2.8. OpenShift CLI 管理员命令参考
				本参考提供了 OpenShift CLI(oc)管理员命令的描述和示例命令。您必须具有 cluster-admin 或同等权限才能使用这些命令。
			
如需开发人员命令,请参阅 OpenShift CLI 开发人员命令参考。
				运行 oc adm -h 以列出所有管理员命令或运行 oc <command> --help 获取特定命令的更多详情。
			
2.8.1. OpenShift CLI(oc)管理员命令
2.8.1.1. oc adm build-chain
输出构建的输入和依赖项
用法示例
2.8.1.2. oc adm catalog mirror
镜像 operator-registry 目录
用法示例
2.8.1.3. oc adm 证书批准
批准证书签名请求
用法示例
Approve CSR 'csr-sqgzp'
  # Approve CSR 'csr-sqgzp'
  oc adm certificate approve csr-sqgzp2.8.1.4. oc adm 证书拒绝
拒绝证书签名请求
用法示例
Deny CSR 'csr-sqgzp'
  # Deny CSR 'csr-sqgzp'
  oc adm certificate deny csr-sqgzp2.8.1.5. oc adm cordon
将节点标记为不可调度
用法示例
Mark node "foo" as unschedulable
  # Mark node "foo" as unschedulable
  oc adm cordon foo2.8.1.6. oc adm create-bootstrap-project-template
创建 bootstrap 项目模板
用法示例
Output a bootstrap project template in YAML format to stdout
  # Output a bootstrap project template in YAML format to stdout
  oc adm create-bootstrap-project-template -o yaml2.8.1.7. oc adm create-error-template
创建错误页面模板
用法示例
Output a template for the error page to stdout
  # Output a template for the error page to stdout
  oc adm create-error-template2.8.1.8. oc adm create-login-template
创建登录模板
用法示例
Output a template for the login page to stdout
  # Output a template for the login page to stdout
  oc adm create-login-template2.8.1.9. oc adm create-provider-selection-template
创建供应商选择模板
用法示例
Output a template for the provider selection page to stdout
  # Output a template for the provider selection page to stdout
  oc adm create-provider-selection-template2.8.1.10. oc adm drain
排空节点以准备进行维护
用法示例
Drain node "foo", even if there are pods not managed by a replication controller, replica set, job, daemon set or stateful set on it
  # Drain node "foo", even if there are pods not managed by a replication controller, replica set, job, daemon set or stateful set on it
  oc adm drain foo --force
  # As above, but abort if there are pods not managed by a replication controller, replica set, job, daemon set or stateful set, and use a grace period of 15 minutes
  oc adm drain foo --grace-period=9002.8.1.11. oc adm groups add-users
将用户添加到组
用法示例
Add user1 and user2 to my-group
  # Add user1 and user2 to my-group
  oc adm groups add-users my-group user1 user22.8.1.12. oc adm groups new
创建一个新组
用法示例
2.8.1.13. oc adm groups prune
从外部提供程序中删除引用缺失记录的旧 OpenShift 组
用法示例
2.8.1.14. oc adm groups remove-users
从组中删除用户
用法示例
Remove user1 and user2 from my-group
  # Remove user1 and user2 from my-group
  oc adm groups remove-users my-group user1 user22.8.1.15. oc adm groups sync
将 OpenShift 组与来自外部提供程序的记录同步
用法示例
2.8.1.16. oc adm inspect
为给定资源收集调试数据
用法示例
2.8.1.17. oc adm migrate template-instances
更新模板实例以指向最新的 group-version-kinds
用法示例
Perform a dry-run of updating all objects
  # Perform a dry-run of updating all objects
  oc adm migrate template-instances
  # To actually perform the update, the confirm flag must be appended
  oc adm migrate template-instances --confirm2.8.1.18. oc adm must-gather
启动用于收集调试信息的 pod 的新实例
用法示例
2.8.1.19. oc adm new-project
创建新项目
用法示例
Create a new project using a node selector
  # Create a new project using a node selector
  oc adm new-project myproject --node-selector='type=user-node,region=east'2.8.1.20. oc adm node-logs
显示和过滤节点日志
用法示例
2.8.1.21. oc adm pod-network isolate-projects
隔离项目网络
用法示例
Provide isolation for project p1
  # Provide isolation for project p1
  oc adm pod-network isolate-projects <p1>
  # Allow all projects with label name=top-secret to have their own isolated project network
  oc adm pod-network isolate-projects --selector='name=top-secret'2.8.1.22. oc adm pod-network join-projects
加入项目网络
用法示例
Allow project p2 to use project p1 network
  # Allow project p2 to use project p1 network
  oc adm pod-network join-projects --to=<p1> <p2>
  # Allow all projects with label name=top-secret to use project p1 network
  oc adm pod-network join-projects --to=<p1> --selector='name=top-secret'2.8.1.23. oc adm pod-network make-projects-global
使项目网络为全局有效
用法示例
Allow project p1 to access all pods in the cluster and vice versa
  # Allow project p1 to access all pods in the cluster and vice versa
  oc adm pod-network make-projects-global <p1>
  # Allow all projects with label name=share to access all pods in the cluster and vice versa
  oc adm pod-network make-projects-global --selector='name=share'2.8.1.24. oc adm policy add-role-to-user
为当前项目的用户或服务帐户添加角色
用法示例
Add the 'view' role to user1 for the current project
  # Add the 'view' role to user1 for the current project
  oc adm policy add-role-to-user view user1
  # Add the 'edit' role to serviceaccount1 for the current project
  oc adm policy add-role-to-user edit -z serviceaccount12.8.1.25. oc adm policy add-scc-to-group
为组添加安全性上下文约束
用法示例
Add the 'restricted' security context constraint to group1 and group2
  # Add the 'restricted' security context constraint to group1 and group2
  oc adm policy add-scc-to-group restricted group1 group22.8.1.26. oc adm policy add-scc-to-user
为用户或服务帐户添加安全性上下文约束
用法示例
Add the 'restricted' security context constraint to user1 and user2
  # Add the 'restricted' security context constraint to user1 and user2
  oc adm policy add-scc-to-user restricted user1 user2
  # Add the 'privileged' security context constraint to serviceaccount1 in the current namespace
  oc adm policy add-scc-to-user privileged -z serviceaccount12.8.1.27. oc adm policy scc-review
检查哪个服务帐户可以创建 pod
用法示例
2.8.1.28. oc adm policy scc-subject-review
检查用户或服务帐户是否可以创建 pod
用法示例
2.8.1.29. oc adm prune builds
删除旧的完成和失败的构建
用法示例
2.8.1.30. oc adm prune deployments
删除旧的完成和失败的部署配置
用法示例
Dry run deleting all but the last complete deployment for every deployment config
  # Dry run deleting all but the last complete deployment for every deployment config
  oc adm prune deployments --keep-complete=1
  # To actually perform the prune operation, the confirm flag must be appended
  oc adm prune deployments --keep-complete=1 --confirm2.8.1.31. oc adm prune groups
从外部提供程序中删除引用缺失记录的旧 OpenShift 组
用法示例
2.8.1.32. oc adm prune images
删除未引用的镜像
用法示例
2.8.1.33. oc adm release extract
将更新有效负载的内容提取到磁盘
用法示例
2.8.1.34. oc adm release info
显示发行版本的信息
用法示例
2.8.1.35. oc adm release mirror
将发行版本 mirror 到不同的镜像 registry 位置
用法示例
2.8.1.36. oc adm release new
创建新的 OpenShift 发行版本
用法示例
2.8.1.37. oc adm taint
更新一个或多个节点上的污点
用法示例
2.8.1.38. oc adm top images
显示镜像的用量统计
用法示例
Show usage statistics for images
  # Show usage statistics for images
  oc adm top images2.8.1.39. oc adm top imagestreams
显示镜像流的用量统计
用法示例
Show usage statistics for image streams
  # Show usage statistics for image streams
  oc adm top imagestreams2.8.1.40. oc adm top node
显示节点的资源(CPU/内存)使用情况
用法示例
Show metrics for all nodes
  # Show metrics for all nodes
  oc adm top node
  # Show metrics for a given node
  oc adm top node NODE_NAME2.8.1.41. oc adm top pod
显示 pod 的资源(CPU/内存)使用情况
用法示例
2.8.1.42. oc adm uncordon
将节点标记为可调度
用法示例
Mark node "foo" as schedulable
  # Mark node "foo" as schedulable
  oc adm uncordon foo2.8.1.43. oc adm upgrade
升级集群或调整升级频道
用法示例
Review the available cluster updates
  # Review the available cluster updates
  oc adm upgrade
  # Update to the latest version
  oc adm upgrade --to-latest=true2.8.1.44. oc adm verify-image-signature
验证镜像签名中包含的镜像身份
用法示例