oc-tag man page

oc tag ā€” Tag existing images into image streams


oc tag [Options]


Tag existing images into image streams

The tag command allows you to take an existing tag or image from an image stream, or a Docker image pull spec, and set it as the most recent image for a tag in 1 or more other image streams. It is similar to the 'docker tag' command, but it operates on image streams instead.

Pass the --insecure flag if your external registry does not have a valid HTTPS certificate, or is only served over HTTP. Pass --scheduled to have the server regularly check the tag for updates and import the latest version (which can then trigger builds and deployments). Note that --scheduled is only allowed for Docker images.



Should the destination tag be updated whenever the source tag changes. Applies only to a single image stream. Defaults to false.

-d, --delete=false

Delete the provided spec tags.


Set to true if importing the specified Docker image requires HTTP or has a self-signed certificate. Defaults to false.


Should the destination tag continue to pull from the source namespace. Defaults to false.


Allow to request pullthrough for external image when set to 'local'. Defaults to 'source'.


Set a Docker image to be periodically imported from a remote repository. Defaults to false.


Optional hint for the source type; valid values are 'imagestreamtag', 'istag', 'imagestreamimage', 'isimage', and 'docker'.

Options Inherited from Parent Commands


Username to impersonate for the operation


Group to impersonate for the operation, this flag can be repeated to specify multiple groups.


Path to the file container Azure container registry configuration information.


Default HTTP cache directory


Path to a cert file for the certificate authority


Path to a client certificate file for TLS


Path to a client key file for TLS


The name of the kubeconfig cluster to use


Path to the config file to use for CLI requests.


The name of the kubeconfig context to use


The Google Cloud Platform Service Account JSON Key to use for authentication.


If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure


Require server version to match client version

-n, --namespace=""

If present, the namespace scope for this CLI request


The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.


The address and port of the Kubernetes API server


Bearer token for authentication to the API server


The name of the kubeconfig user to use


Print version information and quit


  # Tag the current image for the image stream 'openshift/ruby' and tag '2.0' into the image stream 'yourproject/ruby with tag 'tip'.
  oc tag openshift/ruby:2.0 yourproject/ruby:tip
  # Tag a specific image.
  oc tag openshift/ruby@sha256:6b646fa6bf5e5e4c7fa41056c27910e679c03ebe7f93e361e6515a9da7e258cc yourproject/ruby:tip
  # Tag an external Docker image.
  oc tag --source=docker openshift/origin:latest yourproject/ruby:tip
  # Tag an external Docker image and request pullthrough for it.
  oc tag --source=docker openshift/origin:latest yourproject/ruby:tip --reference-policy=local
  # Remove the specified spec tag from an image stream.
  oc tag openshift/origin:latest -d

See Also



June 2016, Ported from the Kubernetes man-doc generator

Referenced By


Openshift CLI User Manuals June 2016