CLI reference
Use the Constellation CLI to create and manage your clusters.
Usage:
constellation [command]
Commands:
- config: Work with the Constellation configuration file
- generate: Generate a default configuration file
- fetch-measurements: Fetch measurements for configured cloud provider and image
- instance-types: Print the supported instance types for all cloud providers
 
- create: Create instances on a cloud platform for your Constellation cluster
- init: Initialize the Constellation cluster
- mini: Manage MiniConstellation clusters
- verify: Verify the confidential properties of a Constellation cluster
- upgrade: Plan and perform an upgrade of a Constellation cluster
- recover: Recover a completely stopped Constellation cluster
- terminate: Terminate a Constellation cluster
- version: Display version of this CLI
- iam: Work with the IAM configuration on your cloud provider
- create: Create IAM configuration on a cloud platform for your Constellation cluster
 
constellation config
Work with the Constellation configuration file
Synopsis
Work with the Constellation configuration file.
Options
  -h, --help   help for config
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation config generate
Generate a default configuration file
Synopsis
Generate a default configuration file for your selected cloud provider.
constellation config generate {aws|azure|gcp|qemu} [flags]
Options
  -f, --file string   path to output file, or '-' for stdout (default "constellation-conf.yaml")
  -h, --help          help for generate
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation config fetch-measurements
Fetch measurements for configured cloud provider and image
Synopsis
Fetch measurements for configured cloud provider and image. A config needs to be generated first!
constellation config fetch-measurements [flags]
Options
  -h, --help                   help for fetch-measurements
  -s, --signature-url string   alternative URL to fetch measurements' signature from
  -u, --url string             alternative URL to fetch measurements from
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation config instance-types
Print the supported instance types for all cloud providers
Synopsis
Print the supported instance types for all cloud providers.
constellation config instance-types [flags]
Options
  -h, --help   help for instance-types
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation create
Create instances on a cloud platform for your Constellation cluster
Synopsis
Create instances on a cloud platform for your Constellation cluster.
constellation create [flags]
Options
  -c, --control-plane-nodes int   number of control-plane nodes (required)
  -h, --help                      help for create
      --name string               create the cluster with the specified name (default "constell")
  -w, --worker-nodes int          number of worker nodes (required)
  -y, --yes                       create the cluster without further confirmation
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation init
Initialize the Constellation cluster
Synopsis
Initialize the Constellation cluster. Start your confidential Kubernetes.
constellation init [flags]
Options
      --conformance            enable conformance mode
  -h, --help                   help for init
      --master-secret string   path to base64-encoded master secret
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation mini
Manage MiniConstellation clusters
Synopsis
Manage MiniConstellation clusters.
Options
  -h, --help   help for mini
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation mini up
Create and initialize a new MiniConstellation cluster
Synopsis
Create and initialize a new MiniConstellation cluster. A mini cluster consists of a single control-plane and worker node, hosted using QEMU/KVM.
constellation mini up [flags]
Options
      --config string   path to the config file to use for the cluster
  -h, --help            help for up
Options inherited from parent commands
      --debug   enable debug logging
constellation mini down
Destroy a MiniConstellation cluster
Synopsis
Destroy a MiniConstellation cluster.
constellation mini down [flags]
Options
  -h, --help   help for down
  -y, --yes    terminate the cluster without further confirmation
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation verify
Verify the confidential properties of a Constellation cluster
Synopsis
Verify the confidential properties of a Constellation cluster.
If arguments aren't specified, values are read from constellation-id.json.
constellation verify [flags]
Options
      --cluster-id string      expected cluster identifier
  -h, --help                   help for verify
  -e, --node-endpoint string   endpoint of the node to verify, passed as HOST[:PORT]
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation upgrade
Plan and perform an upgrade of a Constellation cluster
Synopsis
Plan and perform an upgrade of a Constellation cluster.
Options
  -h, --help   help for upgrade
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation upgrade plan
Plan an upgrade of a Constellation cluster
Synopsis
Plan an upgrade of a Constellation cluster by fetching compatible image versions and their measurements.
constellation upgrade plan [flags]
Options
  -f, --file string   path to output file, or '-' for stdout (omit for interactive mode)
  -h, --help          help for plan
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation upgrade execute
Execute an upgrade of a Constellation cluster
Synopsis
Execute an upgrade of a Constellation cluster by applying the chosen configuration.
constellation upgrade execute [flags]
Options
  -h, --help   help for execute
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation recover
Recover a completely stopped Constellation cluster
Synopsis
Recover a Constellation cluster by sending a recovery key to an instance in the boot stage. This is only required if instances restart without other instances available for bootstrapping.
constellation recover [flags]
Options
  -e, --endpoint string        endpoint of the instance, passed as HOST[:PORT]
  -h, --help                   help for recover
      --master-secret string   path to master secret file (default "constellation-mastersecret.json")
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation terminate
Terminate a Constellation cluster
Synopsis
Terminate a Constellation cluster. The cluster can't be started again, and all persistent storage will be lost.
constellation terminate [flags]
Options
  -h, --help   help for terminate
  -y, --yes    terminate the cluster without further confirmation
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation version
Display version of this CLI
Synopsis
Display version of this CLI.
constellation version [flags]
Options
  -h, --help   help for version
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation iam
Work with the IAM configuration on your cloud provider
Synopsis
Work with the IAM configuration on your cloud provider.
Options
  -h, --help   help for iam
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation iam create
Create IAM configuration on a cloud platform for your Constellation cluster
Synopsis
Create IAM configuration on a cloud platform for your Constellation cluster.
Options
  -h, --help   help for create
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation iam create aws
Create IAM configuration on AWS for your Constellation cluster
Synopsis
Create IAM configuration on AWS for your Constellation cluster.
constellation iam create aws [flags]
Options
  -h, --help            help for aws
      --prefix string   Name prefix for all resources.
      --yes             Create the IAM configuration without further confirmation
      --zone string     AWS availability zone the resources will be created in (e.g. us-east-2a). Find available zones here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones. Note that we do not support every zone / region. You can find a list of all supported regions in our docs.
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation iam create azure
Create IAM configuration on Microsoft Azure for your Constellation cluster
Synopsis
Create IAM configuration on Microsoft Azure for your Constellation cluster.
constellation iam create azure [flags]
Options
  -h, --help                      help for azure
      --region string             Region the resources will be created in. (e.g. westus)
      --resourceGroup string      Name of the resource group your IAM resources will be created in.
      --servicePrincipal string   Name of the service principal that will be created.
      --yes                       Create the IAM configuration without further confirmation
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
constellation iam create gcp
Create IAM configuration on GCP for your Constellation cluster
Synopsis
Create IAM configuration on GCP for your Constellation cluster.
constellation iam create gcp [flags]
Options
  -h, --help                      help for gcp
      --projectID string          ID of the GCP project the configuration will be created in. Find it on the welcome screen of your project: https://console.cloud.google.com/welcome
      --serviceAccountID string   ID for the service account that will be created. Must match ^[a-z](?:[-a-z0-9]{4,28}[a-z0-9])$
      --yes                       Create the IAM configuration without further confirmation
      --zone string               GCP zone the cluster will be deployed in. Find a list of available zones here: https://cloud.google.com/compute/docs/regions-zones#available
Options inherited from parent commands
      --config string   path to the configuration file (default "constellation-conf.yaml")
      --debug           enable debug logging
