cbopcfg
|
The |
Installation
Make sure that you have downloaded the Operator package and unpacked it.
After you unpack the download, the resulting directory will be titled something like couchbase-autonomous-operator-kubernetes_x.x.x-linux_x86_64.
-
macOS
-
Linux
-
Windows
-
Open a Terminal window and go to the directory where the
cbopcfgbinary is located:$ cd couchbase-autonomous-operator-kubernetes_x.x.x-macos_x86_64/bin/ -
Make the
cbopcfgbinary executable:$ chmod +x ./cbopcfg -
Move the binary into your PATH:
$ sudo mv ./cbopcfg /usr/local/bin/cbopcfg
On newer versions of macOS, you may encounter errors such as cannot execute binary file when trying to use the tools included in the Autonomous Operator package.
If you encounter such an error, you’ll need to update your security settings as outlined in Apple’s support article on macOS Gatekeeper.
In System Preferences, click Security & Privacy, then click General.
Click the lock and enter your password to make changes.
Select App Store and identified developers under the header “Allow apps downloaded from.”
|
-
Open a command prompt and go to the directory where the
cbopcfgbinary is located:$ cd couchbase-autonomous-operator-kubernetes_x.x.x-linux_x86_64/bin/ -
Make the
cbopcfgbinary executable:$ chmod +x ./cbopcfg -
Move the binary into your PATH:
$ sudo mv ./cbopcfg /usr/local/bin/cbopcfg
-
Open a command prompt and go to the directory where the
cbopcfgbinary is located:$ cd couchbase-autonomous-operator-kubernetes_x.x.x-windows_x86_64\bin\ -
Add the
cbopcfgbinary into your PATH.
cbopcfg
Couchbase Autonomous Operator configuration utility.
The cbopcfg tool is used to automate the life-cycle of the Autonomous Operator. It is responsible for creation and deletion of Autonomous Operator components. A typical installation involves installing the Couchbase custom resource definitions, then the Dynamic Admission Controller, and finally the Operator itself.
Additional details for each component are documented under each sub-command.
Alternative methods of life-cycle management are available in the form of Helm charts and the Couchbase Open Service Broker.
cbopcfg create admission [flags]
Creates the dynamic admission controller.
The DAC is designed to be deployed at the cluster scope (default). It monitors Couchbase resources as they are created and modified, accepting, or rejecting them, before they are persisted in etcd.
Use of the DAC is encouraged as it will report any configuration errors that are specific to deployment of Couchbase resources that aren’t available by default in the Kubernetes API. For example, this includes validating memory quotas are satisfiable, TLS certificates are correctly configured, and any resources referenced actually exist.
Examples
# Create admission controller (recommended).
cbopcfg create admission
# Create admission controller scoped to a namespace.
cbopcfg create admission --scope namespace --namespace-selector key=value
# Create admission controller with custom image and secure image registry.
cbopcfg create admission --image acme.corp/admission:1.0.0 --image-pull-secret secret-name
# Create admission controller without secret access.
cbopcfg create admission --validate-secrets=false
# Create admission controller with debug logging.
cbopcfg create admission --log-level debugFlags
- --cpu-limit
-
Type: quantity
Default: 1
CPU limit for constraining, only valid when used with --with-resources
- --cpu-request
-
Type: quantity
Default: 500m
CPU requested for scheduling, only valid when used with --with-resources
- --image
-
Type: string
Default: couchbase/admission-controller:
Operator image to use
- --image-pull-policy
-
Type: string
Default: IfNotPresent
Image pull policy to affect when the image is downloaded.
- --image-pull-secret
-
Type: string
Image pull secret to allow access to the operator image
- --log-level
-
Type: string
Default: info
Log level to generate logs at. "info", or "0", prints basic operations. "debug", or "1" prints extended information.
- --memory-limit
-
Type: quantity
Default: 200Mi
Memory limit for constraining, only valid when used with --with-resources
- --memory-request
-
Type: quantity
Default: 100Mi
Memory requested for scheduling, only valid when used with --with-resources
- --namespace-selector
-
Type: map
Required namespace selector to use when scope is set to 'namespace'. Format label=value[,label=value].
- --replicas
-
Type: int
Default: 1
The number of replicas in the deployment
- --scope
-
Type: string
Default: cluster
Whether to scope the Operator to a 'namespace' or to the 'cluster'.
- --validate-secrets
-
Type: bool
Default: true
Validates secrets referenced by Couchbase resources, and their contents e.g. TLS configuration, for validity
- --validate-storage-classes
-
Type: bool
Default: true
Validates storage classes referenced by Couchbase resources
- --with-resources
-
Type: bool
Default: false
Populates pod resource requests and limits
Inherited Flags
- --as
-
Type: string
Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
- --as-group
-
Type: stringArray
Default: []
Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
- --as-uid
-
Type: string
UID to impersonate for the operation.
- --cache-dir
-
Type: string
Default: $HOME/.kube/cache
Default cache directory
- --certificate-authority
-
Type: string
Path to a cert file for the certificate authority
- --client-certificate
-
Type: string
Path to a client certificate file for TLS
- --client-key
-
Type: string
Path to a client key file for TLS
- --cluster
-
Type: string
The name of the kubeconfig cluster to use
- --context
-
Type: string
The name of the kubeconfig context to use
- --disable-compression
-
Type: bool
Default: false
If true, opt-out of response compression for all requests to the server
- --insecure-skip-tls-verify
-
Type: bool
Default: false
If true, the server’s certificate will not be checked for validity. This will make your HTTPS connections insecure
- --kubeconfig
-
Type: string
Path to the kubeconfig file to use for CLI requests.
- --namespace, -n
-
Type: string
If present, the namespace scope for this CLI request
- --request-timeout
-
Type: string
Default: 0
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don’t timeout requests.
- --server, -s
-
Type: string
The address and port of the Kubernetes API server
- --tls-server-name
-
Type: string
Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
- --token
-
Type: string
Bearer token for authentication to the API server
- --user
-
Type: string
The name of the kubeconfig user to use
cbopcfg create backup [flags]
Creates backup roles.
Flags
- --iam-role-arn
-
Type: string
Adds the IAM Role ARN to the backup service account’s annotation. e.g arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>
Inherited Flags
- --as
-
Type: string
Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
- --as-group
-
Type: stringArray
Default: []
Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
- --as-uid
-
Type: string
UID to impersonate for the operation.
- --cache-dir
-
Type: string
Default: $HOME/.kube/cache
Default cache directory
- --certificate-authority
-
Type: string
Path to a cert file for the certificate authority
- --client-certificate
-
Type: string
Path to a client certificate file for TLS
- --client-key
-
Type: string
Path to a client key file for TLS
- --cluster
-
Type: string
The name of the kubeconfig cluster to use
- --context
-
Type: string
The name of the kubeconfig context to use
- --disable-compression
-
Type: bool
Default: false
If true, opt-out of response compression for all requests to the server
- --insecure-skip-tls-verify
-
Type: bool
Default: false
If true, the server’s certificate will not be checked for validity. This will make your HTTPS connections insecure
- --kubeconfig
-
Type: string
Path to the kubeconfig file to use for CLI requests.
- --namespace, -n
-
Type: string
If present, the namespace scope for this CLI request
- --request-timeout
-
Type: string
Default: 0
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don’t timeout requests.
- --server, -s
-
Type: string
The address and port of the Kubernetes API server
- --tls-server-name
-
Type: string
Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
- --token
-
Type: string
Bearer token for authentication to the API server
- --user
-
Type: string
The name of the kubeconfig user to use
cbopcfg create operator [flags]
Creates the Couchbase Autonomous Operator.
The Operator is designed to be run at the namespace scope (default). It watches for creation of CouchbaseCluster resources in that namespace and provides automated provisioning, management and disaster recovery of Couchbase Server.
Examples
# Create operator (recommended).
cbopcfg create operator
# Create operator scoped to the cluster.
cbopcfg create operator --scope cluster
# Create operator with a custom image and secure image registry.
cbopcfg create operator --image acme.corp/operator:1.0.0 --image-pull-secret secret-name
# Create operator with debug logging.
cbopcfg create operator --log-level debug
# Create operator with extended timeouts (for slow platforms).
cbopcfg create operator --pod-creation-timeout 1hFlags
- --cpu-limit
-
Type: quantity
Default: 1
CPU limit for constraining
- --cpu-request
-
Type: quantity
Default: 500m
CPU requested for scheduling
- --image
-
Type: string
Default: couchbase/operator:
Operator image to use.
- --image-pull-policy
-
Type: string
Default: IfNotPresent
Image pull policy to affect when the image is downloaded.
- --image-pull-secret
-
Type: string
Image pull secret to allow access to the operator image.
- --log-level
-
Type: string
Default: info
Log level to generate logs at. "info", or "0", prints basic operations. "debug", or "1" prints extended information and API calls. "2" prints very detailed logs, including full API payloads that may contain passwords and keys.
- --memory-limit
-
Type: quantity
Default: 400Mi
Memory limit for constraining
- --memory-request
-
Type: quantity
Default: 200Mi
Memory requested for scheduling
- --pod-creation-timeout
-
Type: string
Default: 10m0s
How long to wait before declaring an error when provisioning a pod.
- --pod-delete-delay
-
Type: string
Default: 0s
How long to wait before performing a delete on a failed pod.
- --pod-readiness-delay
-
Type: string
Default: 10s
How long to wait before starting readiness probes on server pods.
- --pod-readiness-period
-
Type: string
Default: 20s
How long to wait between readiness probes on server pods.
- --scope
-
Type: string
Default: namespace
Whether to scope the Operator to a 'namespace' or to the 'cluster'.
- --with-resources
-
Type: bool
Default: false
Populates pod resource requests and limits
Inherited Flags
- --as
-
Type: string
Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
- --as-group
-
Type: stringArray
Default: []
Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
- --as-uid
-
Type: string
UID to impersonate for the operation.
- --cache-dir
-
Type: string
Default: $HOME/.kube/cache
Default cache directory
- --certificate-authority
-
Type: string
Path to a cert file for the certificate authority
- --client-certificate
-
Type: string
Path to a client certificate file for TLS
- --client-key
-
Type: string
Path to a client key file for TLS
- --cluster
-
Type: string
The name of the kubeconfig cluster to use
- --context
-
Type: string
The name of the kubeconfig context to use
- --disable-compression
-
Type: bool
Default: false
If true, opt-out of response compression for all requests to the server
- --insecure-skip-tls-verify
-
Type: bool
Default: false
If true, the server’s certificate will not be checked for validity. This will make your HTTPS connections insecure
- --kubeconfig
-
Type: string
Path to the kubeconfig file to use for CLI requests.
- --namespace, -n
-
Type: string
If present, the namespace scope for this CLI request
- --request-timeout
-
Type: string
Default: 0
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don’t timeout requests.
- --server, -s
-
Type: string
The address and port of the Kubernetes API server
- --tls-server-name
-
Type: string
Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
- --token
-
Type: string
Bearer token for authentication to the API server
- --user
-
Type: string
The name of the kubeconfig user to use
cbopcfg delete admission [flags]
Deletes the dynamic admission controller.
Examples
# Delete admission controller (recommended).
cbopcfg delete admission
# Delete admission controller scoped to a namespace.
cbopcfg delete admission --scope namespaceFlags
- --scope
-
Type: string
Default: cluster
Whether to scope the Operator to a 'namespace' or to the 'cluster'.
Inherited Flags
- --as
-
Type: string
Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
- --as-group
-
Type: stringArray
Default: []
Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
- --as-uid
-
Type: string
UID to impersonate for the operation.
- --cache-dir
-
Type: string
Default: $HOME/.kube/cache
Default cache directory
- --certificate-authority
-
Type: string
Path to a cert file for the certificate authority
- --client-certificate
-
Type: string
Path to a client certificate file for TLS
- --client-key
-
Type: string
Path to a client key file for TLS
- --cluster
-
Type: string
The name of the kubeconfig cluster to use
- --context
-
Type: string
The name of the kubeconfig context to use
- --disable-compression
-
Type: bool
Default: false
If true, opt-out of response compression for all requests to the server
- --insecure-skip-tls-verify
-
Type: bool
Default: false
If true, the server’s certificate will not be checked for validity. This will make your HTTPS connections insecure
- --kubeconfig
-
Type: string
Path to the kubeconfig file to use for CLI requests.
- --namespace, -n
-
Type: string
If present, the namespace scope for this CLI request
- --request-timeout
-
Type: string
Default: 0
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don’t timeout requests.
- --server, -s
-
Type: string
The address and port of the Kubernetes API server
- --tls-server-name
-
Type: string
Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
- --token
-
Type: string
Bearer token for authentication to the API server
- --user
-
Type: string
The name of the kubeconfig user to use
cbopcfg delete backup
Deletes backup roles.
Inherited Flags
- --as
-
Type: string
Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
- --as-group
-
Type: stringArray
Default: []
Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
- --as-uid
-
Type: string
UID to impersonate for the operation.
- --cache-dir
-
Type: string
Default: $HOME/.kube/cache
Default cache directory
- --certificate-authority
-
Type: string
Path to a cert file for the certificate authority
- --client-certificate
-
Type: string
Path to a client certificate file for TLS
- --client-key
-
Type: string
Path to a client key file for TLS
- --cluster
-
Type: string
The name of the kubeconfig cluster to use
- --context
-
Type: string
The name of the kubeconfig context to use
- --disable-compression
-
Type: bool
Default: false
If true, opt-out of response compression for all requests to the server
- --insecure-skip-tls-verify
-
Type: bool
Default: false
If true, the server’s certificate will not be checked for validity. This will make your HTTPS connections insecure
- --kubeconfig
-
Type: string
Path to the kubeconfig file to use for CLI requests.
- --namespace, -n
-
Type: string
If present, the namespace scope for this CLI request
- --request-timeout
-
Type: string
Default: 0
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don’t timeout requests.
- --server, -s
-
Type: string
The address and port of the Kubernetes API server
- --tls-server-name
-
Type: string
Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
- --token
-
Type: string
Bearer token for authentication to the API server
- --user
-
Type: string
The name of the kubeconfig user to use
cbopcfg delete operator [flags]
Deletes the Couchbase Autonomous Operator.
Examples
# Delete operator (recommended).
cbopcfg delete operator
# Delete operator scoped to the cluster.
cbopcfg delete operator --scope clusterFlags
- --scope
-
Type: string
Default: namespace
Whether to scope the Operator to a 'namespace' or to the 'cluster'.
Inherited Flags
- --as
-
Type: string
Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
- --as-group
-
Type: stringArray
Default: []
Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
- --as-uid
-
Type: string
UID to impersonate for the operation.
- --cache-dir
-
Type: string
Default: $HOME/.kube/cache
Default cache directory
- --certificate-authority
-
Type: string
Path to a cert file for the certificate authority
- --client-certificate
-
Type: string
Path to a client certificate file for TLS
- --client-key
-
Type: string
Path to a client key file for TLS
- --cluster
-
Type: string
The name of the kubeconfig cluster to use
- --context
-
Type: string
The name of the kubeconfig context to use
- --disable-compression
-
Type: bool
Default: false
If true, opt-out of response compression for all requests to the server
- --insecure-skip-tls-verify
-
Type: bool
Default: false
If true, the server’s certificate will not be checked for validity. This will make your HTTPS connections insecure
- --kubeconfig
-
Type: string
Path to the kubeconfig file to use for CLI requests.
- --namespace, -n
-
Type: string
If present, the namespace scope for this CLI request
- --request-timeout
-
Type: string
Default: 0
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don’t timeout requests.
- --server, -s
-
Type: string
The address and port of the Kubernetes API server
- --tls-server-name
-
Type: string
Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
- --token
-
Type: string
Bearer token for authentication to the API server
- --user
-
Type: string
The name of the kubeconfig user to use
cbopcfg generate admission [flags]
Generates YAML for the dynamic admission controller.
The DAC is designed to be deployed at the cluster scope (default). It monitors Couchbase resources as they are created and modified, accepting, or rejecting them, before they are persisted in etcd.
Use of the DAC is encouraged as it will report any configuration errors that are specific to deployment of Couchbase resources that aren’t available by default in the Kubernetes API. For example, this includes validating memory quotas are satisfiable, TLS certificates are correctly configured, and any resources referenced actually exist.
Examples
# Create admission controller (recommended).
cbopcfg generate admission
# Create admission controller scoped to a namespace.
cbopcfg generate admission --scope namespace --namespace-selector key=value
# Create admission controller with custom image and secure image registry.
cbopcfg generate admission --image acme.corp/admission:1.0.0 --image-pull-secret secret-name
# Create admission controller without secret access.
cbopcfg generate admission --validate-secrets=false
# Create admission controller with debug logging.
cbopcfg generate admission --log-level debugFlags
- --cpu-limit
-
Type: quantity
Default: 1
CPU limit for constraining, only valid when used with --with-resources
- --cpu-request
-
Type: quantity
Default: 500m
CPU requested for scheduling, only valid when used with --with-resources
- --image
-
Type: string
Default: couchbase/admission-controller:
Operator image to use
- --image-pull-policy
-
Type: string
Default: IfNotPresent
Image pull policy to affect when the image is downloaded.
- --image-pull-secret
-
Type: string
Image pull secret to allow access to the operator image
- --log-level
-
Type: string
Default: info
Log level to generate logs at. "info", or "0", prints basic operations. "debug", or "1" prints extended information.
- --memory-limit
-
Type: quantity
Default: 200Mi
Memory limit for constraining, only valid when used with --with-resources
- --memory-request
-
Type: quantity
Default: 100Mi
Memory requested for scheduling, only valid when used with --with-resources
- --namespace-selector
-
Type: map
Required namespace selector to use when scope is set to 'namespace'. Format label=value[,label=value].
- --replicas
-
Type: int
Default: 1
The number of replicas in the deployment
- --scope
-
Type: string
Default: cluster
Whether to scope the Operator to a 'namespace' or to the 'cluster'.
- --validate-secrets
-
Type: bool
Default: true
Validates secrets referenced by Couchbase resources, and their contents e.g. TLS configuration, for validity
- --validate-storage-classes
-
Type: bool
Default: true
Validates storage classes referenced by Couchbase resources
- --with-resources
-
Type: bool
Default: false
Populates pod resource requests and limits
Inherited Flags
- --as
-
Type: string
Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
- --as-group
-
Type: stringArray
Default: []
Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
- --as-uid
-
Type: string
UID to impersonate for the operation.
- --cache-dir
-
Type: string
Default: $HOME/.kube/cache
Default cache directory
- --certificate-authority
-
Type: string
Path to a cert file for the certificate authority
- --client-certificate
-
Type: string
Path to a client certificate file for TLS
- --client-key
-
Type: string
Path to a client key file for TLS
- --cluster
-
Type: string
The name of the kubeconfig cluster to use
- --context
-
Type: string
The name of the kubeconfig context to use
- --disable-compression
-
Type: bool
Default: false
If true, opt-out of response compression for all requests to the server
- --insecure-skip-tls-verify
-
Type: bool
Default: false
If true, the server’s certificate will not be checked for validity. This will make your HTTPS connections insecure
- --kubeconfig
-
Type: string
Path to the kubeconfig file to use for CLI requests.
- --namespace, -n
-
Type: string
If present, the namespace scope for this CLI request
- --request-timeout
-
Type: string
Default: 0
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don’t timeout requests.
- --server, -s
-
Type: string
The address and port of the Kubernetes API server
- --tls-server-name
-
Type: string
Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
- --token
-
Type: string
Bearer token for authentication to the API server
- --user
-
Type: string
The name of the kubeconfig user to use
cbopcfg generate backup [flags]
Generates YAML for backup jobs.
Flags
- --iam-role-arn
-
Type: string
Adds the IAM Role ARN to the backup service account’s annotation. e.g arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>
Inherited Flags
- --as
-
Type: string
Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
- --as-group
-
Type: stringArray
Default: []
Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
- --as-uid
-
Type: string
UID to impersonate for the operation.
- --cache-dir
-
Type: string
Default: $HOME/.kube/cache
Default cache directory
- --certificate-authority
-
Type: string
Path to a cert file for the certificate authority
- --client-certificate
-
Type: string
Path to a client certificate file for TLS
- --client-key
-
Type: string
Path to a client key file for TLS
- --cluster
-
Type: string
The name of the kubeconfig cluster to use
- --context
-
Type: string
The name of the kubeconfig context to use
- --disable-compression
-
Type: bool
Default: false
If true, opt-out of response compression for all requests to the server
- --insecure-skip-tls-verify
-
Type: bool
Default: false
If true, the server’s certificate will not be checked for validity. This will make your HTTPS connections insecure
- --kubeconfig
-
Type: string
Path to the kubeconfig file to use for CLI requests.
- --namespace, -n
-
Type: string
If present, the namespace scope for this CLI request
- --request-timeout
-
Type: string
Default: 0
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don’t timeout requests.
- --server, -s
-
Type: string
The address and port of the Kubernetes API server
- --tls-server-name
-
Type: string
Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
- --token
-
Type: string
Bearer token for authentication to the API server
- --user
-
Type: string
The name of the kubeconfig user to use
cbopcfg generate operator [flags]
Generates YAML for the Couchbase Autonomous Operator.
The Operator is designed to be run at the namespace scope (default). It watches for creation of CouchbaseCluster resources in that namespace and provides automated provisioning, management and disaster recovery of Couchbase Server.
Examples
# Create operator (recommended).
cbopcfg generate operator
# Create operator scoped to the cluster.
cbopcfg generate operator --scope cluster
# Create operator with a custom image and secure image registry.
cbopcfg generate operator --image acme.corp/operator:1.0.0 --image-pull-secret secret-name
# Create operator with debug logging.
cbopcfg generate operator --log-level debug
# Create operator with extended timeouts (for slow platforms).
cbopcfg generate operator --pod-creation-timeout 1hFlags
- --cpu-limit
-
Type: quantity
Default: 1
CPU limit for constraining
- --cpu-request
-
Type: quantity
Default: 500m
CPU requested for scheduling
- --image
-
Type: string
Default: couchbase/operator:
Operator image to use.
- --image-pull-policy
-
Type: string
Default: IfNotPresent
Image pull policy to affect when the image is downloaded.
- --image-pull-secret
-
Type: string
Image pull secret to allow access to the operator image.
- --log-level
-
Type: string
Default: info
Log level to generate logs at. "info", or "0", prints basic operations. "debug", or "1" prints extended information and API calls. "2" prints very detailed logs, including full API payloads that may contain passwords and keys.
- --memory-limit
-
Type: quantity
Default: 400Mi
Memory limit for constraining
- --memory-request
-
Type: quantity
Default: 200Mi
Memory requested for scheduling
- --pod-creation-timeout
-
Type: string
Default: 10m0s
How long to wait before declaring an error when provisioning a pod.
- --pod-delete-delay
-
Type: string
Default: 0s
How long to wait before performing a delete on a failed pod.
- --pod-readiness-delay
-
Type: string
Default: 10s
How long to wait before starting readiness probes on server pods.
- --pod-readiness-period
-
Type: string
Default: 20s
How long to wait between readiness probes on server pods.
- --scope
-
Type: string
Default: namespace
Whether to scope the Operator to a 'namespace' or to the 'cluster'.
- --with-resources
-
Type: bool
Default: false
Populates pod resource requests and limits
Inherited Flags
- --as
-
Type: string
Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
- --as-group
-
Type: stringArray
Default: []
Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
- --as-uid
-
Type: string
UID to impersonate for the operation.
- --cache-dir
-
Type: string
Default: $HOME/.kube/cache
Default cache directory
- --certificate-authority
-
Type: string
Path to a cert file for the certificate authority
- --client-certificate
-
Type: string
Path to a client certificate file for TLS
- --client-key
-
Type: string
Path to a client key file for TLS
- --cluster
-
Type: string
The name of the kubeconfig cluster to use
- --context
-
Type: string
The name of the kubeconfig context to use
- --disable-compression
-
Type: bool
Default: false
If true, opt-out of response compression for all requests to the server
- --insecure-skip-tls-verify
-
Type: bool
Default: false
If true, the server’s certificate will not be checked for validity. This will make your HTTPS connections insecure
- --kubeconfig
-
Type: string
Path to the kubeconfig file to use for CLI requests.
- --namespace, -n
-
Type: string
If present, the namespace scope for this CLI request
- --request-timeout
-
Type: string
Default: 0
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don’t timeout requests.
- --server, -s
-
Type: string
The address and port of the Kubernetes API server
- --tls-server-name
-
Type: string
Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
- --token
-
Type: string
Bearer token for authentication to the API server
- --user
-
Type: string
The name of the kubeconfig user to use
cbopcfg update webhook [flags]
refreshes the self signed certificate used by the validating webhook.
Flags
- --scope
-
Type: string
Default: cluster
Whether to scope the Operator to a 'namespace' or to the 'cluster'.
Inherited Flags
- --as
-
Type: string
Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
- --as-group
-
Type: stringArray
Default: []
Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
- --as-uid
-
Type: string
UID to impersonate for the operation.
- --cache-dir
-
Type: string
Default: $HOME/.kube/cache
Default cache directory
- --certificate-authority
-
Type: string
Path to a cert file for the certificate authority
- --client-certificate
-
Type: string
Path to a client certificate file for TLS
- --client-key
-
Type: string
Path to a client key file for TLS
- --cluster
-
Type: string
The name of the kubeconfig cluster to use
- --context
-
Type: string
The name of the kubeconfig context to use
- --disable-compression
-
Type: bool
Default: false
If true, opt-out of response compression for all requests to the server
- --insecure-skip-tls-verify
-
Type: bool
Default: false
If true, the server’s certificate will not be checked for validity. This will make your HTTPS connections insecure
- --kubeconfig
-
Type: string
Path to the kubeconfig file to use for CLI requests.
- --namespace, -n
-
Type: string
If present, the namespace scope for this CLI request
- --request-timeout
-
Type: string
Default: 0
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don’t timeout requests.
- --server, -s
-
Type: string
The address and port of the Kubernetes API server
- --tls-server-name
-
Type: string
Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
- --token
-
Type: string
Bearer token for authentication to the API server
- --user
-
Type: string
The name of the kubeconfig user to use
cbopcfg version
Prints the command version
Inherited Flags
- --as
-
Type: string
Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
- --as-group
-
Type: stringArray
Default: []
Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
- --as-uid
-
Type: string
UID to impersonate for the operation.
- --cache-dir
-
Type: string
Default: $HOME/.kube/cache
Default cache directory
- --certificate-authority
-
Type: string
Path to a cert file for the certificate authority
- --client-certificate
-
Type: string
Path to a client certificate file for TLS
- --client-key
-
Type: string
Path to a client key file for TLS
- --cluster
-
Type: string
The name of the kubeconfig cluster to use
- --context
-
Type: string
The name of the kubeconfig context to use
- --disable-compression
-
Type: bool
Default: false
If true, opt-out of response compression for all requests to the server
- --insecure-skip-tls-verify
-
Type: bool
Default: false
If true, the server’s certificate will not be checked for validity. This will make your HTTPS connections insecure
- --kubeconfig
-
Type: string
Path to the kubeconfig file to use for CLI requests.
- --namespace, -n
-
Type: string
If present, the namespace scope for this CLI request
- --request-timeout
-
Type: string
Default: 0
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don’t timeout requests.
- --server, -s
-
Type: string
The address and port of the Kubernetes API server
- --tls-server-name
-
Type: string
Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
- --token
-
Type: string
Bearer token for authentication to the API server
- --user
-
Type: string
The name of the kubeconfig user to use