mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-11 23:49:30 -05:00
755 lines
22 KiB
Markdown
755 lines
22 KiB
Markdown
# CLI reference
|
|
|
|
<!-- This file is generated by constellation/hack/clidocgen via update-cli-reference.yml workflow. Don't edit manually. -->
|
|
|
|
Use the Constellation CLI to create and manage your clusters.
|
|
|
|
Usage:
|
|
|
|
```
|
|
constellation [command]
|
|
```
|
|
Commands:
|
|
|
|
* [config](#constellation-config): Work with the Constellation configuration file
|
|
* [generate](#constellation-config-generate): Generate a default configuration file
|
|
* [fetch-measurements](#constellation-config-fetch-measurements): Fetch measurements for configured cloud provider and image
|
|
* [instance-types](#constellation-config-instance-types): Print the supported instance types for all cloud providers
|
|
* [kubernetes-versions](#constellation-config-kubernetes-versions): Print the Kubernetes versions supported by this CLI
|
|
* [migrate](#constellation-config-migrate): Migrate a configuration file to a new version
|
|
* [create](#constellation-create): Create instances on a cloud platform for your Constellation cluster
|
|
* [init](#constellation-init): Initialize the Constellation cluster
|
|
* [mini](#constellation-mini): Manage MiniConstellation clusters
|
|
* [up](#constellation-mini-up): Create and initialize a new MiniConstellation cluster
|
|
* [down](#constellation-mini-down): Destroy a MiniConstellation cluster
|
|
* [status](#constellation-status): Show status of a Constellation cluster
|
|
* [verify](#constellation-verify): Verify the confidential properties of a Constellation cluster
|
|
* [upgrade](#constellation-upgrade): Find and apply upgrades to your Constellation cluster
|
|
* [check](#constellation-upgrade-check): Check for possible upgrades
|
|
* [apply](#constellation-upgrade-apply): Apply an upgrade to a Constellation cluster
|
|
* [recover](#constellation-recover): Recover a completely stopped Constellation cluster
|
|
* [terminate](#constellation-terminate): Terminate a Constellation cluster
|
|
* [iam](#constellation-iam): Work with the IAM configuration on your cloud provider
|
|
* [create](#constellation-iam-create): Create IAM configuration on a cloud platform for your Constellation cluster
|
|
* [aws](#constellation-iam-create-aws): Create IAM configuration on AWS for your Constellation cluster
|
|
* [azure](#constellation-iam-create-azure): Create IAM configuration on Microsoft Azure for your Constellation cluster
|
|
* [gcp](#constellation-iam-create-gcp): Create IAM configuration on GCP for your Constellation cluster
|
|
* [destroy](#constellation-iam-destroy): Destroy an IAM configuration and delete local Terraform files
|
|
* [version](#constellation-version): Display version of this CLI
|
|
|
|
## constellation config
|
|
|
|
Work with the Constellation configuration file
|
|
|
|
### Synopsis
|
|
|
|
Work with the Constellation configuration file.
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for config
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation config generate
|
|
|
|
Generate a default configuration file
|
|
|
|
### Synopsis
|
|
|
|
Generate a default configuration file for your selected cloud provider.
|
|
|
|
```
|
|
constellation config generate {aws|azure|gcp|openstack|qemu|stackit} [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-a, --attestation string attestation variant to use {aws-sev-snp|aws-nitro-tpm|azure-sev-snp|azure-trustedlaunch|gcp-sev-es|qemu-vtpm}. If not specified, the default for the cloud provider is used
|
|
-f, --file string path to output file, or '-' for stdout (default "constellation-conf.yaml")
|
|
-h, --help help for generate
|
|
-k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.26")
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation config fetch-measurements
|
|
|
|
Fetch measurements for configured cloud provider and image
|
|
|
|
### Synopsis
|
|
|
|
Fetch measurements for configured cloud provider and image.
|
|
|
|
A config needs to be generated first.
|
|
|
|
```
|
|
constellation config fetch-measurements [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for fetch-measurements
|
|
-s, --signature-url string alternative URL to fetch measurements' signature from
|
|
-u, --url string alternative URL to fetch measurements from
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation config instance-types
|
|
|
|
Print the supported instance types for all cloud providers
|
|
|
|
### Synopsis
|
|
|
|
Print the supported instance types for all cloud providers.
|
|
|
|
```
|
|
constellation config instance-types [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for instance-types
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation config kubernetes-versions
|
|
|
|
Print the Kubernetes versions supported by this CLI
|
|
|
|
### Synopsis
|
|
|
|
Print the Kubernetes versions supported by this CLI.
|
|
|
|
```
|
|
constellation config kubernetes-versions [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for kubernetes-versions
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation config migrate
|
|
|
|
Migrate a configuration file to a new version
|
|
|
|
### Synopsis
|
|
|
|
Migrate a configuration file to a new version.
|
|
|
|
```
|
|
constellation config migrate [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for migrate
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation create
|
|
|
|
Create instances on a cloud platform for your Constellation cluster
|
|
|
|
### Synopsis
|
|
|
|
Create instances on a cloud platform for your Constellation cluster.
|
|
|
|
```
|
|
constellation create [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-c, --control-plane-nodes int number of control-plane nodes (required)
|
|
-h, --help help for create
|
|
-w, --worker-nodes int number of worker nodes (required)
|
|
-y, --yes create the cluster without further confirmation
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation init
|
|
|
|
Initialize the Constellation cluster
|
|
|
|
### Synopsis
|
|
|
|
Initialize the Constellation cluster.
|
|
|
|
Start your confidential Kubernetes.
|
|
|
|
```
|
|
constellation init [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
--conformance enable conformance mode
|
|
-h, --help help for init
|
|
--master-secret string path to base64-encoded master secret
|
|
--merge-kubeconfig merge Constellation kubeconfig file with default kubeconfig file in $HOME/.kube/config
|
|
--skip-helm-wait install helm charts without waiting for deployments to be ready
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation mini
|
|
|
|
Manage MiniConstellation clusters
|
|
|
|
### Synopsis
|
|
|
|
Manage MiniConstellation clusters.
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for mini
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation mini up
|
|
|
|
Create and initialize a new MiniConstellation cluster
|
|
|
|
### Synopsis
|
|
|
|
Create and initialize a new MiniConstellation cluster.
|
|
|
|
A mini cluster consists of a single control-plane and worker node, hosted using QEMU/KVM.
|
|
|
|
```
|
|
constellation mini up [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
--config string path to the configuration file to use for the cluster
|
|
-h, --help help for up
|
|
--merge-kubeconfig merge Constellation kubeconfig file with default kubeconfig file in $HOME/.kube/config (default true)
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation mini down
|
|
|
|
Destroy a MiniConstellation cluster
|
|
|
|
### Synopsis
|
|
|
|
Destroy a MiniConstellation cluster.
|
|
|
|
```
|
|
constellation mini down [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for down
|
|
-y, --yes terminate the cluster without further confirmation
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation status
|
|
|
|
Show status of a Constellation cluster
|
|
|
|
### Synopsis
|
|
|
|
Show the status of a constellation cluster.
|
|
|
|
Shows microservice, image, and Kubernetes versions installed in the cluster. Also shows status of current version upgrades.
|
|
|
|
```
|
|
constellation status [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for status
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation verify
|
|
|
|
Verify the confidential properties of a Constellation cluster
|
|
|
|
### Synopsis
|
|
|
|
Verify the confidential properties of a Constellation cluster.
|
|
If arguments aren't specified, values are read from `constellation-id.json`.
|
|
|
|
```
|
|
constellation verify [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
--cluster-id string expected cluster identifier
|
|
-h, --help help for verify
|
|
-e, --node-endpoint string endpoint of the node to verify, passed as HOST[:PORT]
|
|
--raw print raw attestation document
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation upgrade
|
|
|
|
Find and apply upgrades to your Constellation cluster
|
|
|
|
### Synopsis
|
|
|
|
Find and apply upgrades to your Constellation cluster.
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for upgrade
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation upgrade check
|
|
|
|
Check for possible upgrades
|
|
|
|
### Synopsis
|
|
|
|
Check which upgrades can be applied to your Constellation Cluster.
|
|
|
|
```
|
|
constellation upgrade check [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for check
|
|
--ref string the reference to use for querying new versions (default "-")
|
|
--stream string the stream to use for querying new versions (default "stable")
|
|
-u, --update-config update the specified config file with the suggested versions
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation upgrade apply
|
|
|
|
Apply an upgrade to a Constellation cluster
|
|
|
|
### Synopsis
|
|
|
|
Apply an upgrade to a Constellation cluster by applying the chosen configuration.
|
|
|
|
```
|
|
constellation upgrade apply [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for apply
|
|
-y, --yes run upgrades without further confirmation
|
|
WARNING: might delete your resources in case you are using cert-manager in your cluster. Please read the docs.
|
|
WARNING: might unintentionally overwrite measurements in the running cluster.
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation recover
|
|
|
|
Recover a completely stopped Constellation cluster
|
|
|
|
### Synopsis
|
|
|
|
Recover a Constellation cluster by sending a recovery key to an instance in the boot stage.
|
|
|
|
This is only required if instances restart without other instances available for bootstrapping.
|
|
|
|
```
|
|
constellation recover [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-e, --endpoint string endpoint of the instance, passed as HOST[:PORT]
|
|
-h, --help help for recover
|
|
--master-secret string path to master secret file (default "constellation-mastersecret.json")
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation terminate
|
|
|
|
Terminate a Constellation cluster
|
|
|
|
### Synopsis
|
|
|
|
Terminate a Constellation cluster.
|
|
|
|
The cluster can't be started again, and all persistent storage will be lost.
|
|
|
|
```
|
|
constellation terminate [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for terminate
|
|
-y, --yes terminate the cluster without further confirmation
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation iam
|
|
|
|
Work with the IAM configuration on your cloud provider
|
|
|
|
### Synopsis
|
|
|
|
Work with the IAM configuration on your cloud provider.
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for iam
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation iam create
|
|
|
|
Create IAM configuration on a cloud platform for your Constellation cluster
|
|
|
|
### Synopsis
|
|
|
|
Create IAM configuration on a cloud platform for your Constellation cluster.
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for create
|
|
--update-config update the config file with the specific IAM information
|
|
-y, --yes create the IAM configuration without further confirmation
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation iam create aws
|
|
|
|
Create IAM configuration on AWS for your Constellation cluster
|
|
|
|
### Synopsis
|
|
|
|
Create IAM configuration on AWS for your Constellation cluster.
|
|
|
|
```
|
|
constellation iam create aws [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for aws
|
|
--prefix string name prefix for all resources (required)
|
|
--zone string AWS availability zone the resources will be created in, e.g., us-east-2a (required)
|
|
See the Constellation docs for a list of currently supported regions.
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
--update-config update the config file with the specific IAM information
|
|
-y, --yes create the IAM configuration without further confirmation
|
|
```
|
|
|
|
## constellation iam create azure
|
|
|
|
Create IAM configuration on Microsoft Azure for your Constellation cluster
|
|
|
|
### Synopsis
|
|
|
|
Create IAM configuration on Microsoft Azure for your Constellation cluster.
|
|
|
|
```
|
|
constellation iam create azure [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for azure
|
|
--region string region the resources will be created in, e.g., westus (required)
|
|
--resourceGroup string name prefix of the two resource groups your cluster / IAM resources will be created in (required)
|
|
--servicePrincipal string name of the service principal that will be created (required)
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
--update-config update the config file with the specific IAM information
|
|
-y, --yes create the IAM configuration without further confirmation
|
|
```
|
|
|
|
## constellation iam create gcp
|
|
|
|
Create IAM configuration on GCP for your Constellation cluster
|
|
|
|
### Synopsis
|
|
|
|
Create IAM configuration on GCP for your Constellation cluster.
|
|
|
|
```
|
|
constellation iam create gcp [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for gcp
|
|
--projectID string ID of the GCP project the configuration will be created in (required)
|
|
Find it on the welcome screen of your project: https://console.cloud.google.com/welcome
|
|
--serviceAccountID string ID for the service account that will be created (required)
|
|
Must be 6 to 30 lowercase letters, digits, or hyphens.
|
|
--zone string GCP zone the cluster will be deployed in (required)
|
|
Find a list of available zones here: https://cloud.google.com/compute/docs/regions-zones#available
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
--update-config update the config file with the specific IAM information
|
|
-y, --yes create the IAM configuration without further confirmation
|
|
```
|
|
|
|
## constellation iam destroy
|
|
|
|
Destroy an IAM configuration and delete local Terraform files
|
|
|
|
### Synopsis
|
|
|
|
Destroy an IAM configuration and delete local Terraform files.
|
|
|
|
```
|
|
constellation iam destroy [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for destroy
|
|
-y, --yes destroy the IAM configuration without asking for confirmation
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|
|
## constellation version
|
|
|
|
Display version of this CLI
|
|
|
|
### Synopsis
|
|
|
|
Display version of this CLI.
|
|
|
|
```
|
|
constellation version [flags]
|
|
```
|
|
|
|
### Options
|
|
|
|
```
|
|
-h, --help help for version
|
|
```
|
|
|
|
### Options inherited from parent commands
|
|
|
|
```
|
|
--config string path to the configuration file (default "constellation-conf.yaml")
|
|
--debug enable debug logging
|
|
--force disable version compatibility checks - might result in corrupted clusters
|
|
--tf-log string Terraform log level (default "NONE")
|
|
```
|
|
|