# CLI reference Use the Constellation CLI to create and manage your clusters. Usage: ``` constellation [command] ``` Commands: * [config](#constellation-config): Work with the Constellation configuration file * [generate](#constellation-config-generate): Generate a default configuration file * [fetch-measurements](#constellation-config-fetch-measurements): Fetch measurements for configured cloud provider and image * [instance-types](#constellation-config-instance-types): Print the supported instance types for all cloud providers * [create](#constellation-create): Create instances on a cloud platform for your Constellation cluster * [init](#constellation-init): Initialize the Constellation cluster * [mini](#constellation-mini): Manage MiniConstellation clusters * [up](#constellation-mini-up): Create and initialize a new MiniConstellation cluster * [down](#constellation-mini-down): Destroy a MiniConstellation cluster * [verify](#constellation-verify): Verify the confidential properties of a Constellation cluster * [upgrade](#constellation-upgrade): Plan and perform an upgrade of a Constellation cluster * [plan](#constellation-upgrade-plan): Plan an upgrade of a Constellation cluster * [execute](#constellation-upgrade-execute): Execute an upgrade of a Constellation cluster * [recover](#constellation-recover): Recover a completely stopped Constellation cluster * [terminate](#constellation-terminate): Terminate a Constellation cluster * [version](#constellation-version): Display version of this CLI * [iam](#constellation-iam): Work with the IAM configuration on your cloud provider * [create](#constellation-iam-create): Create IAM configuration on a cloud platform for your Constellation cluster * [aws](#constellation-iam-create-aws): Create IAM configuration on AWS for your Constellation cluster * [azure](#constellation-iam-create-azure): Create IAM configuration on Microsoft Azure for your Constellation cluster * [gcp](#constellation-iam-create-gcp): Create IAM configuration on GCP for your Constellation cluster ## constellation config Work with the Constellation configuration file ### Synopsis Work with the Constellation configuration file. ### Options ``` -h, --help help for config ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation config generate Generate a default configuration file ### Synopsis Generate a default configuration file for your selected cloud provider. ``` constellation config generate {aws|azure|gcp|qemu} [flags] ``` ### Options ``` -f, --file string path to output file, or '-' for stdout (default "constellation-conf.yaml") -h, --help help for generate ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation config fetch-measurements Fetch measurements for configured cloud provider and image ### Synopsis Fetch measurements for configured cloud provider and image. A config needs to be generated first! ``` constellation config fetch-measurements [flags] ``` ### Options ``` -h, --help help for fetch-measurements -s, --signature-url string alternative URL to fetch measurements' signature from -u, --url string alternative URL to fetch measurements from ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation config instance-types Print the supported instance types for all cloud providers ### Synopsis Print the supported instance types for all cloud providers. ``` constellation config instance-types [flags] ``` ### Options ``` -h, --help help for instance-types ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation create Create instances on a cloud platform for your Constellation cluster ### Synopsis Create instances on a cloud platform for your Constellation cluster. ``` constellation create [flags] ``` ### Options ``` -c, --control-plane-nodes int number of control-plane nodes (required) -h, --help help for create --name string create the cluster with the specified name (default "constell") -w, --worker-nodes int number of worker nodes (required) -y, --yes create the cluster without further confirmation ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation init Initialize the Constellation cluster ### Synopsis Initialize the Constellation cluster. Start your confidential Kubernetes. ``` constellation init [flags] ``` ### Options ``` --conformance enable conformance mode -h, --help help for init --master-secret string path to base64-encoded master secret ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation mini Manage MiniConstellation clusters ### Synopsis Manage MiniConstellation clusters. ### Options ``` -h, --help help for mini ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation mini up Create and initialize a new MiniConstellation cluster ### Synopsis Create and initialize a new MiniConstellation cluster. A mini cluster consists of a single control-plane and worker node, hosted using QEMU/KVM. ``` constellation mini up [flags] ``` ### Options ``` --config string path to the config file to use for the cluster -h, --help help for up ``` ### Options inherited from parent commands ``` --debug enable debug logging ``` ## constellation mini down Destroy a MiniConstellation cluster ### Synopsis Destroy a MiniConstellation cluster. ``` constellation mini down [flags] ``` ### Options ``` -h, --help help for down -y, --yes terminate the cluster without further confirmation ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation verify Verify the confidential properties of a Constellation cluster ### Synopsis Verify the confidential properties of a Constellation cluster. If arguments aren't specified, values are read from `constellation-id.json`. ``` constellation verify [flags] ``` ### Options ``` --cluster-id string expected cluster identifier -h, --help help for verify -e, --node-endpoint string endpoint of the node to verify, passed as HOST[:PORT] ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation upgrade Plan and perform an upgrade of a Constellation cluster ### Synopsis Plan and perform an upgrade of a Constellation cluster. ### Options ``` -h, --help help for upgrade ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation upgrade plan Plan an upgrade of a Constellation cluster ### Synopsis Plan an upgrade of a Constellation cluster by fetching compatible image versions and their measurements. ``` constellation upgrade plan [flags] ``` ### Options ``` -f, --file string path to output file, or '-' for stdout (omit for interactive mode) -h, --help help for plan ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation upgrade execute Execute an upgrade of a Constellation cluster ### Synopsis Execute an upgrade of a Constellation cluster by applying the chosen configuration. ``` constellation upgrade execute [flags] ``` ### Options ``` -h, --help help for execute ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation recover Recover a completely stopped Constellation cluster ### Synopsis Recover a Constellation cluster by sending a recovery key to an instance in the boot stage. This is only required if instances restart without other instances available for bootstrapping. ``` constellation recover [flags] ``` ### Options ``` -e, --endpoint string endpoint of the instance, passed as HOST[:PORT] -h, --help help for recover --master-secret string path to master secret file (default "constellation-mastersecret.json") ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation terminate Terminate a Constellation cluster ### Synopsis Terminate a Constellation cluster. The cluster can't be started again, and all persistent storage will be lost. ``` constellation terminate [flags] ``` ### Options ``` -h, --help help for terminate -y, --yes terminate the cluster without further confirmation ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation version Display version of this CLI ### Synopsis Display version of this CLI. ``` constellation version [flags] ``` ### Options ``` -h, --help help for version ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation iam Work with the IAM configuration on your cloud provider ### Synopsis Work with the IAM configuration on your cloud provider. ### Options ``` -h, --help help for iam ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation iam create Create IAM configuration on a cloud platform for your Constellation cluster ### Synopsis Create IAM configuration on a cloud platform for your Constellation cluster. ### Options ``` -h, --help help for create ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation iam create aws Create IAM configuration on AWS for your Constellation cluster ### Synopsis Create IAM configuration on AWS for your Constellation cluster. ``` constellation iam create aws [flags] ``` ### Options ``` -h, --help help for aws --prefix string Name prefix for all resources. --yes Create the IAM configuration without further confirmation --zone string AWS availability zone the resources will be created in (e.g. us-east-2a). Find available zones here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones. Note that we do not support every zone / region. You can find a list of all supported regions in our docs. ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation iam create azure Create IAM configuration on Microsoft Azure for your Constellation cluster ### Synopsis Create IAM configuration on Microsoft Azure for your Constellation cluster. ``` constellation iam create azure [flags] ``` ### Options ``` -h, --help help for azure --region string Region the resources will be created in. (e.g. westus) --resourceGroup string Name of the resource group your IAM resources will be created in. --servicePrincipal string Name of the service principal that will be created. --yes Create the IAM configuration without further confirmation ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ``` ## constellation iam create gcp Create IAM configuration on GCP for your Constellation cluster ### Synopsis Create IAM configuration on GCP for your Constellation cluster. ``` constellation iam create gcp [flags] ``` ### Options ``` -h, --help help for gcp --projectID string ID of the GCP project the configuration will be created in. Find it on the welcome screen of your project: https://console.cloud.google.com/welcome --serviceAccountID string ID for the service account that will be created. Must match ^[a-z](?:[-a-z0-9]{4,28}[a-z0-9])$ --yes Create the IAM configuration without further confirmation --zone string GCP zone the cluster will be deployed in. Find a list of available zones here: https://cloud.google.com/compute/docs/regions-zones#available ``` ### Options inherited from parent commands ``` --config string path to the configuration file (default "constellation-conf.yaml") --debug enable debug logging ```