@@ -3524,6 +3524,91 @@ _oc_secrets_new-sshauth()

     noun_aliases=()

 }

+_oc_secrets_link()

+{

+    last_command="oc_secrets_link"

+    commands=()

+

+    flags=()

+    two_word_flags=()

+    flags_with_completion=()

+    flags_completion=()

+

+    flags+=("--for=")

+    flags+=("--api-version=")

+    flags+=("--as=")

+    flags+=("--certificate-authority=")

+    flags_with_completion+=("--certificate-authority")

+    flags_completion+=("_filedir")

+    flags+=("--client-certificate=")

+    flags_with_completion+=("--client-certificate")

+    flags_completion+=("_filedir")

+    flags+=("--client-key=")

+    flags_with_completion+=("--client-key")

+    flags_completion+=("_filedir")

+    flags+=("--cluster=")

+    flags+=("--config=")

+    flags_with_completion+=("--config")

+    flags_completion+=("_filedir")

+    flags+=("--context=")

+    flags+=("--insecure-skip-tls-verify")

+    flags+=("--log-flush-frequency=")

+    flags+=("--loglevel=")

+    flags+=("--logspec=")

+    flags+=("--match-server-version")

+    flags+=("--namespace=")

+    two_word_flags+=("-n")

+    flags+=("--server=")

+    flags+=("--token=")

+    flags+=("--user=")

+

+    must_have_one_flag=()

+    must_have_one_noun=()

+    noun_aliases=()

+}

+

+_oc_secrets_unlink()

+{

+    last_command="oc_secrets_unlink"

+    commands=()

+

+    flags=()

+    two_word_flags=()

+    flags_with_completion=()

+    flags_completion=()

+

+    flags+=("--api-version=")

+    flags+=("--as=")

+    flags+=("--certificate-authority=")

+    flags_with_completion+=("--certificate-authority")

+    flags_completion+=("_filedir")

+    flags+=("--client-certificate=")

+    flags_with_completion+=("--client-certificate")

+    flags_completion+=("_filedir")

+    flags+=("--client-key=")

+    flags_with_completion+=("--client-key")

+    flags_completion+=("_filedir")

+    flags+=("--cluster=")

+    flags+=("--config=")

+    flags_with_completion+=("--config")

+    flags_completion+=("_filedir")

+    flags+=("--context=")

+    flags+=("--insecure-skip-tls-verify")

+    flags+=("--log-flush-frequency=")

+    flags+=("--loglevel=")

+    flags+=("--logspec=")

+    flags+=("--match-server-version")

+    flags+=("--namespace=")

+    two_word_flags+=("-n")

+    flags+=("--server=")

+    flags+=("--token=")

+    flags+=("--user=")

+

+    must_have_one_flag=()

+    must_have_one_noun=()

+    noun_aliases=()

+}

+

 _oc_secrets_add()

 {

     last_command="oc_secrets_add"

@@ -3575,6 +3660,8 @@ _oc_secrets()

     commands+=("new-dockercfg")

     commands+=("new-basicauth")

     commands+=("new-sshauth")

+    commands+=("link")

+    commands+=("unlink")

     commands+=("add")

     flags=()

@@ -7882,6 +7882,93 @@ _openshift_cli_secrets_new-sshauth()

     noun_aliases=()

 }

+_openshift_cli_secrets_link()

+{

+    last_command="openshift_cli_secrets_link"

+    commands=()

+

+    flags=()

+    two_word_flags=()

+    flags_with_completion=()

+    flags_completion=()

+

+    flags+=("--for=")

+    flags+=("--api-version=")

+    flags+=("--as=")

+    flags+=("--certificate-authority=")

+    flags_with_completion+=("--certificate-authority")

+    flags_completion+=("_filedir")

+    flags+=("--client-certificate=")

+    flags_with_completion+=("--client-certificate")

+    flags_completion+=("_filedir")

+    flags+=("--client-key=")

+    flags_with_completion+=("--client-key")

+    flags_completion+=("_filedir")

+    flags+=("--cluster=")

+    flags+=("--config=")

+    flags_with_completion+=("--config")

+    flags_completion+=("_filedir")

+    flags+=("--context=")

+    flags+=("--google-json-key=")

+    flags+=("--insecure-skip-tls-verify")

+    flags+=("--log-flush-frequency=")

+    flags+=("--loglevel=")

+    flags+=("--logspec=")

+    flags+=("--match-server-version")

+    flags+=("--namespace=")

+    two_word_flags+=("-n")

+    flags+=("--server=")

+    flags+=("--token=")

+    flags+=("--user=")

+

+    must_have_one_flag=()

+    must_have_one_noun=()

+    noun_aliases=()

+}

+

+_openshift_cli_secrets_unlink()

+{

+    last_command="openshift_cli_secrets_unlink"

+    commands=()

+

+    flags=()

+    two_word_flags=()

+    flags_with_completion=()

+    flags_completion=()

+

+    flags+=("--api-version=")

+    flags+=("--as=")

+    flags+=("--certificate-authority=")

+    flags_with_completion+=("--certificate-authority")

+    flags_completion+=("_filedir")

+    flags+=("--client-certificate=")

+    flags_with_completion+=("--client-certificate")

+    flags_completion+=("_filedir")

+    flags+=("--client-key=")

+    flags_with_completion+=("--client-key")

+    flags_completion+=("_filedir")

+    flags+=("--cluster=")

+    flags+=("--config=")

+    flags_with_completion+=("--config")

+    flags_completion+=("_filedir")

+    flags+=("--context=")

+    flags+=("--google-json-key=")

+    flags+=("--insecure-skip-tls-verify")

+    flags+=("--log-flush-frequency=")

+    flags+=("--loglevel=")

+    flags+=("--logspec=")

+    flags+=("--match-server-version")

+    flags+=("--namespace=")

+    two_word_flags+=("-n")

+    flags+=("--server=")

+    flags+=("--token=")

+    flags+=("--user=")

+

+    must_have_one_flag=()

+    must_have_one_noun=()

+    noun_aliases=()

+}

+

 _openshift_cli_secrets_add()

 {

     last_command="openshift_cli_secrets_add"

@@ -7934,6 +8021,8 @@ _openshift_cli_secrets()

     commands+=("new-dockercfg")

     commands+=("new-basicauth")

     commands+=("new-sshauth")

+    commands+=("link")

+    commands+=("unlink")

     commands+=("add")

     flags=()

@@ -3685,6 +3685,91 @@ _oc_secrets_new-sshauth()

     noun_aliases=()

 }

+_oc_secrets_link()

+{

+    last_command="oc_secrets_link"

+    commands=()

+

+    flags=()

+    two_word_flags=()

+    flags_with_completion=()

+    flags_completion=()

+

+    flags+=("--for=")

+    flags+=("--api-version=")

+    flags+=("--as=")

+    flags+=("--certificate-authority=")

+    flags_with_completion+=("--certificate-authority")

+    flags_completion+=("_filedir")

+    flags+=("--client-certificate=")

+    flags_with_completion+=("--client-certificate")

+    flags_completion+=("_filedir")

+    flags+=("--client-key=")

+    flags_with_completion+=("--client-key")

+    flags_completion+=("_filedir")

+    flags+=("--cluster=")

+    flags+=("--config=")

+    flags_with_completion+=("--config")

+    flags_completion+=("_filedir")

+    flags+=("--context=")

+    flags+=("--insecure-skip-tls-verify")

+    flags+=("--log-flush-frequency=")

+    flags+=("--loglevel=")

+    flags+=("--logspec=")

+    flags+=("--match-server-version")

+    flags+=("--namespace=")

+    two_word_flags+=("-n")

+    flags+=("--server=")

+    flags+=("--token=")

+    flags+=("--user=")

+

+    must_have_one_flag=()

+    must_have_one_noun=()

+    noun_aliases=()

+}

+

+_oc_secrets_unlink()

+{

+    last_command="oc_secrets_unlink"

+    commands=()

+

+    flags=()

+    two_word_flags=()

+    flags_with_completion=()

+    flags_completion=()

+

+    flags+=("--api-version=")

+    flags+=("--as=")

+    flags+=("--certificate-authority=")

+    flags_with_completion+=("--certificate-authority")

+    flags_completion+=("_filedir")

+    flags+=("--client-certificate=")

+    flags_with_completion+=("--client-certificate")

+    flags_completion+=("_filedir")

+    flags+=("--client-key=")

+    flags_with_completion+=("--client-key")

+    flags_completion+=("_filedir")

+    flags+=("--cluster=")

+    flags+=("--config=")

+    flags_with_completion+=("--config")

+    flags_completion+=("_filedir")

+    flags+=("--context=")

+    flags+=("--insecure-skip-tls-verify")

+    flags+=("--log-flush-frequency=")

+    flags+=("--loglevel=")

+    flags+=("--logspec=")

+    flags+=("--match-server-version")

+    flags+=("--namespace=")

+    two_word_flags+=("-n")

+    flags+=("--server=")

+    flags+=("--token=")

+    flags+=("--user=")

+

+    must_have_one_flag=()

+    must_have_one_noun=()

+    noun_aliases=()

+}

+

 _oc_secrets_add()

 {

     last_command="oc_secrets_add"

@@ -3736,6 +3821,8 @@ _oc_secrets()

     commands+=("new-dockercfg")

     commands+=("new-basicauth")

     commands+=("new-sshauth")

+    commands+=("link")

+    commands+=("unlink")

     commands+=("add")

     flags=()

@@ -8043,6 +8043,93 @@ _openshift_cli_secrets_new-sshauth()

     noun_aliases=()

 }

+_openshift_cli_secrets_link()

+{

+    last_command="openshift_cli_secrets_link"

+    commands=()

+

+    flags=()

+    two_word_flags=()

+    flags_with_completion=()

+    flags_completion=()

+

+    flags+=("--for=")

+    flags+=("--api-version=")

+    flags+=("--as=")

+    flags+=("--certificate-authority=")

+    flags_with_completion+=("--certificate-authority")

+    flags_completion+=("_filedir")

+    flags+=("--client-certificate=")

+    flags_with_completion+=("--client-certificate")

+    flags_completion+=("_filedir")

+    flags+=("--client-key=")

+    flags_with_completion+=("--client-key")

+    flags_completion+=("_filedir")

+    flags+=("--cluster=")

+    flags+=("--config=")

+    flags_with_completion+=("--config")

+    flags_completion+=("_filedir")

+    flags+=("--context=")

+    flags+=("--google-json-key=")

+    flags+=("--insecure-skip-tls-verify")

+    flags+=("--log-flush-frequency=")

+    flags+=("--loglevel=")

+    flags+=("--logspec=")

+    flags+=("--match-server-version")

+    flags+=("--namespace=")

+    two_word_flags+=("-n")

+    flags+=("--server=")

+    flags+=("--token=")

+    flags+=("--user=")

+

+    must_have_one_flag=()

+    must_have_one_noun=()

+    noun_aliases=()

+}

+

+_openshift_cli_secrets_unlink()

+{

+    last_command="openshift_cli_secrets_unlink"

+    commands=()

+

+    flags=()

+    two_word_flags=()

+    flags_with_completion=()

+    flags_completion=()

+

+    flags+=("--api-version=")

+    flags+=("--as=")

+    flags+=("--certificate-authority=")

+    flags_with_completion+=("--certificate-authority")

+    flags_completion+=("_filedir")

+    flags+=("--client-certificate=")

+    flags_with_completion+=("--client-certificate")

+    flags_completion+=("_filedir")

+    flags+=("--client-key=")

+    flags_with_completion+=("--client-key")

+    flags_completion+=("_filedir")

+    flags+=("--cluster=")

+    flags+=("--config=")

+    flags_with_completion+=("--config")

+    flags_completion+=("_filedir")

+    flags+=("--context=")

+    flags+=("--google-json-key=")

+    flags+=("--insecure-skip-tls-verify")

+    flags+=("--log-flush-frequency=")

+    flags+=("--loglevel=")

+    flags+=("--logspec=")

+    flags+=("--match-server-version")

+    flags+=("--namespace=")

+    two_word_flags+=("-n")

+    flags+=("--server=")

+    flags+=("--token=")

+    flags+=("--user=")

+

+    must_have_one_flag=()

+    must_have_one_noun=()

+    noun_aliases=()

+}

+

 _openshift_cli_secrets_add()

 {

     last_command="openshift_cli_secrets_add"

@@ -8095,6 +8182,8 @@ _openshift_cli_secrets()

     commands+=("new-dockercfg")

     commands+=("new-basicauth")

     commands+=("new-sshauth")

+    commands+=("link")

+    commands+=("unlink")

     commands+=("add")

     flags=()

@@ -2092,20 +2092,39 @@ Change the number of pods in a deployment

 == oc secrets add

-Add secrets to a ServiceAccount

+DEPRECATED: secrets link

 ====

 [options="nowrap"]

 ----

-  // To use your secret inside of a pod or as a push, pull, or source secret for a build, you must add a 'mount' secret to your service account like this:

-  oc secrets add serviceaccount/sa-name secrets/secret-name secrets/another-secret-name

+  # Add an image pull secret to a service account to automatically use it for pulling pod images:

+  oc serviceaccount-name pull-secret --for=pull

-  // To use your secret as an image pull secret, you must add a 'pull' secret to your service account like this:

-  oc secrets add serviceaccount/sa-name secrets/secret-name --for=pull

+  # Add an image pull secret to a service account to automatically use it for both pulling and pushing build images:

+  oc builder builder-image-secret --for=pull,mount

-  // To use your secret for image pulls or inside a pod:

-  oc secrets add serviceaccount/sa-name secrets/secret-name --for=pull,mount

+  # If the cluster's serviceAccountConfig is operating with limitSecretReferences: True, secrets must be added to the pod's service account whitelist in order to be available to the pod:

+  oc pod-sa pod-secret

+----

+====

+

+

+== oc secrets link

+Link secrets to a ServiceAccount

+

+====

+

+[options="nowrap"]

+----

+  # Add an image pull secret to a service account to automatically use it for pulling pod images:

+  oc secrets link serviceaccount-name pull-secret --for=pull

+

+  # Add an image pull secret to a service account to automatically use it for both pulling and pushing build images:

+  oc secrets link builder builder-image-secret --for=pull,mount

+

+  # If the cluster's serviceAccountConfig is operating with limitSecretReferences: True, secrets must be added to the pod's service account whitelist in order to be available to the pod:

+  oc secrets link pod-sa pod-secret

 ----

 ====

@@ -2195,6 +2214,19 @@ Create a new secret for SSH authentication

 ====

+== oc secrets unlink

+Detach secrets from a ServiceAccount

+

+====

+

+[options="nowrap"]

+----

+ # Unlink a secret currently associated with a service account:

+oc secrets unlink serviceaccount-name secret-name another-secret-name ...

+----

+====

+

+

 == oc serviceaccounts get-token

 Get a token assigned to a service account.

@@ -170,10 +170,12 @@ oc-rsync.1

 oc-run.1

 oc-scale.1

 oc-secrets-add.1

+oc-secrets-link.1

 oc-secrets-new-basicauth.1

 oc-secrets-new-dockercfg.1

 oc-secrets-new-sshauth.1

 oc-secrets-new.1

+oc-secrets-unlink.1

 oc-secrets.1

 oc-serviceaccounts-get-token.1

 oc-serviceaccounts-new-token.1

@@ -249,10 +249,12 @@ openshift-cli-rsync.1

 openshift-cli-run.1

 openshift-cli-scale.1

 openshift-cli-secrets-add.1

+openshift-cli-secrets-link.1

 openshift-cli-secrets-new-basicauth.1

 openshift-cli-secrets-new-dockercfg.1

 openshift-cli-secrets-new-sshauth.1

 openshift-cli-secrets-new.1

+openshift-cli-secrets-unlink.1

 openshift-cli-secrets.1

 openshift-cli-serviceaccounts-get-token.1

 openshift-cli-serviceaccounts-new-token.1

@@ -3,7 +3,7 @@

 .SH NAME

 .PP

-oc secrets add \- Add secrets to a ServiceAccount

+oc secrets add \- DEPRECATED: secrets link

 .SH SYNOPSIS

@@ -13,16 +13,13 @@ oc secrets add \- Add secrets to a ServiceAccount

 .SH DESCRIPTION

 .PP

-Add secrets to a ServiceAccount

-

-.PP

-After you have created a secret, you probably want to make use of that secret inside of a pod, for a build, or as an image pull secret.  In order to do that, you must add your secret to a service account.

+DEPRECATED: This command has been moved to "oc secrets link"

 .SH OPTIONS

 .PP

 \fB\-\-for\fP=[mount]

-    type of secret to add: mount or pull

+    type of secret to link: mount or pull

 .SH OPTIONS INHERITED FROM PARENT COMMANDS

@@ -96,14 +93,14 @@ After you have created a secret, you probably want to make use of that secret in

 .RS

 .nf

-  // To use your secret inside of a pod or as a push, pull, or source secret for a build, you must add a 'mount' secret to your service account like this:

-  oc secrets add serviceaccount/sa\-name secrets/secret\-name secrets/another\-secret\-name

+  # Add an image pull secret to a service account to automatically use it for pulling pod images:

+  oc serviceaccount\-name pull\-secret \-\-for=pull

-  // To use your secret as an image pull secret, you must add a 'pull' secret to your service account like this:

-  oc secrets add serviceaccount/sa\-name secrets/secret\-name \-\-for=pull

+  # Add an image pull secret to a service account to automatically use it for both pulling and pushing build images:

+  oc builder builder\-image\-secret \-\-for=pull,mount

-  // To use your secret for image pulls or inside a pod:

-  oc secrets add serviceaccount/sa\-name secrets/secret\-name \-\-for=pull,mount

+  # If the cluster's serviceAccountConfig is operating with limitSecretReferences: True, secrets must be added to the pod's service account whitelist in order to be available to the pod:

+  oc pod\-sa pod\-secret

 .fi

 .RE

new file mode 100644

@@ -0,0 +1,119 @@

+.TH "OC SECRETS" "1" " Openshift CLI User Manuals" "Openshift" "June 2016"  ""

+

+

+.SH NAME

+.PP

+oc secrets link \- Link secrets to a ServiceAccount

+

+

+.SH SYNOPSIS

+.PP

+\fBoc secrets link\fP [OPTIONS]

+

+

+.SH DESCRIPTION

+.PP

+Link secrets to a service account

+

+.PP

+Linking a secret enables a service account to automatically use that secret for some forms of authentication

+

+

+.SH OPTIONS

+.PP

+\fB\-\-for\fP=[mount]

+    type of secret to link: mount or pull

+

+

+.SH OPTIONS INHERITED FROM PARENT COMMANDS

+.PP

+\fB\-\-api\-version\fP=""

+    DEPRECATED: The API version to use when talking to the server

+

+.PP

+\fB\-\-as\fP=""

+    Username to impersonate for the operation.

+

+.PP

+\fB\-\-certificate\-authority\fP=""

+    Path to a cert. file for the certificate authority.

+

+.PP

+\fB\-\-client\-certificate\fP=""

+    Path to a client certificate file for TLS.

+

+.PP

+\fB\-\-client\-key\fP=""

+    Path to a client key file for TLS.

+

+.PP

+\fB\-\-cluster\fP=""

+    The name of the kubeconfig cluster to use

+

+.PP

+\fB\-\-config\fP=""

+    Path to the config file to use for CLI requests.

+

+.PP

+\fB\-\-context\fP=""

+    The name of the kubeconfig context to use

+

+.PP

+\fB\-\-google\-json\-key\fP=""

+    The Google Cloud Platform Service Account JSON Key to use for authentication.

+

+.PP

+\fB\-\-insecure\-skip\-tls\-verify\fP=false

+    If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure.

+

+.PP

+\fB\-\-log\-flush\-frequency\fP=0

+    Maximum number of seconds between log flushes

+

+.PP

+\fB\-\-match\-server\-version\fP=false

+    Require server version to match client version

+

+.PP

+\fB\-n\fP, \fB\-\-namespace\fP=""

+    If present, the namespace scope for this CLI request.

+

+.PP

+\fB\-\-server\fP=""

+    The address and port of the Kubernetes API server

+

+.PP

+\fB\-\-token\fP=""

+    Bearer token for authentication to the API server.

+

+.PP

+\fB\-\-user\fP=""

+    The name of the kubeconfig user to use

+

+

+.SH EXAMPLE

+.PP

+.RS

+

+.nf

+  # Add an image pull secret to a service account to automatically use it for pulling pod images:

+  oc secrets link serviceaccount\-name pull\-secret \-\-for=pull

+

+  # Add an image pull secret to a service account to automatically use it for both pulling and pushing build images:

+  oc secrets link builder builder\-image\-secret \-\-for=pull,mount

+

+  # If the cluster's serviceAccountConfig is operating with limitSecretReferences: True, secrets must be added to the pod's service account whitelist in order to be available to the pod:

+  oc secrets link pod\-sa pod\-secret

+

+.fi

+.RE

+

+

+.SH SEE ALSO

+.PP

+\fBoc\-secrets(1)\fP,

+

+

+.SH HISTORY

+.PP

+June 2016, Ported from the Kubernetes man\-doc generator

new file mode 100644

@@ -0,0 +1,107 @@

+.TH "OC SECRETS" "1" " Openshift CLI User Manuals" "Openshift" "June 2016"  ""

+

+

+.SH NAME

+.PP

+oc secrets unlink \- Detach secrets from a ServiceAccount

+

+

+.SH SYNOPSIS

+.PP

+\fBoc secrets unlink\fP [OPTIONS]

+

+

+.SH DESCRIPTION

+.PP

+Unlink (detach) secrets from a service account

+

+.PP

+If a secret is no longer valid for a pod, build or image pull, you may unlink it from a service account.

+

+

+.SH OPTIONS INHERITED FROM PARENT COMMANDS

+.PP

+\fB\-\-api\-version\fP=""

+    DEPRECATED: The API version to use when talking to the server

+

+.PP

+\fB\-\-as\fP=""

+    Username to impersonate for the operation.

+

+.PP

+\fB\-\-certificate\-authority\fP=""

+    Path to a cert. file for the certificate authority.

+

+.PP

+\fB\-\-client\-certificate\fP=""

+    Path to a client certificate file for TLS.

+

+.PP

+\fB\-\-client\-key\fP=""

+    Path to a client key file for TLS.

+

+.PP

+\fB\-\-cluster\fP=""

+    The name of the kubeconfig cluster to use

+

+.PP

+\fB\-\-config\fP=""

+    Path to the config file to use for CLI requests.

+

+.PP

+\fB\-\-context\fP=""

+    The name of the kubeconfig context to use

+

+.PP

+\fB\-\-google\-json\-key\fP=""

+    The Google Cloud Platform Service Account JSON Key to use for authentication.

+

+.PP

+\fB\-\-insecure\-skip\-tls\-verify\fP=false

+    If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure.

+

+.PP

+\fB\-\-log\-flush\-frequency\fP=0

+    Maximum number of seconds between log flushes

+

+.PP

+\fB\-\-match\-server\-version\fP=false

+    Require server version to match client version

+

+.PP

+\fB\-n\fP, \fB\-\-namespace\fP=""

+    If present, the namespace scope for this CLI request.

+

+.PP

+\fB\-\-server\fP=""

+    The address and port of the Kubernetes API server

+

+.PP

+\fB\-\-token\fP=""

+    Bearer token for authentication to the API server.

+

+.PP

+\fB\-\-user\fP=""

+    The name of the kubeconfig user to use

+

+

+.SH EXAMPLE

+.PP

+.RS

+

+.nf

+ # Unlink a secret currently associated with a service account:

+oc secrets unlink serviceaccount\-name secret\-name another\-secret\-name ...

+

+.fi

+.RE

+

+

+.SH SEE ALSO

+.PP

+\fBoc\-secrets(1)\fP,

+

+

+.SH HISTORY

+.PP

+June 2016, Ported from the Kubernetes man\-doc generator

@@ -89,7 +89,7 @@ Docker registries.

 .SH SEE ALSO

 .PP

-\fBoc(1)\fP, \fBoc\-secrets\-new(1)\fP, \fBoc\-secrets\-new\-dockercfg(1)\fP, \fBoc\-secrets\-new\-basicauth(1)\fP, \fBoc\-secrets\-new\-sshauth(1)\fP, \fBoc\-secrets\-add(1)\fP,

+\fBoc(1)\fP, \fBoc\-secrets\-new(1)\fP, \fBoc\-secrets\-new\-dockercfg(1)\fP, \fBoc\-secrets\-new\-basicauth(1)\fP, \fBoc\-secrets\-new\-sshauth(1)\fP, \fBoc\-secrets\-link(1)\fP, \fBoc\-secrets\-unlink(1)\fP, \fBoc\-secrets\-add(1)\fP,

 .SH HISTORY

@@ -3,7 +3,7 @@

 .SH NAME

 .PP

-openshift cli secrets add \- Add secrets to a ServiceAccount

+openshift cli secrets add \- DEPRECATED: secrets link

 .SH SYNOPSIS

@@ -13,16 +13,13 @@ openshift cli secrets add \- Add secrets to a ServiceAccount

 .SH DESCRIPTION

 .PP

-Add secrets to a ServiceAccount

-

-.PP

-After you have created a secret, you probably want to make use of that secret inside of a pod, for a build, or as an image pull secret.  In order to do that, you must add your secret to a service account.

+DEPRECATED: This command has been moved to "openshift cli secrets link"

 .SH OPTIONS

 .PP

 \fB\-\-for\fP=[mount]

-    type of secret to add: mount or pull

+    type of secret to link: mount or pull

 .SH OPTIONS INHERITED FROM PARENT COMMANDS

@@ -96,14 +93,14 @@ After you have created a secret, you probably want to make use of that secret in

 .RS

 .nf

-  // To use your secret inside of a pod or as a push, pull, or source secret for a build, you must add a 'mount' secret to your service account like this:

-  openshift cli secrets add serviceaccount/sa\-name secrets/secret\-name secrets/another\-secret\-name

+  # Add an image pull secret to a service account to automatically use it for pulling pod images:

+  openshift cli serviceaccount\-name pull\-secret \-\-for=pull

-  // To use your secret as an image pull secret, you must add a 'pull' secret to your service account like this:

-  openshift cli secrets add serviceaccount/sa\-name secrets/secret\-name \-\-for=pull

+  # Add an image pull secret to a service account to automatically use it for both pulling and pushing build images:

+  openshift cli builder builder\-image\-secret \-\-for=pull,mount

-  // To use your secret for image pulls or inside a pod:

-  openshift cli secrets add serviceaccount/sa\-name secrets/secret\-name \-\-for=pull,mount

+  # If the cluster's serviceAccountConfig is operating with limitSecretReferences: True, secrets must be added to the pod's service account whitelist in order to be available to the pod:

+  openshift cli pod\-sa pod\-secret

 .fi

 .RE

new file mode 100644

@@ -0,0 +1,119 @@

+.TH "OPENSHIFT CLI SECRETS" "1" " Openshift CLI User Manuals" "Openshift" "June 2016"  ""

+

+

+.SH NAME

+.PP

+openshift cli secrets link \- Link secrets to a ServiceAccount

+

+

+.SH SYNOPSIS

+.PP

+\fBopenshift cli secrets link\fP [OPTIONS]

+

+

+.SH DESCRIPTION

+.PP

+Link secrets to a service account

+

+.PP

+Linking a secret enables a service account to automatically use that secret for some forms of authentication

+

+