CLI reference
Use the Constellation CLI to create and manage your clusters.
Usage:
constellation [command]
Commands:
- config: Work with the Constellation configuration file
- generate: Generate a default configuration file
- fetch-measurements: Fetch measurements for configured cloud provider and image
- instance-types: Print the supported instance types for all cloud providers
- kubernetes-versions: Print the Kubernetes versions supported by this CLI
- migrate: Migrate a configuration file to a new version
- create: Create instances on a cloud platform for your Constellation cluster
- init: Initialize the Constellation cluster
- mini: Manage MiniConstellation clusters
- status: Show status of a Constellation cluster
- verify: Verify the confidential properties of a Constellation cluster
- upgrade: Find and apply upgrades to your Constellation cluster
- recover: Recover a completely stopped Constellation cluster
- terminate: Terminate a Constellation cluster
- iam: Work with the IAM configuration on your cloud provider
- version: Display version of this CLI
constellation config
Work with the Constellation configuration file
Synopsis
Work with the Constellation configuration file.
Options
-h, --help help for config
Options inherited from parent commands
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
-C, --workspace string path to the Constellation workspace
constellation config generate
Generate a default configuration file
Synopsis
Generate a default configuration file for your selected cloud provider.
constellation config generate {aws|azure|gcp|openstack|qemu|stackit} [flags]
Options
-a, --attestation string attestation variant to use {aws-sev-snp|aws-nitro-tpm|azure-sev-snp|azure-trustedlaunch|gcp-sev-es|qemu-vtpm}. If not specified, the default for the cloud provider is used
-h, --help help for generate
-k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.27")
Options inherited from parent commands
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
-C, --workspace string path to the Constellation workspace
constellation config fetch-measurements
Fetch measurements for configured cloud provider and image
Synopsis
Fetch measurements for configured cloud provider and image.
A config needs to be generated first.
constellation config fetch-measurements [flags]
Options
-h, --help help for fetch-measurements
-s, --signature-url string alternative URL to fetch measurements' signature from
-u, --url string alternative URL to fetch measurements from
Options inherited from parent commands
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
-C, --workspace string path to the Constellation workspace
constellation config instance-types
Print the supported instance types for all cloud providers
Synopsis
Print the supported instance types for all cloud providers.
constellation config instance-types [flags]
Options
-h, --help help for instance-types
Options inherited from parent commands
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
-C, --workspace string path to the Constellation workspace
constellation config kubernetes-versions
Print the Kubernetes versions supported by this CLI
Synopsis
Print the Kubernetes versions supported by this CLI.
constellation config kubernetes-versions [flags]
Options
-h, --help help for kubernetes-versions
Options inherited from parent commands
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
-C, --workspace string path to the Constellation workspace
constellation config migrate
Migrate a configuration file to a new version
Synopsis
Migrate a configuration file to a new version.
constellation config migrate [flags]
Options
-h, --help help for migrate
Options inherited from parent commands
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
-C, --workspace string path to the Constellation workspace
constellation create
Create instances on a cloud platform for your Constellation cluster
Synopsis
Create instances on a cloud platform for your Constellation cluster.
constellation create [flags]
Options
-h, --help help for create
-y, --yes create the cluster without further confirmation
Options inherited from parent commands
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
-C, --workspace string path to the Constellation workspace
constellation init
Initialize the Constellation cluster
Synopsis
Initialize the Constellation cluster.
Start your confidential Kubernetes.
constellation init [flags]
Options
--conformance enable conformance mode
-h, --help help for init
--merge-kubeconfig merge Constellation kubeconfig file with default kubeconfig file in $HOME/.kube/config
--skip-helm-wait install helm charts without waiting for deployments to be ready
Options inherited from parent commands
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
-C, --workspace string path to the Constellation workspace
constellation mini
Manage MiniConstellation clusters
Synopsis
Manage MiniConstellation clusters.
Options
-h, --help help for mini
Options inherited from parent commands
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
-C, --workspace string path to the Constellation workspace
constellation mini up
Create and initialize a new MiniConstellation cluster
Synopsis
Create and initialize a new MiniConstellation cluster.
A mini cluster consists of a single control-plane and worker node, hosted using QEMU/KVM.
constellation mini up [flags]
Options
-h, --help help for up
--merge-kubeconfig merge Constellation kubeconfig file with default kubeconfig file in $HOME/.kube/config (default true)
Options inherited from parent commands
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
-C, --workspace string path to the Constellation workspace
constellation mini down
Destroy a MiniConstellation cluster
Synopsis
Destroy a MiniConstellation cluster.
constellation mini down [flags]
Options
-h, --help help for down
-y, --yes terminate the cluster without further confirmation
Options inherited from parent commands
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
-C, --workspace string path to the Constellation workspace
constellation status
Show status of a Constellation cluster
Synopsis
Show the status of a constellation cluster.
Shows microservice, image, and Kubernetes versions installed in the cluster. Also shows status of current version upgrades.
constellation status [flags]
Options
-h, --help help for status
Options inherited from parent commands
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
-C, --workspace string path to the Constellation workspace
constellation verify
Verify the confidential properties of a Constellation cluster
Synopsis
Verify the confidential properties of a Constellation cluster.
If arguments aren't specified, values are read from constellation-id.json
.
constellation verify [flags]
Options
--cluster-id string expected cluster identifier
-h, --help help for verify
-e, --node-endpoint string endpoint of the node to verify, passed as HOST[:PORT]
--raw print raw attestation document
Options inherited from parent commands
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
-C, --workspace string path to the Constellation workspace
constellation upgrade
Find and apply upgrades to your Constellation cluster
Synopsis
Find and apply upgrades to your Constellation cluster.
Options
-h, --help help for upgrade
Options inherited from parent commands
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
-C, --workspace string path to the Constellation workspace
constellation upgrade check
Check for possible upgrades
Synopsis
Check which upgrades can be applied to your Constellation Cluster.
constellation upgrade check [flags]
Options
-h, --help help for check
--ref string the reference to use for querying new versions (default "-")
--stream string the stream to use for querying new versions (default "stable")
-u, --update-config update the specified config file with the suggested versions
Options inherited from parent commands
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string Terraform log level (default "NONE")
-C, --workspace string path to the Constellation workspace
constellation upgrade apply
Apply an upgrade to a Constellation cluster