diff --git a/contrib/completions/bash/oadm b/contrib/completions/bash/oadm index a53849ec45db..858341c44a03 100644 --- a/contrib/completions/bash/oadm +++ b/contrib/completions/bash/oadm @@ -5058,6 +5058,59 @@ _oadm_uncordon() noun_aliases=() } +_oadm_verify-image-signature() +{ + last_command="oadm_verify-image-signature" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--confirm") + local_nonpersistent_flags+=("--confirm") + flags+=("--expected-identity=") + local_nonpersistent_flags+=("--expected-identity=") + flags+=("--public-key=") + local_nonpersistent_flags+=("--public-key=") + flags+=("--remove") + local_nonpersistent_flags+=("--remove") + flags+=("--as=") + flags+=("--azure-container-registry-config=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _oadm_version() { last_command="oadm_version" @@ -5138,6 +5191,7 @@ _oadm() commands+=("taint") commands+=("top") commands+=("uncordon") + commands+=("verify-image-signature") commands+=("version") flags=() diff --git a/contrib/completions/bash/oc b/contrib/completions/bash/oc index 4a0062c8565f..1c0dafbae1de 100644 --- a/contrib/completions/bash/oc +++ b/contrib/completions/bash/oc @@ -5049,6 +5049,57 @@ _oc_adm_uncordon() noun_aliases=() } +_oc_adm_verify-image-signature() +{ + last_command="oc_adm_verify-image-signature" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--confirm") + local_nonpersistent_flags+=("--confirm") + flags+=("--expected-identity=") + local_nonpersistent_flags+=("--expected-identity=") + flags+=("--public-key=") + local_nonpersistent_flags+=("--public-key=") + flags+=("--remove") + local_nonpersistent_flags+=("--remove") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _oc_adm() { last_command="oc_adm" @@ -5084,6 +5135,7 @@ _oc_adm() commands+=("taint") commands+=("top") commands+=("uncordon") + commands+=("verify-image-signature") flags=() two_word_flags=() diff --git a/contrib/completions/bash/openshift b/contrib/completions/bash/openshift index b3aeb3b342af..a8d45a026f38 100644 --- a/contrib/completions/bash/openshift +++ b/contrib/completions/bash/openshift @@ -5058,6 +5058,59 @@ _openshift_admin_uncordon() noun_aliases=() } +_openshift_admin_verify-image-signature() +{ + last_command="openshift_admin_verify-image-signature" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--confirm") + local_nonpersistent_flags+=("--confirm") + flags+=("--expected-identity=") + local_nonpersistent_flags+=("--expected-identity=") + flags+=("--public-key=") + local_nonpersistent_flags+=("--public-key=") + flags+=("--remove") + local_nonpersistent_flags+=("--remove") + flags+=("--as=") + flags+=("--azure-container-registry-config=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _openshift_admin() { last_command="openshift_admin" @@ -5093,6 +5146,7 @@ _openshift_admin() commands+=("taint") commands+=("top") commands+=("uncordon") + commands+=("verify-image-signature") flags=() two_word_flags=() @@ -9968,6 +10022,59 @@ _openshift_cli_adm_uncordon() noun_aliases=() } +_openshift_cli_adm_verify-image-signature() +{ + last_command="openshift_cli_adm_verify-image-signature" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--confirm") + local_nonpersistent_flags+=("--confirm") + flags+=("--expected-identity=") + local_nonpersistent_flags+=("--expected-identity=") + flags+=("--public-key=") + local_nonpersistent_flags+=("--public-key=") + flags+=("--remove") + local_nonpersistent_flags+=("--remove") + flags+=("--as=") + flags+=("--azure-container-registry-config=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _openshift_cli_adm() { last_command="openshift_cli_adm" @@ -10003,6 +10110,7 @@ _openshift_cli_adm() commands+=("taint") commands+=("top") commands+=("uncordon") + commands+=("verify-image-signature") flags=() two_word_flags=() diff --git a/contrib/completions/zsh/oadm b/contrib/completions/zsh/oadm index 1ea013f0ca4a..1da7cc524e65 100644 --- a/contrib/completions/zsh/oadm +++ b/contrib/completions/zsh/oadm @@ -5206,6 +5206,59 @@ _oadm_uncordon() noun_aliases=() } +_oadm_verify-image-signature() +{ + last_command="oadm_verify-image-signature" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--confirm") + local_nonpersistent_flags+=("--confirm") + flags+=("--expected-identity=") + local_nonpersistent_flags+=("--expected-identity=") + flags+=("--public-key=") + local_nonpersistent_flags+=("--public-key=") + flags+=("--remove") + local_nonpersistent_flags+=("--remove") + flags+=("--as=") + flags+=("--azure-container-registry-config=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _oadm_version() { last_command="oadm_version" @@ -5286,6 +5339,7 @@ _oadm() commands+=("taint") commands+=("top") commands+=("uncordon") + commands+=("verify-image-signature") commands+=("version") flags=() diff --git a/contrib/completions/zsh/oc b/contrib/completions/zsh/oc index 2aae7aa0378c..491e3dba32a6 100644 --- a/contrib/completions/zsh/oc +++ b/contrib/completions/zsh/oc @@ -5197,6 +5197,57 @@ _oc_adm_uncordon() noun_aliases=() } +_oc_adm_verify-image-signature() +{ + last_command="oc_adm_verify-image-signature" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--confirm") + local_nonpersistent_flags+=("--confirm") + flags+=("--expected-identity=") + local_nonpersistent_flags+=("--expected-identity=") + flags+=("--public-key=") + local_nonpersistent_flags+=("--public-key=") + flags+=("--remove") + local_nonpersistent_flags+=("--remove") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _oc_adm() { last_command="oc_adm" @@ -5232,6 +5283,7 @@ _oc_adm() commands+=("taint") commands+=("top") commands+=("uncordon") + commands+=("verify-image-signature") flags=() two_word_flags=() diff --git a/contrib/completions/zsh/openshift b/contrib/completions/zsh/openshift index 26542dab20e2..57bfd7d189d7 100644 --- a/contrib/completions/zsh/openshift +++ b/contrib/completions/zsh/openshift @@ -5206,6 +5206,59 @@ _openshift_admin_uncordon() noun_aliases=() } +_openshift_admin_verify-image-signature() +{ + last_command="openshift_admin_verify-image-signature" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--confirm") + local_nonpersistent_flags+=("--confirm") + flags+=("--expected-identity=") + local_nonpersistent_flags+=("--expected-identity=") + flags+=("--public-key=") + local_nonpersistent_flags+=("--public-key=") + flags+=("--remove") + local_nonpersistent_flags+=("--remove") + flags+=("--as=") + flags+=("--azure-container-registry-config=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _openshift_admin() { last_command="openshift_admin" @@ -5241,6 +5294,7 @@ _openshift_admin() commands+=("taint") commands+=("top") commands+=("uncordon") + commands+=("verify-image-signature") flags=() two_word_flags=() @@ -10116,6 +10170,59 @@ _openshift_cli_adm_uncordon() noun_aliases=() } +_openshift_cli_adm_verify-image-signature() +{ + last_command="openshift_cli_adm_verify-image-signature" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--confirm") + local_nonpersistent_flags+=("--confirm") + flags+=("--expected-identity=") + local_nonpersistent_flags+=("--expected-identity=") + flags+=("--public-key=") + local_nonpersistent_flags+=("--public-key=") + flags+=("--remove") + local_nonpersistent_flags+=("--remove") + flags+=("--as=") + flags+=("--azure-container-registry-config=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _openshift_cli_adm() { last_command="openshift_cli_adm" @@ -10151,6 +10258,7 @@ _openshift_cli_adm() commands+=("taint") commands+=("top") commands+=("uncordon") + commands+=("verify-image-signature") flags=() two_word_flags=() diff --git a/docs/generated/oadm_by_example_content.adoc b/docs/generated/oadm_by_example_content.adoc index 1d22f404d7dd..140e397264a9 100644 --- a/docs/generated/oadm_by_example_content.adoc +++ b/docs/generated/oadm_by_example_content.adoc @@ -805,3 +805,16 @@ Mark node as schedulable ==== +== oadm verify-image-signature +Verify that the given IMAGE signature is trusted + +==== + +[options="nowrap"] +---- + # Verify the image signature using the local GNUPG keychan and record the status as a condition to image + verify-image-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 --expected-identity=registry.local:5000/foo/bar:v1 +---- +==== + + diff --git a/docs/generated/oc_by_example_content.adoc b/docs/generated/oc_by_example_content.adoc index 666393b5915a..71a505d3cb99 100644 --- a/docs/generated/oc_by_example_content.adoc +++ b/docs/generated/oc_by_example_content.adoc @@ -805,6 +805,19 @@ Mark node as schedulable ==== +== oc adm verify-image-signature +Verify that the given IMAGE signature is trusted + +==== + +[options="nowrap"] +---- + # Verify the image signature using the local GNUPG keychan and record the status as a condition to image + verify-image-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 --expected-identity=registry.local:5000/foo/bar:v1 +---- +==== + + == oc annotate Update the annotations on a resource diff --git a/docs/man/man1/.files_generated_oadm b/docs/man/man1/.files_generated_oadm index 3458da37b822..f54e00d34b5e 100644 --- a/docs/man/man1/.files_generated_oadm +++ b/docs/man/man1/.files_generated_oadm @@ -89,5 +89,6 @@ oadm-top-node.1 oadm-top-pod.1 oadm-top.1 oadm-uncordon.1 +oadm-verify-image-signature.1 oadm-version.1 oadm.1 diff --git a/docs/man/man1/.files_generated_oc b/docs/man/man1/.files_generated_oc index d63dc88d87a5..4b38a0f6ffa1 100644 --- a/docs/man/man1/.files_generated_oc +++ b/docs/man/man1/.files_generated_oc @@ -89,6 +89,7 @@ oc-adm-top-node.1 oc-adm-top-pod.1 oc-adm-top.1 oc-adm-uncordon.1 +oc-adm-verify-image-signature.1 oc-adm.1 oc-annotate.1 oc-apply.1 diff --git a/docs/man/man1/.files_generated_openshift b/docs/man/man1/.files_generated_openshift index 523c3ea58680..586499fbb380 100644 --- a/docs/man/man1/.files_generated_openshift +++ b/docs/man/man1/.files_generated_openshift @@ -89,6 +89,7 @@ openshift-admin-top-node.1 openshift-admin-top-pod.1 openshift-admin-top.1 openshift-admin-uncordon.1 +openshift-admin-verify-image-signature.1 openshift-admin.1 openshift-cli-adm-build-chain.1 openshift-cli-adm-ca-create-key-pair.1 @@ -181,6 +182,7 @@ openshift-cli-adm-top-node.1 openshift-cli-adm-top-pod.1 openshift-cli-adm-top.1 openshift-cli-adm-uncordon.1 +openshift-cli-adm-verify-image-signature.1 openshift-cli-adm.1 openshift-cli-annotate.1 openshift-cli-apply.1 diff --git a/docs/man/man1/oadm-verify-image-signature.1 b/docs/man/man1/oadm-verify-image-signature.1 new file mode 100644 index 000000000000..6e571fffe839 --- /dev/null +++ b/docs/man/man1/oadm-verify-image-signature.1 @@ -0,0 +1,136 @@ +.TH "OADM" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +oadm verify\-image\-signature \- Verify that the given IMAGE signature is trusted + + +.SH SYNOPSIS +.PP +\fBoadm verify\-image\-signature\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Verifies the imported image signature using the local public key. + +.PP +This command verifies if the signature attached to an image is trusted by using the provided public GPG key. Trusted image means that the image signature was signed by a valid GPG key and the image identity provided by the signature content matches with the image. By default, this command will not record a signature condition back to the Image object but only print the verification status to the console. + +.PP +To record a new condition, you have to pass the "\-\-confirm" flag. + + +.SH OPTIONS +.PP +\fB\-\-confirm\fP=false + If true, the result of the verification will be recorded to an image object. + +.PP +\fB\-\-expected\-identity\fP="" + An expected image docker reference to verify. + +.PP +\fB\-\-public\-key\fP="" + A path to a public GPG key to be used for verification. + +.PP +\fB\-\-remove\fP=false + If set, all signature verifications will be removed from the given image. + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-azure\-container\-registry\-config\fP="" + Path to the file container Azure container registry configuration information. + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + +.PP +\fB\-\-user\fP="" + The name of the kubeconfig user to use + + +.SH EXAMPLE +.PP +.RS + +.nf + # Verify the image signature using the local GNUPG keychan and record the status as a condition to image + verify\-image\-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 \-\-expected\-identity=registry.local:5000/foo/bar:v1 + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBoadm(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/oadm.1 b/docs/man/man1/oadm.1 index 20a6036a9087..137e3b17d256 100644 --- a/docs/man/man1/oadm.1 +++ b/docs/man/man1/oadm.1 @@ -95,7 +95,7 @@ Commands for managing a cluster are exposed here. Many administrative actions in .SH SEE ALSO .PP -\fBoadm\-build\-chain(1)\fP, \fBoadm\-ca(1)\fP, \fBoadm\-certificate(1)\fP, \fBoadm\-completion(1)\fP, \fBoadm\-config(1)\fP, \fBoadm\-cordon(1)\fP, \fBoadm\-create\-api\-client\-config(1)\fP, \fBoadm\-create\-bootstrap\-policy\-file(1)\fP, \fBoadm\-create\-bootstrap\-project\-template(1)\fP, \fBoadm\-create\-error\-template(1)\fP, \fBoadm\-create\-key\-pair(1)\fP, \fBoadm\-create\-kubeconfig(1)\fP, \fBoadm\-create\-login\-template(1)\fP, \fBoadm\-create\-master\-certs(1)\fP, \fBoadm\-create\-node\-config(1)\fP, \fBoadm\-create\-provider\-selection\-template(1)\fP, \fBoadm\-create\-server\-cert(1)\fP, \fBoadm\-create\-signer\-cert(1)\fP, \fBoadm\-diagnostics(1)\fP, \fBoadm\-drain(1)\fP, \fBoadm\-groups(1)\fP, \fBoadm\-ipfailover(1)\fP, \fBoadm\-manage\-node(1)\fP, \fBoadm\-migrate(1)\fP, \fBoadm\-new\-project(1)\fP, \fBoadm\-options(1)\fP, \fBoadm\-overwrite\-policy(1)\fP, \fBoadm\-pod\-network(1)\fP, \fBoadm\-policy(1)\fP, \fBoadm\-prune(1)\fP, \fBoadm\-registry(1)\fP, \fBoadm\-router(1)\fP, \fBoadm\-taint(1)\fP, \fBoadm\-top(1)\fP, \fBoadm\-uncordon(1)\fP, \fBoadm\-version(1)\fP, +\fBoadm\-build\-chain(1)\fP, \fBoadm\-ca(1)\fP, \fBoadm\-certificate(1)\fP, \fBoadm\-completion(1)\fP, \fBoadm\-config(1)\fP, \fBoadm\-cordon(1)\fP, \fBoadm\-create\-api\-client\-config(1)\fP, \fBoadm\-create\-bootstrap\-policy\-file(1)\fP, \fBoadm\-create\-bootstrap\-project\-template(1)\fP, \fBoadm\-create\-error\-template(1)\fP, \fBoadm\-create\-key\-pair(1)\fP, \fBoadm\-create\-kubeconfig(1)\fP, \fBoadm\-create\-login\-template(1)\fP, \fBoadm\-create\-master\-certs(1)\fP, \fBoadm\-create\-node\-config(1)\fP, \fBoadm\-create\-provider\-selection\-template(1)\fP, \fBoadm\-create\-server\-cert(1)\fP, \fBoadm\-create\-signer\-cert(1)\fP, \fBoadm\-diagnostics(1)\fP, \fBoadm\-drain(1)\fP, \fBoadm\-groups(1)\fP, \fBoadm\-ipfailover(1)\fP, \fBoadm\-manage\-node(1)\fP, \fBoadm\-migrate(1)\fP, \fBoadm\-new\-project(1)\fP, \fBoadm\-options(1)\fP, \fBoadm\-overwrite\-policy(1)\fP, \fBoadm\-pod\-network(1)\fP, \fBoadm\-policy(1)\fP, \fBoadm\-prune(1)\fP, \fBoadm\-registry(1)\fP, \fBoadm\-router(1)\fP, \fBoadm\-taint(1)\fP, \fBoadm\-top(1)\fP, \fBoadm\-uncordon(1)\fP, \fBoadm\-verify\-image\-signature(1)\fP, \fBoadm\-version(1)\fP, .SH HISTORY diff --git a/docs/man/man1/oc-adm-verify-image-signature.1 b/docs/man/man1/oc-adm-verify-image-signature.1 new file mode 100644 index 000000000000..b1e0791c7903 --- /dev/null +++ b/docs/man/man1/oc-adm-verify-image-signature.1 @@ -0,0 +1,136 @@ +.TH "OC ADM" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +oc adm verify\-image\-signature \- Verify that the given IMAGE signature is trusted + + +.SH SYNOPSIS +.PP +\fBoc adm verify\-image\-signature\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Verifies the imported image signature using the local public key. + +.PP +This command verifies if the signature attached to an image is trusted by using the provided public GPG key. Trusted image means that the image signature was signed by a valid GPG key and the image identity provided by the signature content matches with the image. By default, this command will not record a signature condition back to the Image object but only print the verification status to the console. + +.PP +To record a new condition, you have to pass the "\-\-confirm" flag. + + +.SH OPTIONS +.PP +\fB\-\-confirm\fP=false + If true, the result of the verification will be recorded to an image object. + +.PP +\fB\-\-expected\-identity\fP="" + An expected image docker reference to verify. + +.PP +\fB\-\-public\-key\fP="" + A path to a public GPG key to be used for verification. + +.PP +\fB\-\-remove\fP=false + If set, all signature verifications will be removed from the given image. + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-azure\-container\-registry\-config\fP="" + Path to the file container Azure container registry configuration information. + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + +.PP +\fB\-\-user\fP="" + The name of the kubeconfig user to use + + +.SH EXAMPLE +.PP +.RS + +.nf + # Verify the image signature using the local GNUPG keychan and record the status as a condition to image + verify\-image\-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 \-\-expected\-identity=registry.local:5000/foo/bar:v1 + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBoc\-adm(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/oc-adm.1 b/docs/man/man1/oc-adm.1 index 34a06ce54993..107ce168ecb2 100644 --- a/docs/man/man1/oc-adm.1 +++ b/docs/man/man1/oc-adm.1 @@ -97,7 +97,7 @@ Commands for managing a cluster are exposed here. Many administrative actions in .SH SEE ALSO .PP -\fBoc(1)\fP, \fBoc\-adm\-build\-chain(1)\fP, \fBoc\-adm\-ca(1)\fP, \fBoc\-adm\-certificate(1)\fP, \fBoc\-adm\-completion(1)\fP, \fBoc\-adm\-config(1)\fP, \fBoc\-adm\-cordon(1)\fP, \fBoc\-adm\-create\-api\-client\-config(1)\fP, \fBoc\-adm\-create\-bootstrap\-policy\-file(1)\fP, \fBoc\-adm\-create\-bootstrap\-project\-template(1)\fP, \fBoc\-adm\-create\-error\-template(1)\fP, \fBoc\-adm\-create\-key\-pair(1)\fP, \fBoc\-adm\-create\-kubeconfig(1)\fP, \fBoc\-adm\-create\-login\-template(1)\fP, \fBoc\-adm\-create\-master\-certs(1)\fP, \fBoc\-adm\-create\-node\-config(1)\fP, \fBoc\-adm\-create\-provider\-selection\-template(1)\fP, \fBoc\-adm\-create\-server\-cert(1)\fP, \fBoc\-adm\-create\-signer\-cert(1)\fP, \fBoc\-adm\-diagnostics(1)\fP, \fBoc\-adm\-drain(1)\fP, \fBoc\-adm\-groups(1)\fP, \fBoc\-adm\-ipfailover(1)\fP, \fBoc\-adm\-manage\-node(1)\fP, \fBoc\-adm\-migrate(1)\fP, \fBoc\-adm\-new\-project(1)\fP, \fBoc\-adm\-options(1)\fP, \fBoc\-adm\-overwrite\-policy(1)\fP, \fBoc\-adm\-pod\-network(1)\fP, \fBoc\-adm\-policy(1)\fP, \fBoc\-adm\-prune(1)\fP, \fBoc\-adm\-registry(1)\fP, \fBoc\-adm\-router(1)\fP, \fBoc\-adm\-taint(1)\fP, \fBoc\-adm\-top(1)\fP, \fBoc\-adm\-uncordon(1)\fP, +\fBoc(1)\fP, \fBoc\-adm\-build\-chain(1)\fP, \fBoc\-adm\-ca(1)\fP, \fBoc\-adm\-certificate(1)\fP, \fBoc\-adm\-completion(1)\fP, \fBoc\-adm\-config(1)\fP, \fBoc\-adm\-cordon(1)\fP, \fBoc\-adm\-create\-api\-client\-config(1)\fP, \fBoc\-adm\-create\-bootstrap\-policy\-file(1)\fP, \fBoc\-adm\-create\-bootstrap\-project\-template(1)\fP, \fBoc\-adm\-create\-error\-template(1)\fP, \fBoc\-adm\-create\-key\-pair(1)\fP, \fBoc\-adm\-create\-kubeconfig(1)\fP, \fBoc\-adm\-create\-login\-template(1)\fP, \fBoc\-adm\-create\-master\-certs(1)\fP, \fBoc\-adm\-create\-node\-config(1)\fP, \fBoc\-adm\-create\-provider\-selection\-template(1)\fP, \fBoc\-adm\-create\-server\-cert(1)\fP, \fBoc\-adm\-create\-signer\-cert(1)\fP, \fBoc\-adm\-diagnostics(1)\fP, \fBoc\-adm\-drain(1)\fP, \fBoc\-adm\-groups(1)\fP, \fBoc\-adm\-ipfailover(1)\fP, \fBoc\-adm\-manage\-node(1)\fP, \fBoc\-adm\-migrate(1)\fP, \fBoc\-adm\-new\-project(1)\fP, \fBoc\-adm\-options(1)\fP, \fBoc\-adm\-overwrite\-policy(1)\fP, \fBoc\-adm\-pod\-network(1)\fP, \fBoc\-adm\-policy(1)\fP, \fBoc\-adm\-prune(1)\fP, \fBoc\-adm\-registry(1)\fP, \fBoc\-adm\-router(1)\fP, \fBoc\-adm\-taint(1)\fP, \fBoc\-adm\-top(1)\fP, \fBoc\-adm\-uncordon(1)\fP, \fBoc\-adm\-verify\-image\-signature(1)\fP, .SH HISTORY diff --git a/docs/man/man1/openshift-admin-verify-image-signature.1 b/docs/man/man1/openshift-admin-verify-image-signature.1 new file mode 100644 index 000000000000..6ab5e35936ca --- /dev/null +++ b/docs/man/man1/openshift-admin-verify-image-signature.1 @@ -0,0 +1,136 @@ +.TH "OPENSHIFT ADMIN" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +openshift admin verify\-image\-signature \- Verify that the given IMAGE signature is trusted + + +.SH SYNOPSIS +.PP +\fBopenshift admin verify\-image\-signature\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Verifies the imported image signature using the local public key. + +.PP +This command verifies if the signature attached to an image is trusted by using the provided public GPG key. Trusted image means that the image signature was signed by a valid GPG key and the image identity provided by the signature content matches with the image. By default, this command will not record a signature condition back to the Image object but only print the verification status to the console. + +.PP +To record a new condition, you have to pass the "\-\-confirm" flag. + + +.SH OPTIONS +.PP +\fB\-\-confirm\fP=false + If true, the result of the verification will be recorded to an image object. + +.PP +\fB\-\-expected\-identity\fP="" + An expected image docker reference to verify. + +.PP +\fB\-\-public\-key\fP="" + A path to a public GPG key to be used for verification. + +.PP +\fB\-\-remove\fP=false + If set, all signature verifications will be removed from the given image. + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-azure\-container\-registry\-config\fP="" + Path to the file container Azure container registry configuration information. + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + +.PP +\fB\-\-user\fP="" + The name of the kubeconfig user to use + + +.SH EXAMPLE +.PP +.RS + +.nf + # Verify the image signature using the local GNUPG keychan and record the status as a condition to image + verify\-image\-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 \-\-expected\-identity=registry.local:5000/foo/bar:v1 + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBopenshift\-admin(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/openshift-admin.1 b/docs/man/man1/openshift-admin.1 index 68979bfc9d49..d88533c87689 100644 --- a/docs/man/man1/openshift-admin.1 +++ b/docs/man/man1/openshift-admin.1 @@ -97,7 +97,7 @@ Commands for managing a cluster are exposed here. Many administrative actions in .SH SEE ALSO .PP -\fBopenshift(1)\fP, \fBopenshift\-admin\-build\-chain(1)\fP, \fBopenshift\-admin\-ca(1)\fP, \fBopenshift\-admin\-certificate(1)\fP, \fBopenshift\-admin\-completion(1)\fP, \fBopenshift\-admin\-config(1)\fP, \fBopenshift\-admin\-cordon(1)\fP, \fBopenshift\-admin\-create\-api\-client\-config(1)\fP, \fBopenshift\-admin\-create\-bootstrap\-policy\-file(1)\fP, \fBopenshift\-admin\-create\-bootstrap\-project\-template(1)\fP, \fBopenshift\-admin\-create\-error\-template(1)\fP, \fBopenshift\-admin\-create\-key\-pair(1)\fP, \fBopenshift\-admin\-create\-kubeconfig(1)\fP, \fBopenshift\-admin\-create\-login\-template(1)\fP, \fBopenshift\-admin\-create\-master\-certs(1)\fP, \fBopenshift\-admin\-create\-node\-config(1)\fP, \fBopenshift\-admin\-create\-provider\-selection\-template(1)\fP, \fBopenshift\-admin\-create\-server\-cert(1)\fP, \fBopenshift\-admin\-create\-signer\-cert(1)\fP, \fBopenshift\-admin\-diagnostics(1)\fP, \fBopenshift\-admin\-drain(1)\fP, \fBopenshift\-admin\-groups(1)\fP, \fBopenshift\-admin\-ipfailover(1)\fP, \fBopenshift\-admin\-manage\-node(1)\fP, \fBopenshift\-admin\-migrate(1)\fP, \fBopenshift\-admin\-new\-project(1)\fP, \fBopenshift\-admin\-options(1)\fP, \fBopenshift\-admin\-overwrite\-policy(1)\fP, \fBopenshift\-admin\-pod\-network(1)\fP, \fBopenshift\-admin\-policy(1)\fP, \fBopenshift\-admin\-prune(1)\fP, \fBopenshift\-admin\-registry(1)\fP, \fBopenshift\-admin\-router(1)\fP, \fBopenshift\-admin\-taint(1)\fP, \fBopenshift\-admin\-top(1)\fP, \fBopenshift\-admin\-uncordon(1)\fP, +\fBopenshift(1)\fP, \fBopenshift\-admin\-build\-chain(1)\fP, \fBopenshift\-admin\-ca(1)\fP, \fBopenshift\-admin\-certificate(1)\fP, \fBopenshift\-admin\-completion(1)\fP, \fBopenshift\-admin\-config(1)\fP, \fBopenshift\-admin\-cordon(1)\fP, \fBopenshift\-admin\-create\-api\-client\-config(1)\fP, \fBopenshift\-admin\-create\-bootstrap\-policy\-file(1)\fP, \fBopenshift\-admin\-create\-bootstrap\-project\-template(1)\fP, \fBopenshift\-admin\-create\-error\-template(1)\fP, \fBopenshift\-admin\-create\-key\-pair(1)\fP, \fBopenshift\-admin\-create\-kubeconfig(1)\fP, \fBopenshift\-admin\-create\-login\-template(1)\fP, \fBopenshift\-admin\-create\-master\-certs(1)\fP, \fBopenshift\-admin\-create\-node\-config(1)\fP, \fBopenshift\-admin\-create\-provider\-selection\-template(1)\fP, \fBopenshift\-admin\-create\-server\-cert(1)\fP, \fBopenshift\-admin\-create\-signer\-cert(1)\fP, \fBopenshift\-admin\-diagnostics(1)\fP, \fBopenshift\-admin\-drain(1)\fP, \fBopenshift\-admin\-groups(1)\fP, \fBopenshift\-admin\-ipfailover(1)\fP, \fBopenshift\-admin\-manage\-node(1)\fP, \fBopenshift\-admin\-migrate(1)\fP, \fBopenshift\-admin\-new\-project(1)\fP, \fBopenshift\-admin\-options(1)\fP, \fBopenshift\-admin\-overwrite\-policy(1)\fP, \fBopenshift\-admin\-pod\-network(1)\fP, \fBopenshift\-admin\-policy(1)\fP, \fBopenshift\-admin\-prune(1)\fP, \fBopenshift\-admin\-registry(1)\fP, \fBopenshift\-admin\-router(1)\fP, \fBopenshift\-admin\-taint(1)\fP, \fBopenshift\-admin\-top(1)\fP, \fBopenshift\-admin\-uncordon(1)\fP, \fBopenshift\-admin\-verify\-image\-signature(1)\fP, .SH HISTORY diff --git a/docs/man/man1/openshift-cli-adm-verify-image-signature.1 b/docs/man/man1/openshift-cli-adm-verify-image-signature.1 new file mode 100644 index 000000000000..7fe005b281db --- /dev/null +++ b/docs/man/man1/openshift-cli-adm-verify-image-signature.1 @@ -0,0 +1,136 @@ +.TH "OPENSHIFT CLI ADM" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +openshift cli adm verify\-image\-signature \- Verify that the given IMAGE signature is trusted + + +.SH SYNOPSIS +.PP +\fBopenshift cli adm verify\-image\-signature\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Verifies the imported image signature using the local public key. + +.PP +This command verifies if the signature attached to an image is trusted by using the provided public GPG key. Trusted image means that the image signature was signed by a valid GPG key and the image identity provided by the signature content matches with the image. By default, this command will not record a signature condition back to the Image object but only print the verification status to the console. + +.PP +To record a new condition, you have to pass the "\-\-confirm" flag. + + +.SH OPTIONS +.PP +\fB\-\-confirm\fP=false + If true, the result of the verification will be recorded to an image object. + +.PP +\fB\-\-expected\-identity\fP="" + An expected image docker reference to verify. + +.PP +\fB\-\-public\-key\fP="" + A path to a public GPG key to be used for verification. + +.PP +\fB\-\-remove\fP=false + If set, all signature verifications will be removed from the given image. + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-azure\-container\-registry\-config\fP="" + Path to the file container Azure container registry configuration information. + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + +.PP +\fB\-\-user\fP="" + The name of the kubeconfig user to use + + +.SH EXAMPLE +.PP +.RS + +.nf + # Verify the image signature using the local GNUPG keychan and record the status as a condition to image + verify\-image\-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 \-\-expected\-identity=registry.local:5000/foo/bar:v1 + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBopenshift\-cli\-adm(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/openshift-cli-adm.1 b/docs/man/man1/openshift-cli-adm.1 index 2b49fcf11bfa..1f7ce487bebc 100644 --- a/docs/man/man1/openshift-cli-adm.1 +++ b/docs/man/man1/openshift-cli-adm.1 @@ -97,7 +97,7 @@ Commands for managing a cluster are exposed here. Many administrative actions in .SH SEE ALSO .PP -\fBopenshift\-cli(1)\fP, \fBopenshift\-cli\-adm\-build\-chain(1)\fP, \fBopenshift\-cli\-adm\-ca(1)\fP, \fBopenshift\-cli\-adm\-certificate(1)\fP, \fBopenshift\-cli\-adm\-completion(1)\fP, \fBopenshift\-cli\-adm\-config(1)\fP, \fBopenshift\-cli\-adm\-cordon(1)\fP, \fBopenshift\-cli\-adm\-create\-api\-client\-config(1)\fP, \fBopenshift\-cli\-adm\-create\-bootstrap\-policy\-file(1)\fP, \fBopenshift\-cli\-adm\-create\-bootstrap\-project\-template(1)\fP, \fBopenshift\-cli\-adm\-create\-error\-template(1)\fP, \fBopenshift\-cli\-adm\-create\-key\-pair(1)\fP, \fBopenshift\-cli\-adm\-create\-kubeconfig(1)\fP, \fBopenshift\-cli\-adm\-create\-login\-template(1)\fP, \fBopenshift\-cli\-adm\-create\-master\-certs(1)\fP, \fBopenshift\-cli\-adm\-create\-node\-config(1)\fP, \fBopenshift\-cli\-adm\-create\-provider\-selection\-template(1)\fP, \fBopenshift\-cli\-adm\-create\-server\-cert(1)\fP, \fBopenshift\-cli\-adm\-create\-signer\-cert(1)\fP, \fBopenshift\-cli\-adm\-diagnostics(1)\fP, \fBopenshift\-cli\-adm\-drain(1)\fP, \fBopenshift\-cli\-adm\-groups(1)\fP, \fBopenshift\-cli\-adm\-ipfailover(1)\fP, \fBopenshift\-cli\-adm\-manage\-node(1)\fP, \fBopenshift\-cli\-adm\-migrate(1)\fP, \fBopenshift\-cli\-adm\-new\-project(1)\fP, \fBopenshift\-cli\-adm\-options(1)\fP, \fBopenshift\-cli\-adm\-overwrite\-policy(1)\fP, \fBopenshift\-cli\-adm\-pod\-network(1)\fP, \fBopenshift\-cli\-adm\-policy(1)\fP, \fBopenshift\-cli\-adm\-prune(1)\fP, \fBopenshift\-cli\-adm\-registry(1)\fP, \fBopenshift\-cli\-adm\-router(1)\fP, \fBopenshift\-cli\-adm\-taint(1)\fP, \fBopenshift\-cli\-adm\-top(1)\fP, \fBopenshift\-cli\-adm\-uncordon(1)\fP, +\fBopenshift\-cli(1)\fP, \fBopenshift\-cli\-adm\-build\-chain(1)\fP, \fBopenshift\-cli\-adm\-ca(1)\fP, \fBopenshift\-cli\-adm\-certificate(1)\fP, \fBopenshift\-cli\-adm\-completion(1)\fP, \fBopenshift\-cli\-adm\-config(1)\fP, \fBopenshift\-cli\-adm\-cordon(1)\fP, \fBopenshift\-cli\-adm\-create\-api\-client\-config(1)\fP, \fBopenshift\-cli\-adm\-create\-bootstrap\-policy\-file(1)\fP, \fBopenshift\-cli\-adm\-create\-bootstrap\-project\-template(1)\fP, \fBopenshift\-cli\-adm\-create\-error\-template(1)\fP, \fBopenshift\-cli\-adm\-create\-key\-pair(1)\fP, \fBopenshift\-cli\-adm\-create\-kubeconfig(1)\fP, \fBopenshift\-cli\-adm\-create\-login\-template(1)\fP, \fBopenshift\-cli\-adm\-create\-master\-certs(1)\fP, \fBopenshift\-cli\-adm\-create\-node\-config(1)\fP, \fBopenshift\-cli\-adm\-create\-provider\-selection\-template(1)\fP, \fBopenshift\-cli\-adm\-create\-server\-cert(1)\fP, \fBopenshift\-cli\-adm\-create\-signer\-cert(1)\fP, \fBopenshift\-cli\-adm\-diagnostics(1)\fP, \fBopenshift\-cli\-adm\-drain(1)\fP, \fBopenshift\-cli\-adm\-groups(1)\fP, \fBopenshift\-cli\-adm\-ipfailover(1)\fP, \fBopenshift\-cli\-adm\-manage\-node(1)\fP, \fBopenshift\-cli\-adm\-migrate(1)\fP, \fBopenshift\-cli\-adm\-new\-project(1)\fP, \fBopenshift\-cli\-adm\-options(1)\fP, \fBopenshift\-cli\-adm\-overwrite\-policy(1)\fP, \fBopenshift\-cli\-adm\-pod\-network(1)\fP, \fBopenshift\-cli\-adm\-policy(1)\fP, \fBopenshift\-cli\-adm\-prune(1)\fP, \fBopenshift\-cli\-adm\-registry(1)\fP, \fBopenshift\-cli\-adm\-router(1)\fP, \fBopenshift\-cli\-adm\-taint(1)\fP, \fBopenshift\-cli\-adm\-top(1)\fP, \fBopenshift\-cli\-adm\-uncordon(1)\fP, \fBopenshift\-cli\-adm\-verify\-image\-signature(1)\fP, .SH HISTORY