# CLI reference
<!-- This file is generated by constellation/hack/clidocgen via update-cli-reference.yml workflow. Don't edit manually. -->
Use the Constellation CLI to create and manage your clusters.
Usage:
```
constellation [command]
```
Commands:
* [config](#constellation-config): Work with the Constellation configuration file
* [generate](#constellation-config-generate): Generate a default configuration file
* [fetch-measurements](#constellation-config-fetch-measurements): Fetch measurements for configured cloud provider and image
* [instance-types](#constellation-config-instance-types): Print the supported instance types for all cloud providers
* [kubernetes-versions](#constellation-config-kubernetes-versions): Print the Kubernetes versions supported by this CLI
* [migrate](#constellation-config-migrate): Migrate a configuration file to a new version
* [create](#constellation-create): Create instances on a cloud platform for your Constellation cluster
* [init](#constellation-init): Initialize the Constellation cluster
* [mini](#constellation-mini): Manage MiniConstellation clusters
* [up](#constellation-mini-up): Create and initialize a new MiniConstellation cluster
* [down](#constellation-mini-down): Destroy a MiniConstellation cluster
* [status](#constellation-status): Show status of a Constellation cluster
* [verify](#constellation-verify): Verify the confidential properties of a Constellation cluster
* [upgrade](#constellation-upgrade): Find and apply upgrades to your Constellation cluster
* [check](#constellation-upgrade-check): Check for possible upgrades
* [apply](#constellation-upgrade-apply): Apply an upgrade to a Constellation cluster
* [recover](#constellation-recover): Recover a completely stopped Constellation cluster
* [terminate](#constellation-terminate): Terminate a Constellation cluster
* [iam](#constellation-iam): Work with the IAM configuration on your cloud provider
* [create](#constellation-iam-create): Create IAM configuration on a cloud platform for your Constellation cluster
* [aws](#constellation-iam-create-aws): Create IAM configuration on AWS for your Constellation cluster
* [azure](#constellation-iam-create-azure): Create IAM configuration on Microsoft Azure for your Constellation cluster
* [gcp](#constellation-iam-create-gcp): Create IAM configuration on GCP for your Constellation cluster
* [destroy](#constellation-iam-destroy): Destroy an IAM configuration and delete local Terraform files
* [version](#constellation-version): Display version of this CLI
## constellation config
Work with the Constellation configuration file
### Synopsis
Work with the Constellation configuration file.
### Options
```
-h, --help help for config
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation config generate
Generate a default configuration file
### Synopsis
Generate a default configuration file for your selected cloud provider.
```
constellation config generate {aws|azure|gcp|openstack|qemu|stackit} [flags]
```
### Options
```
-a, --attestation string attestation variant to use {aws-sev-snp|aws-nitro-tpm|azure-sev-snp|azure-trustedlaunch|gcp-sev-es|qemu-vtpm}. If not specified, the default for the cloud provider is used
-f, --file string path to output file, or '-' for stdout (default "constellation-conf.yaml")
-h, --help help for generate
-k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.26")
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation config fetch-measurements
Fetch measurements for configured cloud provider and image
### Synopsis
Fetch measurements for configured cloud provider and image.
A config needs to be generated first.
```
constellation config fetch-measurements [flags]
```
### Options
```
-h, --help help for fetch-measurements
-s, --signature-url string alternative URL to fetch measurements' signature from
-u, --url string alternative URL to fetch measurements from
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation config instance-types
Print the supported instance types for all cloud providers
### Synopsis
Print the supported instance types for all cloud providers.
```
constellation config instance-types [flags]
```
### Options
```
-h, --help help for instance-types
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation config kubernetes-versions
Print the Kubernetes versions supported by this CLI
### Synopsis
Print the Kubernetes versions supported by this CLI.
```
constellation config kubernetes-versions [flags]
```
### Options
```
-h, --help help for kubernetes-versions
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation config migrate
Migrate a configuration file to a new version
### Synopsis
Migrate a configuration file to a new version.
```
constellation config migrate [flags]
```
### Options
```
-h, --help help for migrate
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation create
Create instances on a cloud platform for your Constellation cluster
### Synopsis
Create instances on a cloud platform for your Constellation cluster.
```
constellation create [flags]
```
### Options
```
-c, --control-plane-nodes int number of control-plane nodes (required)
-h, --help help for create
-w, --worker-nodes int number of worker nodes (required)
-y, --yes create the cluster without further confirmation
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation init
Initialize the Constellation cluster
### Synopsis
Initialize the Constellation cluster.
Start your confidential Kubernetes.
```
constellation init [flags]
```
### Options
```
--conformance enable conformance mode
-h, --help help for init
--master-secret string path to base64-encoded master secret
--merge-kubeconfig merge Constellation kubeconfig file with default kubeconfig file in $HOME/.kube/config
--skip-helm-wait install helm charts without waiting for deployments to be ready
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation mini
Manage MiniConstellation clusters
### Synopsis
Manage MiniConstellation clusters.
### Options
```
-h, --help help for mini
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation mini up
Create and initialize a new MiniConstellation cluster
### Synopsis
Create and initialize a new MiniConstellation cluster.
A mini cluster consists of a single control-plane and worker node, hosted using QEMU/KVM.
```
constellation mini up [flags]
```
### Options
```
--config string path to the configuration file to use for the cluster
-h, --help help for up
--merge-kubeconfig merge Constellation kubeconfig file with default kubeconfig file in $HOME/.kube/config (default true)
```
### Options inherited from parent commands
```
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation mini down
Destroy a MiniConstellation cluster
### Synopsis
Destroy a MiniConstellation cluster.
```
constellation mini down [flags]
```
### Options
```
-h, --help help for down
-y, --yes terminate the cluster without further confirmation
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation status
Show status of a Constellation cluster
### Synopsis
Show the status of a constellation cluster.
Shows microservice, image, and Kubernetes versions installed in the cluster. Also shows status of current version upgrades.
```
constellation status [flags]
```
### Options
```
-h, --help help for status
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation verify
Verify the confidential properties of a Constellation cluster
### Synopsis
Verify the confidential properties of a Constellation cluster.
If arguments aren't specified, values are read from `constellation-id.json`.
```
constellation verify [flags]
```
### Options
```
--cluster-id string expected cluster identifier
-h, --help help for verify
-e, --node-endpoint string endpoint of the node to verify, passed as HOST[:PORT]
--raw print raw attestation document
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation upgrade
Find and apply upgrades to your Constellation cluster
### Synopsis
Find and apply upgrades to your Constellation cluster.
### Options
```
-h, --help help for upgrade
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation upgrade check
Check for possible upgrades
### Synopsis
Check which upgrades can be applied to your Constellation Cluster.
```
constellation upgrade check [flags]
```
### Options
```
-h, --help help for check
--ref string the reference to use for querying new versions (default "-")
--stream string the stream to use for querying new versions (default "stable")
-u, --update-config update the specified config file with the suggested versions
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation upgrade apply
Apply an upgrade to a Constellation cluster
### Synopsis
Apply an upgrade to a Constellation cluster by applying the chosen configuration.
```
constellation upgrade apply [flags]
```
### Options
```
-h, --help help for apply
-y, --yes run upgrades without further confirmation
WARNING: might delete your resources in case you are using cert-manager in your cluster. Please read the docs.
WARNING: might unintentionally overwrite measurements in the running cluster.
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation recover
Recover a completely stopped Constellation cluster
### Synopsis
Recover a Constellation cluster by sending a recovery key to an instance in the boot stage.
This is only required if instances restart without other instances available for bootstrapping.
```
constellation recover [flags]
```
### Options
```
-e, --endpoint string endpoint of the instance, passed as HOST[:PORT]
-h, --help help for recover
--master-secret string path to master secret file (default "constellation-mastersecret.json")
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation terminate
Terminate a Constellation cluster
### Synopsis
Terminate a Constellation cluster.
The cluster can't be started again, and all persistent storage will be lost.
```
constellation terminate [flags]
```
### Options
```
-h, --help help for terminate
-y, --yes terminate the cluster without further confirmation
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation iam
Work with the IAM configuration on your cloud provider
### Synopsis
Work with the IAM configuration on your cloud provider.
### Options
```
-h, --help help for iam
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation iam create
Create IAM configuration on a cloud platform for your Constellation cluster
### Synopsis
Create IAM configuration on a cloud platform for your Constellation cluster.
### Options
```
-h, --help help for create
--update-config update the config file with the specific IAM information
-y, --yes create the IAM configuration without further confirmation
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation iam create aws
Create IAM configuration on AWS for your Constellation cluster
### Synopsis
Create IAM configuration on AWS for your Constellation cluster.
```
constellation iam create aws [flags]
```
### Options
```
-h, --help help for aws
--prefix string name prefix for all resources (required)
--zone string AWS availability zone the resources will be created in, e.g., us-east-2a (required)
See the Constellation docs for a list of currently supported regions.
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
--update-config update the config file with the specific IAM information
-y, --yes create the IAM configuration without further confirmation
```
## constellation iam create azure
Create IAM configuration on Microsoft Azure for your Constellation cluster
### Synopsis
Create IAM configuration on Microsoft Azure for your Constellation cluster.
```
constellation iam create azure [flags]
```
### Options
```
-h, --help help for azure
--region string region the resources will be created in, e.g., westus (required)
--resourceGroup string name prefix of the two resource groups your cluster / IAM resources will be created in (required)
--servicePrincipal string name of the service principal that will be created (required)
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
--update-config update the config file with the specific IAM information
-y, --yes create the IAM configuration without further confirmation
```
## constellation iam create gcp
Create IAM configuration on GCP for your Constellation cluster
### Synopsis
Create IAM configuration on GCP for your Constellation cluster.
```
constellation iam create gcp [flags]
```
### Options
```
-h, --help help for gcp
--projectID string ID of the GCP project the configuration will be created in (required)
Find it on the welcome screen of your project: https://console.cloud.google.com/welcome
--serviceAccountID string ID for the service account that will be created (required)
Must be 6 to 30 lowercase letters, digits, or hyphens.
--zone string GCP zone the cluster will be deployed in (required)
Find a list of available zones here: https://cloud.google.com/compute/docs/regions-zones#available
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
--update-config update the config file with the specific IAM information
-y, --yes create the IAM configuration without further confirmation
```
## constellation iam destroy
Destroy an IAM configuration and delete local Terraform files
### Synopsis
Destroy an IAM configuration and delete local Terraform files.
```
constellation iam destroy [flags]
```
### Options
```
-h, --help help for destroy
-y, --yes destroy the IAM configuration without asking for confirmation
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```
## constellation version
Display version of this CLI
### Synopsis
Display version of this CLI.
```
constellation version [flags]
```
### Options
```
-h, --help help for version
```
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
```