# CLI reference

<!-- This file is generated by constellation/hack/clidocgen via update-cli-reference.yml workflow. Don't edit manually. -->

Use the Constellation CLI to create and manage your clusters.

Usage:

```
constellation [command]
```
Commands:

* [config](#constellation-config): Work with the Constellation configuration file
  * [generate](#constellation-config-generate): Generate a default configuration file
  * [fetch-measurements](#constellation-config-fetch-measurements): Fetch measurements for configured cloud provider and image
  * [instance-types](#constellation-config-instance-types): Print the supported instance types for all cloud providers
* [create](#constellation-create): Create instances on a cloud platform for your Constellation cluster
* [init](#constellation-init): Initialize the Constellation cluster
* [mini](#constellation-mini): Manage MiniConstellation clusters
  * [up](#constellation-mini-up): Create and initialize a new MiniConstellation cluster
  * [down](#constellation-mini-down): Destroy a MiniConstellation cluster
* [verify](#constellation-verify): Verify the confidential properties of a Constellation cluster
* [upgrade](#constellation-upgrade): Plan and perform an upgrade of a Constellation cluster
  * [plan](#constellation-upgrade-plan): Plan an upgrade of a Constellation cluster
  * [execute](#constellation-upgrade-execute): Execute an upgrade of a Constellation cluster
* [recover](#constellation-recover): Recover a completely stopped Constellation cluster
* [terminate](#constellation-terminate): Terminate a Constellation cluster
* [version](#constellation-version): Display version of this CLI
* [iam](#constellation-iam): Work with the IAM configuration on your cloud provider
  * [create](#constellation-iam-create): Create IAM configuration on a cloud platform for your Constellation cluster
    * [aws](#constellation-iam-create-aws): Create IAM configuration on AWS for your Constellation cluster
    * [azure](#constellation-iam-create-azure): Create IAM configuration on Microsoft Azure for your Constellation cluster
    * [gcp](#constellation-iam-create-gcp): Create IAM configuration on GCP for your Constellation cluster

## constellation config

Work with the Constellation configuration file

### Synopsis

Work with the Constellation configuration file.

### Options

```
  -h, --help   help for config
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation config generate

Generate a default configuration file

### Synopsis

Generate a default configuration file for your selected cloud provider.

```
constellation config generate {aws|azure|gcp|qemu} [flags]
```

### Options

```
  -f, --file string   path to output file, or '-' for stdout (default "constellation-conf.yaml")
  -h, --help          help for generate
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation config fetch-measurements

Fetch measurements for configured cloud provider and image

### Synopsis

Fetch measurements for configured cloud provider and image.

A config needs to be generated first.

```
constellation config fetch-measurements [flags]
```

### Options

```
  -h, --help                   help for fetch-measurements
  -s, --signature-url string   alternative URL to fetch measurements' signature from
  -u, --url string             alternative URL to fetch measurements from
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation config instance-types

Print the supported instance types for all cloud providers

### Synopsis

Print the supported instance types for all cloud providers.

```
constellation config instance-types [flags]
```

### Options

```
  -h, --help   help for instance-types
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation create

Create instances on a cloud platform for your Constellation cluster

### Synopsis

Create instances on a cloud platform for your Constellation cluster.

```
constellation create [flags]
```

### Options

```
  -c, --control-plane-nodes int   number of control-plane nodes (required)
  -h, --help                      help for create
      --name string               create the cluster with the specified name (default "constell")
  -w, --worker-nodes int          number of worker nodes (required)
  -y, --yes                       create the cluster without further confirmation
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation init

Initialize the Constellation cluster

### Synopsis

Initialize the Constellation cluster.

Start your confidential Kubernetes.

```
constellation init [flags]
```

### Options

```
      --conformance            enable conformance mode
  -h, --help                   help for init
      --master-secret string   path to base64-encoded master secret
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation mini

Manage MiniConstellation clusters

### Synopsis

Manage MiniConstellation clusters.

### Options

```
  -h, --help   help for mini
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation mini up

Create and initialize a new MiniConstellation cluster

### Synopsis

Create and initialize a new MiniConstellation cluster.

A mini cluster consists of a single control-plane and worker node, hosted using QEMU/KVM.

```
constellation mini up [flags]
```

### Options

```
      --config string   path to the configuration file to use for the cluster
  -h, --help            help for up
```

### Options inherited from parent commands

```
      --debug   enable debug logging
```

## constellation mini down

Destroy a MiniConstellation cluster

### Synopsis

Destroy a MiniConstellation cluster.

```
constellation mini down [flags]
```

### Options

```
  -h, --help   help for down
  -y, --yes    terminate the cluster without further confirmation
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation verify

Verify the confidential properties of a Constellation cluster

### Synopsis

Verify the confidential properties of a Constellation cluster.

If arguments aren't specified, values are read from `constellation-id.json`.

```
constellation verify [flags]
```

### Options

```
      --cluster-id string      expected cluster identifier
  -h, --help                   help for verify
  -e, --node-endpoint string   endpoint of the node to verify, passed as HOST[:PORT]
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation upgrade

Plan and perform an upgrade of a Constellation cluster

### Synopsis

Plan and perform an upgrade of a Constellation cluster.

### Options

```
  -h, --help   help for upgrade
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation upgrade plan

Plan an upgrade of a Constellation cluster

### Synopsis

Plan an upgrade of a Constellation cluster by fetching compatible image versions and their measurements.

```
constellation upgrade plan [flags]
```

### Options

```
  -f, --file string   path to output file, or '-' for stdout (omit for interactive mode)
  -h, --help          help for plan
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation upgrade execute

Execute an upgrade of a Constellation cluster

### Synopsis

Execute an upgrade of a Constellation cluster by applying the chosen configuration.

```
constellation upgrade execute [flags]
```

### Options

```
  -h, --help   help for execute
  -y, --yes    run upgrades without further confirmation
               WARNING: might delete your resources in case you are using cert-manager in your cluster. Please read the docs.
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation recover

Recover a completely stopped Constellation cluster

### Synopsis

Recover a Constellation cluster by sending a recovery key to an instance in the boot stage.

This is only required if instances restart without other instances available for bootstrapping.

```
constellation recover [flags]
```

### Options

```
  -e, --endpoint string        endpoint of the instance, passed as HOST[:PORT]
  -h, --help                   help for recover
      --master-secret string   path to master secret file (default "constellation-mastersecret.json")
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation terminate

Terminate a Constellation cluster

### Synopsis

Terminate a Constellation cluster.

The cluster can't be started again, and all persistent storage will be lost.

```
constellation terminate [flags]
```

### Options

```
  -h, --help   help for terminate
  -y, --yes    terminate the cluster without further confirmation
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation version

Display version of this CLI

### Synopsis

Display version of this CLI.

```
constellation version [flags]
```

### Options

```
  -h, --help   help for version
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation iam

Work with the IAM configuration on your cloud provider

### Synopsis

Work with the IAM configuration on your cloud provider.

### Options

```
  -h, --help   help for iam
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation iam create

Create IAM configuration on a cloud platform for your Constellation cluster

### Synopsis

Create IAM configuration on a cloud platform for your Constellation cluster.

### Options

```
      --generate-config   automatically generate a configuration file and fill in the required fields
  -h, --help              help for create
```

### Options inherited from parent commands

```
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
```

## constellation iam create aws

Create IAM configuration on AWS for your Constellation cluster

### Synopsis

Create IAM configuration on AWS for your Constellation cluster.

```
constellation iam create aws [flags]
```

### Options

```
  -h, --help            help for aws
      --prefix string   name prefix for all resources (required)
      --yes             create the IAM configuration without further confirmation
      --zone string     AWS availability zone the resources will be created in, e.g. us-east-2a (required)
                        Find available zones here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones. Note that we do not support every zone / region. You can find a list of all supported regions in our docs.
```

### Options inherited from parent commands

```
      --config string     path to the configuration file (default "constellation-conf.yaml")
      --debug             enable debug logging
      --generate-config   automatically generate a configuration file and fill in the required fields
```

## constellation iam create azure

Create IAM configuration on Microsoft Azure for your Constellation cluster

### Synopsis

Create IAM configuration on Microsoft Azure for your Constellation cluster.

```
constellation iam create azure [flags]
```

### Options

```
  -h, --help                      help for azure
      --region string             region the resources will be created in, e.g. westus (required)
      --resourceGroup string      name prefix of the two resource groups your cluster / IAM resources will be created in (required)
      --servicePrincipal string   name of the service principal that will be created (required)
      --yes                       create the IAM configuration without further confirmation
```

### Options inherited from parent commands

```
      --config string     path to the configuration file (default "constellation-conf.yaml")
      --debug             enable debug logging
      --generate-config   automatically generate a configuration file and fill in the required fields
```

## constellation iam create gcp

Create IAM configuration on GCP for your Constellation cluster

### Synopsis

Create IAM configuration on GCP for your Constellation cluster.

```
constellation iam create gcp [flags]
```

### Options

```
  -h, --help                      help for gcp
      --projectID string          ID of the GCP project the configuration will be created in (required)
                                  Find it on the welcome screen of your project: https://console.cloud.google.com/welcome.
      --serviceAccountID string   ID for the service account that will be created (required)
                                  Must match ^[a-z](?:[-a-z0-9]{4,28}[a-z0-9])$.
      --yes                       create the IAM configuration without further confirmation
      --zone string               GCP zone the cluster will be deployed in (required)
                                  Find a list of available zones here: https://cloud.google.com/compute/docs/regions-zones#available.
```

### Options inherited from parent commands

```
      --config string     path to the configuration file (default "constellation-conf.yaml")
      --debug             enable debug logging
      --generate-config   automatically generate a configuration file and fill in the required fields
```