.nh .TH KUBERNETES(1) kubernetes User Manuals Eric Paris Jan 2015 .SH NAME .PP kubectl config set\-credentials \- Sets a user entry in kubeconfig .SH SYNOPSIS .PP \fBkubectl config set\-credentials\fP [OPTIONS] .SH DESCRIPTION .PP Sets a user entry in kubeconfig .PP Specifying a name that already exists will merge new fields on top of existing values. .PP Client\-certificate flags: \-\-client\-certificate=certfile \-\-client\-key=keyfile .PP Bearer token flags: \-\-token=bearer\_token .PP Basic auth flags: \-\-username=basic\_user \-\-password=basic\_password .PP Bearer token and basic auth are mutually exclusive. .SH OPTIONS .PP \fB\-\-auth\-provider\fP="" Auth provider for the user entry in kubeconfig .PP \fB\-\-auth\-provider\-arg\fP=[] 'key=value' arguments for the auth provider .PP \fB\-\-embed\-certs\fP=false Embed client cert/key for the user entry in kubeconfig .PP \fB\-\-exec\-api\-version\fP="" API version of the exec credential plugin for the user entry in kubeconfig .PP \fB\-\-exec\-arg\fP=[] New arguments for the exec credential plugin command for the user entry in kubeconfig .PP \fB\-\-exec\-command\fP="" Command for the exec credential plugin for the user entry in kubeconfig .PP \fB\-\-exec\-env\fP=[] 'key=value' environment values for the exec credential plugin .SH OPTIONS INHERITED FROM PARENT COMMANDS .PP \fB\-\-add\-dir\-header\fP=false If true, adds the file directory to the header of the log messages .PP \fB\-\-alsologtostderr\fP=false log to standard error as well as files .PP \fB\-\-application\-metrics\-count\-limit\fP=100 Max number of application metrics to store (per container) .PP \fB\-\-as\fP="" Username to impersonate for the operation .PP \fB\-\-as\-group\fP=[] Group to impersonate for the operation, this flag can be repeated to specify multiple groups. .PP \fB\-\-azure\-container\-registry\-config\fP="" Path to the file containing Azure container registry configuration information. .PP \fB\-\-boot\-id\-file\fP="/proc/sys/kernel/random/boot\_id" Comma\-separated list of files to check for boot\-id. Use the first one that exists. .PP \fB\-\-cache\-dir\fP="/home/user/.kube/cache" Default cache directory .PP \fB\-\-certificate\-authority\fP="" Path to a cert file for the certificate authority .PP \fB\-\-client\-certificate\fP="" Path to a client certificate file for TLS .PP \fB\-\-client\-key\fP="" Path to a client key file for TLS .PP \fB\-\-cloud\-provider\-gce\-l7lb\-src\-cidrs\fP=130.211.0.0/22,35.191.0.0/16 CIDRs opened in GCE firewall for L7 LB traffic proxy \& health checks .PP \fB\-\-cloud\-provider\-gce\-lb\-src\-cidrs\fP=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16 CIDRs opened in GCE firewall for L4 LB traffic proxy \& health checks .PP \fB\-\-cluster\fP="" The name of the kubeconfig cluster to use .PP \fB\-\-container\-hints\fP="/etc/cadvisor/container\_hints.json" location of the container hints file .PP \fB\-\-containerd\fP="/run/containerd/containerd.sock" containerd endpoint .PP \fB\-\-containerd\-namespace\fP="k8s.io" containerd namespace .PP \fB\-\-context\fP="" The name of the kubeconfig context to use .PP \fB\-\-default\-not\-ready\-toleration\-seconds\fP=300 Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration. .PP \fB\-\-default\-unreachable\-toleration\-seconds\fP=300 Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration. .PP \fB\-\-disable\-root\-cgroup\-stats\fP=false Disable collecting root Cgroup stats .PP \fB\-\-docker\fP="unix:///var/run/docker.sock" docker endpoint .PP \fB\-\-docker\-env\-metadata\-whitelist\fP="" a comma\-separated list of environment variable keys matched with specified prefix that needs to be collected for docker containers .PP \fB\-\-docker\-only\fP=false Only report docker containers in addition to root stats .PP \fB\-\-docker\-root\fP="/var/lib/docker" DEPRECATED: docker root is read from docker info (this is a fallback, default: /var/lib/docker) .PP \fB\-\-docker\-tls\fP=false use TLS to connect to docker .PP \fB\-\-docker\-tls\-ca\fP="ca.pem" path to trusted CA .PP \fB\-\-docker\-tls\-cert\fP="cert.pem" path to client certificate .PP \fB\-\-docker\-tls\-key\fP="key.pem" path to private key .PP \fB\-\-enable\-load\-reader\fP=false Whether to enable cpu load reader .PP \fB\-\-event\-storage\-age\-limit\fP="default=0" Max length of time for which to store events (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is a duration. Default is applied to all non\-specified event types .PP \fB\-\-event\-storage\-event\-limit\fP="default=0" Max number of events to store (per type). Value is a comma separated list of key values, where the keys are event types (e.g.: creation, oom) or "default" and the value is an integer. Default is applied to all non\-specified event types .PP \fB\-\-global\-housekeeping\-interval\fP=1m0s Interval between global housekeepings .PP \fB\-\-housekeeping\-interval\fP=10s Interval between container housekeepings .PP \fB\-\-insecure\-skip\-tls\-verify\fP=false If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure .PP \fB\-\-kubeconfig\fP="" use a particular kubeconfig file .PP \fB\-\-log\-backtrace\-at\fP=:0 when logging hits line file:N, emit a stack trace .PP \fB\-\-log\-cadvisor\-usage\fP=false Whether to log the usage of the cAdvisor container .PP \fB\-\-log\-dir\fP="" If non\-empty, write log files in this directory .PP \fB\-\-log\-file\fP="" If non\-empty, use this log file .PP \fB\-\-log\-file\-max\-size\fP=1800 Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. .PP \fB\-\-log\-flush\-frequency\fP=5s Maximum number of seconds between log flushes .PP \fB\-\-logtostderr\fP=true log to standard error instead of files .PP \fB\-\-machine\-id\-file\fP="/etc/machine\-id,/var/lib/dbus/machine\-id" Comma\-separated list of files to check for machine\-id. Use the first one that exists. .PP \fB\-\-match\-server\-version\fP=false Require server version to match client version .PP \fB\-n\fP, \fB\-\-namespace\fP="" If present, the namespace scope for this CLI request .PP \fB\-\-one\-output\fP=false If true, only write logs to their native severity level (vs also writing to each lower severity level .PP \fB\-\-password\fP="" Password for basic authentication to the API server .PP \fB\-\-profile\fP="none" Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex) .PP \fB\-\-profile\-output\fP="profile.pprof" Name of the file to write the profile to .PP \fB\-\-referenced\-reset\-interval\fP=0 Reset interval for referenced bytes (container\_referenced\_bytes metric), number of measurement cycles after which referenced bytes are cleared, if set to 0 referenced bytes are never cleared (default: 0) .PP \fB\-\-request\-timeout\fP="0" The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. .PP \fB\-s\fP, \fB\-\-server\fP="" The address and port of the Kubernetes API server .PP \fB\-\-skip\-headers\fP=false If true, avoid header prefixes in the log messages .PP \fB\-\-skip\-log\-headers\fP=false If true, avoid headers when opening log files .PP \fB\-\-stderrthreshold\fP=2 logs at or above this threshold go to stderr .PP \fB\-\-storage\-driver\-buffer\-duration\fP=1m0s Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction .PP \fB\-\-storage\-driver\-db\fP="cadvisor" database name .PP \fB\-\-storage\-driver\-host\fP="localhost:8086" database host:port .PP \fB\-\-storage\-driver\-password\fP="root" database password .PP \fB\-\-storage\-driver\-secure\fP=false use secure connection with database .PP \fB\-\-storage\-driver\-table\fP="stats" table name .PP \fB\-\-storage\-driver\-user\fP="root" database username .PP \fB\-\-tls\-server\-name\fP="" Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used .PP \fB\-\-token\fP="" Bearer token for authentication to the API server .PP \fB\-\-update\-machine\-info\-interval\fP=5m0s Interval between machine info updates. .PP \fB\-\-user\fP="" The name of the kubeconfig user to use .PP \fB\-\-username\fP="" Username for basic authentication to the API server .PP \fB\-v\fP, \fB\-\-v\fP=0 number for the log level verbosity .PP \fB\-\-version\fP=false Print version information and quit .PP \fB\-\-vmodule\fP= comma\-separated list of pattern=N settings for file\-filtered logging .PP \fB\-\-warnings\-as\-errors\fP=false Treat warnings received from the server as errors and exit with a non\-zero exit code .SH EXAMPLE .PP .RS .nf # Set only the "client\-key" field on the "cluster\-admin" # entry, without touching other values: kubectl config set\-credentials cluster\-admin \-\-client\-key=\~/.kube/admin.key # Set basic auth for the "cluster\-admin" entry kubectl config set\-credentials cluster\-admin \-\-username=admin \-\-password=uXFGweU9l35qcif # Embed client certificate data in the "cluster\-admin" entry kubectl config set\-credentials cluster\-admin \-\-client\-certificate=\~/.kube/admin.crt \-\-embed\-certs=true # Enable the Google Compute Platform auth provider for the "cluster\-admin" entry kubectl config set\-credentials cluster\-admin \-\-auth\-provider=gcp # Enable the OpenID Connect auth provider for the "cluster\-admin" entry with additional args kubectl config set\-credentials cluster\-admin \-\-auth\-provider=oidc \-\-auth\-provider\-arg=client\-id=foo \-\-auth\-provider\-arg=client\-secret=bar # Remove the "client\-secret" config value for the OpenID Connect auth provider for the "cluster\-admin" entry kubectl config set\-credentials cluster\-admin \-\-auth\-provider=oidc \-\-auth\-provider\-arg=client\-secret\- # Enable new exec auth plugin for the "cluster\-admin" entry kubectl config set\-credentials cluster\-admin \-\-exec\-command=/path/to/the/executable \-\-exec\-api\-version=client.authentication.k8s.io/v1beta1 # Define new exec auth plugin args for the "cluster\-admin" entry kubectl config set\-credentials cluster\-admin \-\-exec\-arg=arg1 \-\-exec\-arg=arg2 # Create or update exec auth plugin environment variables for the "cluster\-admin" entry kubectl config set\-credentials cluster\-admin \-\-exec\-env=key1=val1 \-\-exec\-env=key2=val2 # Remove exec auth plugin environment variables for the "cluster\-admin" entry kubectl config set\-credentials cluster\-admin \-\-exec\-env=var\-to\-remove\- .fi .RE .SH SEE ALSO .PP \fBkubectl\-config(1)\fP, .SH HISTORY .PP January 2015, Originally compiled by Eric Paris (eparis at redhat dot com) based on the kubernetes source material, but hopefully they have been automatically generated since!