado para a área de transferência!
Display one or many resources
Example usage
2.6.1.81. oc get-token Copiar o linkLink copiado para a área de transferência!
Experimental: Get token from external OIDC issuer as credentials exec plugin
Example usage
Starts an auth code flow to the issuer URL with the client ID and the given extra scopes
# Starts an auth code flow to the issuer URL with the client ID and the given extra scopes
oc get-token --client-id=client-id --issuer-url=test.issuer.url --extra-scopes=email,profile
# Starts an auth code flow to the issuer URL with a different callback address
oc get-token --client-id=client-id --issuer-url=test.issuer.url --callback-address=127.0.0.1:8343
2.6.1.82. oc idle Copiar o linkLink copiado para a área de transferência!
Idle scalable resources
Example usage
Idle the scalable controllers associated with the services listed in to-idle.txt
# Idle the scalable controllers associated with the services listed in to-idle.txt
$ oc idle --resource-names-file to-idle.txt
2.6.1.83. oc image append Copiar o linkLink copiado para a área de transferência!
Add layers to images and push them to a registry
Example usage
2.6.1.84. oc image extract Copiar o linkLink copiado para a área de transferência!
Copy files from an image to the file system
Example usage
2.6.1.85. oc image info Copiar o linkLink copiado para a área de transferência!
Display information about an image
Example usage
2.6.1.86. oc image mirror Copiar o linkLink copiado para a área de transferência!
Mirror images from one repository to another
Example usage
2.6.1.87. oc import-image Copiar o linkLink copiado para a área de transferência!
Import images from a container image registry
Example usage
2.6.1.88. oc kustomize Copiar o linkLink copiado para a área de transferência!
Build a kustomization target from a directory or URL
Example usage
2.6.1.89. oc label Copiar o linkLink copiado para a área de transferência!
Update the labels on a resource
Example usage
2.6.1.90. oc login Copiar o linkLink copiado para a área de transferência!
Log in to a server
Example usage
2.6.1.91. oc logout Copiar o linkLink copiado para a área de transferência!
End the current server session
Example usage
Log out
# Log out
oc logout
2.6.1.92. oc logs Copiar o linkLink copiado para a área de transferência!
Print the logs for a container in a pod
Example usage
2.6.1.93. oc new-app Copiar o linkLink copiado para a área de transferência!
Create a new application
Example usage
2.6.1.94. oc new-build Copiar o linkLink copiado para a área de transferência!
Create a new build configuration
Example usage
2.6.1.95. oc new-project Copiar o linkLink copiado para a área de transferência!
Request a new project
Example usage
Create a new project with minimal information
# Create a new project with minimal information
oc new-project web-team-dev
# Create a new project with a display name and description
oc new-project web-team-dev --display-name="Web Team Development" --description="Development project for the web team."
2.6.1.96. oc observe Copiar o linkLink copiado para a área de transferência!
Observe changes to resources and react to them (experimental)
Example usage
2.6.1.97. oc patch Copiar o linkLink copiado para a área de transferência!
Update fields of a resource
Example usage
2.6.1.98. oc plugin Copiar o linkLink copiado para a área de transferência!
Provides utilities for interacting with plugins
Example usage
List all available plugins
# List all available plugins
oc plugin list
# List only binary names of available plugins without paths
oc plugin list --name-only
2.6.1.99. oc plugin list Copiar o linkLink copiado para a área de transferência!
List all visible plugin executables on a user’s PATH
Example usage
List all available plugins
# List all available plugins
oc plugin list
# List only binary names of available plugins without paths
oc plugin list --name-only
2.6.1.100. oc policy add-role-to-user Copiar o linkLink copiado para a área de transferência!
Add a role to users or service accounts for the current project
Example usage
Add the 'view' role to user1 for the current project
# Add the 'view' role to user1 for the current project
oc policy add-role-to-user view user1
# Add the 'edit' role to serviceaccount1 for the current project
oc policy add-role-to-user edit -z serviceaccount1
2.6.1.101. oc policy scc-review Copiar o linkLink copiado para a área de transferência!
Check which service account can create a pod
Example usage
2.6.1.102. oc policy scc-subject-review Copiar o linkLink copiado para a área de transferência!
Check whether a user or a service account can create a pod
Example usage
2.6.1.103. oc port-forward Copiar o linkLink copiado para a área de transferência!
Forward one or more local ports to a pod
Example usage
2.6.1.104. oc process Copiar o linkLink copiado para a área de transferência!
Process a template into list of resources
Example usage
2.6.1.105. oc project Copiar o linkLink copiado para a área de transferência!
Switch to another project
Example usage
Switch to the 'myapp' project
# Switch to the 'myapp' project
oc project myapp
# Display the project currently in use
oc project
2.6.1.106. oc projects Copiar o linkLink copiado para a área de transferência!
Display existing projects
Example usage
List all projects
# List all projects
oc projects
2.6.1.107. oc proxy Copiar o linkLink copiado para a área de transferência!
Run a proxy to the Kubernetes API server
Example usage
2.6.1.108. oc registry login Copiar o linkLink copiado para a área de transferência!
Log in to the integrated registry
Example usage
Log in to the integrated registry
# Log in to the integrated registry
oc registry login
# Log in to different registry using BASIC auth credentials
oc registry login --registry quay.io/myregistry --auth-basic=USER:PASS
2.6.1.109. oc replace Copiar o linkLink copiado para a área de transferência!
Replace a resource by file name or stdin
Example usage
2.6.1.110. oc rollback Copiar o linkLink copiado para a área de transferência!
Revert part of an application back to a previous deployment
Example usage
2.6.1.111. oc rollout Copiar o linkLink copiado para a área de transferência!
Manage the rollout of a resource
Example usage
2.6.1.112. oc rollout cancel Copiar o linkLink copiado para a área de transferência!
Cancel the in-progress deployment
Example usage
Cancel the in-progress deployment based on 'nginx'
# Cancel the in-progress deployment based on 'nginx'
oc rollout cancel dc/nginx
2.6.1.113. oc rollout history Copiar o linkLink copiado para a área de transferência!
View rollout history
Example usage
View the rollout history of a deployment
# View the rollout history of a deployment
oc rollout history deployment/abc
# View the details of daemonset revision 3
oc rollout history daemonset/abc --revision=3
2.6.1.114. oc rollout latest Copiar o linkLink copiado para a área de transferência!
Start a new rollout for a deployment config with the latest state from its triggers
Example usage
Start a new rollout based on the latest images defined in the image change triggers
# Start a new rollout based on the latest images defined in the image change triggers
oc rollout latest dc/nginx
# Print the rolled out deployment config
oc rollout latest dc/nginx -o json
2.6.1.115. oc rollout pause Copiar o linkLink copiado para a área de transferência!
Mark the provided resource as paused
Example usage
Mark the nginx deployment as paused
# Mark the nginx deployment as paused
# Any current state of the deployment will continue its function; new updates
# to the deployment will not have an effect as long as the deployment is paused
oc rollout pause deployment/nginx
2.6.1.116. oc rollout restart Copiar o linkLink copiado para a área de transferência!
Restart a resource
Example usage
2.6.1.117. oc rollout resume Copiar o linkLink copiado para a área de transferência!
Resume a paused resource
Example usage
Resume an already paused deployment
# Resume an already paused deployment
oc rollout resume deployment/nginx
2.6.1.118. oc rollout retry Copiar o linkLink copiado para a área de transferência!
Retry the latest failed rollout
Example usage
Retry the latest failed deployment based on 'frontend'
# Retry the latest failed deployment based on 'frontend'
# The deployer pod and any hook pods are deleted for the latest failed deployment
oc rollout retry dc/frontend
2.6.1.119. oc rollout status Copiar o linkLink copiado para a área de transferência!
Show the status of the rollout
Example usage
Watch the rollout status of a deployment
# Watch the rollout status of a deployment
oc rollout status deployment/nginx
2.6.1.120. oc rollout undo Copiar o linkLink copiado para a área de transferência!
Undo a previous rollout
Example usage
2.6.1.121. oc rsh Copiar o linkLink copiado para a área de transferência!
Start a shell session in a container
Example usage
2.6.1.122. oc rsync Copiar o linkLink copiado para a área de transferência!
Copy files between a local file system and a pod
Example usage
Synchronize a local directory with a pod directory
# Synchronize a local directory with a pod directory
oc rsync ./local/dir/ POD:/remote/dir
# Synchronize a pod directory with a local directory
oc rsync POD:/remote/dir/ ./local/dir
2.6.1.123. oc run Copiar o linkLink copiado para a área de transferência!
Run a particular image on the cluster
Example usage
2.6.1.124. oc scale Copiar o linkLink copiado para a área de transferência!
Set a new size for a deployment, replica set, or replication controller
Example usage
2.6.1.125. oc secrets link Copiar o linkLink copiado para a área de transferência!
Link secrets to a service account
Example usage
Add an image pull secret to a service account to automatically use it for pulling pod images
# Add an image pull secret to a service account to automatically use it for pulling pod images
oc secrets link serviceaccount-name pull-secret --for=pull
# Add an image pull secret to a service account to automatically use it for both pulling and pushing build images
oc secrets link builder builder-image-secret --for=pull,mount
2.6.1.126. oc secrets unlink Copiar o linkLink copiado para a área de transferência!
Detach secrets from a service account
Example usage
Unlink a secret currently associated with a service account
# Unlink a secret currently associated with a service account
oc secrets unlink serviceaccount-name secret-name another-secret-name ...
2.6.1.127. oc set build-hook Copiar o linkLink copiado para a área de transferência!
Update a build hook on a build config
Example usage
2.6.1.128. oc set build-secret Copiar o linkLink copiado para a área de transferência!
Update a build secret on a build config
Example usage
2.6.1.129. oc set data Copiar o linkLink copiado para a área de transferência!
Update the data within a config map or secret
Example usage
2.6.1.130. oc set deployment-hook Copiar o linkLink copiado para a área de transferência!
Update a deployment hook on a deployment config
Example usage
2.6.1.131. oc set env Copiar o linkLink copiado para a área de transferência!
Update environment variables on a pod template
Example usage
2.6.1.132. oc set image Copiar o linkLink copiado para a área de transferência!
Update the image of a pod template
Example usage
2.6.1.133. oc set image-lookup Copiar o linkLink copiado para a área de transferência!
Change how images are resolved when deploying applications
Example usage
2.6.1.134. oc set probe Copiar o linkLink copiado para a área de transferência!
Update a probe on a pod template
Example usage
2.6.1.135. oc set resources Copiar o linkLink copiado para a área de transferência!
Update resource requests/limits on objects with pod templates
Example usage
2.6.1.136. oc set route-backends Copiar o linkLink copiado para a área de transferência!
Update the backends for a route
Example usage
2.6.1.137. oc set selector Copiar o linkLink copiado para a área de transferência!
Set the selector on a resource
Example usage
Set the labels and selector before creating a deployment/service pair.
# Set the labels and selector before creating a deployment/service pair.
oc create service clusterip my-svc --clusterip="None" -o yaml --dry-run | oc set selector --local -f - 'environment=qa' -o yaml | oc create -f -
oc create deployment my-dep -o yaml --dry-run | oc label --local -f - environment=qa -o yaml | oc create -f -
2.6.1.138. oc set serviceaccount Copiar o linkLink copiado para a área de transferência!
Update the service account of a resource
Example usage
Set deployment nginx-deployment's service account to serviceaccount1
# Set deployment nginx-deployment's service account to serviceaccount1
oc set serviceaccount deployment nginx-deployment serviceaccount1
# Print the result (in YAML format) of updated nginx deployment with service account from a local file, without hitting the API server
oc set sa -f nginx-deployment.yaml serviceaccount1 --local --dry-run -o yaml
2.6.1.139. oc set subject Copiar o linkLink copiado para a área de transferência!
Update the user, group, or service account in a role binding or cluster role binding
Example usage
2.6.1.140. oc set triggers Copiar o linkLink copiado para a área de transferência!
Update the triggers on one or more objects
Example usage
2.6.1.141. oc set volumes Copiar o linkLink copiado para a área de transferência!
Update volumes on a pod template
Example usage
2.6.1.142. oc start-build Copiar o linkLink copiado para a área de transferência!
Start a new build
Example usage
2.6.1.143. oc status Copiar o linkLink copiado para a área de transferência!
Show an overview of the current project
Example usage
2.6.1.144. oc tag Copiar o linkLink copiado para a área de transferência!
Tag existing images into image streams
Example usage
2.6.1.145. oc version Copiar o linkLink copiado para a área de transferência!
Print the client and server version information
Example usage
2.6.1.146. oc wait Copiar o linkLink copiado para a área de transferência!
Experimental: Wait for a specific condition on one or many resources
Example usage
2.6.1.147. oc whoami Copiar o linkLink copiado para a área de transferência!
Return information about the current session
Example usage
Display the currently authenticated user
# Display the currently authenticated user
oc whoami
2.7. OpenShift CLI administrator command reference Copiar o linkLink copiado para a área de transferência!
This reference provides descriptions and example commands for OpenShift CLI (oc
) administrator commands. You must have cluster-admin
or equivalent permissions to use these commands.
For developer commands, see the OpenShift CLI developer command reference.
Run oc adm -h
to list all administrator commands or run oc <command> --help
to get additional details for a specific command.
2.7.1. OpenShift CLI (oc) administrator commands Copiar o linkLink copiado para a área de transferência!
2.7.1.1. oc adm build-chain Copiar o linkLink copiado para a área de transferência!
Output the inputs and dependencies of your builds
Example usage
2.7.1.2. oc adm catalog mirror Copiar o linkLink copiado para a área de transferência!
Mirror an operator-registry catalog
Example usage
2.7.1.3. oc adm certificate approve Copiar o linkLink copiado para a área de transferência!
Approve a certificate signing request
Example usage
Approve CSR 'csr-sqgzp'
# Approve CSR 'csr-sqgzp'
oc adm certificate approve csr-sqgzp
2.7.1.4. oc adm certificate deny Copiar o linkLink copiado para a área de transferência!
Deny a certificate signing request
Example usage
Deny CSR 'csr-sqgzp'
# Deny CSR 'csr-sqgzp'
oc adm certificate deny csr-sqgzp
2.7.1.5. oc adm copy-to-node Copiar o linkLink copiado para a área de transferência!
Copy specified files to the node
Example usage
Copy a new bootstrap kubeconfig file to node-0
# Copy a new bootstrap kubeconfig file to node-0
oc adm copy-to-node --copy=new-bootstrap-kubeconfig=/etc/kubernetes/kubeconfig node/node-0
2.7.1.6. oc adm cordon Copiar o linkLink copiado para a área de transferência!
Mark node as unschedulable
Example usage
Mark node "foo" as unschedulable
# Mark node "foo" as unschedulable
oc adm cordon foo
2.7.1.7. oc adm create-bootstrap-project-template Copiar o linkLink copiado para a área de transferência!
Create a bootstrap project template
Example usage
Output a bootstrap project template in YAML format to stdout
# Output a bootstrap project template in YAML format to stdout
oc adm create-bootstrap-project-template -o yaml
2.7.1.8. oc adm create-error-template Copiar o linkLink copiado para a área de transferência!
Create an error page template
Example usage
Output a template for the error page to stdout
# Output a template for the error page to stdout
oc adm create-error-template
2.7.1.9. oc adm create-login-template Copiar o linkLink copiado para a área de transferência!
Create a login template
Example usage
Output a template for the login page to stdout
# Output a template for the login page to stdout
oc adm create-login-template
2.7.1.10. oc adm create-provider-selection-template Copiar o linkLink copiado para a área de transferência!
Create a provider selection template
Example usage
Output a template for the provider selection page to stdout
# Output a template for the provider selection page to stdout
oc adm create-provider-selection-template
2.7.1.11. oc adm drain Copiar o linkLink copiado para a área de transferência!
Drain node in preparation for maintenance
Example usage
Drain node "foo", even if there are pods not managed by a replication controller, replica set, job, daemon set, or stateful set on it
# Drain node "foo", even if there are pods not managed by a replication controller, replica set, job, daemon set, or stateful set on it
oc adm drain foo --force
# As above, but abort if there are pods not managed by a replication controller, replica set, job, daemon set, or stateful set, and use a grace period of 15 minutes
oc adm drain foo --grace-period=900
2.7.1.12. oc adm groups add-users Copiar o linkLink copiado para a área de transferência!
Add users to a group
Example usage
Add user1 and user2 to my-group
# Add user1 and user2 to my-group
oc adm groups add-users my-group user1 user2
2.7.1.13. oc adm groups new Copiar o linkLink copiado para a área de transferência!
Create a new group
Example usage
2.7.1.14. oc adm groups prune Copiar o linkLink copiado para a área de transferência!
Remove old OpenShift groups referencing missing records from an external provider
Example usage
2.7.1.15. oc adm groups remove-users Copiar o linkLink copiado para a área de transferência!
Remove users from a group
Example usage
Remove user1 and user2 from my-group
# Remove user1 and user2 from my-group
oc adm groups remove-users my-group user1 user2
2.7.1.16. oc adm groups sync Copiar o linkLink copiado para a área de transferência!
Sync OpenShift groups with records from an external provider
Example usage
2.7.1.17. oc adm inspect Copiar o linkLink copiado para a área de transferência!
Collect debugging data for a given resource
Example usage
2.7.1.18. oc adm migrate icsp Copiar o linkLink copiado para a área de transferência!
Update imagecontentsourcepolicy file(s) to imagedigestmirrorset file(s)
Example usage
Update the imagecontentsourcepolicy.yaml file to a new imagedigestmirrorset file under the mydir directory
# Update the imagecontentsourcepolicy.yaml file to a new imagedigestmirrorset file under the mydir directory
oc adm migrate icsp imagecontentsourcepolicy.yaml --dest-dir mydir
2.7.1.19. oc adm migrate template-instances Copiar o linkLink copiado para a área de transferência!
Update template instances to point to the latest group-version-kinds
Example usage
Perform a dry-run of updating all objects
# Perform a dry-run of updating all objects
oc adm migrate template-instances
# To actually perform the update, the confirm flag must be appended
oc adm migrate template-instances --confirm
2.7.1.20. oc adm must-gather Copiar o linkLink copiado para a área de transferência!
Launch a new instance of a pod for gathering debug information
Example usage
2.7.1.21. oc adm new-project Copiar o linkLink copiado para a área de transferência!
Create a new project
Example usage
Create a new project using a node selector
# Create a new project using a node selector
oc adm new-project myproject --node-selector='type=user-node,region=east'
2.7.1.22. oc adm node-image create Copiar o linkLink copiado para a área de transferência!
Create an ISO image for booting the nodes to be added to the target cluster
Example usage
2.7.1.23. oc adm node-image monitor Copiar o linkLink copiado para a área de transferência!
Monitor new nodes being added to an OpenShift cluster
Example usage
2.7.1.24. oc adm node-logs Copiar o linkLink copiado para a área de transferência!
Display and filter node logs
Example usage
2.7.1.25. oc adm ocp-certificates monitor-certificates Copiar o linkLink copiado para a área de transferência!
Watch platform certificates
Example usage
Watch platform certificates
# Watch platform certificates
oc adm ocp-certificates monitor-certificates
2.7.1.26. oc adm ocp-certificates regenerate-leaf Copiar o linkLink copiado para a área de transferência!
Regenerate client and serving certificates of an OpenShift cluster
Example usage
Regenerate a leaf certificate contained in a particular secret
# Regenerate a leaf certificate contained in a particular secret
oc adm ocp-certificates regenerate-leaf -n openshift-config-managed secret/kube-controller-manager-client-cert-key
2.7.1.27. oc adm ocp-certificates regenerate-machine-config-server-serving-cert Copiar o linkLink copiado para a área de transferência!
Regenerate the machine config operator certificates in an OpenShift cluster
Example usage
Regenerate the MCO certs without modifying user-data secrets
# Regenerate the MCO certs without modifying user-data secrets
oc adm ocp-certificates regenerate-machine-config-server-serving-cert --update-ignition=false
# Update the user-data secrets to use new MCS certs
oc adm ocp-certificates update-ignition-ca-bundle-for-machine-config-server
2.7.1.28. oc adm ocp-certificates regenerate-top-level Copiar o linkLink copiado para a área de transferência!
Regenerate the top level certificates in an OpenShift cluster
Example usage
Regenerate the signing certificate contained in a particular secret
# Regenerate the signing certificate contained in a particular secret
oc adm ocp-certificates regenerate-top-level -n openshift-kube-apiserver-operator secret/loadbalancer-serving-signer-key
2.7.1.29. oc adm ocp-certificates remove-old-trust Copiar o linkLink copiado para a área de transferência!
Remove old CAs from ConfigMaps representing platform trust bundles in an OpenShift cluster
Example usage
Remove a trust bundled contained in a particular config map
# Remove a trust bundled contained in a particular config map
oc adm ocp-certificates remove-old-trust -n openshift-config-managed configmaps/kube-apiserver-aggregator-client-ca --created-before 2023-06-05T14:44:06Z
# Remove only CA certificates created before a certain date from all trust bundles
oc adm ocp-certificates remove-old-trust configmaps -A --all --created-before 2023-06-05T14:44:06Z
2.7.1.30. oc adm ocp-certificates update-ignition-ca-bundle-for-machine-config-server Copiar o linkLink copiado para a área de transferência!
Update user-data secrets in an OpenShift cluster to use updated MCO certfs
Example usage
Regenerate the MCO certs without modifying user-data secrets
# Regenerate the MCO certs without modifying user-data secrets
oc adm ocp-certificates regenerate-machine-config-server-serving-cert --update-ignition=false
# Update the user-data secrets to use new MCS certs
oc adm ocp-certificates update-ignition-ca-bundle-for-machine-config-server
2.7.1.31. oc adm policy add-cluster-role-to-group Copiar o linkLink copiado para a área de transferência!
Add a role to groups for all projects in the cluster
Example usage
Add the 'cluster-admin' cluster role to the 'cluster-admins' group
# Add the 'cluster-admin' cluster role to the 'cluster-admins' group
oc adm policy add-cluster-role-to-group cluster-admin cluster-admins
2.7.1.32. oc adm policy add-cluster-role-to-user Copiar o linkLink copiado para a área de transferência!
Add a role to users for all projects in the cluster
Example usage
Add the 'system:build-strategy-docker' cluster role to the 'devuser' user
# Add the 'system:build-strategy-docker' cluster role to the 'devuser' user
oc adm policy add-cluster-role-to-user system:build-strategy-docker devuser
2.7.1.33. oc adm policy add-role-to-user Copiar o linkLink copiado para a área de transferência!
Add a role to users or service accounts for the current project
Example usage
Add the 'view' role to user1 for the current project
# Add the 'view' role to user1 for the current project
oc adm policy add-role-to-user view user1
# Add the 'edit' role to serviceaccount1 for the current project
oc adm policy add-role-to-user edit -z serviceaccount1
2.7.1.34. oc adm policy add-scc-to-group Copiar o linkLink copiado para a área de transferência!
Add a security context constraint to groups
Example usage
Add the 'restricted' security context constraint to group1 and group2
# Add the 'restricted' security context constraint to group1 and group2
oc adm policy add-scc-to-group restricted group1 group2
2.7.1.35. oc adm policy add-scc-to-user Copiar o linkLink copiado para a área de transferência!
Add a security context constraint to users or a service account
Example usage
Add the 'restricted' security context constraint to user1 and user2
# Add the 'restricted' security context constraint to user1 and user2
oc adm policy add-scc-to-user restricted user1 user2
# Add the 'privileged' security context constraint to serviceaccount1 in the current namespace
oc adm policy add-scc-to-user privileged -z serviceaccount1
2.7.1.36. oc adm policy remove-cluster-role-from-group Copiar o linkLink copiado para a área de transferência!
Remove a role from groups for all projects in the cluster
Example usage
Remove the 'cluster-admin' cluster role from the 'cluster-admins' group
# Remove the 'cluster-admin' cluster role from the 'cluster-admins' group
oc adm policy remove-cluster-role-from-group cluster-admin cluster-admins
2.7.1.37. oc adm policy remove-cluster-role-from-user Copiar o linkLink copiado para a área de transferência!
Remove a role from users for all projects in the cluster
Example usage
Remove the 'system:build-strategy-docker' cluster role from the 'devuser' user
# Remove the 'system:build-strategy-docker' cluster role from the 'devuser' user
oc adm policy remove-cluster-role-from-user system:build-strategy-docker devuser
2.7.1.38. oc adm policy scc-review Copiar o linkLink copiado para a área de transferência!
Check which service account can create a pod
Example usage
2.7.1.39. oc adm policy scc-subject-review Copiar o linkLink copiado para a área de transferência!
Check whether a user or a service account can create a pod
Example usage
2.7.1.40. oc adm prune builds Copiar o linkLink copiado para a área de transferência!
Remove old completed and failed builds
Example usage
2.7.1.41. oc adm prune deployments Copiar o linkLink copiado para a área de transferência!
Remove old completed and failed deployment configs
Example usage
Dry run deleting all but the last complete deployment for every deployment config
# Dry run deleting all but the last complete deployment for every deployment config
oc adm prune deployments --keep-complete=1
# To actually perform the prune operation, the confirm flag must be appended
oc adm prune deployments --keep-complete=1 --confirm
2.7.1.42. oc adm prune groups Copiar o linkLink copiado para a área de transferência!
Remove old OpenShift groups referencing missing records from an external provider
Example usage
2.7.1.43. oc adm prune images Copiar o linkLink copiado para a área de transferência!
Remove unreferenced images
Example usage
2.7.1.44. oc adm prune renderedmachineconfigs Copiar o linkLink copiado para a área de transferência!
Prunes rendered MachineConfigs in an OpenShift cluster
Example usage
2.7.1.45. oc adm prune renderedmachineconfigs list Copiar o linkLink copiado para a área de transferência!
Lists rendered MachineConfigs in an OpenShift cluster
Example usage
List all rendered MachineConfigs for the worker MachineConfigPool in the cluster
# List all rendered MachineConfigs for the worker MachineConfigPool in the cluster
oc adm prune renderedmachineconfigs list --pool-name=worker
# List all rendered MachineConfigs in use by the cluster's MachineConfigPools
oc adm prune renderedmachineconfigs list --in-use
2.7.1.46. oc adm reboot-machine-config-pool Copiar o linkLink copiado para a área de transferência!
Initiate reboot of the specified MachineConfigPool
Example usage
2.7.1.47. oc adm release extract Copiar o linkLink copiado para a área de transferência!
Extract the contents of an update payload to disk
Example usage
2.7.1.48. oc adm release info Copiar o linkLink copiado para a área de transferência!
Display information about a release
Example usage
2.7.1.49. oc adm release mirror Copiar o linkLink copiado para a área de transferência!
Mirror a release to a different image registry location
Example usage
2.7.1.50. oc adm release new Copiar o linkLink copiado para a área de transferência!
Create a new OpenShift release
Example usage
2.7.1.51. oc adm restart-kubelet Copiar o linkLink copiado para a área de transferência!
Restart kubelet on the specified nodes
Example usage
2.7.1.52. oc adm taint Copiar o linkLink copiado para a área de transferência!
Update the taints on one or more nodes
Example usage
2.7.1.53. oc adm top images Copiar o linkLink copiado para a área de transferência!
Show usage statistics for images
Example usage
Show usage statistics for images
# Show usage statistics for images
oc adm top images
2.7.1.54. oc adm top imagestreams Copiar o linkLink copiado para a área de transferência!
Show usage statistics for image streams
Example usage
Show usage statistics for image streams
# Show usage statistics for image streams
oc adm top imagestreams
2.7.1.55. oc adm top node Copiar o linkLink copiado para a área de transferência!
Display resource (CPU/memory) usage of nodes
Example usage
Show metrics for all nodes
# Show metrics for all nodes
oc adm top node
# Show metrics for a given node
oc adm top node NODE_NAME
2.7.1.56. oc adm top persistentvolumeclaims Copiar o linkLink copiado para a área de transferência!
Experimental: Show usage statistics for bound persistentvolumeclaims
Example usage
2.7.1.57. oc adm top pod Copiar o linkLink copiado para a área de transferência!
Display resource (CPU/memory) usage of pods
Example usage
2.7.1.58. oc adm uncordon Copiar o linkLink copiado para a área de transferência!
Mark node as schedulable
Example usage
Mark node "foo" as schedulable
# Mark node "foo" as schedulable
oc adm uncordon foo
2.7.1.59. oc adm upgrade Copiar o linkLink copiado para a área de transferência!
Upgrade a cluster or adjust the upgrade channel
Example usage
View the update status and available cluster updates
# View the update status and available cluster updates
oc adm upgrade
# Update to the latest version
oc adm upgrade --to-latest=true
2.7.1.60. oc adm verify-image-signature Copiar o linkLink copiado para a área de transferência!
Verify the image identity contained in the image signature
Example usage
2.7.1.61. oc adm wait-for-node-reboot Copiar o linkLink copiado para a área de transferência!
Wait for nodes to reboot after running oc adm reboot-machine-config-pool
Example usage
2.7.1.62. oc adm wait-for-stable-cluster Copiar o linkLink copiado para a área de transferência!
Wait for the platform operators to become stable
Example usage
Wait for all cluster operators to become stable
# Wait for all cluster operators to become stable
oc adm wait-for-stable-cluster
# Consider operators to be stable if they report as such for 5 minutes straight
oc adm wait-for-stable-cluster --minimum-stable-period 5m
Chapter 3. Important update on odo Copiar o linkLink copiado para a área de transferência!
Red Hat does not provide information about odo
on the Red Hat OpenShift Service on AWS documentation site. See the documentation maintained by Red Hat and the upstream community for documentation information related to odo
.
For the materials maintained by the upstream community, Red Hat provides support under Cooperative Community Support.
Chapter 4. Knative CLI for use with OpenShift Serverless Copiar o linkLink copiado para a área de transferência!
The Knative (kn
) CLI enables simple interaction with Knative components on Red Hat OpenShift Service on AWS.
4.1. Key features Copiar o linkLink copiado para a área de transferência!
The Knative (kn
) CLI is designed to make serverless computing tasks simple and concise. Key features of the Knative CLI include:
- Deploy serverless applications from the command line.
- Manage features of Knative Serving, such as services, revisions, and traffic-splitting.
- Create and manage Knative Eventing components, such as event sources and triggers.
- Create sink bindings to connect existing Kubernetes applications and Knative services.
-
Extend the Knative CLI with flexible plugin architecture, similar to the
kubectl
CLI. - Configure autoscaling parameters for Knative services.
- Scripted usage, such as waiting for the results of an operation, or deploying custom rollout and rollback strategies.
4.2. Installing the Knative CLI Copiar o linkLink copiado para a área de transferência!
Chapter 5. Pipelines CLI (tkn) Copiar o linkLink copiado para a área de transferência!
5.1. Installing tkn Copiar o linkLink copiado para a área de transferência!
Use the CLI tool to manage Red Hat OpenShift Pipelines from a terminal. The following section describes how to install the CLI tool on different platforms.
You can also find the URL to the latest binaries from the Red Hat OpenShift Service on AWS web console by clicking the ? icon in the upper-right corner and selecting Command Line Tools.
Running Red Hat OpenShift Pipelines on ARM hardware is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
Both the archives and the RPMs contain the following executables:
-
tkn
-
tkn-pac
-
opc
Running Red Hat OpenShift Pipelines with the opc
CLI tool is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
5.1.1. Installing the Red Hat OpenShift Pipelines CLI on Linux Copiar o linkLink copiado para a área de transferência!
For Linux distributions, you can download the CLI as a tar.gz
archive.
Procedure
Download the relevant CLI tool.
Unpack the archive:
tar xvzf <file>
$ tar xvzf <file>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow -
Add the location of your
tkn
andtkn-pac
files to yourPATH
environment variable. To check your
PATH
, run the following command:echo $PATH
$ echo $PATH
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
5.1.2. Installing the Red Hat OpenShift Pipelines CLI on Linux using an RPM Copiar o linkLink copiado para a área de transferência!
For Red Hat Enterprise Linux (RHEL) version 8, you can install the Red Hat OpenShift Pipelines CLI as an RPM.
Prerequisites
- You have an active Red Hat OpenShift Service on AWS subscription on your Red Hat account.
- You have root or sudo privileges on your local system.
Procedure
Register with Red Hat Subscription Manager:
subscription-manager register
# subscription-manager register
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Pull the latest subscription data:
subscription-manager refresh
# subscription-manager refresh
Copy to Clipboard Copied! Toggle word wrap Toggle overflow List the available subscriptions:
subscription-manager list --available --matches '*pipelines*'
# subscription-manager list --available --matches '*pipelines*'
Copy to Clipboard Copied! Toggle word wrap Toggle overflow In the output for the previous command, find the pool ID for your Red Hat OpenShift Service on AWS subscription and attach the subscription to the registered system:
subscription-manager attach --pool=<pool_id>
# subscription-manager attach --pool=<pool_id>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Enable the repositories required by Red Hat OpenShift Pipelines:
Linux (x86_64, amd64)
subscription-manager repos --enable="pipelines-1.18-for-rhel-8-x86_64-rpms"
# subscription-manager repos --enable="pipelines-1.18-for-rhel-8-x86_64-rpms"
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Linux on IBM Z® and IBM® LinuxONE (s390x)
subscription-manager repos --enable="pipelines-1.18-for-rhel-8-s390x-rpms"
# subscription-manager repos --enable="pipelines-1.18-for-rhel-8-s390x-rpms"
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Linux on IBM Power® (ppc64le)
subscription-manager repos --enable="pipelines-1.18-for-rhel-8-ppc64le-rpms"
# subscription-manager repos --enable="pipelines-1.18-for-rhel-8-ppc64le-rpms"
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Linux on ARM (aarch64, arm64)
subscription-manager repos --enable="pipelines-1.18-for-rhel-8-aarch64-rpms"
# subscription-manager repos --enable="pipelines-1.18-for-rhel-8-aarch64-rpms"
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Install the
openshift-pipelines-client
package:yum install openshift-pipelines-client
# yum install openshift-pipelines-client
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
After you install the CLI, it is available using the tkn
command:
tkn version
$ tkn version
5.1.3. Installing the Red Hat OpenShift Pipelines CLI on Windows Copiar o linkLink copiado para a área de transferência!
For Windows, you can download the CLI as a zip
archive.
Procedure
- Download the CLI tool.
- Extract the archive with a ZIP program.
-
Add the location of your
tkn
andtkn-pac
files to yourPATH
environment variable. To check your
PATH
, run the following command:path
C:\> path
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
5.1.4. Installing the Red Hat OpenShift Pipelines CLI on macOS Copiar o linkLink copiado para a área de transferência!
For macOS, you can download the CLI as a tar.gz
archive.
Procedure
Download the relevant CLI tool.
- Unpack and extract the archive.
-
Add the location of your
tkn
andtkn-pac
and files to yourPATH
environment variable. To check your
PATH
, run the following command:echo $PATH
$ echo $PATH
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
5.2. Configuring the OpenShift Pipelines tkn CLI Copiar o linkLink copiado para a área de transferência!
Configure the Red Hat OpenShift Pipelines tkn
CLI to enable tab completion.
5.2.1. Enabling tab completion Copiar o linkLink copiado para a área de transferência!
After you install the tkn
CLI, you can enable tab completion to automatically complete tkn
commands or suggest options when you press Tab.
Prerequisites
-
You must have the
tkn
CLI tool installed. -
You must have
bash-completion
installed on your local system.
Procedure
The following procedure enables tab completion for Bash.
Save the Bash completion code to a file:
tkn completion bash > tkn_bash_completion
$ tkn completion bash > tkn_bash_completion
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Copy the file to
/etc/bash_completion.d/
:sudo cp tkn_bash_completion /etc/bash_completion.d/
$ sudo cp tkn_bash_completion /etc/bash_completion.d/
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Alternatively, you can save the file to a local directory and source it from your
.bashrc
file instead.
Tab completion is enabled when you open a new terminal.
5.3. OpenShift Pipelines tkn reference Copiar o linkLink copiado para a área de transferência!
This section lists the basic tkn
CLI commands.
5.3.1. Basic syntax Copiar o linkLink copiado para a área de transferência!
tkn [command or options] [arguments…]
5.3.2. Global options Copiar o linkLink copiado para a área de transferência!
--help, -h
5.3.3. Utility commands Copiar o linkLink copiado para a área de transferência!
5.3.3.1. tkn Copiar o linkLink copiado para a área de transferência!
Parent command for tkn
CLI.
Example: Display all options
tkn
$ tkn
5.3.3.2. completion [shell] Copiar o linkLink copiado para a área de transferência!
Print shell completion code which must be evaluated to provide interactive completion. Supported shells are bash
and zsh
.
Example: Completion code for bash
shell
tkn completion bash
$ tkn completion bash
5.3.3.3. version Copiar o linkLink copiado para a área de transferência!
Print version information of the tkn
CLI.
Example: Check the tkn
version
tkn version
$ tkn version
5.3.4. Pipelines management commands Copiar o linkLink copiado para a área de transferência!
5.3.4.1. pipeline Copiar o linkLink copiado para a área de transferência!
Manage pipelines.
Example: Display help
tkn pipeline --help
$ tkn pipeline --help
5.3.4.2. pipeline delete Copiar o linkLink copiado para a área de transferência!
Delete a pipeline.
Example: Delete the mypipeline
pipeline from a namespace
tkn pipeline delete mypipeline -n myspace
$ tkn pipeline delete mypipeline -n myspace
5.3.4.3. pipeline describe Copiar o linkLink copiado para a área de transferência!
Describe a pipeline.
Example: Describe the mypipeline
pipeline
tkn pipeline describe mypipeline
$ tkn pipeline describe mypipeline
5.3.4.4. pipeline list Copiar o linkLink copiado para a área de transferência!
Display a list of pipelines.
Example: Display a list of pipelines
tkn pipeline list
$ tkn pipeline list
5.3.4.5. pipeline logs Copiar o linkLink copiado para a área de transferência!
Display the logs for a specific pipeline.
Example: Stream the live logs for the mypipeline
pipeline
tkn pipeline logs -f mypipeline
$ tkn pipeline logs -f mypipeline
5.3.4.6. pipeline start Copiar o linkLink copiado para a área de transferência!
Start a pipeline.
Example: Start the mypipeline
pipeline
tkn pipeline start mypipeline
$ tkn pipeline start mypipeline
5.3.5. Pipeline run commands Copiar o linkLink copiado para a área de transferência!
5.3.5.1. pipelinerun Copiar o linkLink copiado para a área de transferência!
Manage pipeline runs.
Example: Display help
tkn pipelinerun -h
$ tkn pipelinerun -h
5.3.5.2. pipelinerun cancel Copiar o linkLink copiado para a área de transferência!
Cancel a pipeline run.
Example: Cancel the mypipelinerun
pipeline run from a namespace
tkn pipelinerun cancel mypipelinerun -n myspace
$ tkn pipelinerun cancel mypipelinerun -n myspace
5.3.5.3. pipelinerun delete Copiar o linkLink copiado para a área de transferência!
Delete a pipeline run.
Example: Delete pipeline runs from a namespace
tkn pipelinerun delete mypipelinerun1 mypipelinerun2 -n myspace
$ tkn pipelinerun delete mypipelinerun1 mypipelinerun2 -n myspace
Example: Delete all pipeline runs from a namespace, except the five most recently executed pipeline runs
tkn pipelinerun delete -n myspace --keep 5
$ tkn pipelinerun delete -n myspace --keep 5
- 1
- Replace
5
with the number of most recently executed pipeline runs you want to retain.
Example: Delete all pipelines
tkn pipelinerun delete --all
$ tkn pipelinerun delete --all
Starting with Red Hat OpenShift Pipelines 1.6, the tkn pipelinerun delete --all
command does not delete any resources that are in the running state.
5.3.5.4. pipelinerun describe Copiar o linkLink copiado para a área de transferência!
Describe a pipeline run.
Example: Describe the mypipelinerun
pipeline run in a namespace
tkn pipelinerun describe mypipelinerun -n myspace
$ tkn pipelinerun describe mypipelinerun -n myspace
5.3.5.5. pipelinerun list Copiar o linkLink copiado para a área de transferência!
List pipeline runs.
Example: Display a list of pipeline runs in a namespace
tkn pipelinerun list -n myspace
$ tkn pipelinerun list -n myspace
5.3.5.6. pipelinerun logs Copiar o linkLink copiado para a área de transferência!
Display the logs of a pipeline run.
Example: Display the logs of the mypipelinerun
pipeline run with all tasks and steps in a namespace
tkn pipelinerun logs mypipelinerun -a -n myspace
$ tkn pipelinerun logs mypipelinerun -a -n myspace
5.3.6. Task management commands Copiar o linkLink copiado para a área de transferência!
5.3.6.1. task Copiar o linkLink copiado para a área de transferência!
Manage tasks.
Example: Display help
tkn task -h
$ tkn task -h
5.3.6.2. task delete Copiar o linkLink copiado para a área de transferência!
Delete a task.
Example: Delete mytask1
and mytask2
tasks from a namespace
tkn task delete mytask1 mytask2 -n myspace
$ tkn task delete mytask1 mytask2 -n myspace
5.3.6.3. task describe Copiar o linkLink copiado para a área de transferência!
Describe a task.
Example: Describe the mytask
task in a namespace
tkn task describe mytask -n myspace
$ tkn task describe mytask -n myspace
5.3.6.4. task list Copiar o linkLink copiado para a área de transferência!
List tasks.
Example: List all the tasks in a namespace
tkn task list -n myspace
$ tkn task list -n myspace
5.3.6.5. task logs Copiar o linkLink copiado para a área de transferência!
Display task logs.
Example: Display logs for the mytaskrun
task run of the mytask
task
tkn task logs mytask mytaskrun -n myspace
$ tkn task logs mytask mytaskrun -n myspace
5.3.6.6. task start Copiar o linkLink copiado para a área de transferência!
Start a task.
Example: Start the mytask
task in a namespace
tkn task start mytask -s <ServiceAccountName> -n myspace
$ tkn task start mytask -s <ServiceAccountName> -n myspace
5.3.7. Task run commands Copiar o linkLink copiado para a área de transferência!
5.3.7.1. taskrun Copiar o linkLink copiado para a área de transferência!
Manage task runs.
Example: Display help
tkn taskrun -h
$ tkn taskrun -h
5.3.7.2. taskrun cancel Copiar o linkLink copiado para a área de transferência!
Cancel a task run.
Example: Cancel the mytaskrun
task run from a namespace
tkn taskrun cancel mytaskrun -n myspace
$ tkn taskrun cancel mytaskrun -n myspace
5.3.7.3. taskrun delete Copiar o linkLink copiado para a área de transferência!
Delete a TaskRun.
Example: Delete the mytaskrun1
and mytaskrun2
task runs from a namespace
tkn taskrun delete mytaskrun1 mytaskrun2 -n myspace
$ tkn taskrun delete mytaskrun1 mytaskrun2 -n myspace
Example: Delete all but the five most recently executed task runs from a namespace
tkn taskrun delete -n myspace --keep 5
$ tkn taskrun delete -n myspace --keep 5
- 1
- Replace
5
with the number of most recently executed task runs you want to retain.
5.3.7.4. taskrun describe Copiar o linkLink copiado para a área de transferência!
Describe a task run.
Example: Describe the mytaskrun
task run in a namespace
tkn taskrun describe mytaskrun -n myspace
$ tkn taskrun describe mytaskrun -n myspace
5.3.7.5. taskrun list Copiar o linkLink copiado para a área de transferência!
List task runs.
Example: List all the task runs in a namespace
tkn taskrun list -n myspace
$ tkn taskrun list -n myspace
5.3.7.6. taskrun logs Copiar o linkLink copiado para a área de transferência!
Display task run logs.
Example: Display live logs for the mytaskrun
task run in a namespace
tkn taskrun logs -f mytaskrun -n myspace
$ tkn taskrun logs -f mytaskrun -n myspace
5.3.8. Condition management commands Copiar o linkLink copiado para a área de transferência!
5.3.8.1. condition Copiar o linkLink copiado para a área de transferência!
Manage Conditions.
Example: Display help
tkn condition --help
$ tkn condition --help
5.3.8.2. condition delete Copiar o linkLink copiado para a área de transferência!
Delete a Condition.
Example: Delete the mycondition1
Condition from a namespace
tkn condition delete mycondition1 -n myspace
$ tkn condition delete mycondition1 -n myspace
5.3.8.3. condition describe Copiar o linkLink copiado para a área de transferência!
Describe a Condition.
Example: Describe the mycondition1
Condition in a namespace
tkn condition describe mycondition1 -n myspace
$ tkn condition describe mycondition1 -n myspace
5.3.8.4. condition list Copiar o linkLink copiado para a área de transferência!
List Conditions.
Example: List Conditions in a namespace
tkn condition list -n myspace
$ tkn condition list -n myspace
5.3.9. Pipeline Resource management commands Copiar o linkLink copiado para a área de transferência!
5.3.9.1. resource Copiar o linkLink copiado para a área de transferência!
Manage Pipeline Resources.
Example: Display help
tkn resource -h
$ tkn resource -h
5.3.9.2. resource create Copiar o linkLink copiado para a área de transferência!
Create a Pipeline Resource.
Example: Create a Pipeline Resource in a namespace
tkn resource create -n myspace
$ tkn resource create -n myspace
This is an interactive command that asks for input on the name of the Resource, type of the Resource, and the values based on the type of the Resource.
5.3.9.3. resource delete Copiar o linkLink copiado para a área de transferência!
Delete a Pipeline Resource.
Example: Delete the myresource
Pipeline Resource from a namespace
tkn resource delete myresource -n myspace
$ tkn resource delete myresource -n myspace
5.3.9.4. resource describe Copiar o linkLink copiado para a área de transferência!
Describe a Pipeline Resource.
Example: Describe the myresource
Pipeline Resource
tkn resource describe myresource -n myspace
$ tkn resource describe myresource -n myspace
5.3.9.5. resource list Copiar o linkLink copiado para a área de transferência!
List Pipeline Resources.
Example: List all Pipeline Resources in a namespace
tkn resource list -n myspace
$ tkn resource list -n myspace
5.3.10. ClusterTask management commands Copiar o linkLink copiado para a área de transferência!
In Red Hat OpenShift Pipelines 1.10, ClusterTask functionality of the tkn
command-line utility is deprecated and is planned to be removed in a future release.
5.3.10.1. clustertask Copiar o linkLink copiado para a área de transferência!
Manage ClusterTasks.
Example: Display help
tkn clustertask --help
$ tkn clustertask --help
5.3.10.2. clustertask delete Copiar o linkLink copiado para a área de transferência!
Delete a ClusterTask resource in a cluster.
Example: Delete mytask1
and mytask2
ClusterTasks
tkn clustertask delete mytask1 mytask2
$ tkn clustertask delete mytask1 mytask2
5.3.10.3. clustertask describe Copiar o linkLink copiado para a área de transferência!
Describe a ClusterTask.
Example: Describe the mytask
ClusterTask
tkn clustertask describe mytask1
$ tkn clustertask describe mytask1
5.3.10.4. clustertask list Copiar o linkLink copiado para a área de transferência!
List ClusterTasks.
Example: List ClusterTasks
tkn clustertask list
$ tkn clustertask list
5.3.10.5. clustertask start Copiar o linkLink copiado para a área de transferência!
Start ClusterTasks.
Example: Start the mytask
ClusterTask
tkn clustertask start mytask
$ tkn clustertask start mytask
5.3.11. Trigger management commands Copiar o linkLink copiado para a área de transferência!
5.3.11.1. eventlistener Copiar o linkLink copiado para a área de transferência!
Manage EventListeners.
Example: Display help
tkn eventlistener -h
$ tkn eventlistener -h
5.3.11.2. eventlistener delete Copiar o linkLink copiado para a área de transferência!
Delete an EventListener.
Example: Delete mylistener1
and mylistener2
EventListeners in a namespace
tkn eventlistener delete mylistener1 mylistener2 -n myspace
$ tkn eventlistener delete mylistener1 mylistener2 -n myspace
5.3.11.3. eventlistener describe Copiar o linkLink copiado para a área de transferência!
Describe an EventListener.
Example: Describe the mylistener
EventListener in a namespace
tkn eventlistener describe mylistener -n myspace
$ tkn eventlistener describe mylistener -n myspace
5.3.11.4. eventlistener list Copiar o linkLink copiado para a área de transferência!
List EventListeners.
Example: List all the EventListeners in a namespace
tkn eventlistener list -n myspace
$ tkn eventlistener list -n myspace
5.3.11.5. eventlistener logs Copiar o linkLink copiado para a área de transferência!
Display logs of an EventListener.
Example: Display the logs of the mylistener
EventListener in a namespace
tkn eventlistener logs mylistener -n myspace
$ tkn eventlistener logs mylistener -n myspace
5.3.11.6. triggerbinding Copiar o linkLink copiado para a área de transferência!
Manage TriggerBindings.
Example: Display TriggerBindings help
tkn triggerbinding -h
$ tkn triggerbinding -h
5.3.11.7. triggerbinding delete Copiar o linkLink copiado para a área de transferência!
Delete a TriggerBinding.
Example: Delete mybinding1
and mybinding2
TriggerBindings in a namespace
tkn triggerbinding delete mybinding1 mybinding2 -n myspace
$ tkn triggerbinding delete mybinding1 mybinding2 -n myspace
5.3.11.8. triggerbinding describe Copiar o linkLink copiado para a área de transferência!
Describe a TriggerBinding.
Example: Describe the mybinding
TriggerBinding in a namespace
tkn triggerbinding describe mybinding -n myspace
$ tkn triggerbinding describe mybinding -n myspace
5.3.11.9. triggerbinding list Copiar o linkLink copiado para a área de transferência!
List TriggerBindings.
Example: List all the TriggerBindings in a namespace
tkn triggerbinding list -n myspace
$ tkn triggerbinding list -n myspace
5.3.11.10. triggertemplate Copiar o linkLink copiado para a área de transferência!
Manage TriggerTemplates.
Example: Display TriggerTemplate help
tkn triggertemplate -h
$ tkn triggertemplate -h
5.3.11.11. triggertemplate delete Copiar o linkLink copiado para a área de transferência!
Delete a TriggerTemplate.
Example: Delete mytemplate1
and mytemplate2
TriggerTemplates in a namespace
tkn triggertemplate delete mytemplate1 mytemplate2 -n `myspace`
$ tkn triggertemplate delete mytemplate1 mytemplate2 -n `myspace`
5.3.11.12. triggertemplate describe Copiar o linkLink copiado para a área de transferência!
Describe a TriggerTemplate.
Example: Describe the mytemplate
TriggerTemplate in a namespace
tkn triggertemplate describe mytemplate -n `myspace`
$ tkn triggertemplate describe mytemplate -n `myspace`
5.3.11.13. triggertemplate list Copiar o linkLink copiado para a área de transferência!
List TriggerTemplates.
Example: List all the TriggerTemplates in a namespace
tkn triggertemplate list -n myspace
$ tkn triggertemplate list -n myspace
5.3.11.14. clustertriggerbinding Copiar o linkLink copiado para a área de transferência!
Manage ClusterTriggerBindings.
Example: Display ClusterTriggerBindings help
tkn clustertriggerbinding -h
$ tkn clustertriggerbinding -h
5.3.11.15. clustertriggerbinding delete Copiar o linkLink copiado para a área de transferência!
Delete a ClusterTriggerBinding.
Example: Delete myclusterbinding1
and myclusterbinding2
ClusterTriggerBindings
tkn clustertriggerbinding delete myclusterbinding1 myclusterbinding2
$ tkn clustertriggerbinding delete myclusterbinding1 myclusterbinding2
5.3.11.16. clustertriggerbinding describe Copiar o linkLink copiado para a área de transferência!
Describe a ClusterTriggerBinding.
Example: Describe the myclusterbinding
ClusterTriggerBinding
tkn clustertriggerbinding describe myclusterbinding
$ tkn clustertriggerbinding describe myclusterbinding
5.3.11.17. clustertriggerbinding list Copiar o linkLink copiado para a área de transferência!
List ClusterTriggerBindings.
Example: List all ClusterTriggerBindings
tkn clustertriggerbinding list
$ tkn clustertriggerbinding list
5.3.12. Hub interaction commands Copiar o linkLink copiado para a área de transferência!
Interact with Tekton Hub for resources such as tasks and pipelines.
5.3.12.1. hub Copiar o linkLink copiado para a área de transferência!
Interact with hub.
Example: Display help
tkn hub -h
$ tkn hub -h
Example: Interact with a hub API server
tkn hub --api-server https://api.hub.tekton.dev
$ tkn hub --api-server https://api.hub.tekton.dev
For each example, to get the corresponding sub-commands and flags, run tkn hub <command> --help
.
5.3.12.2. hub downgrade Copiar o linkLink copiado para a área de transferência!
Downgrade an installed resource.
Example: Downgrade the mytask
task in the mynamespace
namespace to its older version
tkn hub downgrade task mytask --to version -n mynamespace
$ tkn hub downgrade task mytask --to version -n mynamespace
5.3.12.3. hub get Copiar o linkLink copiado para a área de transferência!
Get a resource manifest by its name, kind, catalog, and version.
Example: Get the manifest for a specific version of the myresource
pipeline or task from the tekton
catalog
tkn hub get [pipeline | task] myresource --from tekton --version version
$ tkn hub get [pipeline | task] myresource --from tekton --version version
5.3.12.4. hub info Copiar o linkLink copiado para a área de transferência!
Display information about a resource by its name, kind, catalog, and version.
Example: Display information about a specific version of the mytask
task from the tekton
catalog
tkn hub info task mytask --from tekton --version version
$ tkn hub info task mytask --from tekton --version version
5.3.12.5. hub install Copiar o linkLink copiado para a área de transferência!
Install a resource from a catalog by its kind, name, and version.
Example: Install a specific version of the mytask
task from the tekton
catalog in the mynamespace
namespace
tkn hub install task mytask --from tekton --version version -n mynamespace
$ tkn hub install task mytask --from tekton --version version -n mynamespace
5.3.12.6. hub reinstall Copiar o linkLink copiado para a área de transferência!
Reinstall a resource by its kind and name.
Example: Reinstall a specific version of the mytask
task from the tekton
catalog in the mynamespace
namespace
tkn hub reinstall task mytask --from tekton --version version -n mynamespace
$ tkn hub reinstall task mytask --from tekton --version version -n mynamespace
5.3.12.7. hub search Copiar o linkLink copiado para a área de transferência!
Search a resource by a combination of name, kind, and tags.
Example: Search a resource with a tag cli
tkn hub search --tags cli
$ tkn hub search --tags cli
5.3.12.8. hub upgrade Copiar o linkLink copiado para a área de transferência!
Upgrade an installed resource.
Example: Upgrade the installed mytask
task in the mynamespace
namespace to a new version
tkn hub upgrade task mytask --to version -n mynamespace
$ tkn hub upgrade task mytask --to version -n mynamespace
Chapter 6. opm CLI Copiar o linkLink copiado para a área de transferência!
6.1. Installing the opm CLI Copiar o linkLink copiado para a área de transferência!
6.1.1. About the opm CLI Copiar o linkLink copiado para a área de transferência!
The opm
CLI tool is provided by the Operator Framework for use with the Operator bundle format. This tool allows you to create and maintain catalogs of Operators from a list of Operator bundles that are similar to software repositories. The result is a container image which can be stored in a container registry and then installed on a cluster.
A catalog contains a database of pointers to Operator manifest content that can be queried through an included API that is served when the container image is run. On Red Hat OpenShift Service on AWS, Operator Lifecycle Manager (OLM) can reference the image in a catalog source, defined by a CatalogSource
object, which polls the image at regular intervals to enable frequent updates to installed Operators on the cluster.
6.1.2. Installing the opm CLI Copiar o linkLink copiado para a área de transferência!
You can install the opm
CLI tool on your Linux, macOS, or Windows workstation.
Prerequisites
For Linux, you must provide the following packages. RHEL 8 meets these requirements:
-
podman
version 1.9.3+ (version 2.0+ recommended) -
glibc
version 2.28+
-
Procedure
- Navigate to the OpenShift mirror site and download the latest version of the tarball that matches your operating system.
Unpack the archive.
For Linux or macOS:
tar xvf <file>
$ tar xvf <file>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - For Windows, unzip the archive with a ZIP program.
Place the file anywhere in your
PATH
.For Linux or macOS:
Check your
PATH
:echo $PATH
$ echo $PATH
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Move the file. For example:
sudo mv ./opm /usr/local/bin/
$ sudo mv ./opm /usr/local/bin/
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
For Windows:
Check your
PATH
:path
C:\> path
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Move the file:
move opm.exe <directory>
C:\> move opm.exe <directory>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Verification
After you install the
opm
CLI, verify that it is available:opm version
$ opm version
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
6.2. opm CLI reference Copiar o linkLink copiado para a área de transferência!
The opm
command-line interface (CLI) is a tool for creating and maintaining Operator catalogs.
opm
CLI syntax
opm <command> [<subcommand>] [<argument>] [<flags>]
$ opm <command> [<subcommand>] [<argument>] [<flags>]
The opm
CLI is not forward compatible. The version of the opm
CLI used to generate catalog content must be earlier than or equal to the version used to serve the content on a cluster.
Flag | Description |
---|---|
| Skip TLS certificate verification for container image registries while pulling bundles or indexes. |
| When you pull bundles, use plain HTTP for container image registries. |
The SQLite-based catalog format, including the related CLI commands, is a deprecated feature. Deprecated functionality is still included in Red Hat OpenShift Service on AWS and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.
For the most recent list of major functionality that has been deprecated or removed within Red Hat OpenShift Service on AWS, refer to the Deprecated and removed features section of the Red Hat OpenShift Service on AWS release notes.
6.2.1. generate Copiar o linkLink copiado para a área de transferência!
Generate various artifacts for declarative config indexes.
Command syntax
opm generate <subcommand> [<flags>]
$ opm generate <subcommand> [<flags>]
Subcommand | Description |
---|---|
| Generate a Dockerfile for a declarative config index. |
Flags | Description |
---|---|
| Help for generate. |
6.2.1.1. dockerfile Copiar o linkLink copiado para a área de transferência!
Generate a Dockerfile for a declarative config index.
This command creates a Dockerfile in the same directory as the <dcRootDir>
(named <dcDirName>.Dockerfile
) that is used to build the index. If a Dockerfile with the same name already exists, this command fails.
When specifying extra labels, if duplicate keys exist, only the last value of each duplicate key gets added to the generated Dockerfile.
Command syntax
opm generate dockerfile <dcRootDir> [<flags>]
$ opm generate dockerfile <dcRootDir> [<flags>]
Flag | Description |
---|---|
|
Image in which to build catalog. The default value is |
|
Extra labels to include in the generated Dockerfile. Labels have the form |
| Help for Dockerfile. |
To build with the official Red Hat image, use the registry.redhat.io/openshift4/ose-operator-registry-rhel9:v4
value with the -i
flag.
6.2.2. index Copiar o linkLink copiado para a área de transferência!
Generate Operator index for SQLite database format container images from pre-existing Operator bundles.
As of Red Hat OpenShift Service on AWS 4.11, the default Red Hat-provided Operator catalog releases in the file-based catalog format. The default Red Hat-provided Operator catalogs for Red Hat OpenShift Service on AWS 4.6 through 4.10 released in the deprecated SQLite database format.
The opm
subcommands, flags, and functionality related to the SQLite database format are also deprecated and will be removed in a future release. The features are still supported and must be used for catalogs that use the deprecated SQLite database format.
Many of the opm
subcommands and flags for working with the SQLite database format, such as opm index prune
, do not work with the file-based catalog format.
Command syntax
opm index <subcommand> [<flags>]
$ opm index <subcommand> [<flags>]
Subcommand | Description |
---|---|
| Add Operator bundles to an index. |
| Prune an index of all but specified packages. |
| Prune an index of stranded bundles, which are bundles that are not associated with a particular image. |
| Delete an entire Operator from an index. |
6.2.2.1. add Copiar o linkLink copiado para a área de transferência!
Add Operator bundles to an index.
Command syntax
opm index add [<flags>]
$ opm index add [<flags>]
Flag | Description |
---|---|
|
Container image for on-image |
|
Tool to build container images: |
| Comma-separated list of bundles to add. |
|
Tool to interact with container images, such as for saving and building: |
| Previous index to add to. |
| If enabled, only creates the Dockerfile and saves it to local disk. |
|
Graph update mode that defines how channel graphs are updated: |
| Optional: If generating the Dockerfile, specify a file name. |
| Allow registry load errors. |
|
Tool to pull container images: |
| Custom tag for container image being built. |
6.2.2.2. prune Copiar o linkLink copiado para a área de transferência!
Prune an index of all but specified packages.
Command syntax
opm index prune [<flags>]
$ opm index prune [<flags>]
Flag | Description |
---|---|
|
Container image for on-image |
|
Tool to interact with container images, such as for saving and building: |
| Index to prune. |
| If enabled, only creates the Dockerfile and saves it to local disk. |
| Optional: If generating the Dockerfile, specify a file name. |
| Comma-separated list of packages to keep. |
| Allow registry load errors. |
| Custom tag for container image being built. |
6.2.2.3. prune-stranded Copiar o linkLink copiado para a área de transferência!
Prune an index of stranded bundles, which are bundles that are not associated with a particular image.
Command syntax
opm index prune-stranded [<flags>]
$ opm index prune-stranded [<flags>]
Flag | Description |
---|---|
|
Container image for on-image |
|
Tool to interact with container images, such as for saving and building: |
| Index to prune. |
| If enabled, only creates the Dockerfile and saves it to local disk. |
| Optional: If generating the Dockerfile, specify a file name. |
| Comma-separated list of packages to keep. |
| Allow registry load errors. |
| Custom tag for container image being built. |
6.2.2.4. rm Copiar o linkLink copiado para a área de transferência!
Delete an entire Operator from an index.
Command syntax
opm index rm [<flags>]
$ opm index rm [<flags>]
Flag | Description |
---|---|
|
Container image for on-image |
|
Tool to build container images: |
|
Tool to interact with container images, such as for saving and building: |
| Previous index to delete from. |
| If enabled, only creates the Dockerfile and saves it to local disk. |
| Comma-separated list of Operators to delete. |
| Optional: If generating the Dockerfile, specify a file name. |
| Comma-separated list of packages to keep. |
| Allow registry load errors. |
|
Tool to pull container images: |
| Custom tag for container image being built. |
6.2.3. init Copiar o linkLink copiado para a área de transferência!
Generate an olm.package
declarative config blob.
Command syntax
opm init <package_name> [<flags>]
$ opm init <package_name> [<flags>]
Flag | Description |
---|---|
| The channel that subscriptions will default to if unspecified. |
|
Path to the Operator’s |
| Path to package’s icon. |
|
Output format: |
6.2.4. migrate Copiar o linkLink copiado para a área de transferência!
Migrate a SQLite database format index image or database file to a file-based catalog.
The SQLite-based catalog format, including the related CLI commands, is a deprecated feature. Deprecated functionality is still included in Red Hat OpenShift Service on AWS and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.
For the most recent list of major functionality that has been deprecated or removed within Red Hat OpenShift Service on AWS, refer to the Deprecated and removed features section of the Red Hat OpenShift Service on AWS release notes.
Command syntax
opm migrate <index_ref> <output_dir> [<flags>]
$ opm migrate <index_ref> <output_dir> [<flags>]
Flag | Description |
---|---|
|
Output format: |
6.2.5. render Copiar o linkLink copiado para a área de transferência!
Generate a declarative config blob from the provided index images, bundle images, and SQLite database files.
Command syntax
opm render <index_image | bundle_image | sqlite_file> [<flags>]
$ opm render <index_image | bundle_image | sqlite_file> [<flags>]
Flag | Description |
---|---|
|
Output format: |
6.2.6. serve Copiar o linkLink copiado para a área de transferência!
Serve declarative configs via a GRPC server.
The declarative config directory is loaded by the serve
command at startup. Changes made to the declarative config after this command starts are not reflected in the served content.
Command syntax
opm serve <source_path> [<flags>]
$ opm serve <source_path> [<flags>]
Flag | Description |
---|---|
| If this flag is set, it syncs and persists the server cache directory. |
|
Exits with an error if the cache is not present or is invalidated. The default value is |
| Syncs the serve cache and exits without serving. |
| Enables debug logging. |
| Help for serve. |
|
The port number for the service. The default value is |
|
The address of the startup profiling endpoint. The format is |
|
The path to a container termination log file. The default value is |
6.2.7. validate Copiar o linkLink copiado para a área de transferência!
Validate the declarative config JSON file(s) in a given directory.
Command syntax
opm validate <directory> [<flags>]
$ opm validate <directory> [<flags>]
Chapter 7. ROSA CLI Copiar o linkLink copiado para a área de transferência!
7.1. Getting started with the ROSA CLI Copiar o linkLink copiado para a área de transferência!
7.1.1. About the ROSA CLI Copiar o linkLink copiado para a área de transferência!
Use the ROSA command-line interface (CLI) (rosa
) to create, update, manage, and delete Red Hat OpenShift Service on AWS clusters and resources.
7.1.2. Setting up the ROSA CLI Copiar o linkLink copiado para a área de transferência!
Use the following steps to install and configure the ROSA CLI (rosa
) on your installation host.
Procedure
Install and configure the latest AWS CLI (
aws
).Follow the AWS Command Line Interface documentation to install and configure the AWS CLI for your operating system.
Specify your
aws_access_key_id
,aws_secret_access_key
, andregion
in the.aws/credentials
file. See AWS Configuration basics in the AWS documentation.NoteYou can optionally use the
AWS_DEFAULT_REGION
environment variable to set the default AWS region.Query the AWS API to verify if the AWS CLI is installed and configured correctly:
aws sts get-caller-identity --output text
$ aws sts get-caller-identity --output text
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
<aws_account_id> arn:aws:iam::<aws_account_id>:user/<username> <aws_user_id>
<aws_account_id> arn:aws:iam::<aws_account_id>:user/<username> <aws_user_id>
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
-
Download the latest version of the ROSA CLI (
rosa
) for your operating system from the Downloads page on OpenShift Cluster Manager. Extract the
rosa
binary file from the downloaded archive. The following example extracts the binary from a Linux tar archive:tar xvf rosa-linux.tar.gz
$ tar xvf rosa-linux.tar.gz
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Add
rosa
to your path. In the following example, the/usr/local/bin
directory is included in the path of the user:sudo mv rosa /usr/local/bin/rosa
$ sudo mv rosa /usr/local/bin/rosa
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Verify if the ROSA CLI is installed correctly by querying the
rosa
version:rosa version
$ rosa version
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
1.2.15 Your ROSA CLI is up to date.
1.2.15 Your ROSA CLI is up to date.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Optional: Enable tab completion for the ROSA CLI. With tab completion enabled, you can press the
Tab
key twice to automatically complete subcommands and receive command suggestions:To enable persistent tab completion for Bash on a Linux host:
Generate a
rosa
tab completion configuration file for Bash and save it to your/etc/bash_completion.d/
directory:rosa completion bash > /etc/bash_completion.d/rosa
# rosa completion bash > /etc/bash_completion.d/rosa
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Open a new terminal to activate the configuration.
To enable persistent tab completion for Bash on a macOS host:
Generate a
rosa
tab completion configuration file for Bash and save it to your/usr/local/etc/bash_completion.d/
directory:rosa completion bash > /usr/local/etc/bash_completion.d/rosa
$ rosa completion bash > /usr/local/etc/bash_completion.d/rosa
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Open a new terminal to activate the configuration.
To enable persistent tab completion for Zsh:
If tab completion is not enabled for your Zsh environment, enable it by running the following command:
echo "autoload -U compinit; compinit" >> ~/.zshrc
$ echo "autoload -U compinit; compinit" >> ~/.zshrc
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Generate a
rosa
tab completion configuration file for Zsh and save it to the first directory in your functions path:rosa completion zsh > "${fpath[1]}/_rosa"
$ rosa completion zsh > "${fpath[1]}/_rosa"
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Open a new terminal to activate the configuration.
To enable persistent tab completion for fish:
Generate a
rosa
tab completion configuration file for fish and save it to your~/.config/fish/completions/
directory:rosa completion fish > ~/.config/fish/completions/rosa.fish
$ rosa completion fish > ~/.config/fish/completions/rosa.fish
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Open a new terminal to activate the configuration.
To enable persistent tab completion for PowerShell:
Generate a
rosa
tab completion configuration file for PowerShell and save it to a file namedrosa.ps1
:PS> rosa completion powershell | Out-String | Invoke-Expression
PS> rosa completion powershell | Out-String | Invoke-Expression
Copy to Clipboard Copied! Toggle word wrap Toggle overflow -
Source the
rosa.ps1
file from your PowerShell profile.
NoteFor more information about configuring
rosa
tab completion, see the help menu by running therosa completion --help
command.
7.1.3. Configuring the ROSA CLI Copiar o linkLink copiado para a área de transferência!
Use the following commands to configure the ROSA command-line interface (CLI) (rosa
).
7.1.3.1. login Copiar o linkLink copiado para a área de transferência!
There are several methods you can use to log in to your Red Hat account using the ROSA command-line interface (CLI) (rosa
). These methods are described in detail below.
7.1.3.1.1. Authenticating the ROSA CLI with Red Hat single sign-on Copiar o linkLink copiado para a área de transferência!
You can log in to the ROSA CLI (rosa
) with Red Hat single sign-on. Red Hat recommends using the rosa
command line tool with Red Hat single sign-on, instead of using an offline authentication token.
An offline authentication token is long-lived, stored on your operating system, and cannot be revoked. These factors increase overall security risks and the likelihood of unauthorized access to your account.
Alternatively, authenticating with the Red Hat single sign-on method automatically sends your rosa
instance a refresh token that is valid for 10 hours. This unique, temporary authorization code enhances security and reduces the risk of unauthorized access.
The method of authenticating using Red Hat single sign-on does not break any existing automations that rely on offline tokens. Red Hat recommends using services accounts for automation purposes. If you still need to use offline tokens for automation or other purposes, you can download the OpenShift Cluster Manager API token from the OpenShift Cluster Manager API Token page.
Use one of the following methods of authentication:
- If your system has a web browser, see the "Authenticating the ROSA CLI with a single sign-on authorization code" section to authenticate with Red Hat single sign-on.
- If you are working with containers, remote hosts, or other environments without a web browser, see the "Authenticating the ROSA CLI with a single sign-on device code" section to authenticate with Red Hat single sign-on.
- To authenticate the ROSA CLI using an offline token, see the "Authenticating the ROSA CLI with an offline token" section.
Single sign-on authorization is supported with ROSA CLI (rosa
) version 1.2.36 or later.
7.1.3.1.2. Authenticating the ROSA CLI with a single sign-on authorization code Copiar o linkLink copiado para a área de transferência!
To log in to the ROSA CLI (
rosa
) with a Red Hat single sign-on authorization code, run the following command:Syntax
rosa login --use-auth-code
$ rosa login --use-auth-code
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Running this command redirects you to the Red Hat single sign-on login. Log in with your Red Hat login or email.
Expand Table 7.1. Optional arguments inherited from parent commands Option Definition --help
Shows help for this command.
--debug
Enables debug mode.
To switch accounts, logout from https://sso.redhat.com and run the
rosa logout
command in your terminal before attempting to login again.
7.1.3.1.3. Authenticating the ROSA CLI with a single sign-on device code Copiar o linkLink copiado para a área de transferência!
If you are working with containers, remote hosts, and other environments without a web browser, you can use a Red Hat single sign-on device code for secure authentication. To do this, you must use a second device that has a web browser to approve the login.
Single sign-on authorization is supported with ROSA CLI (rosa
) version 1.2.36 or later.
To log in to the ROSA CLI (
rosa
) with a Red Hat single sign-on device code, run the following command:Syntax
rosa login --use-device-code
$ rosa login --use-device-code
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Running this command will redirect you to the Red Hat SSO login and provide a log in code.
Expand Table 7.2. Optional arguments inherited from parent commands Option Definition --help
Shows help for this command.
--debug
Enables debug mode.
To switch accounts, logout from https://sso.redhat.com and run the
rosa logout
command in your terminal before attempting to login again.
7.1.3.1.4. Authenticating the ROSA CLI with an offline token Copiar o linkLink copiado para a área de transferência!
Log in to your Red Hat account, saving the credentials to the rosa
configuration file.
To use offline tokens for automation purposes, you can download the OpenShift Cluster Manager API token from the OpenShift Cluster Manager API Token page. To use service accounts for automation purposes, see the Service Accounts page.
Red Hat recommends using service accounts for automation purposes.
To log in to ROSA CLI (
rosa
) with a Red Hat offline token, run the following command:Syntax
rosa login [arguments]
$ rosa login [arguments]
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Expand Table 7.3. Arguments Option Definition --client-id
The OpenID client identifier (string). Default:
cloud-services
--client-secret
The OpenID client secret (string).
--insecure
Enables insecure communication with the server. This disables verification of TLS certificates and host names.
--scope
The OpenID scope (string). If this option is used, it replaces the default scopes. This can be repeated multiple times to specify multiple scopes. Default:
openid
--token
Accesses or refreshes the token (string).
--token-url
The OpenID token URL (string). Default:
https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
Expand Table 7.4. Optional arguments inherited from parent commands Option Definition --help
Shows help for this command.
--debug
Enables debug mode.
--profile
Specifies an AWS profile (string) from your credentials file.
7.1.3.2. logout Copiar o linkLink copiado para a área de transferência!
Log out of rosa
. Logging out also removes the rosa
configuration file.
Syntax
rosa logout [arguments]
$ rosa logout [arguments]
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
7.1.3.3. verify permissions Copiar o linkLink copiado para a área de transferência!
Verify that the AWS permissions required to create a Red Hat OpenShift Service on AWS cluster are configured correctly:
Syntax
rosa verify permissions [arguments]
$ rosa verify permissions [arguments]
This command verifies permissions only for clusters that do not use the AWS Security Token Service (STS).
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--region |
The AWS region (string) in which to run the command. This value overrides the |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Verify that the AWS permissions are configured correctly:
rosa verify permissions
$ rosa verify permissions
Verify that the AWS permissions are configured correctly in a specific region:
rosa verify permissions --region=us-west-2
$ rosa verify permissions --region=us-west-2
7.1.3.4. verify quota Copiar o linkLink copiado para a área de transferência!
Verifies that AWS quotas are configured correctly for your default region.
Syntax
rosa verify quota [arguments]
$ rosa verify quota [arguments]
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--region |
The AWS region (string) in which to run the command. This value overrides the |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Verify that the AWS quotas are configured correctly for the default region:
rosa verify quota
$ rosa verify quota
Verify that the AWS quotas are configured correctly in a specific region:
rosa verify quota --region=us-west-2
$ rosa verify quota --region=us-west-2
7.1.3.5. download rosa Copiar o linkLink copiado para a área de transferência!
Download the latest compatible version of the rosa
CLI.
After you download rosa
, extract the contents of the archive and add it to your path.
Syntax
rosa download rosa [arguments]
$ rosa download rosa [arguments]
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
7.1.3.6. download oc Copiar o linkLink copiado para a área de transferência!
Download the latest compatible version of the OpenShift Container Platform CLI (oc
).
After you download oc
, you must extract the contents of the archive and add it to your path.
Syntax
rosa download oc [arguments]
$ rosa download oc [arguments]
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
Example
Download oc
client tools:
rosa download oc
$ rosa download oc
7.1.3.7. verify oc Copiar o linkLink copiado para a área de transferência!
Verifies that the OpenShift Container Platform CLI (oc
) is installed correctly.
Syntax
rosa verify oc [arguments]
$ rosa verify oc [arguments]
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
Example
Verify oc
client tools:
rosa verify oc
$ rosa verify oc
7.1.4. Updating the ROSA CLI Copiar o linkLink copiado para a área de transferência!
Update to the latest compatible version of the ROSA CLI (rosa
).
Procedure
Confirm that a new version of the ROSA CLI (
rosa
) is available:rosa version
$ rosa version
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
1.2.12 There is a newer release version '1.2.15', please consider updating: https://mirror.openshift.com/pub/openshift-v4/clients/rosa/latest/
1.2.12 There is a newer release version '1.2.15', please consider updating: https://mirror.openshift.com/pub/openshift-v4/clients/rosa/latest/
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Download the latest compatible version of the ROSA CLI:
rosa download rosa
$ rosa download rosa
Copy to Clipboard Copied! Toggle word wrap Toggle overflow This command downloads an archive called
rosa-*.tar.gz
into the current directory. The exact name of the file depends on your operating system and system architecture.Extract the contents of the archive:
tar -xzf rosa-linux.tar.gz
$ tar -xzf rosa-linux.tar.gz
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Install the new version of the ROSA CLI by moving the extracted file into your path. In the following example, the
/usr/local/bin
directory is included in the path of the user:sudo mv rosa /usr/local/bin/rosa
$ sudo mv rosa /usr/local/bin/rosa
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Verification
Verify that the new version of the ROSA CLI is installed.
rosa version
$ rosa version
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
1.2.15 Your ROSA CLI is up to date.
1.2.15 Your ROSA CLI is up to date.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
7.2. Managing objects with the ROSA CLI Copiar o linkLink copiado para a área de transferência!
Managing objects with the ROSA command-line interface (CLI) (rosa
), such as adding dedicated-admin
users, managing clusters, and scheduling cluster upgrades.
To access a cluster that is accessible only over an HTTP proxy server, you can set the HTTP_PROXY
, HTTPS_PROXY
, and NO_PROXY
variables. These environment variables are respected by the rosa
CLI so that all communication with the cluster goes through the HTTP proxy.
7.2.1. Common commands and arguments Copiar o linkLink copiado para a área de transferência!
These common commands and arguments are available for the ROSA command-line interface (CLI) (rosa
).
7.2.1.1. debug Copiar o linkLink copiado para a área de transferência!
Enables debug mode for the parent command to help with troubleshooting.
Example
rosa create cluster --cluster-name=<cluster_name> --debug
$ rosa create cluster --cluster-name=<cluster_name> --debug
7.2.1.2. download Copiar o linkLink copiado para a área de transferência!
Downloads the latest compatible version of the specified software to the current directory in an archive file. Extract the contents of the archive and add the contents to your path to use the software. To download the latest ROSA CLI, specify rosa
. To download the latest OpenShift CLI, specify oc
.
Example
rosa download <software>
$ rosa download <software>
7.2.1.3. help Copiar o linkLink copiado para a área de transferência!
Displays general help information for the ROSA CLI (rosa
) and a list of available commands. This option can also be used as an argument to display help information for a parent command, such as version
or create
.
Examples
Displays general help for the ROSA CLI.
rosa --help
$ rosa --help
Displays general help for version
.
rosa version --help
$ rosa version --help
7.2.1.4. interactive Copiar o linkLink copiado para a área de transferência!
Enables interactive mode.
Example
rosa create cluster --cluster-name=<cluster_name> --interactive
$ rosa create cluster --cluster-name=<cluster_name> --interactive
7.2.1.5. profile Copiar o linkLink copiado para a área de transferência!
Specifies an AWS profile from your credential file.
Example
rosa create cluster --cluster-name=<cluster_name> --profile=myAWSprofile
$ rosa create cluster --cluster-name=<cluster_name> --profile=myAWSprofile
7.2.1.6. version Copiar o linkLink copiado para a área de transferência!
Displays the rosa
version and checks whether a newer version is available.
Example
rosa version [arguments]
$ rosa version [arguments]
Example output
Displayed when a newer version of the ROSA CLI is available.
1.2.12 There is a newer release version '1.2.15', please consider updating: https://mirror.openshift.com/pub/openshift-v4/clients/rosa/latest/
1.2.12
There is a newer release version '1.2.15', please consider updating: https://mirror.openshift.com/pub/openshift-v4/clients/rosa/latest/
7.2.2. Parent commands Copiar o linkLink copiado para a área de transferência!
The ROSA command-line interface (CLI) (rosa
) uses parent commands with child commands to manage objects. The parent commands are create
, edit
, delete
, list
, and describe
. Not all parent commands can be used with all child commands. For more information, see the specific reference topics that describes the child commands.
7.2.2.1. create Copiar o linkLink copiado para a área de transferência!
Creates an object or resource when paired with a child command.
Example
rosa create cluster --cluster-name=mycluster
$ rosa create cluster --cluster-name=mycluster
7.2.2.2. edit Copiar o linkLink copiado para a área de transferência!
Edits options for an object, such as making a cluster private.
Example
rosa edit cluster --cluster=mycluster --private
$ rosa edit cluster --cluster=mycluster --private
7.2.2.3. delete Copiar o linkLink copiado para a área de transferência!
Deletes an object or resource when paired with a child command.
Example
rosa delete ingress --cluster=mycluster
$ rosa delete ingress --cluster=mycluster
7.2.2.4. list Copiar o linkLink copiado para a área de transferência!
Lists clusters or resources for a specific cluster.
Example
rosa list users --cluster=mycluster
$ rosa list users --cluster=mycluster
7.2.2.5. describe Copiar o linkLink copiado para a área de transferência!
Shows the details for a cluster.
Example
rosa describe cluster --cluster=mycluster
$ rosa describe cluster --cluster=mycluster
7.2.3. Create objects Copiar o linkLink copiado para a área de transferência!
To create a Red Hat OpenShift Service on AWS cluster, include the '--hosted-cp' flag where necessary.
This section describes the create
commands for clusters and resources.
7.2.3.1. create account-roles Copiar o linkLink copiado para a área de transferência!
Create the required account-wide role and policy resources for your cluster.
Syntax
rosa create account-roles [flags]
$ rosa create account-roles [flags]
Option | Definition |
---|---|
--debug | Enable debug mode. |
-i, --interactive | Enable interactive mode. |
-m, --mode string | How to perform the operation. Valid options are:
|
--path string | The Amazon Resource Name (ARN) path for the account-wide roles and policies, including the Operator policies. |
--permissions-boundary string | The ARN of the policy that is used to set the permissions boundary for the account roles. |
--prefix string |
User-defined prefix for all generated AWS resources. The default is |
--profile string | Use a specific AWS profile from your credential file. |
-y, --yes | Automatically answer yes to confirm operations. |
7.2.3.2. create admin Copiar o linkLink copiado para a área de transferência!
Create a cluster administrator with an automatically generated password that can log in to a cluster.
Syntax
rosa create admin --cluster=<cluster_name>|<cluster_id>
$ rosa create admin --cluster=<cluster_name>|<cluster_id>
Option | Definition |
---|---|
--cluster <cluster_name>|<cluster_id> | Required. The name or ID (string) of the cluster to add to the identity provider (IDP). |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile string | Specifies an AWS profile from your credentials file. |
Example
Create a cluster administrator that can log in to a cluster named mycluster
.
rosa create admin --cluster=mycluster
$ rosa create admin --cluster=mycluster
7.2.3.3. create break glass credential Copiar o linkLink copiado para a área de transferência!
Create a break glass credential for a Red Hat OpenShift Service on AWS cluster with external authentication enabled.
Syntax
rosa create break-glass-credential --cluster=<cluster_name> [arguments]
$ rosa create break-glass-credential --cluster=<cluster_name> [arguments]
Option | Definition |
---|---|
--cluster <cluster_name>|<cluster_id> | Required. The name or ID of the cluster to which the break glass credential will be added. |
--expiration | Optional: How long a break glass credential can be used before expiring. The expiration duration must be a minimum of 10 minutes and a maximum of 24 hours. If you do not enter a value, the expiration duration defaults to 24 hours. |
--username | Optional. The username for the break glass credential. If you do not enter a value, a random username is generated for you. |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
--region |
Specifies an AWS region, overriding the |
--yes |
Automatically answers |
Examples
Add a break glass credential to a cluster named mycluster
.
Syntax
rosa create break-glass-credential --cluster=mycluster
$ rosa create break-glass-credential --cluster=mycluster
Add a break glass credential to a cluster named mycluster
using the interactive mode.
Syntax
rosa create break-glass-credential --cluster=mycluster -i
$ rosa create break-glass-credential --cluster=mycluster -i
7.2.3.4. create cluster Copiar o linkLink copiado para a área de transferência!
Create a new cluster.
Syntax
rosa create cluster --cluster-name=<cluster_name> [arguments]
$ rosa create cluster --cluster-name=<cluster_name> [arguments]
Option | Definition |
---|---|
--additional-compute-security-group-ids <sec_group_id> | The identifier of one or more additional security groups to use along with the default security groups that are used with the standard machine pool created alongside the cluster. For more information on additional security groups, see the requirements for Security groups under Additional resources. |
--additional-infra-security-group-ids <sec_group_id> | The identifier of one or more additional security groups to use along with the default security groups that are used with the infra nodes created alongside the cluster. For more information on additional security groups, see the requirements for Security groups under Additional resources. |
--additional-control-plane-security-group-ids <sec_group_id> | The identifier of one or more additional security groups to use along with the default security groups that are used with the control plane nodes created alongside the cluster. For more information on additional security groups, see the requirements for Security groups under Additional resources. |
--additional-allowed-principals <arn> | A comma-separated list of additional allowed principal ARNs to be added to the hosted control plane’s VPC endpoint service to enable additional VPC endpoint connection requests to be automatically accepted. |
--cluster-name <cluster_name> |
Required. The name of the cluster. When used with the |
--compute-machine-type <instance_type> | The instance type for compute nodes in the cluster. This determines the amount of memory and vCPU that is allocated to each compute node. For more information on valid instance types, see AWS Instance types in ROSA service definition. |
--controlplane-iam-role <arn> | The ARN of the IAM role to attach to control plane instances. |
--create-cluster-admin |
Optional. As part of cluster creation, create a local administrator user ( |
--cluster-admin-user |
Optional. Specifies the user name of the cluster administrator user created when used in conjunction with the |
--cluster-admin-password |
Optional. Specifies the password of the cluster administrator user created when used in conjunction with the |
--disable-scp-checks | Indicates whether cloud permission checks are disabled when attempting to install a cluster. |
--dry-run | Simulates creating the cluster. |
--domain-prefix |
Optional: When used with the |
--ec2-metadata-http-tokens string |
Configures the use of IMDSv2 for EC2 instances. Valid values are |
--enable-autoscaling |
Enables autoscaling of compute nodes. By default, autoscaling is set to |
--etcd-encryption | Enables encryption of ETCD key-values on Red Hat OpenShift Service on AWS (classical architecture) clusters. |
--etcd-encryption-kms-arn | Enables encryption of ETCD storage using the customer-managed key managed in AWS Key Management Service. |
--external-id <arn_string> | An optional unique identifier that might be required when you assume a role in another account. |
--host-prefix <subnet> |
The subnet prefix length to assign to each individual node, as an integer. For example, if host prefix is set to |
--machine-cidr <address_block> |
Block of IP addresses (ipNet) used by Red Hat OpenShift Service on AWS while installing the cluster, for example, Important
OVN-Kubernetes, the default network provider in Red Hat OpenShift Service on AWS 4.11 and later, uses the |
--max-replicas <number_of_nodes> |
Specifies the maximum number of compute nodes when enabling autoscaling. Default: |
--min-replicas <number_of_nodes> |
Specifies the minimum number of compute nodes when enabling autoscaling. Default: |
--no-cni | Creates a cluster without a Container Network Interface (CNI) plugin. Customers can then bring their own CNI plugin and install it after cluster creation. |
--operator-roles-prefix <string> | Prefix that are used for all IAM roles used by the operators needed in the OpenShift installer. A prefix is generated automatically if you do not specify one. |
--pod-cidr <address_block> |
Block of IP addresses (ipNet) from which pod IP addresses are allocated, for example, Important
OVN-Kubernetes, the default network provider in Red Hat OpenShift Service on AWS 4.11 and later, uses the |
--private | Restricts primary API endpoint and application routes to direct, private connectivity. |
--region <region_name> |
The name of the AWS region where your worker pool will be located, for example, |
--replicas n |
The number of worker nodes to provision per availability zone. Single-zone clusters require at least 2 nodes. Multi-zone clusters require at least 3 nodes. Default: |
--role-arn <arn> | The ARN of the installer role that OpenShift Cluster Manager uses to create the cluster. This is required if you have not already created account roles. |
--service-cidr <address_block> |
Block of IP addresses (ipNet) for services, for example, Important
OVN-Kubernetes, the default network provider in ROSA 4.11 and later, uses the |
--sts | Specifies the use of AWS Security Token Service (STS) credentials to deploy your cluster. |
--subnet-ids <aws_subnet_id> |
The AWS subnet IDs that are used when installing the cluster, for example,
When using |
--support-role-arn string | The ARN of the role used by Red Hat Site Reliability Engineers (SREs) to enable access to the cluster account to provide support. |
--tags | Tags that are used on resources created by Red Hat OpenShift Service on AWS in AWS. Tags can help you manage, identify, organize, search for, and filter resources within AWS. Tags are comma separated, for example: "key value, foo bar". Important Red Hat OpenShift Service on AWS only supports custom tags to Red Hat OpenShift resources during cluster creation. Once added, the tags cannot be removed or edited. Tags that are added by Red Hat are required for clusters to stay in compliance with Red Hat production service level agreements (SLAs). These tags must not be removed. Red Hat OpenShift Service on AWS does not support adding additional tags outside of Red Hat OpenShift Service on AWS cluster-managed resources. These tags can be lost when AWS resources are managed by the ROSA cluster. In these cases, you might need custom solutions or tools to reconcile the tags and keep them intact. |
--version string |
The version of Red Hat OpenShift Service on AWS that will be used to install the cluster or cluster resources. For |
--worker-iam-role string | The ARN of the IAM role that will be attached to compute instances. |
--channel-group <channel_group_name> |
Allows users to assign their cluster to a specific channel group. Options include |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Create a cluster named mycluster
.
rosa create cluster --cluster-name=mycluster
$ rosa create cluster --cluster-name=mycluster
Create a cluster with a specific AWS region.
rosa create cluster --cluster-name=mycluster --region=us-east-2
$ rosa create cluster --cluster-name=mycluster --region=us-east-2
Create a cluster with autoscaling enabled on the default worker machine pool.
rosa create cluster --cluster-name=mycluster -region=us-east-1 --enable-autoscaling --min-replicas=2 --max-replicas=5
$ rosa create cluster --cluster-name=mycluster -region=us-east-1 --enable-autoscaling --min-replicas=2 --max-replicas=5
7.2.3.5. create external-auth-provider Copiar o linkLink copiado para a área de transferência!
Add an external identity provider instead of the OpenShift OAuth2 server.
Syntax
rosa create external-auth-provider --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa create external-auth-provider --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--claim-mapping-groups-claim <string> | Required. Describes rules on how to transform information from an ID token into a cluster identity. |
--claim-validation-rule <strings> |
Rules that are applied to validate token claims to authenticate users. The input will be in a |
--claim-mapping-username-claim <string> | The name of the claim that should be used to construct user names for the cluster identity. |
--cluster <cluster_name>|<cluster_id> | Required. The name or ID of the cluster to which the IDP will be added. |
--console-client-id <string> | The identifier of the OIDC client from the OIDC provider for the OpenShift Cluster Manager web console. |
--console-client-secret <string> | The secret that is associated with the console application registration. |
--issuer-audiences <strings> | An array of audiences to check the incoming tokens against. Valid tokens must include at least one of these values in their audience claim. |
--issuer-ca-file <string> | The path to the PEM-encoded certificate file to use when making requests to the server. |
--issuer-url <string> | The serving URL of the token issuer. |
--name <string> | A name that is used to refer to the external authentication provider. |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile string from your credentials file. |
Examples
Add a Microsoft Entra ID identity provider to a cluster named mycluster
.
rosa create external-auth-provider --cluster=mycluster --name <provider_name> --issuer-audiences <audience_id> --issuer-url <issuing id> --claim-mapping-username-claim email --claim-mapping-groups-claim groups
$ rosa create external-auth-provider --cluster=mycluster --name <provider_name> --issuer-audiences <audience_id> --issuer-url <issuing id> --claim-mapping-username-claim email --claim-mapping-groups-claim groups
7.2.3.6. create idp Copiar o linkLink copiado para a área de transferência!
Add an identity provider (IDP) to define how users log in to a cluster.
Syntax
rosa create idp --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa create idp --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster <cluster_name>|<cluster_id> | Required. The name or ID of the cluster to which the IDP will be added. |
--ca <path_to_file> |
The path to the PEM-encoded certificate file to use when making requests to the server, for example, |
--client-id | The client ID (string) from the registered application. |
--client-secret | The client secret (string) from the registered application. |
--mapping-method |
Specifies how new identities (string) are mapped to users when they log in. Default: |
--name | The name (string) for the identity provider. |
--type |
The type (string) of identity provider. Options: |
Option | Definition |
---|---|
--hostname | The optional domain (string) that are used with a hosted instance of GitHub Enterprise. |
--organizations | Specifies the organizations for login access. Only users that are members of at least one of the listed organizations (string) are allowed to log in. |
--teams |
Specifies the teams for login access. Only users that are members of at least one of the listed teams (string) are allowed to log in. The format is |
Option | Definition |
---|---|
--host-url |
The host URL (string) of a GitLab provider. Default: |
Option | Definition |
---|---|
--hosted-domain | Restricts users to a Google Apps domain (string). |
Option | Definition |
---|---|
--bind-dn | The domain name (string) to bind with during the search phase. |
--bind-password | The password (string) to bind with during the search phase. |
--email-attributes | The list (string) of attributes whose values should be used as the email address. |
--id-attributes |
The list (string) of attributes whose values should be used as the user ID. Default: |
--insecure | Does not make TLS connections to the server. |
--name-attributes |
The list (string) of attributes whose values should be used as the display name. Default: |
--url | An RFC 2255 URL (string) which specifies the LDAP search parameters that are used. |
--username-attributes |
The list (string) of attributes whose values should be used as the preferred username. Default: |
Option | Definition |
---|---|
--email-claims | The list (string) of claims that are used as the email address. |
--extra-scopes |
The list (string) of scopes to request, in addition to the |
--issuer-url | The URL (string) that the OpenID provider asserts as the issuer identifier. It must use the HTTPS scheme with no URL query parameters or fragment. |
--name-claims | The list (string) of claims that are used as the display name. |
--username-claims | The list (string) of claims that are used as the preferred username when provisioning a user. |
--groups-claims | The list (string) of claims that are used as the groups names. |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Add a GitHub identity provider to a cluster named mycluster
.
rosa create idp --type=github --cluster=mycluster
$ rosa create idp --type=github --cluster=mycluster
Add an identity provider following interactive prompts.
rosa create idp --cluster=mycluster --interactive
$ rosa create idp --cluster=mycluster --interactive
7.2.3.7. create image mirror configurations Copiar o linkLink copiado para a área de transferência!
The image mirror configuration feature operates exclusively with image references by digest, meaning that image mirroring will only activate when an image is pulled using its unique and immutable ID. Any image references using a mutable tag is currently not supported by this functionality.
Red Hat OpenShift Service on AWS clusters must be in the Ready state in order to create an image mirror configuration.
Creates an image mirror configuration for a cluster.
Syntax
rosa create image-mirror [arguments]
$ rosa create image-mirror [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID of the cluster the mirror configuration will be applied to. |
--source | Required: The source registry that will be mirrored. |
--mirrors | Required: List of mirror registries. Mirror registries must be comma-separated. |
--type=digest |
Optional: Type of image mirror. The |
--profile | Optional: Specifies an AWS profile (string) from your credentials file. |
--region | Optional:Specifies an AWS region, overriding the AWS_REGION environment variable. |
Examples
Adds an image mirror configuration to a cluster named mycluster
.
The source registry cannot be modified after creation. You must delete and recreate the image mirror to change the source.
rosa create image-mirror --cluster=mycluster \ --source=registry.example.com/team \ --mirrors=mirror.corp.com/team,backup.corp.com/team
$ rosa create image-mirror --cluster=mycluster \
--source=registry.example.com/team \
--mirrors=mirror.corp.com/team,backup.corp.com/team
Adds an image mirror configuration with a specific type to a cluster.
rosa create image-mirror --cluster=mycluster \ --type=digest --source=docker.io/library \ --mirrors=internal-registry.company.com/dockerhub
$ rosa create image-mirror --cluster=mycluster \
--type=digest --source=docker.io/library \
--mirrors=internal-registry.company.com/dockerhub
Adds multiple mirror image configurations to a cluster.
rosa create image-mirror --cluster=mycluster \ --source=quay.io/openshift \ --mirrors=mirror1.company.com/openshift,mirror2.company.com/openshift,mirror3.company.com/openshift
$ rosa create image-mirror --cluster=mycluster \
--source=quay.io/openshift \
--mirrors=mirror1.company.com/openshift,mirror2.company.com/openshift,mirror3.company.com/openshift
7.2.3.8. create ingress Copiar o linkLink copiado para a área de transferência!
Add an ingress endpoint to enable API access to the cluster.
Syntax
rosa create ingress --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa create ingress --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster <cluster_name>|<cluster_id> | Required: The name or ID of the cluster to which the ingress will be added. |
--label-match | The label match (string) for ingress. The format must be a comma-delimited list of key=value pairs. If no label is specified, all routes are exposed on both routers. |
--private | Restricts application route to direct, private connectivity. |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Add an internal ingress to a cluster named mycluster
.
rosa create ingress --private --cluster=mycluster
$ rosa create ingress --private --cluster=mycluster
Add a public ingress to a cluster named mycluster
.
rosa create ingress --cluster=mycluster
$ rosa create ingress --cluster=mycluster
Add an ingress with a route selector label match.
rosa create ingress --cluster=mycluster --label-match=foo=bar,bar=baz
$ rosa create ingress --cluster=mycluster --label-match=foo=bar,bar=baz
7.2.3.9. create kubeletconfig Copiar o linkLink copiado para a área de transferência!
Create a custom KubeletConfig
object to allow custom configuration of nodes in a machine pool.
Syntax
rosa create kubeletconfig --cluster=<cluster_name|cluster_id> --name=<kubeletconfig_name> --pod-pids-limit=<number> [flags]
$ rosa create kubeletconfig --cluster=<cluster_name|cluster_id> --name=<kubeletconfig_name> --pod-pids-limit=<number> [flags]
Option | Definition |
---|---|
--pod-pids-limit <number> | Required. The maximum number of PIDs for each node in the |
-c, --cluster <cluster_name>|<cluster_id> |
Required. The name or ID of the cluster in which to create the |
--name |
Specifies a name for the |
-i, --interactive | Enable interactive mode. |
-h, --help | Shows help for this command. |
For more information about setting the PID limit for the cluster, see Configuring PID limits.
7.2.3.10. create machinepool Copiar o linkLink copiado para a área de transferência!
Add a machine pool to an existing cluster.
Machine pool is also referred to as node pool on Red Hat OpenShift Service on AWS clusters.
Syntax
rosa create machinepool --cluster=<cluster_name> | <cluster_id> --replicas=<number> --name=<machinepool_name> [arguments]
$ rosa create machinepool --cluster=<cluster_name> | <cluster_id> --replicas=<number> --name=<machinepool_name> [arguments]
Option | Definition |
---|---|
--additional-security-group-ids <sec_group_id> | The identifier of one or more additional security groups to use along with the default security groups for this machine pool. For more information on additional security groups, see the requirements for Security groups under Additional resources. |
--capacity-reservation-id | The ID of a pre-purchased AWS Capacity Reservation. |
--cluster <cluster_name>|<cluster_id> | Required: The name or ID of the cluster to which the machine pool will be added. |
--disk-size | Set the disk volume size for the machine pool, in Gib or TiB. The default is 300 GiB. For Red Hat OpenShift Service on AWS clusters, the minimum disk size is 75 GiB, and the maximum is 16,384 GiB. |
--enable-autoscaling |
Enable or disable autoscaling of compute nodes. To enable autoscaling, use this argument with the |
--instance-type |
The instance type (string) that should be used. Default: |
--kubelet-configs <kubeletconfig_name> |
The names of any |
--labels | The labels (string) for the machine pool. The format must be a comma-delimited list of key=value pairs. This list overwrites any modifications made to node labels on an ongoing basis. |
--max-replicas | Specifies the maximum number of compute nodes when enabling autoscaling. |
--min-replicas | Specifies the minimum number of compute nodes when enabling autoscaling. |
--max-surge |
The
The default value is |
--max-unavailable |
The
The default value is |
--name | Required: The name (string) for the machine pool. |
--replicas | Required when autoscaling is not configured. The number (integer) of machines for this machine pool. |
--tags |
Apply user defined tags to all resources created by Red Hat OpenShift Service on AWS in AWS. Tags are comma separated, for example: |
--taints |
Taints for the machine pool. This string value should be formatted as a comma-separated list of |
--autorepair |
AutoRepair setting for the machine pool represented as the boolean |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Interactively add a machine pool to a cluster named mycluster
.
rosa create machinepool --cluster=mycluster --interactive
$ rosa create machinepool --cluster=mycluster --interactive
Add a machine pool that is named mp-1
to a cluster with autoscaling enabled.
rosa create machinepool --cluster=mycluster --enable-autoscaling --min-replicas=2 --max-replicas=5 --name=mp-1
$ rosa create machinepool --cluster=mycluster --enable-autoscaling --min-replicas=2 --max-replicas=5 --name=mp-1
Add a machine pool that is named mp-1
with 3 replicas of m5.xlarge
to a cluster.
rosa create machinepool --cluster=mycluster --replicas=3 --instance-type=m5.xlarge --name=mp-1
$ rosa create machinepool --cluster=mycluster --replicas=3 --instance-type=m5.xlarge --name=mp-1
Add a machine pool (mp-1
) to a Red Hat OpenShift Service on AWS cluster, configuring 6 replicas and the following upgrade behavior:
- Allow up to 2 excess nodes to be provisioned during an upgrade.
- Ensure that no more than 3 nodes are unavailable during an upgrade.
rosa create machinepool --cluster=mycluster --replicas=6 --name=mp-1 --max-surge=2 --max-unavailable=3
$ rosa create machinepool --cluster=mycluster --replicas=6 --name=mp-1 --max-surge=2 --max-unavailable=3
Add a machine pool with labels to a cluster.
rosa create machinepool --cluster=mycluster --replicas=2 --instance-type=r5.2xlarge --labels=foo=bar,bar=baz --name=mp-1
$ rosa create machinepool --cluster=mycluster --replicas=2 --instance-type=r5.2xlarge --labels=foo=bar,bar=baz --name=mp-1
Add a machine pool with tags to a cluster.
rosa create machinepool --cluster=mycluster --replicas=2 --instance-type=r5.2xlarge --tags='foo bar,bar baz' --name=mp-1
$ rosa create machinepool --cluster=mycluster --replicas=2 --instance-type=r5.2xlarge --tags='foo bar,bar baz' --name=mp-1
7.2.3.11. create network Copiar o linkLink copiado para a área de transferência!
Create a network that creates any necessary AWS resources through AWS CloudFormation templates. This helper command is intended to help create and configure a VPC for use with Red Hat OpenShift Service on AWS. This command also supports egress zero clusters.
Running this command creates resources within your AWS account.
For custom or advanced configurations, it is highly recommended to use the AWS CLI directly using the aws cloudformation
command or create a new custom template with the required configurations. If you use a custom CloudFormation template with the ROSA CLI, the minimum required version is 1.2.47 or later.
Syntax
rosa create network [flags]
$ rosa create network [flags]
Option | Definition |
---|---|
<template-name> |
Allows you to use a custom template. Templates must be in the template folder, structured as |
Default CloudFormation template
Option | Definition |
---|---|
--template-dir |
Allows you to specify the path to the template directory. Overrides the |
--param Name | Define the name of your network. A required parameter when using a custom template file. |
--param Region | Define the region of your network. A required parameter when using a custom template file. |
--param <various> |
Available parameters depend on the template. Use |
--mode=manual | Provides AWS commands to create the network stack. |
Example
Create a basic network with regular arguments and flags.
rosa create network rosa-quickstart-default-vpc --param Tags=key1=value1,key2=value2 --param Name=example-stack --param Region=us-west-2
$ rosa create network rosa-quickstart-default-vpc --param Tags=key1=value1,key2=value2 --param Name=example-stack --param Region=us-west-2
The full list of parameters is available in the default template.
Example template
Copy to Clipboard Copied! Toggle word wrap Toggle overflow == create ocm-role
Create the required ocm-role resources for your cluster.
Syntax
rosa create ocm-role [flags]
$ rosa create ocm-role [flags]
Option | Definition |
---|---|
--admin | Enable admin capabilities for the role. |
--debug | Enable debug mode. |
-i, --interactive | Enable interactive mode. |
-m, --mode string | How to perform the operation. Valid options are:
|
--path string | The ARN path for the OCM role and policies. |
--permissions-boundary string | The ARN of the policy that is used to set the permissions boundary for the OCM role. |
--prefix string |
User-defined prefix for all generated AWS resources. The default is |
--profile string | Use a specific AWS profile from your credential file. |
-y, --yes | Automatically answer yes to confirm operation. |
For more information about the OCM role created with the rosa create ocm-role
command, see Account-wide IAM role and policy reference.
7.2.3.12. create user-role Copiar o linkLink copiado para a área de transferência!
Create the required user-role resources for your cluster.
Syntax
rosa create user-role [flags]
$ rosa create user-role [flags]
Option | Definition |
---|---|
--debug | Enable debug mode. |
-i, --interactive | Enable interactive mode. |
-m, --mode string | How to perform the operation. Valid options are:
|
--path string | The ARN path for the user role and policies. |
--permissions-boundary string | The ARN of the policy that is used to set the permissions boundary for the user role. |
--prefix string |
User-defined prefix for all generated AWS resources The default is |
--profile string | Use a specific AWS profile from your credential file. |
-y, --yes | Automatically answer yes to confirm operation. |
For more information about the user role created with the rosa create user-role
command, see Understanding AWS account association.
7.2.3.13. create iamserviceaccount Copiar o linkLink copiado para a área de transferência!
Create an AWS Identity and Access Management (IAM) role that can be assumed by a Red Hat OpenShift Service on AWS service account using OpenID Connect (OIDC) identity federation.
Syntax
rosa create iamserviceaccount --cluster=<cluster_name> | <cluster_id> --name=<service_account_name> [arguments]
$ rosa create iamserviceaccount --cluster=<cluster_name> | <cluster_id> --name=<service_account_name> [arguments]
Option | Definition |
---|---|
--cluster <cluster_name>|<cluster_id> | Required. The name or ID of the cluster for which to create the IAM service account role. |
--name <service_account_name> | Required. The name of the Red Hat OpenShift Service on AWS service account. This flag can be used multiple times to create a role for multiple service accounts. |
--namespace <namespace_name> |
The Red Hat OpenShift Service on AWS namespace for the service account. Default: |
--role-name <role_name> |
The name of the IAM role to create. If not specified, a name will be auto-generated using the pattern |
--attach-policy-arn <policy_arn> | The ARN of an IAM policy to attach to the role. This flag can be used multiple times to attach multiple policies. |
--inline-policy <policy_document> |
An inline policy document in JSON format or a file path prefixed with |
--permissions-boundary <boundary_arn> | The ARN of an IAM policy to use as a permissions boundary for the role. |
--path <iam_path> |
The IAM path for the role. Default: |
-m, --mode string | How to perform the operation. Valid options are:
|
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile string | Specifies an AWS profile from your credentials file. |
--yes |
Automatically answers |
Examples
Create an IAM role for a service account named my-app
in the default
namespace with S3 read-only access.
rosa create iamserviceaccount --cluster=mycluster --name=my-app --attach-policy-arn=arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
$ rosa create iamserviceaccount --cluster=mycluster --name=my-app --attach-policy-arn=arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
Create an IAM role with a custom name and multiple policies.
rosa create iamserviceaccount --cluster=mycluster --name=my-app --namespace=production --role-name=my-custom-role --attach-policy-arn=arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess --attach-policy-arn=arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess
$ rosa create iamserviceaccount --cluster=mycluster --name=my-app --namespace=production --role-name=my-custom-role --attach-policy-arn=arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess --attach-policy-arn=arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess
Create an IAM role with an inline policy from a file.
rosa create iamserviceaccount --cluster=mycluster --name=my-app --inline-policy=file://my-policy.json
$ rosa create iamserviceaccount --cluster=mycluster --name=my-app --inline-policy=file://my-policy.json
7.2.4. Edit objects Copiar o linkLink copiado para a área de transferência!
This section describes the edit
commands for clusters and resources.
7.2.4.1. edit cluster Copiar o linkLink copiado para a área de transferência!
Allows edits to an existing cluster.
Syntax
rosa edit cluster --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa edit cluster --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
--additional-allowed-principals <arn> | A comma-separated list of additional allowed principal ARNs to be added to the Hosted Control Plane’s VPC endpoint service to enable additional VPC endpoint connection requests to be automatically accepted. |
--cluster | Required: The name or ID (string) of the cluster to edit. |
--private | Restricts a primary API endpoint to direct, private connectivity. |
--enable-delete-protection=true | Enables the delete protection feature. |
--enable-delete-protection=false | Disables the delete protection feature. |
--billing-account-string | Specifies the account used for billing subscriptions purchased from the AWS marketplace. |
--channel-group <channel_group_name> |
Allows users to assign their cluster to a specific channel group. Options include |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Edit a cluster named mycluster
to make it private.
rosa edit cluster --cluster=mycluster --private
$ rosa edit cluster --cluster=mycluster --private
Edit all cluster options interactively on a cluster named mycluster
.
rosa edit cluster --cluster=mycluster --interactive
$ rosa edit cluster --cluster=mycluster --interactive
7.2.4.2. edit ingress Copiar o linkLink copiado para a área de transferência!
Edits the default application router for a cluster.
For information about editing non-default application routers, see Additional resources.
Syntax
rosa edit ingress --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa edit ingress --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster to which the ingress will be added. |
--cluster-routes-hostname | Components route hostname for OAuth, console, and download. |
--cluster-routes-tls-secret-ref | Components route TLS secret reference for OAuth, console, and download. |
--excluded-namespaces |
Excluded namespaces for ingress. Format is a comma-separated list |
--label-match | The label match (string) for ingress. The format must be a comma-delimited list of key=value pairs. If no label is specified, all routes are exposed on both routers. |
--lb-type |
Type of Load Balancer. Options are |
--namespace-ownership-policy |
Namespace Ownership Policy for ingress. Options are |
--private | Restricts the application route to direct, private connectivity. |
--route-selector | Route Selector for ingress. Format is a comma-separated list of key=value. If no label is specified, all routes will be exposed on both routers. For legacy ingress support these are inclusion labels, otherwise they are treated as exclusion label. |
--wildcard-policy |
Wildcard Policy for ingress. Options are |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Make an additional ingress with the ID a1b2
as a private connection on a cluster named mycluster
.
rosa edit ingress --private --cluster=mycluster a1b2
$ rosa edit ingress --private --cluster=mycluster a1b2
Update the router selectors for the additional ingress with the ID a1b2
on a cluster named mycluster
.
rosa edit ingress --label-match=foo=bar --cluster=mycluster a1b2
$ rosa edit ingress --label-match=foo=bar --cluster=mycluster a1b2
Update the default ingress using the sub-domain identifier apps
on a cluster named mycluster
.
rosa edit ingress --private=false --cluster=mycluster apps
$ rosa edit ingress --private=false --cluster=mycluster apps
Update the load balancer type of the apps2
ingress.
rosa edit ingress --lb-type=nlb --cluster=mycluster apps2
$ rosa edit ingress --lb-type=nlb --cluster=mycluster apps2
7.2.4.3. edit kubeletconfig Copiar o linkLink copiado para a área de transferência!
Edit a custom KubeletConfig
object in a
Syntax
rosa edit kubeletconfig --cluster=<cluster_name|cluster_id> --name=<kubeletconfig_name> --pod-pids-limit=<number> [flags]
$ rosa edit kubeletconfig --cluster=<cluster_name|cluster_id> --name=<kubeletconfig_name> --pod-pids-limit=<number> [flags]
Option | Definition |
---|---|
-c, --cluster <cluster_name>|<cluster_id> |
Required. The name or ID of the cluster for which the |
-i, --interactive | Enable interactive mode. |
--pod-pids-limit <number> | Required. The maximum number of PIDs for each node in the |
--name |
Specifies a name for the |
-h, --help | Shows help for this command. |
For more information about setting the PID limit for the cluster, see Configuring PID limits.
7.2.4.4. edit machinepool Copiar o linkLink copiado para a área de transferência!
Allows edits to the machine pool in a cluster.
Syntax
rosa edit machinepool --cluster=<cluster_name_or_id> <machinepool_name> [arguments]
$ rosa edit machinepool --cluster=<cluster_name_or_id> <machinepool_name> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster to edit on which the additional machine pool will be edited. |
--enable-autoscaling |
Enable or disable autoscaling of compute nodes. To enable autoscaling, use this argument with the |
--labels | The labels (string) for the machine pool. The format must be a comma-delimited list of key=value pairs. Editing this value only affects newly created nodes of the machine pool, which are created by increasing the node number, and does not affect the existing nodes. This list overwrites any modifications made to node labels on an ongoing basis. |
--kubelet-configs <kubeletconfig_name> |
The names of any |
--max-replicas | Specifies the maximum number of compute nodes when enabling autoscaling. |
--min-replicas | Specifies the minimum number of compute nodes when enabling autoscaling. |
--max-surge |
The
The default value is |
--max-unavailable |
The
The default value is |
--node-drain-grace-period | Specifies the node drain grace period when upgrading or replacing the machine pool. |
--replicas | Required when autoscaling is not configured. The number (integer) of machines for this machine pool. |
--taints |
Taints for the machine pool. This string value should be formatted as a comma-separated list of |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Set 4 replicas on a machine pool named mp1
on a cluster named mycluster
.
rosa edit machinepool --cluster=mycluster --replicas=4 mp1
$ rosa edit machinepool --cluster=mycluster --replicas=4 mp1
Enable autoscaling on a machine pool named mp1
on a cluster named mycluster
.
rosa edit machinepool --cluster=mycluster --enable-autoscaling --min-replicas=3 --max-replicas=5 mp1
$ rosa edit machinepool --cluster=mycluster --enable-autoscaling --min-replicas=3 --max-replicas=5 mp1
Disable autoscaling on a machine pool named mp1
on a cluster named mycluster
.
rosa edit machinepool --cluster=mycluster --enable-autoscaling=false --replicas=3 mp1
$ rosa edit machinepool --cluster=mycluster --enable-autoscaling=false --replicas=3 mp1
Modify the autoscaling range on a machine pool named mp1
on a cluster named mycluster
.
rosa edit machinepool --max-replicas=9 --cluster=mycluster mp1
$ rosa edit machinepool --max-replicas=9 --cluster=mycluster mp1
On Red Hat OpenShift Service on AWS clusters, edit the mp1
machine pool to add the following behavior during upgrades: * Allow up to 2 excess nodes to be provisioned during an upgrade. * Ensure that no more than 3 nodes are unavailable during an upgrade.
rosa edit machinepool --cluster=mycluster mp1 --max-surge=2 --max-unavailable=3
$ rosa edit machinepool --cluster=mycluster mp1 --max-surge=2 --max-unavailable=3
Associate a KubeletConfig
object with an existing high-pid-pool
machine pool on a Red Hat OpenShift Service on AWS cluster.
rosa edit machinepool -c mycluster --kubelet-configs=set-high-pids high-pid-pool
$ rosa edit machinepool -c mycluster --kubelet-configs=set-high-pids high-pid-pool
7.2.4.5. edit mirror image configurations Copiar o linkLink copiado para a área de transferência!
Edits the mirror lists in an existing mirror image configuration.
When editing image mirrors, the new mirrors list completely replaces the existing mirrors list.
Syntax
rosa edit image-mirror [arguments]
$ rosa edit image-mirror [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster to which the ingress will be added. |
--mirrors | Required: New list of mirror registries that replaces current mirror registries. Mirror registries must be comma-separated. |
--id | Required: ID of the image mirror configuration to edit. |
--profile | Optional: Use a specific AWS profile from your credential file. |
--region | Optional: Use a specific AWS region, overriding the AWS_REGION environment variable. |
Examples
Replaces all mirrors.
rosa edit image-mirror --cluster=mycluster --id=abc123def456 \ --mirrors=new-primary.company.com/team,new-secondary.company.com/team
$ rosa edit image-mirror --cluster=mycluster --id=abc123def456 \
--mirrors=new-primary.company.com/team,new-secondary.company.com/team
Replaces a single mirror.
rosa edit image-mirror --cluster=mycluster --id=abc123def456 \ --mirrors=single-mirror.company.com/team
$ rosa edit image-mirror --cluster=mycluster --id=abc123def456 \
--mirrors=single-mirror.company.com/team
7.2.6. Delete objects Copiar o linkLink copiado para a área de transferência!
This section describes the delete
commands for clusters and resources.
7.2.6.1. delete account-roles Copiar o linkLink copiado para a área de transferência!
Cleans up account roles from the current AWS account.
Syntax
rosa delete account-roles
$ rosa delete account-roles
Option | Definition |
---|---|
--classic | Deletes classic account roles |
--delete-hcp-shared-vpc-policies | Deletes the Hosted Control Plane shared vpc policies |
--hosted-cp | Deletes Hosted Control Plane roles |
-m, --mode string | How to perform the operation. Valid options are:
|
--prefix | Prefix of the account roles to be deleted. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Deletes all AWS account roles with the prefix of mycluster
.
rosa delete account-roles -p mycluster
$ rosa delete account-roles -p mycluster
7.2.6.2. delete admin Copiar o linkLink copiado para a área de transferência!
Deletes a cluster administrator from a specified cluster.
Syntax
rosa delete admin --cluster=<cluster_name> | <cluster_id>
$ rosa delete admin --cluster=<cluster_name> | <cluster_id>
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster that contains the identity provider (IDP) you want to delete. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Deletes a cluster administrator from a cluster named mycluster
.
rosa delete admin --cluster=mycluster
$ rosa delete admin --cluster=mycluster
7.2.6.3. delete cluster Copiar o linkLink copiado para a área de transferência!
Deletes a cluster.
Syntax
rosa delete cluster --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa delete cluster --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster to delete. |
--watch | Watches the cluster uninstallation logs. |
--best-effort |
Skips steps in the cluster destruction chain that are known to cause the cluster deletion process to fail. You should use this option with care and it is recommended that you manually check your AWS account for any resources that might be left over after using |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Deletes a cluster named mycluster
.
rosa delete cluster --cluster=mycluster
$ rosa delete cluster --cluster=mycluster
7.2.6.4. delete external-auth-provider Copiar o linkLink copiado para a área de transferência!
Deletes an external authentication provider from a cluster.
Syntax
rosa delete external-auth-provider <name_of_external_auth_provider> --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa delete external-auth-provider <name_of_external_auth_provider> --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | Required. The name or ID string of the cluster the external auth provider will be deleted from. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Deletes an identity provider named exauth-1
from a cluster named mycluster
.
rosa delete external-auth-provider exauth-1 --cluster=mycluster
$ rosa delete external-auth-provider exauth-1 --cluster=mycluster
7.2.6.5. delete idp Copiar o linkLink copiado para a área de transferência!
Deletes a specific identity provider (IDP) from a cluster.
Syntax
rosa delete idp --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa delete idp --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster from which the IDP will be deleted. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Deletes an identity provider named github
from a cluster named mycluster
.
rosa delete idp github --cluster=mycluster
$ rosa delete idp github --cluster=mycluster
7.2.6.6. delete ingress Copiar o linkLink copiado para a área de transferência!
Deletes a non-default application router (ingress) from a cluster.
Syntax
rosa delete ingress --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa delete ingress --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster from which the ingress will be deleted. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Deletes an ingress with the ID a1b2
from a cluster named mycluster
.
rosa delete ingress --cluster=mycluster a1b2
$ rosa delete ingress --cluster=mycluster a1b2
Deletes a secondary ingress with the subdomain name apps2
from a cluster named mycluster
.
rosa delete ingress --cluster=mycluster apps2
$ rosa delete ingress --cluster=mycluster apps2
7.2.6.7. delete kubeletconfig Copiar o linkLink copiado para a área de transferência!
Deletes a custom KubeletConfig
object from a cluster.
Syntax
rosa delete kubeletconfig --cluster=<cluster_name|cluster_id> [flags]
$ rosa delete kubeletconfig --cluster=<cluster_name|cluster_id> [flags]
Option | Definition |
---|---|
-c, --cluster <cluster_name>|<cluster_id> |
Required. The name or ID of the cluster for which you want to delete the |
--name |
Specifies a name for the |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
7.2.6.8. delete machinepool Copiar o linkLink copiado para a área de transferência!
Deletes a machine pool from a cluster.
Syntax
rosa delete machinepool --cluster=<cluster_name> | <cluster_id> <machine_pool_id>
$ rosa delete machinepool --cluster=<cluster_name> | <cluster_id> <machine_pool_id>
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster that the machine pool will be deleted from. |
--machinepool string | Machine pool of the cluster to target. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Deletes the machine pool with the ID mp-1
from a cluster named mycluster
.
rosa delete machinepool --cluster=mycluster mp-1
$ rosa delete machinepool --cluster=mycluster mp-1
7.2.6.9. delete ocm-role Copiar o linkLink copiado para a área de transferência!
Deletes OCM role from the current AWS organization.
Syntax
rosa delete ocm-role --role-arn <role_arn>
$ rosa delete ocm-role --role-arn <role_arn>
Option | Definition |
---|---|
-m, --mode string | How to perform the operation. Valid options are:
|
--role-arn string | Required: The role ARN to delete from the user role from the AWS account |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Deletes an ocm-role with arn:aws:iam::123456789012:role/xxx-OCM-Role-1223456778
arn.
rosa delete ocm-role --role-arn arn:aws:iam::123456789012:role/xxx-OCM-Role-1223456778
$ rosa delete ocm-role --role-arn arn:aws:iam::123456789012:role/xxx-OCM-Role-1223456778
7.2.6.10. delete oidc-config Copiar o linkLink copiado para a área de transferência!
Deletes the OIDC config based on the registered OIDC Config ID.
Syntax
rosa delete oidc-config --oidc-config-id <oidc_config_id>
$ rosa delete oidc-config --oidc-config-id <oidc_config_id>
Option | Definition |
---|---|
-m, --mode string | How to perform the operation. Valid options are:
|
--oidc-config-id string | Required: Registered ID for identification of OIDC config. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Deletes an OIDC config with an ID of A1B2C3D4
.
rosa delete oidc-config --oidc-config-id A1B2C3D4
$ rosa delete oidc-config --oidc-config-id A1B2C3D4
7.2.6.11. delete oidc-provider Copiar o linkLink copiado para a área de transferência!
Deletes the OIDC provider of a deleted STS cluster.
Syntax
rosa delete oidc-provider --cluster=<cluster_name> | --oidc-config-id <oidc_config_id>
$ rosa delete oidc-provider --cluster=<cluster_name> | --oidc-config-id <oidc_config_id>
Option | Definition |
---|---|
-c, --cluster string | Name or ID of the cluster. |
-m, --mode string | How to perform the operation. Valid options are:
|
--oidc-config-id string |
Required: Registered OIDC configuration ID to retrieve its issuer URL. Not to be used alongside |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Deletes the OIDC provider using the OIDC config ID of
A1B2C3D4
.rosa delete oidc-provider --oidc-config-id A1B2C3D4
$ rosa delete oidc-provider --oidc-config-id A1B2C3D4
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Deletes the OIDC provider using the cluster name of
mycluster
.rosa delete oidc-provider --cluster=mycluster
$ rosa delete oidc-provider --cluster=mycluster
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
7.2.6.12. delete operator-roles Copiar o linkLink copiado para a área de transferência!
Deletes the Operator roles of a deleted STS cluster.
Syntax
rosa delete oidc-provider --cluster=<cluster_name> | --oidc-config-id <oidc_config_id>
$ rosa delete oidc-provider --cluster=<cluster_name> | --oidc-config-id <oidc_config_id>
Option | Definition |
---|---|
-c, --cluster string | Name or ID of the cluster. |
--delete-hcp-shared-vpc-policies | Deletes the hosted control plane shared VPC policies. |
-m, --mode string | How to perform the operation. Valid options are:
|
--prefix string | Operator role prefix. You must use this flag in case of reusable OIDC Config. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Deletes the operator-roles on the cluster named mycluster
.
rosa delete operator-roles --cluster=mycluster
$ rosa delete operator-roles --cluster=mycluster
7.2.6.13. delete tuning-configs Copiar o linkLink copiado para a área de transferência!
Deletes a specified tuning configuration that is on a specified cluster.
Syntax
rosa delete tuning-config --cluster=<cluster_name> <tuning_config_name>
$ rosa delete tuning-config --cluster=<cluster_name> <tuning_config_name>
Option | Definition |
---|---|
-c, --cluster string | Name or ID of the cluster. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Deletes the tuning config named tuned1
from a cluster named mycluster
.
rosa delete tuning-config --cluster=mycluster tuned1
$ rosa delete tuning-config --cluster=mycluster tuned1
7.2.6.14. delete upgrade Copiar o linkLink copiado para a área de transferência!
Cancels a scheduled cluster upgrade.
Syntax
rosa delete upgrade
$ rosa delete upgrade
Option | Definition |
-c, --cluster string | Name or ID of the cluster. |
--machinepool string | Machine pool of the cluster to target. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Deletes the user role that has a prefix of rh-user
and a user-role name of Auditor
.
rosa delete user-role --role-arn rh-user-User-Auditor-Role
$ rosa delete user-role --role-arn rh-user-User-Auditor-Role
7.2.6.15. delete user-role Copiar o linkLink copiado para a área de transferência!
Deletes user role from the current AWS account.
Syntax
rosa delete user-role
$ rosa delete user-role
Option | Definition |
---|---|
-m, --mode string | How to perform the operation. Valid options are:
|
--role-arn string | Required: The ARN of the user-role that you want to delete from the AWS account. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Deletes the user role that has a prefix of rh-user
and a user-role name of Auditor
.
rosa delete user-role --role-arn rh-user-User-Auditor-Role
$ rosa delete user-role --role-arn rh-user-User-Auditor-Role
7.2.7. Install and uninstall add-ons Copiar o linkLink copiado para a área de transferência!
This section describes how to install and uninstall Red Hat managed service add-ons to a cluster.
7.2.7.1. install addon Copiar o linkLink copiado para a área de transferência!
Installs a managed service add-on on a cluster.
Syntax
rosa install addon --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa install addon --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster where the add-on will be installed. |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--profile | Uses a specific AWS profile (string) from your credentials file. |
--yes |
Automatically answers |
Example
Add the dbaas-operator
add-on installation to a cluster named mycluster
.
rosa install addon --cluster=mycluster dbaas-operator
$ rosa install addon --cluster=mycluster dbaas-operator
7.2.7.2. uninstall addon Copiar o linkLink copiado para a área de transferência!
Uninstalls a managed service add-on from a cluster.
Syntax
rosa uninstall addon --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa uninstall addon --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster that the add-on will be uninstalled from. |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--profile | Uses a specific AWS profile (string) from your credentials file. |
--yes |
Automatically answers |
Example
Remove the dbaas-operator
add-on installation from a cluster named mycluster
.
rosa uninstall addon --cluster=mycluster dbaas-operator
$ rosa uninstall addon --cluster=mycluster dbaas-operator
7.2.8. List and describe objects Copiar o linkLink copiado para a área de transferência!
This section describes the list
and describe
commands for clusters and resources.
7.2.8.1. describe access-request Copiar o linkLink copiado para a área de transferência!
Shows detailed information about access requests.
Syntax
rosa describe describe access-request --id <access_request_id>
$ rosa describe describe access-request --id <access_request_id>
Option | Definition |
---|---|
--id string | Required. The ID of your access request. |
-o, --output string |
Specify your output format. You may use either |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Shows the details of the access request with an ID of A1B2C3D4
and produces the results in a .yaml output.
rosa describe describe access-request --id A1B2C3D4 -output yaml
$ rosa describe describe access-request --id A1B2C3D4 -output yaml
7.2.8.2. list access-request Copiar o linkLink copiado para a área de transferência!
Lists all access requests in either Pending
or Approved
status. If you use the '--cluster' flag, the CLI lists all access requests in any status for the specified cluster.
Syntax
rosa list access-request [arguments]
$ rosa list access-request [arguments]
Option | Definition |
---|---|
-c, --cluster string | Required: The name or ID (string) of the cluster that the machine pools will be listed for. |
-o, --output string |
Specify your output format. You may use either |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all Access Requests for cluster foo
.
rosa list access-request --cluster foo
$ rosa list access-request --cluster foo
7.2.8.3. list account-roles Copiar o linkLink copiado para a área de transferência!
Lists all account roles and policies for the current AWS account.
Syntax
rosa list account-roles [arguments]
$ rosa list account-roles [arguments]
Option | Definition |
---|---|
-c, --cluster string | Required: The name or ID (string) of the cluster that the machine pools will be listed for. |
-o, --output string |
Specify your output format. You may use either |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all AWS account roles associated with your account.
rosa list account-roles
$ rosa list account-roles
7.2.8.4. describe addon-installation Copiar o linkLink copiado para a área de transferência!
Shows detailed information about an add-on installation.
Option | Definition |
---|---|
-c, --cluster string | Required: The name or ID (string) of the cluster that the machine pools will be listed for. |
--addon string | Required: Name or ID of the add-on installation. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Describes the bar
add-on installation on cluster foo
.
rosa describe addon-installation --cluster foo --addon bar
$ rosa describe addon-installation --cluster foo --addon bar
7.2.8.5. describe admin Copiar o linkLink copiado para a área de transferência!
Shows the details of a specified cluster-admin
user and a command to log in to the cluster.
Syntax
rosa describe admin --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa describe admin --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster to which the cluster-admin belongs. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Describes the cluster-admin
user for a cluster named mycluster
.
rosa describe admin --cluster=mycluster
$ rosa describe admin --cluster=mycluster
7.2.8.6. describe addon Copiar o linkLink copiado para a área de transferência!
Shows the details of a managed service add-on.
Syntax
rosa describe addon <addon_id> | <addon_name> [arguments]
$ rosa describe addon <addon_id> | <addon_name> [arguments]
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Describes an add-on named dbaas-operator
.
rosa describe addon dbaas-operator
$ rosa describe addon dbaas-operator
7.2.8.7. list addon Copiar o linkLink copiado para a área de transferência!
Lists the managed service add-on installations.
Syntax
rosa list addons [arguments]
$ rosa list addons [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster to list the add-ons for. |
-o, --output string |
Specify your output format. You may use either |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all add-on installations on a cluster named mycluster
.
rosa list addons --cluster=mycluster
$ rosa list addons --cluster=mycluster
7.2.8.8. describe break-glass-credential Copiar o linkLink copiado para a área de transferência!
Shows the details for a break glass credential for a specific cluster.
Syntax
rosa describe break-glass-credential --id=<break_glass_credential_id> --cluster=<cluster_name>| <cluster_id> [arguments]
$ rosa describe break-glass-credential --id=<break_glass_credential_id> --cluster=<cluster_name>| <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster. |
--id | Required: The ID (string) of the break glass credential. |
--kubeconfig | Optional: Retrieves the kubeconfig from the break glass credential. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
7.2.8.9. List break-glass-credential Copiar o linkLink copiado para a área de transferência!
Lists all of the break glass credentials for a cluster.
Syntax
rosa list break-glass-credential [arguments]
$ rosa list break-glass-credential [arguments]
Option | Definition |
---|---|
--cluster <cluster_name>|<cluster_id> | Required. The name or ID of the cluster to which the break glass credentials have been added. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all of the break glass credentials for a cluster named mycluster
.
rosa list break-glass-credential --cluster=mycluster
$ rosa list break-glass-credential --cluster=mycluster
7.2.8.10. describe cluster Copiar o linkLink copiado para a área de transferência!
Shows the details for a cluster.
Syntax
rosa describe cluster [arguments]
$ rosa describe cluster [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster. |
--external-id <arn_string> | An optional, unique identifier that might be required when you assume a role in another account. |
--get-role-policy-bindings | Lists the policies that are attached to the STS roles assigned to the cluster. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Describes a cluster named mycluster
.
rosa describe cluster --cluster=mycluster
$ rosa describe cluster --cluster=mycluster
7.2.8.11. list clusters Copiar o linkLink copiado para a área de transferência!
Lists all of your clusters.
Syntax
rosa list clusters [flag]
$ rosa list clusters [flag]
Option | Definition |
-a, --all | Lists all clusters across different AWS accounts under the same Red Hat organization |
-o, --output string |
Specify your output format. You may use either |
--get-role-policy-bindings | Lists the policies that are attached to the STS roles assigned to the cluster. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
7.2.8.12. list dns-domain Copiar o linkLink copiado para a área de transferência!
Lists all DNS domains.
Syntax
rosa list dns-domain [arguments]
$ rosa list dns-domain [arguments]
Option | Definition |
---|---|
-a, --all | Lists all DNS domains. The default options lists just user defined domains. |
--hosted-cp | Filters the list to only DNS Domains used for hosted control plane clusters. |
-o, --output string |
Specify your output format. You may use either |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all DNS Domains tied to your organization ID.
rosa list dns-domain
$ rosa list dns-domain
7.2.8.13. describe external-auth-provider Copiar o linkLink copiado para a área de transferência!
Shows detailed information about an external authentication provider on a cluster.
Syntax
rosa describe external-auth-provider [arguments]
$ rosa describe external-auth-provider [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster. |
--name string | The name for the external authentication provider of the cluster to target. |
-o, --output string |
Specify your output format. You may use either |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Shows details of an external authentication provider named exauth
on a cluster named mycluster
.
rosa describe external-auth-provider exauth --cluster=mycluster
$ rosa describe external-auth-provider exauth --cluster=mycluster
7.2.8.14. list external-auth-provider Copiar o linkLink copiado para a área de transferência!
Lists any external authentication providers for a cluster.
Syntax
rosa list external-auth-provider --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa list external-auth-provider --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID string of the cluster that the external authentication provider will be listed for. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists any external authentication providers for a cluster named mycluster
.
rosa list external-auth-provider --cluster=mycluster
$ rosa list external-auth-provider --cluster=mycluster
7.2.8.15. list gates Copiar o linkLink copiado para a área de transferência!
Lists all available OCP Gates for a specific OCP release or by cluster upgrade version.
Syntax
rosa list gates [arguments]
$ rosa list gates [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster. |
--gate string |
Gate type. Options are |
-o, --output string |
Specify your output format. You may use either |
--version string | Specified OpenShift version. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all OCP gates for an OCP version.
rosa list gates --version 4.19
$ rosa list gates --version 4.19
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Lists all STS gates for an OCP version.
rosa list gates --gate sts --version 4.19
$ rosa list gates --gate sts --version 4.19
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Lists all OCP gates for an OCP version.
rosa list gates --gate ocp --version 4.19
$ rosa list gates --gate ocp --version 4.19
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Lists available gates for a cluster upgrade version.
rosa list gates -c mycluster --version 4.19.7
$ rosa list gates -c mycluster --version 4.19.7
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
7.2.8.16. list idps Copiar o linkLink copiado para a área de transferência!
Lists all of the identity providers (IDPs) for a cluster.
Syntax
rosa list idps [arguments]
$ rosa list idps [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster that the IDPs will be listed for. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all identity providers (IDPs) for a cluster named mycluster
.
rosa list idps --cluster=mycluster
$ rosa list idps --cluster=mycluster
7.2.8.17. describe ingress Copiar o linkLink copiado para a área de transferência!
Shows detailed information about the specified ingress within cluster.
Syntax
rosa describe ingress [ingress]
$ rosa describe ingress [ingress]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster. |
--ingress string | Specify the ingress of the cluster to target |
-o, --output string |
Specify your output format. You may use either |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Shows the details of an ingress named a1b2c3d4
on cluster named mycluster
.
rosa describe ingress a1b2c3d4 -c mycluster
$ rosa describe ingress a1b2c3d4 -c mycluster
7.2.8.18. list ingresses Copiar o linkLink copiado para a área de transferência!
Lists all of the API and ingress endpoints for a cluster.
Syntax
rosa list ingresses [arguments]
$ rosa list ingresses [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster that the IDPs will be listed for. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all API and ingress endpoints for a cluster named mycluster
.
rosa list ingresses --cluster=mycluster
$ rosa list ingresses --cluster=mycluster
7.2.8.19. list instance-types Copiar o linkLink copiado para a área de transferência!
Lists all of the available instance types for use with Red Hat OpenShift Service on AWS. Availability is based on the account’s AWS quota.
Syntax
rosa list instance-types [arguments]
$ rosa list instance-types [arguments]
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all instance types.
rosa list instance-types
$ rosa list instance-types
7.2.8.20. describe kubeletconfig Copiar o linkLink copiado para a área de transferência!
Shows the details of a custom KubeletConfig
object.
Syntax
rosa describe kubeletconfig --cluster=<cluster_name|cluster_id> [arguments]
$ rosa describe kubeletconfig --cluster=<cluster_name|cluster_id> [arguments]
Option | Definition |
---|---|
-c, --cluster <cluster_name>|<cluster_id> |
Required. The name or ID of the cluster for which you want to view the |
-h, --help | Shows help for this command. |
--name |
Required. Specifies the name of the |
-o, --output string |
The output format. You can specify either |
7.2.8.21. list kubeletconfigs Copiar o linkLink copiado para a área de transferência!
Lists the KubeletConfig
objects configured on a cluster.
Syntax
rosa list kubeletconfigs --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa list kubeletconfigs --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
-c, --cluster <cluster_name>|<cluster_id> | Required. The name or ID of the cluster that the machine pools will be listed for. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all of the KubeletConfig
objects on a cluster named mycluster
.
rosa list kubeletconfigs --cluster=mycluster
$ rosa list kubeletconfigs --cluster=mycluster
7.2.8.22. describe machinepool Copiar o linkLink copiado para a área de transferência!
Describes a specific machine pool configured on a cluster.
Syntax
rosa describe machinepool --cluster=[<cluster_name>|<cluster_id>] --machinepool=<machinepool_name> [arguments]
$ rosa describe machinepool --cluster=[<cluster_name>|<cluster_id>] --machinepool=<machinepool_name> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster. |
--machinepool | Required: The name or ID (string) of the machinepool. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Describes a machine pool named mymachinepool
on a cluster named mycluster
.
rosa describe machinepool --cluster=mycluster --machinepool=mymachinepool
$ rosa describe machinepool --cluster=mycluster --machinepool=mymachinepool
7.2.8.23. list machinepools Copiar o linkLink copiado para a área de transferência!
Lists the machine pools configured on a cluster.
Syntax
rosa list machinepools --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa list machinepools --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster that the machine pools will be listed for. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all of the machine pools on a cluster named mycluster
.
rosa list machinepools --cluster=mycluster
$ rosa list machinepools --cluster=mycluster
7.2.8.24. list ocm-roles Copiar o linkLink copiado para a área de transferência!
Lists all OCM roles for the current AWS account.
Syntax
rosa list ocm-roles [arguments]
$ rosa list ocm-roles [arguments]
Option | Definition |
---|---|
-o, --output string |
The output format. You can specify either |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
7.2.8.25. list oidc-config Copiar o linkLink copiado para a área de transferência!
Lists the OIDC Configuration resources associated with your AWS account.
Syntax
rosa list oidc-config
$ rosa list oidc-config
Option | Definition |
---|---|
-o, --output string |
The output format. You can specify either |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
7.2.8.26. list oidc-providers Copiar o linkLink copiado para a área de transferência!
Lists all of the OIDC providers for the current AWS account.
Syntax
rosa list oidc-providers [arguments]
$ rosa list oidc-providers [arguments]
Option | Definition |
---|---|
-c, --cluster <cluster_name>|<cluster_id> | Required. The name or ID of the cluster that the OIDC providers will be listed for. |
--oidc-config-id string | This argument filters OIDC providers by OIDC config ID. It returns one provider linked to the config ID. |
-o, --output string |
The output format. You can specify either |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
7.2.8.27. list operator-roles Copiar o linkLink copiado para a área de transferência!
Lists all Operator roles and policies for the current AWS account.
Syntax
rosa list operator-roles [arguments]
$ rosa list operator-roles [arguments]
Option | Definition |
---|---|
-c, --cluster <cluster_name>|<cluster_id> | Required. The name or ID of the cluster. |
-o, --output string |
The output format. You can specify either |
--prefix string | List only Operator roles that are associated with the given prefix. The prefix must match up to `openshift |
kube-system`. | --version string |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
7.2.8.28. list regions Copiar o linkLink copiado para a área de transferência!
Lists all of the available regions for the current AWS account.
Syntax
rosa list regions [arguments]
$ rosa list regions [arguments]
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all of the available regions.
rosa list regions
$ rosa list regions
7.2.8.29. describe tuning-configs Copiar o linkLink copiado para a área de transferência!
Shows detailed information about a tuning config for a cluster.
Syntax
rosa describe tuning-config --cluster <cluster-name-or-id> <tuning-name>
$ rosa describe tuning-config --cluster <cluster-name-or-id> <tuning-name>
Option | Definition |
---|---|
-c, --cluster <cluster_name>|<cluster_id> | Required. The name or ID of the cluster. |
-o, --output string |
The output format. You can specify either |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Describes the tuned1
tuned config on cluster foo
.
rosa describe tuning-config --cluster foo tuned1
$ rosa describe tuning-config --cluster foo tuned1
7.2.8.30. list tuning-configs Copiar o linkLink copiado para a área de transferência!
Lists tuning configuration resources for a cluster.
Syntax
rosa list tuning-configs --cluster <cluster-name-or-id>
$ rosa list tuning-configs --cluster <cluster-name-or-id>
Option | Definition |
---|---|
-c, --cluster <cluster_name>|<cluster_id> | Required. The name or ID of the cluster. |
-o, --output string |
The output format. You can specify either |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all tuning configuration for a cluster named mycluster
.
rosa list tuning-configs -c mycluster
$ rosa list tuning-configs -c mycluster
7.2.8.31. describe upgrade Copiar o linkLink copiado para a área de transferência!
Shows detailed information about an upgrade.
Syntax
rosa describe upgrade [arguments]
$ rosa describe upgrade [arguments]
Option | Definition |
---|---|
-c, --cluster <cluster_name>|<cluster_id> | Required. The name or ID of the cluster. |
--machinepool string | The name of the machine pool of the cluster to target. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
7.2.8.32. list upgrades Copiar o linkLink copiado para a área de transferência!
Lists all available and scheduled cluster version upgrades.
Syntax
rosa list upgrades --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa list upgrades --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster that the available upgrades will be listed for. |
--machinepool string | The name of the machine pool of the cluster to target. |
-o, --output string |
The output format. You can specify either |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all of the available upgrades for a cluster named mycluster
.
rosa list upgrades --cluster=mycluster
$ rosa list upgrades --cluster=mycluster
7.2.8.33. list user-roles Copiar o linkLink copiado para a área de transferência!
Lists all user roles for current AWS account.
Syntax
rosa list user-roles
$ rosa list user-roles
Option | Definition |
---|---|
-o, --output string |
The output format. You can specify either |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
7.2.8.34. list users Copiar o linkLink copiado para a área de transferência!
Lists the cluster administrator and dedicated administrator users for a specified cluster.
Syntax
rosa list users --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa list users --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster that the cluster administrators will be listed for. |
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all of the cluster administrators and dedicated administrators for a cluster named mycluster
.
rosa list users --cluster=mycluster
$ rosa list users --cluster=mycluster
7.2.8.35. list versions Copiar o linkLink copiado para a área de transferência!
Lists all of the OpenShift versions that are available for creating a cluster.
Syntax
rosa list versions [arguments]
$ rosa list versions [arguments]
Option | Definition |
---|---|
--help, -h | Shows help for this command. |
--debug | Enables debug mode. |
--interactive | Enables interactive mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Lists all of the Red Hat OpenShift Service on AWS versions.
rosa list versions
$ rosa list versions
7.2.9. Revoke objects Copiar o linkLink copiado para a área de transferência!
This section describes the revoke
commands for clusters and resources.
7.2.9.1. revoke-break-glass-credential Copiar o linkLink copiado para a área de transferência!
Revokes all break glass credentials from a specified Red Hat OpenShift Service on AWS cluster with external authentication enabled.
Syntax
rosa revoke break-glass-credential --cluster=<cluster_name> | <cluster_id>
$ rosa revoke break-glass-credential --cluster=<cluster_name> | <cluster_id>
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster from which the break glass credentials will be deleted. |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
--yes |
Automatically answers |
Example
Revoke the break glass credentials from a cluster named mycluster
.
rosa revoke break-glass-credential --cluster=mycluster
$ rosa revoke break-glass-credential --cluster=mycluster
7.2.10. Upgrade and delete upgrade for objects Copiar o linkLink copiado para a área de transferência!
This section describes the upgrade
command usage for objects.
7.2.10.1. upgrade cluster Copiar o linkLink copiado para a área de transferência!
Schedule a cluster upgrade.
Syntax
rosa upgrade cluster --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa upgrade cluster --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster that the upgrade will be scheduled for. |
--interactive | Enables interactive mode. |
--version | The version (string) of OpenShift Container Platform that the cluster will be upgraded to. |
--schedule-date |
The next date (string) when the upgrade will run at the specified time in Coordinated Universal Time (UTC). Format: |
--schedule-time |
The next time the upgrade will run on the specified date in Coordinated Universal Time (UTC). Format: |
--control-plane | Upgrades the cluster’s hosted control plane. |
Option | Definition |
---|---|
--help | Shows help for this command. |
Examples
Interactively schedule an upgrade on a cluster named mycluster
.
rosa upgrade cluster --cluster=mycluster --interactive
$ rosa upgrade cluster --cluster=mycluster --interactive
Schedule a cluster upgrade within the hour on a cluster named mycluster
.
rosa upgrade cluster --cluster=mycluster --version 4.5.20
$ rosa upgrade cluster --cluster=mycluster --version 4.5.20
7.2.10.2. delete cluster upgrade Copiar o linkLink copiado para a área de transferência!
Cancel a scheduled cluster upgrade.
Syntax
rosa delete upgrade --cluster=<cluster_name> | <cluster_id>
$ rosa delete upgrade --cluster=<cluster_name> | <cluster_id>
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster that the upgrade will be cancelled for. |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--yes |
Automatically answers |
7.2.10.3. upgrade machinepool Copiar o linkLink copiado para a área de transferência!
Upgrades a specific machine pool configured on a Red Hat OpenShift Service on AWS cluster.
Syntax
rosa upgrade machinepool --cluster=<cluster_name> <machinepool_name>
$ rosa upgrade machinepool --cluster=<cluster_name> <machinepool_name>
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster. |
--schedule-date |
The next date (string) when the upgrade will run at the specified time in Coordinated Universal Time (UTC). Format: |
--schedule-time |
The next time the upgrade will run on the specified date in Coordinated Universal Time (UTC). Format: |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Upgrade a machine pool on a cluster named mycluster
.
rosa upgrade machinepool --cluster=mycluster
$ rosa upgrade machinepool --cluster=mycluster
7.2.10.4. delete machinepool upgrade Copiar o linkLink copiado para a área de transferência!
Cancel a scheduled machinepool upgrade.
Syntax
rosa delete upgrade --cluster=<cluster_name> <machinepool_name>
$ rosa delete upgrade --cluster=<cluster_name> <machinepool_name>
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster. |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
7.3. Checking account and version information with the ROSA CLI Copiar o linkLink copiado para a área de transferência!
Use the following commands to check your account and version information.
7.3.1. whoami Copiar o linkLink copiado para a área de transferência!
Display information about your AWS and Red Hat accounts by using the following command syntax:
Syntax
rosa whoami [arguments]
$ rosa whoami [arguments]
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
rosa whoami
$ rosa whoami
7.3.2. version Copiar o linkLink copiado para a área de transferência!
Display the version of your rosa
CLI by using the following command syntax:
Syntax
rosa version [arguments]
$ rosa version [arguments]
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
rosa version
$ rosa version
7.4. Checking logs with the ROSA CLI Copiar o linkLink copiado para a área de transferência!
Use the following commands to check your install and uninstall logs.
7.4.1. logs install Copiar o linkLink copiado para a área de transferência!
Show the cluster install logs by using the following command syntax:
Syntax
rosa logs install --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa logs install --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | Required: The name or ID (string) of the cluster to get logs for. |
--tail |
The number (integer) of lines to get from the end of the log. Default: |
--watch | Watches for changes after getting the logs. |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Examples
Show the last 100 install log lines for a cluster named mycluster
:
rosa logs install mycluster --tail=100
$ rosa logs install mycluster --tail=100
Show the install logs for a cluster named mycluster
:
rosa logs install --cluster=mycluster
$ rosa logs install --cluster=mycluster
7.4.2. logs uninstall Copiar o linkLink copiado para a área de transferência!
Show the cluster uninstall logs by using the following command syntax:
Syntax
rosa logs uninstall --cluster=<cluster_name> | <cluster_id> [arguments]
$ rosa logs uninstall --cluster=<cluster_name> | <cluster_id> [arguments]
Option | Definition |
---|---|
--cluster | The name or ID (string) of the cluster to get logs for. |
--tail |
The number (integer) of lines to get from the end of the log. Default: |
--watch | Watches for changes after getting the logs. |
Option | Definition |
---|---|
--help | Shows help for this command. |
--debug | Enables debug mode. |
--profile | Specifies an AWS profile (string) from your credentials file. |
Example
Show the last 100 uninstall logs for a cluster named mycluster
:
rosa logs uninstall --cluster=mycluster --tail=100
$ rosa logs uninstall --cluster=mycluster --tail=100
7.5. Least privilege permissions for ROSA CLI commands Copiar o linkLink copiado para a área de transferência!
You can create roles with permissions that adhere to the principal of least privilege, in which the users assigned the roles have no other permissions assigned to them outside the scope of the specific action they need to perform. These policies contain only the minimum required permissions needed to perform specific actions by using the ROSA command-line interface (CLI) (rosa
).
Although the policies and commands presented in this topic will work in conjunction with one another, you might have other restrictions within your AWS environment that make the policies for these commands insufficient for your specific needs. Red Hat provides these examples as a baseline, assuming no other AWS Identity and Access Management (IAM) restrictions are present.
For more information about configuring permissions, policies, and roles in the AWS console, see AWS Identity and Access Management in the AWS documentation.
7.5.1. Least privilege permissions for common Red Hat OpenShift Service on AWS CLI commands Copiar o linkLink copiado para a área de transferência!
The following examples show the least privilege permissions needed for the most common ROSA CLI commands when building Red Hat OpenShift Service on AWS clusters.
7.5.1.1. Create a managed OpenID Connect (OIDC) provider Copiar o linkLink copiado para a área de transferência!
Run the following command with the specified permissions to create your managed OIDC provider by using auto
mode.
Input
rosa create oidc-config --mode auto
$ rosa create oidc-config --mode auto
Policy
7.5.1.2. Create an unmanaged OpenID Connect provider Copiar o linkLink copiado para a área de transferência!
Run the following command with the specified permissions to create your unmanaged OIDC provider by using auto
mode.
Input
rosa create oidc-config --mode auto --managed=false
$ rosa create oidc-config --mode auto --managed=false
Policy
7.5.1.3. List your account roles Copiar o linkLink copiado para a área de transferência!
Run the following command with the specified permissions to list your account roles.
Input
rosa list account-roles
$ rosa list account-roles
Policy
7.5.1.4. List your Operator roles Copiar o linkLink copiado para a área de transferência!
Run the following command with the specified permissions to list your Operator roles.
Input
rosa list operator-roles
$ rosa list operator-roles
Policy
7.5.1.5. List your OIDC providers Copiar o linkLink copiado para a área de transferência!
Run the following command with the specified permissions to list your OIDC providers.
Input
rosa list oidc-providers
$ rosa list oidc-providers
Policy
7.5.1.6. Verify your quota Copiar o linkLink copiado para a área de transferência!
Run the following command with the specified permissions to verify your quota.
Input
rosa verify quota
$ rosa verify quota
Policy
7.5.1.7. Delete your managed OIDC configuration Copiar o linkLink copiado para a área de transferência!
Run the following command with the specified permissions to delete your managed OIDC configuration by using auto
mode.
Input
rosa delete oidc-config -–mode auto
$ rosa delete oidc-config -–mode auto
Policy
7.5.1.8. Delete your unmanaged OIDC configuration Copiar o linkLink copiado para a área de transferência!
Run the following command with the specified permissions to delete your unmanaged OIDC configuration by using auto
mode.
Input
rosa delete oidc-config -–mode auto
$ rosa delete oidc-config -–mode auto
Policy
7.5.1.9. Create a cluster Copiar o linkLink copiado para a área de transferência!
Run the following command with the specified permissions to create Red Hat OpenShift Service on AWS clusters.
Input
rosa create cluster --hosted-cp
$ rosa create cluster --hosted-cp
Policy
7.5.1.10. Create your account roles and Operator roles Copiar o linkLink copiado para a área de transferência!
Run the following command with the specified permissions to create account and Operator roles by using auto
mode.
Input
rosa create account-roles --mode auto --hosted-cp
$ rosa create account-roles --mode auto --hosted-cp
Policy
7.5.1.11. Delete your account roles Copiar o linkLink copiado para a área de transferência!
Run the following command with the specified permissions to delete the account roles in auto
mode.
Input
rosa delete account-roles -–mode auto
$ rosa delete account-roles -–mode auto
Policy
7.5.1.12. Delete your Operator roles Copiar o linkLink copiado para a área de transferência!
Run the following command with the specified permissions to delete your Operator roles in auto
mode.
Input
rosa delete operator-roles -–mode auto
$ rosa delete operator-roles -–mode auto
Policy
7.5.2. ROSA CLI commands with no required permissions Copiar o linkLink copiado para a área de transferência!
The following ROSA CLI commands do not require permissions or policies to run. Instead, they require an access key and configured secret key or an attached role.
Command | Input |
---|---|
list cluster |
|
list versions |
|
describe cluster |
|
create admin |
|
list users |
|
list upgrades |
|
list OIDC configuration |
|
list identity providers |
|
list ingresses |
|
7.6. Managing billing accounts for Red Hat OpenShift Service on AWS clusters Copiar o linkLink copiado para a área de transferência!
You can use the ROSA CLI (rosa
) to link your cluster to the desired AWS billing account after the cluster has been deployed.
This can be useful if you have accidentally linked to the wrong AWS billing account during cluster deployment, or if you simply want to update the billing account.
You also have the option to update your billing account through the OpenShift Cluster Manager. For more information, see Updating billing accounts for Red Hat OpenShift Service on AWS clusters.
7.6.1. Update billing accounts for Red Hat OpenShift Service on AWS clusters Copiar o linkLink copiado para a área de transferência!
Prerequisites
- You must have more than one AWS billing account.
- The AWS billing account you want your cluster to link to must already be linked to the Red Hat organization where the cluster is deployed.
Procedure
Run the following command in your terminal window:
Syntax
rosa edit cluster -c <cluster_ID>
$ rosa edit cluster -c <cluster_ID>
1 Copy to Clipboard Copied! Toggle word wrap Toggle overflow - 1
- Replace
<cluster_ID>
with the ID of the cluster that you want to update the AWS billing account.
NoteTo locate the IDs of your active clusters, run the
$ rosa list clusters
command in your terminal window.-
Skip to the
Billing Account
parameter within the interactive mode. Select the desired AWS billing account from the list of available options and press "Enter".
The AWS billing account for your cluster is now updated.
Legal Notice
Copiar o linkLink copiado para a área de transferência!
Copyright © 2025 Red Hat
OpenShift documentation is licensed under the Apache License 2.0 (https://www.apache.org/licenses/LICENSE-2.0).
Modified versions must remove all Red Hat trademarks.
Portions adapted from https://github.com/kubernetes-incubator/service-catalog/ with modifications by Red Hat.
Red Hat, Red Hat Enterprise Linux, the Red Hat logo, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation’s permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.