Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-12-27 05:24:43 -05:00
Code Issues Projects Releases Packages Wiki Activity
constellation/getting-started/install/index.html

239 lines
No EOL
64 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html lang="en" dir="ltr" class="docs-wrapper plugin-docs plugin-id-default docs-version-2.24 docs-doc-page docs-doc-id-getting-started/install" data-has-hydrated="false">
<head>
<meta charset="UTF-8">
<meta name="generator" content="Docusaurus v3.9.2">
<title data-rh="true">Installation and setup | Constellation</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://docs.edgeless.systems/constellation/getting-started/install"><meta data-rh="true" property="og:locale" content="en"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="2.24"><meta data-rh="true" name="docusaurus_tag" content="docs-default-2.24"><meta data-rh="true" name="docsearch:version" content="2.24"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-2.24"><meta data-rh="true" property="og:title" content="Installation and setup | Constellation"><meta data-rh="true" name="description" content="Constellation runs entirely in your cloud environment and can be controlled via a dedicated command-line interface (CLI) or a Terraform provider."><meta data-rh="true" property="og:description" content="Constellation runs entirely in your cloud environment and can be controlled via a dedicated command-line interface (CLI) or a Terraform provider."><link data-rh="true" rel="icon" href="/constellation/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://docs.edgeless.systems/constellation/getting-started/install"><link data-rh="true" rel="alternate" href="https://docs.edgeless.systems/constellation/getting-started/install" hreflang="en"><link data-rh="true" rel="alternate" href="https://docs.edgeless.systems/constellation/getting-started/install" hreflang="x-default"><script data-rh="true" type="application/ld+json">{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Getting started","item":"https://docs.edgeless.systems/constellation/category/getting-started"},{"@type":"ListItem","position":2,"name":"Installation","item":"https://docs.edgeless.systems/constellation/getting-started/install"}]}</script><script src="/constellation/gtagman.js" async data-cookieconsent="ignore"></script><link rel="stylesheet" href="/constellation/assets/css/styles.9ca3c5b3.css">
<script src="/constellation/assets/js/runtime~main.87c4c513.js" defer="defer"></script>
<script src="/constellation/assets/js/main.add27954.js" defer="defer"></script>
</head>
<body class="navigation-with-keyboard">
<svg style="display: none;"><defs>
<symbol id="theme-svg-external-link" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"/></symbol>
</defs></svg>
<script>document.documentElement.setAttribute("data-theme","light"),document.documentElement.setAttribute("data-theme-choice","light"),function(){try{const n=new URLSearchParams(window.location.search).entries();for(var[t,e]of n)if(t.startsWith("docusaurus-data-")){var a=t.replace("docusaurus-data-","data-");document.documentElement.setAttribute(a,e)}}catch(t){}}(),document.documentElement.setAttribute("data-announcement-bar-initially-dismissed",function(){try{return"true"===localStorage.getItem("docusaurus.announcement.dismiss")}catch(t){}return!1}())</script><div id="__docusaurus"><div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><div class="theme-announcement-bar announcementBar_mb4j" style="background-color:#E7E6E6" role="banner"><div class="announcementBarPlaceholder_vyr4"></div><div class="content_knG7 announcementBarContent_xLdY">If you like Constellation, give it a star on <a target="_blank" rel="noopener noreferrer" href="https://github.com/edgelesssys/constellation">GitHub</a> ⭐️</div><button type="button" aria-label="Close" class="clean-btn close closeButton_CVFx announcementBarClose_gvF7"><svg viewBox="0 0 15 15" width="14" height="14"><g stroke="currentColor" stroke-width="3.1"><path d="M.75.75l13.5 13.5M14.25.75L.75 14.25"></path></g></svg></button></div><nav aria-label="Main" class="theme-layout-navbar navbar navbar--fixed-top"><div class="navbar__inner"><div class="theme-layout-navbar-left navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/constellation/"><div class="navbar__logo"><img src="/constellation/img/logos/constellation_oneline.svg" alt="Constellation Logo" class="themedComponent_mlkZ themedComponent--light_NVdE"><img src="/constellation/img/logos/constellation_oneline.svg" alt="Constellation Logo" class="themedComponent_mlkZ themedComponent--dark_xIcU"></div></a></div><div class="theme-layout-navbar-right navbar__items navbar__items--right"><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a aria-current="page" class="navbar__link active" aria-haspopup="true" aria-expanded="false" role="button" href="/constellation/getting-started/install">2.24</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/constellation/next/getting-started/install">Next</a></li><li><a aria-current="page" class="dropdown__link dropdown__link--active" href="/constellation/getting-started/install">2.24</a></li><li><a class="dropdown__link" href="/constellation/2.23/getting-started/install">2.23</a></li><li><a class="dropdown__link" href="/constellation/2.22/getting-started/install">2.22</a></li></ul></div><a href="https://github.com/edgelesssys/constellation" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link header-github-link"></a><div class="navbarSearchContainer_Bca1"><div class="dsla-search-wrapper"><div class="dsla-search-field" data-tags="default,docs-default-2.24"></div></div></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="theme-layout-main main-wrapper mainWrapper_z2l0"><div class="docsWrapper_hBAB"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docRoot_UBD9"><aside class="theme-doc-sidebar-container docSidebarContainer_YfHR"><div class="sidebarViewport_aRkj"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG menuWithAnnouncementBar_GW3s"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/constellation/"><span title="Introduction" class="linkLabel_WmDU">Introduction</span></a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/category/basics"><span title="Basics" class="categoryLinkLabel_W154">Basics</span></a><button aria-label="Expand sidebar category &#x27;Basics&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist menu__link--active" href="/constellation/category/getting-started"><span title="Getting started" class="categoryLinkLabel_W154">Getting started</span></a><button aria-label="Collapse sidebar category &#x27;Getting started&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/constellation/getting-started/install"><span title="Installation" class="linkLabel_WmDU">Installation</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/getting-started/first-steps"><span title="First steps (cloud)" class="linkLabel_WmDU">First steps (cloud)</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/getting-started/first-steps-local"><span title="First steps (local)" class="linkLabel_WmDU">First steps (local)</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/getting-started/marketplaces"><span title="Cloud Marketplaces" class="linkLabel_WmDU">Cloud Marketplaces</span></a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" tabindex="0" href="/constellation/getting-started/examples"><span title="Examples" class="categoryLinkLabel_W154">Examples</span></a><button aria-label="Expand sidebar category &#x27;Examples&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/category/workflows"><span title="Workflows" class="categoryLinkLabel_W154">Workflows</span></a><button aria-label="Expand sidebar category &#x27;Workflows&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/category/architecture"><span title="Architecture" class="categoryLinkLabel_W154">Architecture</span></a><button aria-label="Expand sidebar category &#x27;Architecture&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/category/reference"><span title="Reference" class="categoryLinkLabel_W154">Reference</span></a><button aria-label="Expand sidebar category &#x27;Reference&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li></ul></nav></div></div></aside><main class="docMainContainer_TBSr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/constellation/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><a class="breadcrumbs__link" href="/constellation/category/getting-started"><span>Getting started</span></a></li><li class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link">Installation</span></li></ul></nav><span class="theme-doc-version-badge badge badge--secondary">Version: 2.24</span><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Installation and setup</h1></header>
<p>Constellation runs entirely in your cloud environment and can be controlled via a dedicated <a class="" href="/constellation/reference/cli">command-line interface (CLI)</a> or a <a class="" href="/constellation/workflows/terraform-provider">Terraform provider</a>.</p>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="prerequisites">Prerequisites<a href="#prerequisites" class="hash-link" aria-label="Direct link to Prerequisites" title="Direct link to Prerequisites" translate="no"></a></h2>
<p>Make sure the following requirements are met:</p>
<ul>
<li class="">Your machine is running Linux, macOS, or Windows</li>
<li class="">You have admin rights on your machine</li>
<li class=""><a href="https://kubernetes.io/docs/tasks/tools/" target="_blank" rel="noopener noreferrer" class="">kubectl</a> is installed</li>
<li class="">Your CSP is Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or STACKIT</li>
</ul>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="install-the-constellation-cli">Install the Constellation CLI<a href="#install-the-constellation-cli" class="hash-link" aria-label="Direct link to Install the Constellation CLI" title="Direct link to Install the Constellation CLI" translate="no"></a></h2>
<div class="theme-admonition theme-admonition-tip admonition_xJq3 alert alert--success"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 12 16"><path fill-rule="evenodd" d="M6.5 0C3.48 0 1 2.19 1 5c0 .92.55 2.25 1 3 1.34 2.25 1.78 2.78 2 4v1h5v-1c.22-1.22.66-1.75 2-4 .45-.75 1-2.08 1-3 0-2.81-2.48-5-5.5-5zm3.64 7.48c-.25.44-.47.8-.67 1.11-.86 1.41-1.25 2.06-1.45 3.23-.02.05-.02.11-.02.17H5c0-.06 0-.13-.02-.17-.2-1.17-.59-1.83-1.45-3.23-.2-.31-.42-.67-.67-1.11C2.44 6.78 2 5.65 2 5c0-2.2 2.02-4 4.5-4 1.22 0 2.36.42 3.22 1.19C10.55 2.94 11 3.94 11 5c0 .66-.44 1.78-.86 2.48zM4 14h5c-.23 1.14-1.3 2-2.5 2s-2.27-.86-2.5-2z"></path></svg></span>tip</div><div class="admonitionContent_BuS1"><p>If you prefer to use Terraform, you can alternatively use the <a class="" href="/constellation/workflows/terraform-provider">Terraform provider</a> to manage the cluster&#x27;s lifecycle.</p></div></div>
<p>The CLI executable is available at <a href="https://github.com/edgelesssys/constellation/releases" target="_blank" rel="noopener noreferrer" class="">GitHub</a>.
Install it with the following commands:</p>
<div class="theme-tabs-container tabs-container tabList__CuJ"><ul role="tablist" aria-orientation="horizontal" class="tabs"><li role="tab" tabindex="0" aria-selected="true" class="tabs__item tabItem_LNqP tabs__item--active">Linux (amd64)</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">Linux (arm64)</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">macOS (Apple Silicon)</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">macOS (Intel)</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">Windows (amd64)</li></ul><div class="margin-top--md"><div role="tabpanel" class="tabItem_Ymn6"><ol>
<li class="">Download the CLI:</li>
</ol><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64</span><br></span></code></pre></div></div><ol start="2">
<li class="">
<p><a class="" href="/constellation/workflows/verify-cli">Verify the signature</a> (optional)</p>
</li>
<li class="">
<p>Install the CLI to your PATH:</p>
</li>
</ol><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">sudo install constellation-linux-amd64 /usr/local/bin/constellation</span><br></span></code></pre></div></div></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><ol>
<li class="">Download the CLI:</li>
</ol><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-arm64</span><br></span></code></pre></div></div><ol start="2">
<li class="">
<p><a class="" href="/constellation/workflows/verify-cli">Verify the signature</a> (optional)</p>
</li>
<li class="">
<p>Install the CLI to your PATH:</p>
</li>
</ol><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">sudo install constellation-linux-arm64 /usr/local/bin/constellation</span><br></span></code></pre></div></div></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><ol>
<li class="">Download the CLI:</li>
</ol><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-darwin-arm64</span><br></span></code></pre></div></div><ol start="2">
<li class="">
<p><a class="" href="/constellation/workflows/verify-cli">Verify the signature</a> (optional)</p>
</li>
<li class="">
<p>Install the CLI to your PATH:</p>
</li>
</ol><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">sudo install constellation-darwin-arm64 /usr/local/bin/constellation</span><br></span></code></pre></div></div></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><ol>
<li class="">Download the CLI:</li>
</ol><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-darwin-amd64</span><br></span></code></pre></div></div><ol start="2">
<li class="">
<p><a class="" href="/constellation/workflows/verify-cli">Verify the signature</a> (optional)</p>
</li>
<li class="">
<p>Install the CLI to your PATH:</p>
</li>
</ol><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">sudo install constellation-darwin-amd64 /usr/local/bin/constellation</span><br></span></code></pre></div></div></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><ol>
<li class="">Download the CLI:</li>
</ol><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">Invoke-WebRequest -OutFile ./constellation.exe -Uri &#x27;https://github.com/edgelesssys/constellation/releases/latest/download/constellation-windows-amd64.exe&#x27;</span><br></span></code></pre></div></div><ol start="2">
<li class="">
<p><a class="" href="/constellation/workflows/verify-cli">Verify the signature</a> (optional)</p>
</li>
<li class="">
<p>Install the CLI under <code>C:\Program Files\Constellation\bin\constellation.exe</code></p>
</li>
<li class="">
<p>Add the CLI to your PATH:</p>
<ol>
<li class="">Open <code>Advanced system settings</code> by searching for the App in the Windows search</li>
<li class="">Go to the <code>Advanced</code> tab</li>
<li class="">Click <code>Environment Variables…</code></li>
<li class="">Click variable called <code>Path</code> and click <code>Edit…</code></li>
<li class="">Click <code>New</code></li>
<li class="">Enter the path to the folder containing the binary you want on your PATH: <code>C:\Program Files\Constellation\bin</code></li>
</ol>
</li>
</ol></div></div></div>
<div class="theme-admonition theme-admonition-tip admonition_xJq3 alert alert--success"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 12 16"><path fill-rule="evenodd" d="M6.5 0C3.48 0 1 2.19 1 5c0 .92.55 2.25 1 3 1.34 2.25 1.78 2.78 2 4v1h5v-1c.22-1.22.66-1.75 2-4 .45-.75 1-2.08 1-3 0-2.81-2.48-5-5.5-5zm3.64 7.48c-.25.44-.47.8-.67 1.11-.86 1.41-1.25 2.06-1.45 3.23-.02.05-.02.11-.02.17H5c0-.06 0-.13-.02-.17-.2-1.17-.59-1.83-1.45-3.23-.2-.31-.42-.67-.67-1.11C2.44 6.78 2 5.65 2 5c0-2.2 2.02-4 4.5-4 1.22 0 2.36.42 3.22 1.19C10.55 2.94 11 3.94 11 5c0 .66-.44 1.78-.86 2.48zM4 14h5c-.23 1.14-1.3 2-2.5 2s-2.27-.86-2.5-2z"></path></svg></span>tip</div><div class="admonitionContent_BuS1"><p>The CLI supports autocompletion for various shells. To set it up, run <code>constellation completion</code> and follow the given steps.</p></div></div>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="set-up-cloud-credentials">Set up cloud credentials<a href="#set-up-cloud-credentials" class="hash-link" aria-label="Direct link to Set up cloud credentials" title="Direct link to Set up cloud credentials" translate="no"></a></h2>
<p>Constellation makes authenticated calls to the CSP API. Therefore, you need to set up Constellation with the credentials for your CSP.</p>
<div class="theme-admonition theme-admonition-tip admonition_xJq3 alert alert--success"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 12 16"><path fill-rule="evenodd" d="M6.5 0C3.48 0 1 2.19 1 5c0 .92.55 2.25 1 3 1.34 2.25 1.78 2.78 2 4v1h5v-1c.22-1.22.66-1.75 2-4 .45-.75 1-2.08 1-3 0-2.81-2.48-5-5.5-5zm3.64 7.48c-.25.44-.47.8-.67 1.11-.86 1.41-1.25 2.06-1.45 3.23-.02.05-.02.11-.02.17H5c0-.06 0-.13-.02-.17-.2-1.17-.59-1.83-1.45-3.23-.2-.31-.42-.67-.67-1.11C2.44 6.78 2 5.65 2 5c0-2.2 2.02-4 4.5-4 1.22 0 2.36.42 3.22 1.19C10.55 2.94 11 3.94 11 5c0 .66-.44 1.78-.86 2.48zM4 14h5c-.23 1.14-1.3 2-2.5 2s-2.27-.86-2.5-2z"></path></svg></span>tip</div><div class="admonitionContent_BuS1"><p>If you don&#x27;t have a cloud subscription, you can also set up a <a class="" href="/constellation/getting-started/first-steps-local">local Constellation cluster using virtualization</a> for testing.</p></div></div>
<h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="required-permissions">Required permissions<a href="#required-permissions" class="hash-link" aria-label="Direct link to Required permissions" title="Direct link to Required permissions" translate="no"></a></h3>
<div class="theme-tabs-container tabs-container tabList__CuJ"><ul role="tablist" aria-orientation="horizontal" class="tabs"><li role="tab" tabindex="0" aria-selected="true" class="tabs__item tabItem_LNqP tabs__item--active">AWS</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">Azure</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">GCP</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">STACKIT</li></ul><div class="margin-top--md"><div role="tabpanel" class="tabItem_Ymn6"><p>To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure.</p><p>To <a class="" href="/constellation/workflows/config#creating-an-iam-configuration">create the IAM configuration</a> for Constellation, you need the following permissions:</p><div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token punctuation" style="color:#393A34">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token property" style="color:#36acaa">&quot;Version&quot;</span><span class="token operator" style="color:#393A34">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;2012-10-17&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token property" style="color:#36acaa">&quot;Statement&quot;</span><span class="token operator" style="color:#393A34">:</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token property" style="color:#36acaa">&quot;Effect&quot;</span><span class="token operator" style="color:#393A34">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;Allow&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token property" style="color:#36acaa">&quot;Action&quot;</span><span class="token operator" style="color:#393A34">:</span><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">[</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;ec2:DescribeAccountAttributes&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:AddRoleToInstanceProfile&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:AttachRolePolicy&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:CreateInstanceProfile&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:CreatePolicy&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:CreateRole&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:DeleteInstanceProfile&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:DeletePolicy&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:DeletePolicyVersion&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:DeleteRole&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:DetachRolePolicy&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:GetInstanceProfile&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:GetPolicy&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:GetPolicyVersion&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:GetRole&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:ListAttachedRolePolicies&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:ListInstanceProfilesForRole&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:ListPolicyVersions&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:ListRolePolicies&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:PassRole&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;iam:RemoveRoleFromInstanceProfile&quot;</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;sts:GetCallerIdentity&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">]</span><span class="token punctuation" style="color:#393A34">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token property" style="color:#36acaa">&quot;Resource&quot;</span><span class="token operator" style="color:#393A34">:</span><span class="token plain"> </span><span class="token string" style="color:#e3116c">&quot;*&quot;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">}</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token punctuation" style="color:#393A34">]</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"></span><span class="token punctuation" style="color:#393A34">}</span><br></span></code></pre></div></div><p>The built-in <code>AdministratorAccess</code> policy is a superset of these permissions.</p><p>To <a class="" href="/constellation/workflows/create">create a Constellation cluster</a>, see the permissions of <a href="https://github.com/edgelesssys/constellation/blob/main/terraform/infrastructure/iam/aws/main.tf" target="_blank" rel="noopener noreferrer" class="">main.tf</a>.</p><p>The built-in <code>PowerUserAccess</code> policy is a superset of these permissions.</p><p>Follow Amazon&#x27;s guide on <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html" target="_blank" rel="noopener noreferrer" class="">understanding</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html" target="_blank" rel="noopener noreferrer" class="">managing policies</a>.</p></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><p>The following <a href="https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider" target="_blank" rel="noopener noreferrer" class="">resource providers need to be registered</a> in your subscription:</p><ul>
<li class=""><code>Microsoft.Attestation</code></li>
<li class=""><code>Microsoft.Compute</code></li>
<li class=""><code>Microsoft.Insights</code></li>
<li class=""><code>Microsoft.ManagedIdentity</code></li>
<li class=""><code>Microsoft.Network</code></li>
</ul><p>By default, Constellation tries to register these automatically if they haven&#x27;t been registered before.</p><p>To <a class="" href="/constellation/workflows/config#creating-an-iam-configuration">create the IAM configuration</a> for Constellation, you need the following permissions:</p><ul>
<li class=""><code>*/register/action</code> [1]</li>
<li class=""><code>Microsoft.Authorization/roleAssignments/*</code></li>
<li class=""><code>Microsoft.Authorization/roleDefinitions/*</code></li>
<li class=""><code>Microsoft.ManagedIdentity/userAssignedIdentities/*</code></li>
<li class=""><code>Microsoft.Resources/subscriptions/resourcegroups/*</code></li>
</ul><p>The built-in <code>Owner</code> role is a superset of these permissions.</p><p>To <a class="" href="/constellation/workflows/create">create a Constellation cluster</a>, you need the following permissions:</p><ul>
<li class=""><code>Microsoft.Attestation/attestationProviders/*</code></li>
<li class=""><code>Microsoft.Compute/virtualMachineScaleSets/*</code></li>
<li class=""><code>Microsoft.Insights/components/*</code></li>
<li class=""><code>Microsoft.ManagedIdentity/userAssignedIdentities/*</code></li>
<li class=""><code>Microsoft.Network/loadBalancers/*</code></li>
<li class=""><code>Microsoft.Network/loadBalancers/backendAddressPools/*</code></li>
<li class=""><code>Microsoft.Network/networkSecurityGroups/*</code></li>
<li class=""><code>Microsoft.Network/publicIPAddresses/*</code></li>
<li class=""><code>Microsoft.Network/virtualNetworks/*</code></li>
<li class=""><code>Microsoft.Network/virtualNetworks/subnets/*</code></li>
<li class=""><code>Microsoft.Network/natGateways/*</code></li>
</ul><p>The built-in <code>Contributor</code> role is a superset of these permissions.</p><p>Follow Microsoft&#x27;s guide on <a href="https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions" target="_blank" rel="noopener noreferrer" class="">understanding</a> and <a href="https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments" target="_blank" rel="noopener noreferrer" class="">assigning roles</a>.</p><p>1: You can omit <code>*/register/Action</code> if the resource providers mentioned above are already registered and the <code>ARM_SKIP_PROVIDER_REGISTRATION</code> environment variable is set to <code>true</code> when creating the IAM configuration.</p></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><p>Create a new project for Constellation or use an existing one.
Enable the <a href="https://console.cloud.google.com/apis/library/compute.googleapis.com" target="_blank" rel="noopener noreferrer" class="">Compute Engine API</a> on it.</p><p>To <a class="" href="/constellation/workflows/config#creating-an-iam-configuration">create the IAM configuration</a> for Constellation, you need the following permissions:</p><ul>
<li class=""><code>iam.roles.create</code></li>
<li class=""><code>iam.roles.delete</code></li>
<li class=""><code>iam.roles.get</code></li>
<li class=""><code>iam.serviceAccountKeys.create</code></li>
<li class=""><code>iam.serviceAccountKeys.delete</code></li>
<li class=""><code>iam.serviceAccountKeys.get</code></li>
<li class=""><code>iam.serviceAccounts.create</code></li>
<li class=""><code>iam.serviceAccounts.delete</code></li>
<li class=""><code>iam.serviceAccounts.get</code></li>
<li class=""><code>resourcemanager.projects.getIamPolicy</code></li>
<li class=""><code>resourcemanager.projects.setIamPolicy</code></li>
</ul><p>Together, the built-in roles <code>roles/editor</code> and <code>roles/resourcemanager.projectIamAdmin</code> form a superset of these permissions.</p><p>To <a class="" href="/constellation/workflows/create">create a Constellation cluster</a>, you need the following permissions:</p><ul>
<li class=""><code>compute.addresses.createInternal</code></li>
<li class=""><code>compute.addresses.deleteInternal</code></li>
<li class=""><code>compute.addresses.get</code></li>
<li class=""><code>compute.addresses.useInternal</code></li>
<li class=""><code>compute.backendServices.create</code></li>
<li class=""><code>compute.backendServices.delete</code></li>
<li class=""><code>compute.backendServices.get</code></li>
<li class=""><code>compute.backendServices.use</code></li>
<li class=""><code>compute.disks.create</code></li>
<li class=""><code>compute.firewalls.create</code></li>
<li class=""><code>compute.firewalls.delete</code></li>
<li class=""><code>compute.firewalls.get</code></li>
<li class=""><code>compute.firewalls.update</code></li>
<li class=""><code>compute.forwardingRules.create</code></li>
<li class=""><code>compute.forwardingRules.delete</code></li>
<li class=""><code>compute.forwardingRules.get</code></li>
<li class=""><code>compute.forwardingRules.setLabels</code></li>
<li class=""><code>compute.forwardingRules.list</code></li>
<li class=""><code>compute.globalAddresses.create</code></li>
<li class=""><code>compute.globalAddresses.delete</code></li>
<li class=""><code>compute.globalAddresses.get</code></li>
<li class=""><code>compute.globalAddresses.use</code></li>
<li class=""><code>compute.globalForwardingRules.create</code></li>
<li class=""><code>compute.globalForwardingRules.delete</code></li>
<li class=""><code>compute.globalForwardingRules.get</code></li>
<li class=""><code>compute.globalForwardingRules.setLabels</code></li>
<li class=""><code>compute.globalOperations.get</code></li>
<li class=""><code>compute.healthChecks.create</code></li>
<li class=""><code>compute.healthChecks.delete</code></li>
<li class=""><code>compute.healthChecks.get</code></li>
<li class=""><code>compute.healthChecks.useReadOnly</code></li>
<li class=""><code>compute.instanceGroupManagers.create</code></li>
<li class=""><code>compute.instanceGroupManagers.delete</code></li>
<li class=""><code>compute.instanceGroupManagers.get</code></li>
<li class=""><code>compute.instanceGroupManagers.update</code></li>
<li class=""><code>compute.instanceGroups.create</code></li>
<li class=""><code>compute.instanceGroups.delete</code></li>
<li class=""><code>compute.instanceGroups.get</code></li>
<li class=""><code>compute.instanceGroups.update</code></li>
<li class=""><code>compute.instanceGroups.use</code></li>
<li class=""><code>compute.instances.create</code></li>
<li class=""><code>compute.instances.setLabels</code></li>
<li class=""><code>compute.instances.setMetadata</code></li>
<li class=""><code>compute.instances.setTags</code></li>
<li class=""><code>compute.instanceTemplates.create</code></li>
<li class=""><code>compute.instanceTemplates.delete</code></li>
<li class=""><code>compute.instanceTemplates.get</code></li>
<li class=""><code>compute.instanceTemplates.useReadOnly</code></li>
<li class=""><code>compute.networks.create</code></li>
<li class=""><code>compute.networks.delete</code></li>
<li class=""><code>compute.networks.get</code></li>
<li class=""><code>compute.networks.updatePolicy</code></li>
<li class=""><code>compute.routers.create</code></li>
<li class=""><code>compute.routers.delete</code></li>
<li class=""><code>compute.routers.get</code></li>
<li class=""><code>compute.routers.update</code></li>
<li class=""><code>compute.subnetworks.create</code></li>
<li class=""><code>compute.subnetworks.delete</code></li>
<li class=""><code>compute.subnetworks.get</code></li>
<li class=""><code>compute.subnetworks.use</code></li>
<li class=""><code>compute.targetTcpProxies.create</code></li>
<li class=""><code>compute.targetTcpProxies.delete</code></li>
<li class=""><code>compute.targetTcpProxies.get</code></li>
<li class=""><code>compute.targetTcpProxies.use</code></li>
<li class=""><code>iam.serviceAccounts.actAs</code></li>
</ul><p>Together, the built-in roles <code>roles/editor</code>, <code>roles/compute.instanceAdmin</code> and <code>roles/resourcemanager.projectIamAdmin</code> form a superset of these permissions.</p><p>Follow Google&#x27;s guide on <a href="https://cloud.google.com/iam/docs/understanding-roles" target="_blank" rel="noopener noreferrer" class="">understanding</a> and <a href="https://cloud.google.com/iam/docs/granting-changing-revoking-access" target="_blank" rel="noopener noreferrer" class="">assigning roles</a>.</p></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><p>Constellation on STACKIT requires a User Access Token (UAT) for the OpenStack API and a STACKIT service account.
The UAT already has all required permissions by default.
The STACKIT service account needs the <code>editor</code> role to create STACKIT LoadBalancers.
Look at the <a href="https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html" target="_blank" rel="noopener noreferrer" class="">STACKIT documentation</a> on how to create the service account and assign the role.</p></div></div></div>
<h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="authentication">Authentication<a href="#authentication" class="hash-link" aria-label="Direct link to Authentication" title="Direct link to Authentication" translate="no"></a></h3>
<p>You need to authenticate with your CSP. The following lists the required steps for <em>testing</em> and <em>production</em> environments.</p>
<div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"></path></svg></span>note</div><div class="admonitionContent_BuS1"><p>The steps for a <em>testing</em> environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the <em>production</em> steps.</p></div></div>
<div class="theme-tabs-container tabs-container tabList__CuJ"><ul role="tablist" aria-orientation="horizontal" class="tabs"><li role="tab" tabindex="0" aria-selected="true" class="tabs__item tabItem_LNqP tabs__item--active">AWS</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">Azure</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">GCP</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">STACKIT</li></ul><div class="margin-top--md"><div role="tabpanel" class="tabItem_Ymn6"><p><strong>Testing</strong></p><p>You can use the <a href="https://console.aws.amazon.com/cloudshell/home" target="_blank" rel="noopener noreferrer" class="">AWS CloudShell</a>. Make sure you are <a href="https://docs.aws.amazon.com/cloudshell/latest/userguide/sec-auth-with-identities.html" target="_blank" rel="noopener noreferrer" class="">authorized to use it</a>.</p><p><strong>Production</strong></p><p>Use the latest version of the <a href="https://aws.amazon.com/cli/" target="_blank" rel="noopener noreferrer" class="">AWS CLI</a> on a trusted machine:</p><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">aws configure</span><br></span></code></pre></div></div><p>Options and first steps are described in the <a href="https://docs.aws.amazon.com/cli/index.html" target="_blank" rel="noopener noreferrer" class="">AWS CLI documentation</a>.</p></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><p><strong>Testing</strong></p><p>Simply open the <a href="https://docs.microsoft.com/en-us/azure/cloud-shell/overview" target="_blank" rel="noopener noreferrer" class="">Azure Cloud Shell</a>.</p><p><strong>Production</strong></p><p>Use the latest version of the <a href="https://docs.microsoft.com/en-us/cli/azure/" target="_blank" rel="noopener noreferrer" class="">Azure CLI</a> on a trusted machine:</p><div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">az login</span><br></span></code></pre></div></div><p>Other options are described in Azure&#x27;s <a href="https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli" target="_blank" rel="noopener noreferrer" class="">authentication guide</a>.</p></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><p><strong>Testing</strong></p><p>You can use the <a href="https://cloud.google.com/shell" target="_blank" rel="noopener noreferrer" class="">Google Cloud Shell</a>. Make sure your <a href="https://cloud.google.com/shell/docs/auth" target="_blank" rel="noopener noreferrer" class="">session is authorized</a>. For example, execute <code>gsutil</code> and accept the authorization prompt.</p><p><strong>Production</strong></p><p>Use one of the following options on a trusted machine:</p><ul>
<li class="">
<p>Use the <a href="https://cloud.google.com/sdk/gcloud" target="_blank" rel="noopener noreferrer" class=""><code>gcloud</code> CLI</a></p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">gcloud auth application-default login</span><br></span></code></pre></div></div>
<p>This will ask you to log-in to your Google account and create your credentials.
The Constellation CLI will automatically load these credentials when needed.</p>
</li>
<li class="">
<p>Set up a service account and pass the credentials manually</p>
<p>Follow <a href="https://cloud.google.com/docs/authentication/production#manually" target="_blank" rel="noopener noreferrer" class="">Google&#x27;s guide</a> for setting up your credentials.</p>
</li>
</ul></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><p>You need to authenticate with the infrastructure API (OpenStack) and create a service account (STACKIT API).</p><ol>
<li class="">
<p><a href="https://docs.stackit.cloud/stackit/en/step-1-generating-of-user-access-token-11763726.html" target="_blank" rel="noopener noreferrer" class="">Follow the STACKIT documentation</a> for obtaining a User Access Token (UAT) to use the infrastructure API</p>
</li>
<li class="">
<p>Create a configuration file with the credentials from the User Access Token under:</p>
<ul>
<li class="">Linux: <code>~/.config/openstack/clouds.yaml</code></li>
<li class="">macOS: <code>/Users/&lt;user&gt;/Library/Application Support/openstack/clouds.yaml</code> or <code>/etc/openstack/clouds.yaml</code></li>
<li class="">Windows: <code>%AppData%\openstack\clouds.yaml</code></li>
</ul>
<div class="language-yaml codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-yaml codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token key atrule" style="color:#00a4db">clouds</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">stackit</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">auth</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"></span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">auth_url</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> https</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain">//keystone.api.iaas.eu01.stackit.cloud/v3</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">username</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> REPLACE_WITH_UAT_USERNAME</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">password</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> REPLACE_WITH_UAT_PASSWORD</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">project_id</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> REPLACE_WITH_OPENSTACK_PROJECT_ID</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">project_name</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> REPLACE_WITH_STACKIT_PROJECT_NAME</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">user_domain_name</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> portal_mvp</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">project_domain_name</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> portal_mvp</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">region_name</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> RegionOne</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> </span><span class="token key atrule" style="color:#00a4db">identity_api_version</span><span class="token punctuation" style="color:#393A34">:</span><span class="token plain"> </span><span class="token number" style="color:#36acaa">3</span><br></span></code></pre></div></div>
</li>
</ol><div class="theme-admonition theme-admonition-caution admonition_xJq3 alert alert--warning"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 16 16"><path fill-rule="evenodd" d="M8.893 1.5c-.183-.31-.52-.5-.887-.5s-.703.19-.886.5L.138 13.499a.98.98 0 0 0 0 1.001c.193.31.53.501.886.501h13.964c.367 0 .704-.19.877-.5a1.03 1.03 0 0 0 .01-1.002L8.893 1.5zm.133 11.497H6.987v-2.003h2.039v2.003zm0-3.004H6.987V5.987h2.039v4.006z"></path></svg></span>caution</div><div class="admonitionContent_BuS1"><p><code>project_id</code> refers to the ID of your OpenStack project. The STACKIT portal also shows the STACKIT ID that&#x27;s associated with your project in some places. Make sure you insert the OpenStack project ID in the <code>clouds.yaml</code> file.</p></div></div><ol start="3">
<li class="">
<p><a href="https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html" target="_blank" rel="noopener noreferrer" class="">Follow the STACKIT documentation</a> for creating a service account and an access token</p>
</li>
<li class="">
<p>Assign the <code>editor</code> role to the service account by <a href="https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html" target="_blank" rel="noopener noreferrer" class="">following the documentation</a></p>
</li>
<li class="">
<p>Create a configuration file under <code>~/.stackit/credentials.json</code> (<code>%USERPROFILE%\.stackit\credentials.json</code> on Windows)</p>
<div class="language-json codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-json codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token punctuation" style="color:#393A34">{</span><span class="token property" style="color:#36acaa">&quot;STACKIT_SERVICE_ACCOUNT_TOKEN&quot;</span><span class="token operator" style="color:#393A34">:</span><span class="token string" style="color:#e3116c">&quot;REPLACE_WITH_TOKEN&quot;</span><span class="token punctuation" style="color:#393A34">}</span><br></span></code></pre></div></div>
</li>
</ol></div></div></div>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="next-steps">Next steps<a href="#next-steps" class="hash-link" aria-label="Direct link to Next steps" title="Direct link to Next steps" translate="no"></a></h2>
<p>You are now ready to <a class="" href="/constellation/getting-started/first-steps">deploy your first confidential Kubernetes cluster and application</a>.</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="row margin-top--sm theme-doc-footer-edit-meta-row"><div class="col noPrint_WFHX"><a href="https://github.com/edgelesssys/constellation/edit/main/docs/versioned_docs/version-2.24/getting-started/install.md" target="_blank" rel="noopener noreferrer" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_JAkA"></div></div></footer></article><nav class="docusaurus-mt-lg pagination-nav" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/constellation/category/getting-started"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Getting started</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/constellation/getting-started/first-steps"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">First steps (cloud)</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#prerequisites" class="table-of-contents__link toc-highlight">Prerequisites</a></li><li><a href="#install-the-constellation-cli" class="table-of-contents__link toc-highlight">Install the Constellation CLI</a></li><li><a href="#set-up-cloud-credentials" class="table-of-contents__link toc-highlight">Set up cloud credentials</a><ul><li><a href="#required-permissions" class="table-of-contents__link toc-highlight">Required permissions</a></li><li><a href="#authentication" class="table-of-contents__link toc-highlight">Authentication</a></li></ul></li><li><a href="#next-steps" class="table-of-contents__link toc-highlight">Next steps</a></li></ul></div></div></div></div></main></div></div></div><footer class="theme-layout-footer footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/constellation/overview/confidential-kubernetes">Confidential Kubernetes</a></li><li class="footer__item"><a class="footer__link-item" href="/constellation/getting-started/install">Install</a></li><li class="footer__item"><a class="footer__link-item" href="/constellation/getting-started/first-steps">First steps</a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/edgelesssys/constellation" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.edgeless.systems/#footer" target="_blank" rel="noopener noreferrer" class="footer__link-item">Newsletter<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Social</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://www.edgeless.systems/blog/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Blog<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://twitter.com/EdgelessSystems" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.linkedin.com/company/edgeless-systems/" target="_blank" rel="noopener noreferrer" class="footer__link-item">LinkedIn<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.youtube.com/channel/UCOOInN0sCv6icUesisYIDeA" target="_blank" rel="noopener noreferrer" class="footer__link-item">Youtube<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Company</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://www.edgeless.systems/imprint/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Imprint<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.edgeless.systems/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy Policy<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="javascript: Cookiebot.renew()" class="footer__link-item">Cookie Settings</a></li><li class="footer__item"><a href="https://www.edgeless.systems/contact-us/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Contact Us<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2025 Edgeless Systems</div></div></div></footer></div>
</body>
</html>
Reference in a new issue View git blame Copy permalink