Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Explore popular products

Featured use cases

Explore all products

Discover learning resources

Chapter 1. OpenShift CLI (oc)

With the OpenShift Container Platform command-line interface (CLI), you can create applications and manage OpenShift Container Platform projects from a terminal. The CLI is ideal in situations where you:

  • work directly with project source code.
  • script OpenShift Container Platform operations.
  • are restricted by bandwidth resources and can not use the web console.

You can install the OpenShift CLI (oc) either by downloading the binary or by using an RPM.

You can install the OpenShift CLI (oc) in order to interact with OpenShift Container Platform from a command-line interface. You can install oc on Linux, Windows, or macOS.

Important

If you installed an earlier version of oc, you cannot use it to complete all of the commands in OpenShift Container Platform 4.4. Download and install the new version of oc.

You can install the OpenShift CLI (oc) binary on Linux by using the following procedure.

Procedure

  1. Navigate to the Infrastructure Provider page on the Red Hat OpenShift Cluster Manager site.
  2. Select your infrastructure provider, and, if applicable, your installation type.
  3. In the Command-line interface section, select Linux from the drop-down menu and click Download command-line tools.

  4. Unpack the archive: 

    $ tar xvzf <file>
    Copied!

  5. Place the oc binary in a directory that is on your PATH.

    To check your PATH, execute the following command: 

    $ echo $PATH
    Copied!

After you install the CLI, it is available using the oc command: 

$ oc <command>
Copied!

You can install the OpenShift CLI (oc) binary on Windows by using the following procedure.

Procedure

  1. Navigate to the Infrastructure Provider page on the Red Hat OpenShift Cluster Manager site.
  2. Select your infrastructure provider, and, if applicable, your installation type.
  3. In the Command-line interface section, select Windows from the drop-down menu and click Download command-line tools.
  4. Unzip the archive with a ZIP program.

  5. Move the oc binary to a directory that is on your PATH.

    To check your PATH, open the command prompt and execute the following command: 

    C:\> path
    Copied!

After you install the CLI, it is available using the oc command: 

C:\> oc <command>
Copied!

You can install the OpenShift CLI (oc) binary on macOS by using the following procedure.

Procedure

  1. Navigate to the Infrastructure Provider page on the Red Hat OpenShift Cluster Manager site.
  2. Select your infrastructure provider, and, if applicable, your installation type.
  3. In the Command-line interface section, select MacOS from the drop-down menu and click Download command-line tools.
  4. Unpack and unzip the archive.

  5. Move the oc binary to a directory on your PATH.

    To check your PATH, open a terminal and execute the following command: 

    $ echo $PATH
    Copied!

After you install the CLI, it is available using the oc command: 

$ oc <command>
Copied!

For Red Hat Enterprise Linux (RHEL), you can install the OpenShift CLI (oc) as an RPM if you have an active OpenShift Container Platform subscription on your Red Hat account.

Prerequisites

  • Must have root or sudo privileges.

Procedure

  1. Register with Red Hat Subscription Manager: 

    # subscription-manager register
    Copied!

  2. Pull the latest subscription data: 

    # subscription-manager refresh
    Copied!

  3. List the available subscriptions: 

    # subscription-manager list --available --matches '*OpenShift*'
    Copied!

  4. In the output for the previous command, find the pool ID for an OpenShift Container Platform subscription and attach the subscription to the registered system: 

    # subscription-manager attach --pool=<pool_id>
    Copied!

  5. Enable the repositories required by OpenShift Container Platform 4.4.

    • For Red Hat Enterprise Linux 8: 

      # subscription-manager repos --enable="rhocp-4.4-for-rhel-8-x86_64-rpms"
      Copied!

    • For Red Hat Enterprise Linux 7: 

      # subscription-manager repos --enable="rhel-7-server-ose-4.4-rpms"
      Copied!

  6. Install the openshift-clients package: 

    # yum install openshift-clients
    Copied!

After you install the CLI, it is available using the oc command: 

$ oc <command>
Copied!

You can log in to the oc CLI to access and manage your cluster.

Prerequisites

  • You must have access to an OpenShift Container Platform cluster.
  • You must have installed the CLI.
Note

To access a cluster that is accessible only over an HTTP proxy server, you can set the HTTP_PROXY, HTTPS_PROXY and NO_PROXY variables. These environment variables are respected by the oc CLI so that all communication with the cluster goes through the HTTP proxy.

Procedure

  • Log in to the CLI using the oc login command and enter the required information when prompted. 

    $ oc login
Server [https://localhost:8443]: https://openshift.example.com:6443 1
The server uses a certificate signed by an unknown authority.
You can bypass the certificate check, but any data you send to the server could be intercepted by others.
Use insecure connections? (y/n): y 2

Authentication required for https://openshift.example.com:6443 (openshift)
Username: user1 3
Password: 4
Login successful.

You don't have any projects. You can try to create a new project, by running

    oc new-project <projectname>

Welcome! See 'oc help' to get started.
    Copied!
    1
    Enter the OpenShift Container Platform server URL.
    2
    Enter whether to use insecure connections.
    3
    Enter the user name to log in as.
    4
    Enter the user’s password.

You can now create a project or issue other commands for managing your cluster.

Review the following sections to learn how to complete common tasks using the CLI.

Use the oc new-project command to create a new project. 

$ oc new-project my-project
Now using project "my-project" on server "https://openshift.example.com:6443".
Copied!

Use the oc new-app command to create a new application. 

$ oc new-app https://github.com/sclorg/cakephp-ex
--> Found image 40de956 (9 days old) in imagestream "openshift/php" under tag "7.2" for "php"

...

    Run 'oc status' to view your app.
Copied!

Use the oc get pods command to view the pods for the current project. 

$ oc get pods -o wide
NAME                  READY   STATUS      RESTARTS   AGE     IP            NODE                           NOMINATED NODE
cakephp-ex-1-build    0/1     Completed   0          5m45s   10.131.0.10   ip-10-0-141-74.ec2.internal    <none>
cakephp-ex-1-deploy   0/1     Completed   0          3m44s   10.129.2.9    ip-10-0-147-65.ec2.internal    <none>
cakephp-ex-1-ktz97    1/1     Running     0          3m33s   10.128.2.11   ip-10-0-168-105.ec2.internal   <none>
Copied!

Use the oc logs command to view logs for a particular pod. 

$ oc logs cakephp-ex-1-deploy
--> Scaling cakephp-ex-1 to 1
--> Success
Copied!

Use the oc project command to view the current project. 

$ oc project
Using project "my-project" on server "https://openshift.example.com:6443".
Copied!

Use the oc status command to view information about the current project, such as services, deployments, and build configs. 

$ oc status
In project my-project on server https://openshift.example.com:6443

svc/cakephp-ex - 172.30.236.80 ports 8080, 8443
  dc/cakephp-ex deploys istag/cakephp-ex:latest <-
    bc/cakephp-ex source builds https://github.com/sclorg/cakephp-ex on openshift/php:7.2
    deployment #1 deployed 2 minutes ago - 1 pod

3 infos identified, use 'oc status --suggest' to see details.
Copied!

Use the oc api-resources command to view the list of supported API resources on the server. 

$ oc api-resources
NAME                                  SHORTNAMES       APIGROUP                              NAMESPACED   KIND
bindings                                                                                     true         Binding
componentstatuses                     cs                                                     false        ComponentStatus
configmaps                            cm                                                     true         ConfigMap
...
Copied!

You can get help with CLI commands and OpenShift Container Platform resources in the following ways.

  • Use oc help to get a list and description of all available CLI commands:

    Example: Get general help for the CLI

    $ oc help
OpenShift Client

This client helps you develop, build, deploy, and run your applications on any OpenShift or Kubernetes compatible
platform. It also includes the administrative commands for managing a cluster under the 'adm' subcommand.

Usage:
  oc [flags]

Basic Commands:
  login           Log in to a server
  new-project     Request a new project
  new-app         Create a new application

...
    Copied!

  • Use the --help flag to get help about a specific CLI command:

    Example: Get help for the oc create command

    $ oc create --help
Create a resource by filename or stdin

JSON and YAML formats are accepted.

Usage:
  oc create -f FILENAME [flags]

...
    Copied!

  • Use the oc explain command to view the description and fields for a particular resource:

    Example: View documentation for the Pod resource

    $ oc explain pods
KIND:     Pod
VERSION:  v1

DESCRIPTION:
     Pod is a collection of containers that can run on a host. This resource is
     created by clients and scheduled onto hosts.

FIELDS:
   apiVersion	<string>
     APIVersion defines the versioned schema of this representation of an
     object. Servers should convert recognized schemas to the latest internal
     value, and may reject unrecognized values. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#resources

...
    Copied!

You can log out the CLI to end your current session.

  • Use the oc logout command. 

    $ oc logout
Logged "user1" out on "https://openshift.example.com"
    Copied!

This deletes the saved authentication token from the server and removes it from your configuration file.

After you install the oc CLI tool, you can enable tab completion to automatically complete oc commands or suggest options when you press Tab.

Prerequisites

  • You must have the oc CLI tool installed.

Procedure

The following procedure enables tab completion for Bash.

  1. Save the Bash completion code to a file. 

    $ oc completion bash > oc_bash_completion
    Copied!

  2. Copy the file to /etc/bash_completion.d/. 

    $ sudo cp oc_bash_completion /etc/bash_completion.d/
    Copied!

    You can also save the file to a local directory and source it from your .bashrc file instead.

Tab completion is enabled when you open a new terminal.

You can write and install plug-ins to build on the default oc commands, allowing you to perform new and more complex tasks with the OpenShift Container Platform CLI.

You can write a plug-in for the OpenShift Container Platform CLI in any programming language or script that allows you to write command-line commands. Note that you can not use a plug-in to overwrite an existing oc command.

Important

OpenShift CLI plug-ins are currently a Technology Preview feature. Technology Preview features are not supported with Red Hat production service level agreements (SLAs), might not be functionally complete, and Red Hat does not recommend to use them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

See the Red Hat Technology Preview features support scope for more information.

Procedure

This procedure creates a simple Bash plug-in that prints a message to the terminal when the oc foo command is issued.

  1. Create a file called oc-foo.

    When naming your plug-in file, keep the following in mind:

    • The file must begin with oc- or kubectl- in order to be recognized as a plug-in.
    • The file name determines the command that invokes the plug-in. For example, a plug-in with the file name oc-foo-bar can be invoked by a command of oc foo bar. You can also use underscores if you want the command to contain dashes. For example, a plug-in with the file name oc-foo_bar can be invoked by a command of oc foo-bar.

  2. Add the following contents to the file. 

    #!/bin/bash

# optional argument handling
if [[ "$1" == "version" ]]
then
    echo "1.0.0"
    exit 0
fi

# optional argument handling
if [[ "$1" == "config" ]]
then
    echo $KUBECONFIG
    exit 0
fi

echo "I am a plugin named kubectl-foo"
    Copied!

After you install this plug-in for the OpenShift Container Platform CLI, it can be invoked using the oc foo command.

Additional resources

After you write a custom plug-in for the OpenShift Container Platform CLI, you must install it to use the functionality that it provides.

Important

OpenShift CLI plug-ins are currently a Technology Preview feature. Technology Preview features are not supported with Red Hat production service level agreements (SLAs), might not be functionally complete, and Red Hat does not recommend to use them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

See the Red Hat Technology Preview features support scope for more information.

Prerequisites

  • You must have the oc CLI tool installed.
  • You must have a CLI plug-in file that begins with oc- or kubectl-.

Procedure

  1. If necessary, update the plug-in file to be executable. 

    $ chmod +x <plugin_file>
    Copied!

  2. Place the file anywhere in your PATH, such as /usr/local/bin/. 

    $ sudo mv <plugin_file> /usr/local/bin/.
    Copied!

  3. Run oc plugin list to make sure that the plug-in is listed. 

    $ oc plugin list
The following compatible plugins are available:

/usr/local/bin/<plugin_file>
    Copied!

    If your plug-in is not listed here, verify that the file begins with oc- or kubectl-, is executable, and is on your PATH.

  4. Invoke the new command or option introduced by the plug-in.

    For example, if you built and installed the kubectl-ns plug-in from the Sample plug-in repository, you can use the following command to view the current namespace. 

    $ oc ns
    Copied!

    Note that the command to invoke the plug-in depends on the plug-in file name. For example, a plug-in with the file name of oc-foo-bar is invoked by the oc foo bar command.

Display documentation for a certain resource.

Example: Display documentation for pods

$ oc explain pods
Copied!

Log in to the OpenShift Container Platform server and save login information for subsequent use.

Example: Interactive login

$ oc login
Copied!

Example: Log in specifying a user name

$ oc login -u user1
Copied!

Create a new application by specifying source code, a template, or an image.

Example: Create a new application from a local Git repository

$ oc new-app .
Copied!

Example: Create a new application from a remote Git repository

$ oc new-app https://github.com/sclorg/cakephp-ex
Copied!

Example: Create a new application from a private remote repository

$ oc new-app https://github.com/youruser/yourprivaterepo --source-secret=yoursecret
Copied!

Create a new project and switch to it as the default project in your configuration.

Example: Create a new project

$ oc new-project myproject
Copied!

Switch to another project and make it the default in your configuration.

Example: Switch to a different project

$ oc project test-project
Copied!

Display information about the current active project and existing projects on the server.

Example: List all projects

$ oc projects
Copied!

Show a high-level overview of the current project.

Example: Show the status of the current project

$ oc status
Copied!

Cancel a running, pending, or new build.

Example: Cancel a build

$ oc cancel-build python-1
Copied!

Example: Cancel all pending builds from the python build config

$ oc cancel-build buildconfig/python --state=pending
Copied!

Import the latest tag and image information from an image repository.

Example: Import the latest image information

$ oc import-image my-ruby
Copied!

Create a new build config from source code.

Example: Create a build config from a local Git repository

$ oc new-build .
Copied!

Example: Create a build config from a remote Git repository

$ oc new-build https://github.com/sclorg/cakephp-ex
Copied!

Revert an application back to a previous deployment.

Example: Roll back to the last successful deployment

$ oc rollback php
Copied!

Example: Roll back to a specific version

$ oc rollback php --to-version=3
Copied!

Start a new rollout, view its status or history, or roll back to a previous revision of your application.

Example: Roll back to the last successful deployment

$ oc rollout undo deploymentconfig/php
Copied!

Example: Start a new rollout for a deployment with its latest state

$ oc rollout latest deploymentconfig/php
Copied!

Start a build from a build config or copy an existing build.

Example: Start a build from the specified build config

$ oc start-build python
Copied!

Example: Start a build from a previous build

$ oc start-build --from-build=python-1
Copied!

Example: Set an environment variable to use for the current build

$ oc start-build python --env=mykey=myvalue
Copied!

1.4.2.7. tag
Copy link

Tag existing images into image streams.

Example: Configure the ruby image’s latest tag to refer to the image for the 2.0 tag

$ oc tag ruby:latest ruby:2.0
Copied!

Update the annotations on one or more resources.

Example: Add an annotation to a route

$ oc annotate route/test-route haproxy.router.openshift.io/ip_whitelist="192.168.1.10"
Copied!

Example: Remove the annotation from the route

$ oc annotate route/test-route haproxy.router.openshift.io/ip_whitelist-
Copied!

Apply a configuration to a resource by file name or standard in (stdin) in JSON or YAML format.

Example: Apply the configuration in pod.json to a pod

$ oc apply -f pod.json
Copied!

Autoscale a deployment or replication controller.

Example: Autoscale to a minimum of two and maximum of five pods

$ oc autoscale deploymentconfig/parksmap-katacoda --min=2 --max=5
Copied!

Create a resource by file name or standard in (stdin) in JSON or YAML format.

Example: Create a pod using the content in pod.json

$ oc create -f pod.json
Copied!

Delete a resource.

Example: Delete a pod named parksmap-katacoda-1-qfqz4

$ oc delete pod/parksmap-katacoda-1-qfqz4
Copied!

Example: Delete all pods with the app=parksmap-katacoda label

$ oc delete pods -l app=parksmap-katacoda
Copied!

Return detailed information about a specific object.

Example: Describe a deployment named example

$ oc describe deployment/example
Copied!

Example: Describe all pods

$ oc describe pods
Copied!

Edit a resource.

Example: Edit a deployment using the default editor

$ oc edit deploymentconfig/parksmap-katacoda
Copied!

Example: Edit a deployment using a different editor

$ OC_EDITOR="nano" oc edit deploymentconfig/parksmap-katacoda
Copied!

Example: Edit a deployment in JSON format

$ oc edit deploymentconfig/parksmap-katacoda -o json
Copied!

Expose a service externally as a route.

Example: Expose a service

$ oc expose service/parksmap-katacoda
Copied!

Example: Expose a service and specify the host name

$ oc expose service/parksmap-katacoda --hostname=www.my-host.com
Copied!

1.4.3.9. get
Copy link

Display one or more resources.

Example: List pods in the default namespace

$ oc get pods -n default
Copied!

Example: Get details about the python deployment in JSON format

$ oc get deploymentconfig/python -o json
Copied!

Update the labels on one or more resources.

Example: Update the python-1-mz2rf pod with the label status set to unhealthy

$ oc label pod/python-1-mz2rf status=unhealthy
Copied!

Set the desired number of replicas for a replication controller or a deployment.

Example: Scale the ruby-app deployment to three pods

$ oc scale deploymentconfig/ruby-app --replicas=3
Copied!

Manage secrets in your project.

Example: Allow my-pull-secret to be used as an image pull secret by the default service account

$ oc secrets link default my-pull-secret --for=pull
Copied!

Get a token assigned to a service account or create a new token or kubeconfig file for a service account.

Example: Get the token assigned to the default service account

$ oc serviceaccounts get-token default
Copied!

Configure existing application resources.

Example: Set the name of a secret on a build config

$ oc set build-secret --source buildconfig/mybc mysecret
Copied!

Attach the shell to a running container.

Example: Get output from the python container from pod python-1-mz2rf

$ oc attach python-1-mz2rf -c python
Copied!

1.4.4.2. cp
Copy link

Copy files and directories to and from containers.

Example: Copy a file from the python-1-mz2rf pod to the local file system

$ oc cp default/python-1-mz2rf:/opt/app-root/src/README.md ~/mydirectory/.
Copied!

Launch a command shell to debug a running application.

Example: Debug the python Deployment

$ oc debug deploymentconfig/python
Copied!

Execute a command in a container.

Example: Execute the ls command in the python container from pod python-1-mz2rf

$ oc exec python-1-mz2rf -c python ls
Copied!

Retrieve the log output for a specific build, build config, deployment, or pod.

Example: Stream the latest logs from the python deployment

$ oc logs -f deploymentconfig/python
Copied!

Forward one or more local ports to a pod.

Example: Listen on port 8888 locally and forward to port 5000 in the pod

$ oc port-forward python-1-mz2rf 8888:5000
Copied!

Run a proxy to the Kubernetes API server.

Example: Run a proxy to the API server on port 8011 serving static content from ./local/www/

$ oc proxy --port=8011 --www=./local/www/
Copied!

1.4.4.8. rsh
Copy link

Open a remote shell session to a container.

Example: Open a shell session on the first container in the python-1-mz2rf pod

$ oc rsh python-1-mz2rf
Copied!

Copy contents of a directory to or from a running pod container. Only changed files are copied using the rsync command from your operating system.

Example: Synchronize files from a local directory with a pod directory

$ oc rsync ~/mydirectory/ python-1-mz2rf:/opt/app-root/src/
Copied!

Create and run a particular image. By default, this creates a DeploymentConfig to manage the created containers.

Example: Start an instance of the perl image with three replicas

$ oc run my-test --image=perl --replicas=3
Copied!

Wait for a specific condition on one or more resources.

Note

This command is experimental and might change without notice.

Example: Wait for the python-1-mz2rf pod to be deleted

$ oc wait --for=delete pod/python-1-mz2rf
Copied!

Display the full list of API resources that the server supports.

Example: List the supported API resources

$ oc api-resources
Copied!

Display the full list of API versions that the server supports.

Example: List the supported API versions

$ oc api-versions
Copied!

Inspect permissions and reconcile RBAC roles.

Example: Check whether the current user can read pod logs

$ oc auth can-i get pods --subresource=log
Copied!

Example: Reconcile RBAC roles and permissions from a file

$ oc auth reconcile -f policy.json
Copied!

Display the address of the master and cluster services.

Example: Display cluster information

$ oc cluster-info
Copied!

Convert a YAML or JSON configuration file to a different API version and print to standard output (stdout).

Example: Convert pod.yaml to the latest version

$ oc convert -f pod.yaml
Copied!

Extract the contents of a config map or secret. Each key in the config map or secret is created as a separate file with the name of the key.

Example: Download the contents of the ruby-1-ca config map to the current directory

$ oc extract configmap/ruby-1-ca
Copied!

Example: Print the contents of the ruby-1-ca config map to stdout

$ oc extract configmap/ruby-1-ca --to=-
Copied!

Idle scalable resources. An idled service will automatically become unidled when it receives traffic or it can be manually unidled using the oc scale command.

Example: Idle the ruby-app service

$ oc idle ruby-app
Copied!

Manage images in your OpenShift Container Platform cluster.

Example: Copy an image to another tag

$ oc image mirror myregistry.com/myimage:latest myregistry.com/myimage:stable
Copied!

Observe changes to resources and take action on them.

Example: Observe changes to services

$ oc observe services
Copied!

Updates one or more fields of an object using strategic merge patch in JSON or YAML format.

Example: Update the spec.unschedulable field for node node1 to true

$ oc patch node/node1 -p '{"spec":{"unschedulable":true}}'
Copied!

Note

If you must patch a custom resource definition, you must include the --type merge option in the command.

Manage authorization policies.

Example: Add the edit role to user1 for the current project

$ oc policy add-role-to-user edit user1
Copied!

Process a template into a list of resources.

Example: Convert template.json to a resource list and pass to oc create

$ oc process -f template.json | oc create -f -
Copied!

Manage the integrated registry on OpenShift Container Platform.

Example: Display information about the integrated registry

$ oc registry info
Copied!

Modify an existing object based on the contents of the specified configuration file.

Example: Update a pod using the content in pod.json

$ oc replace -f pod.json
Copied!

Output shell completion code for the specified shell.

Example: Display completion code for Bash

$ oc completion bash
Copied!

Manage the client configuration files.

Example: Display the current configuration

$ oc config view
Copied!

Example: Switch to a different context

$ oc config use-context test-context
Copied!

Log out of the current session.

Example: End the current session

$ oc logout
Copied!

Display information about the current session.

Example: Display the currently authenticated user

$ oc whoami
Copied!

Display general help information for the CLI and a list of available commands.

Example: Display available commands

$ oc help
Copied!

Example: Display the help for the new-project command

$ oc help new-project
Copied!

List the available plug-ins on the user’s PATH.

Example: List available plug-ins

$ oc plugin list
Copied!

Display the oc client and server versions.

Example: Display version information

$ oc version
Copied!

For cluster administrators, the OpenShift Container Platform server version is also displayed.

Gather debugging information for a particular resource.

Note

This command is experimental and might change without notice.

Example: Collect debugging data for the OpenShift API server cluster Operator

$ oc adm inspect clusteroperator/openshift-apiserver
Copied!

Bulk collect data about the current state of your cluster to debug issues.

Note

This command is experimental and might change without notice.

Example: Gather debugging information

$ oc adm must-gather
Copied!

1.5.1.3. top
Copy link

Show usage statistics of resources on the server.

Example: Show CPU and memory usage for pods

$ oc adm top pods
Copied!

Example: Show usage statistics for images

$ oc adm top images
Copied!

Mark a node as unschedulable. Manually marking a node as unschedulable blocks any new pods from being scheduled on the node, but does not affect existing pods on the node.

Example: Mark node1 as unschedulable

$ oc adm cordon node1
Copied!

Drain a node in preparation for maintenance.

Example: Drain node1

$ oc adm drain node1
Copied!

Display and filter node logs.

Example: Get logs for NetworkManager

$ oc adm node-logs --role master -u NetworkManager.service
Copied!

Update the taints on one or more nodes.

Example: Add a taint to dedicate a node for a set of users

$ oc adm taint nodes node1 dedicated=groupName:NoSchedule
Copied!

Example: Remove the taints with key dedicated from node node1

$ oc adm taint nodes node1 dedicated-
Copied!

Mark a node as schedulable.

Example: Mark node1 as schedulable

$ oc adm uncordon node1
Copied!

Approve or reject certificate signing requests (CSRs).

Example: Approve a CSR

$ oc adm certificate approve csr-sqgzp
Copied!

Manage groups in your cluster.

Example: Create a new group

$ oc adm groups new my-group
Copied!

Create a new project and specify administrative options.

Example: Create a new project using a node selector

$ oc adm new-project myproject --node-selector='type=user-node,region=east'
Copied!

Manage pod networks in the cluster.

Example: Isolate project1 and project2 from other non-global projects

$ oc adm pod-network isolate-projects project1 project2
Copied!

Manage roles and policies on the cluster.

Example: Add the edit role to user1 for all projects

$ oc adm policy add-cluster-role-to-user edit user1
Copied!

Example: Add the privileged security context constraint to a service account

$ oc adm policy add-scc-to-user privileged -z myserviceaccount
Copied!

Migrate resources on the cluster to a new version or format depending on the subcommand used.

Example: Perform an update of all stored objects

$ oc adm migrate storage
Copied!

Example: Perform an update of only pods

$ oc adm migrate storage --include=pods
Copied!

Remove older versions of resources from the server.

Example: Prune older builds including those whose build configs no longer exist

$ oc adm prune builds --orphans
Copied!

Create the default bootstrap policy.

Example: Create a file called policy.json with the default bootstrap policy

$ oc adm create-bootstrap-policy-file --filename=policy.json
Copied!

Create a bootstrap project template.

Example: Output a bootstrap project template in YAML format to stdout

$ oc adm create-bootstrap-project-template -o yaml
Copied!

Create a template for customizing the error page.

Example: Output a template for the error page to stdout

$ oc adm create-error-template
Copied!

Creates a basic .kubeconfig file from client certificates.

Example: Create a .kubeconfig file with the provided client certificates

$ oc adm create-kubeconfig \
  --client-certificate=/path/to/client.crt \
  --client-key=/path/to/client.key \
  --certificate-authority=/path/to/ca.crt
Copied!

Create a template for customizing the login page.

Example: Output a template for the login page to stdout

$ oc adm create-login-template
Copied!

Create a template for customizing the provider selection page.

Example: Output a template for the provider selection page to stdout

$ oc adm create-provider-selection-template
Copied!

Output the inputs and dependencies of any builds.

Example: Output dependencies for the perl imagestream

$ oc adm build-chain perl
Copied!

Output shell completion code for the oc adm commands for the specified shell.

Example: Display oc adm completion code for Bash

$ oc adm completion bash
Copied!

Manage the client configuration files. This command has the same behavior as the oc config command.

Example: Display the current configuration

$ oc adm config view
Copied!

Example: Switch to a different context

$ oc adm config use-context test-context
Copied!

Manage various aspects of the OpenShift Container Platform release process, such as viewing information about a release or inspecting the contents of a release.

Example: Generate a changelog between two releases and save to changelog.md

$ oc adm release info --changelog=/tmp/git \
    quay.io/openshift-release-dev/ocp-release:4.4.0-rc.7 \
    quay.io/openshift-release-dev/ocp-release:4.4.0 \
    > changelog.md
Copied!

Verify the image signature of an image imported to the internal registry using the local public GPG key.

Example: Verify the nodejs image signature

$ oc adm verify-image-signature \
    sha256:2bba968aedb7dd2aafe5fa8c7453f5ac36a0b9639f1bf5b03f95de325238b288 \
    --expected-identity 172.30.1.1:5000/openshift/nodejs:latest \
    --public-key /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release \
    --save
Copied!

Kubernetes' command line interface (CLI), kubectl, can be used to run commands against a Kubernetes cluster. Because OpenShift Container Platform is a certified Kubernetes distribution, you can use the supported kubectl binaries that ship with OpenShift Container Platform, or you can gain extended functionality by using the oc binary.

The oc binary offers the same capabilities as the kubectl binary, but it extends to natively support additional OpenShift Container Platform features, including:

  • Full support for OpenShift Container Platform resources

    Resources such as DeploymentConfig, BuildConfig, Route, ImageStream, and ImageStreamTag objects are specific to OpenShift Container Platform distributions, and build upon standard Kubernetes primitives.

  • Authentication

    The oc binary offers a built-in login command that allows authentication and enables you to work with OpenShift Container Platform projects, which map Kubernetes namespaces to authenticated users. See Understanding authentication for more information.

  • Additional commands

    The additional command oc new-app, for example, makes it easier to get new applications started using existing source code or pre-built images. Similarly, the additional command oc new-project makes it easier to start a project that you can switch to as your default.

The kubectl binary is provided as a means to support existing workflows and scripts for new OpenShift Container Platform users coming from a standard Kubernetes environment, or for those who prefer to use the kubectl CLI. Existing users of kubectl can continue to use the binary to interact with Kubernetes primitives, with no changes required to the OpenShift Container Platform cluster.

You can install the supported kubectl binary by following the steps to Install the CLI. The kubectl binary is included in the archive if you download the binary, or is installed when you install the CLI by using an RPM.

For more information, see the kubectl documentation.

Red Hat logoGithubRedditYoutube

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.