Chapter 5. Administrator CLI Operations

5.1. Overview

This topic provides information on the administrator CLI operations and their syntax. You must setup and login with the CLI before you can perform these operations.

The openshift command is used for starting services that make up the OpenShift Container Platform cluster. For example, openshift start [master|node]. However, it is also an all-in-one command that can perform all the same actions as the oc and oc adm commands via openshift cli and openshift admin respectively.

The administrator CLI differs from the normal set of commands under the developer CLI, which uses the oc command, and is used more for project-level operations.

5.2. Common Operations

The administrator CLI allows interaction with the various objects that are managed by OpenShift Container Platform. Many common oc adm operations are invoked using the following syntax:

$ oc adm <action> <option>

This specifies:

An <action> to perform, such as new-project or groups.
An available <option> to perform the action on as well as a value for the option. Options include --output.

Important

When running oc adm commands, you should run them only from the first master listed in the Ansible host inventory file, by default /etc/ansible/hosts.

5.3. Basic CLI Operations

5.3.1. new-project

Creates a new project:

$ oc adm new-project <project_name>

5.3.2. policy

Manages authorization policies:

$ oc adm policy

5.3.3. groups

Manages groups:

$ oc adm groups

5.4. Install CLI Operations

5.4.1. router

Installs a router:

$ ocadm router <router_name>

5.4.2. ipfailover

Installs an IP failover group for a set of nodes:

$ oc adm ipfailover <ipfailover_config>

5.4.3. registry

Installs an integrated container image registry:

$ oc adm registry

5.5. Maintenance CLI Operations

5.5.1. build-chain

Outputs the inputs and dependencies of any builds:

$ oc adm build-chain <image_stream>[:<tag>]

5.5.2. manage-node

Manages nodes. For example, list or evacuate pods, or mark them ready:

$ oc adm manage-node

5.5.3. prune

Removes older versions of resources from the server:

$ oc adm prune

5.6. Settings CLI Operations

5.6.1. config

Changes kubelet configuration files:

$ oc adm config <subcommand>

5.6.2. create-kubeconfig

Creates a basic .kubeconfig file from client certificates:

$ oc adm create-kubeconfig

5.6.3. create-api-client-config

Creates a configuration file for connecting to the server as a user:

$ oc adm create-api-client-config

5.7. Advanced CLI Operations

5.7.1. create-bootstrap-project-template

Creates a bootstrap project template:

$ oc adm create-bootstrap-project-template

5.7.2. create-bootstrap-policy-file

Creates the default bootstrap policy:

$ oc adm create-bootstrap-policy-file

5.7.3. create-login-template

Creates a login template:

$ oc adm create-login-template

5.7.4. create-node-config

Creates a configuration bundle for a node:

$ oc adm create-node-config

5.7.5. ca

Manages certificates and keys:

$ oc adm ca

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.