ankra cluster
Commands for managing and operating on clusters. Flags| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster name or ID for this command, overriding ankra cluster select |
ankra cluster access
List, grant, and revoke per-user access to a cluster’s Kubernetes API through the Ankra gateway (the access used by ‘ankra cluster kubeconfig’ and ‘ankra cluster kube-token’). Managing access requires organisation admin rights. Grants apply to one cluster and one organisation member, identified by email. Examples: ankra cluster access list —cluster my-cluster ankra cluster access grant [email protected] —cluster my-cluster —role view ankra cluster access grant [email protected] —cluster my-cluster —role edit —namespace staging ankra cluster access revoke [email protected] —cluster my-cluster ankra cluster access revoke 6f1f9aca-2c3d-4e5f-8a9b-0c1d2e3f4a5b —cluster my-clusterankra cluster access grant
Grant an organisation member access to a cluster’s Kubernetes API through the Ankra gateway. The grant is cluster-wide by default; pass —namespace to limit it to one namespace. Roles map to the standard Kubernetes ClusterRoles: view, edit, admin, cluster-admin.| Flag | Default | Description |
|---|---|---|
--cluster | Cluster name or ID (defaults to the selected cluster) | |
--namespace | Limit the grant to one namespace (default: cluster-wide) | |
-o, --output | Output format: json or yaml (default: human-readable) | |
--role | view | Kubernetes role for the grant: view, edit, admin, or cluster-admin |
ankra cluster access list
List access grants for a cluster| Flag | Default | Description |
|---|---|---|
--cluster | Cluster name or ID (defaults to the selected cluster) | |
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster access revoke
Revoke gateway access from a cluster. Pass a grant ID (from ‘ankra cluster access list’) to revoke a single grant, or an email address to revoke every grant that member has on the cluster.| Flag | Default | Description |
|---|---|---|
--cluster | Cluster name or ID (defaults to the selected cluster) |
ankra cluster addons
Commands to list, manage settings, and uninstall addons.ankra cluster addons available
List addons available for installation| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster addons list
List addons for the active cluster; or show details for a single addon| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster addons settings
Get settings for an addon| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster addons uninstall
Uninstall an addon from the cluster| Flag | Default | Description |
|---|---|---|
--delete | false | Also delete the addon permanently |
--yes | false | Skip the confirmation prompt |
ankra cluster addons update
Update addon settings by providing a JSON file that conforms to the settings schema. Example JSON file: { “retry_policy”: { “limit”: 3, “backoff”: { “duration”: “5s”, “factor”: 2, “max_duration”: “3m” } }, “sync_policy”: { “automated”: true, “self_heal”: true, “auto_prune”: false }, “revision_history_limit”: 10 } Usage: ankra cluster addons update my-addon -f settings.json| Flag | Default | Description |
|---|---|---|
-f, --file | Path to JSON settings file (required) |
ankra cluster addons upgrade
Upgrade an addon by patching just the fields you supply. At least one mutating flag is required. Examples:Bump chart version
ankra cluster addons upgrade ankra-website —chart-version 1.0.146—cluster website-demo
Tweak a single Helm values field with —set (mutates the existing values)
ankra cluster addons upgrade website —set image.tag=1.0.146—cluster website-demo
Address a list item by a field instead of an index
ankra cluster addons upgrade website —set ‘env[name=LOG_LEVEL].value=debug’—cluster website-demo
Replace the whole values document
ankra cluster addons upgrade website—values-from-file ./values.yaml —cluster website-demo —set* and —values-from-file are mutually exclusive: —set* mutates the existing values document while —values-from-file replaces it. Changing —namespace is destructive (Helm reinstall in the new namespace, leaves the old release orphaned). Use —yes to skip the confirmation prompt or interactively confirm.
| Flag | Default | Description |
|---|---|---|
--add-parent | [] | Add a dependency parent, e.g. —add-parent name=infisical-ns,kind=manifest (kind defaults to manifest; repeatable) |
--chart-version | New chart version to install | |
--cluster | Target cluster (name or ID); defaults to the active selection | |
--dry-run | false | Print the proposed before/after spec without applying changes |
--namespace | Change the addon’s namespace (destructive: Helm reinstall) | |
-o, --output | Output format: json or yaml (default: human-readable) | |
--registry-credential-name | New helm registry credential name | |
--registry-name | New helm registry name | |
--registry-url | New helm registry URL | |
--remove-parent | [] | Remove a dependency parent, e.g. —remove-parent name=infisical-ns,kind=manifest (repeatable) |
--set | [] | Helm-style values mutation, e.g. —set image.tag=1.0.0 (MUTATES existing values; repeatable, comma-separated) |
--set-file | [] | Like —set but reads the value from a file: key=path or key=@path |
--set-parent | [] | Replace ALL dependency parents with the given set (repeatable); pass none with the others to clear |
--set-string | [] | Like —set but always treats the value as a string |
--stack | Stack name (required when the addon exists in multiple stacks) | |
--values | Use - to read values YAML from stdin (REPLACES the entire values document) | |
--values-from-file | Path to YAML values file (REPLACES the entire values document) | |
--yes | false | Skip the confirmation prompt for destructive changes (—namespace) |
ankra cluster addons values
Print the current Helm values document for an addon. By default the decoded YAML is written to stdout, making it easy to pipe into a file or edit and re-apply with —values-from-file: ankra cluster addons values my-addon > values.yaml ankra cluster addons values my-addon -o raw # base64-encoded form| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster (name or ID); defaults to the active selection | |
-o, --output | Output format: yaml (decoded, default) or raw (base64) |
ankra cluster agent
Commands to view agent status, get tokens, and upgrade agents.ankra cluster agent status
Get agent status for the selected cluster| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster agent token
Get or generate agent token for the selected cluster| Flag | Default | Description |
|---|---|---|
--generate | false | Generate a new agent token |
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster agent upgrade
Upgrade the agent on the selected clusterankra cluster apply
Apply an ImportCluster YAML to the Ankra API| Flag | Default | Description |
|---|---|---|
--dry-run | false | Validate the ImportCluster YAML locally without calling the API |
-f, --file | Path to the ImportCluster YAML file to apply | |
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
ankra cluster clear
Clear the active cluster selectionankra cluster clone
Clone stacks from an existing cluster ImportCluster YAML to a new cluster. The source can be either a local file path or a URL (http/https). Examples: ankra cluster clone cluster.yaml new-cluster.yaml ankra cluster clone https://github.com/user/repo/raw/main/cluster.yaml new-cluster.yaml ankra cluster clone cluster.yaml new-cluster.yaml —stack “monitoring” —stack “networking” Flags: —clean: Replace all stacks in the new cluster with those from the existing cluster —force: Force merge even when stack/addon/manifest names conflict —copy-missing: Copy missing files even for skipped stacks —stack: Clone only specific stacks by name (can be used multiple times) Without flags: Merge stacks, skipping any with conflicting names| Flag | Default | Description |
|---|---|---|
--clean | false | Replace all stacks in the new cluster |
--copy-missing | false | Copy missing files even for skipped stacks |
--force | false | Force merge even when names conflict |
--stack | [] | Clone only specific stacks by name (can be used multiple times) |
ankra cluster decrypt
Decrypt SOPS-encrypted values stored on a cluster or in a local cluster.yaml.ankra cluster decrypt addon
Decrypt a SOPS-encrypted addon’s Helm values and print the result to stdout. Two modes: Cluster mode (default): fetch the addon values from a live cluster, decrypt, and print to stdout. File mode (-f cluster.yaml): read the addon values file referenced from a local cluster.yaml, decrypt, and print to stdout. Examples: ankra cluster decrypt addon —name grafana ankra cluster decrypt addon —name grafana —cluster prod —stack monitoring ankra cluster decrypt addon —name grafana -f cluster.yaml| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster (name or ID); defaults to the active selection (cluster mode) | |
-f, --file | Path to a local cluster YAML (enables file mode) | |
--name | Name of the addon (required) | |
--stack | Stack name (cluster mode; required when the addon exists in multiple stacks) |
ankra cluster decrypt manifest
Decrypt a SOPS-encrypted manifest and print the result to stdout. Two modes: Cluster mode (default): fetch the manifest from a live cluster, decrypt it, and print to stdout. File mode (-f cluster.yaml): read the manifest file referenced from a local cluster.yaml, decrypt it, and print to stdout. Examples:Cluster mode against the selected cluster
ankra cluster decrypt manifest db-secretCluster mode against a specific cluster
ankra cluster decrypt manifest db-secret —cluster prodFile mode
ankra cluster decrypt manifest db-secret -f cluster.yaml| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster (name or ID); defaults to the active selection (cluster mode) | |
-f, --file | Path to a local cluster YAML (enables file mode) |
ankra cluster deprovision
Stop a running managed cluster. This will shut down the cluster but not delete it. If no cluster name is provided, uses the currently selected cluster. For cloud clusters (hetzner, ovh, upcloud) this command routes to the provider-specific deprovision endpoint so cloud resources are released.| Flag | Default | Description |
|---|---|---|
--auto-delete | false | Automatically delete the cluster after deprovisioning |
--force | false | Force deprovision even if cluster is in an unexpected state |
-o, --output | Output format: json or yaml (default: human-readable) | |
--yes | false | Skip the confirmation prompt |
ankra cluster draft
Stage all changes in an ImportCluster YAML as drafts on the cluster without deploying anything. The local checks run first (the same ones as ‘ankra cluster apply —dry-run’), then each stack in the file is saved as a resource draft you can review, edit, and deploy from the Ankra stack builder. If the cluster does not exist yet it is imported first without its stacks, since drafts can only be attached to an existing cluster; every stack in the file is then staged as a draft. Stacks that already match the cluster’s desired state are reported as “no changes” rather than creating an empty draft.| Flag | Default | Description |
|---|---|---|
-f, --file | Path to the ImportCluster YAML file to stage as drafts | |
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster encrypt
Encrypt sensitive values in manifest or addon configuration files using SOPS.ankra cluster encrypt addon
Encrypt a specific key in an addon’s Helm values using SOPS. —key takes the YAML key name whose values should be encrypted. SOPS matches key names anywhere in the document, not dotted paths; a dotted —key is normalised to its last segment. A key whose own name starts with a dot (such as “.dockerconfigjson”) is kept literally. After encrypting, the CLI verifies the value is actually ENC[…] ciphertext and fails if it is not. Two modes: Cluster mode (default): fetch the addon’s values from a live cluster, encrypt the key, and push the result back via the partial-stack PATCH endpoint. The owning stack is resolved automatically. File mode (-f cluster.yaml): rewrite the local addon values file referenced by the cluster.yaml in place, adding the key to encrypted_paths. Examples:Cluster mode against the selected cluster
ankra cluster encrypt addon —name grafana —key adminPasswordCluster mode against a specific cluster, disambiguating stack
ankra cluster encrypt addon —name grafana —key adminPassword —cluster prod —stack monitoringFile mode
ankra cluster encrypt addon —name grafana —key adminPassword -f cluster.yaml| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster (name or ID); defaults to the active selection (cluster mode) | |
-f, --file | Path to a local cluster YAML (enables file mode) | |
--key | YAML key name to encrypt (required); dotted paths are normalised to the last segment, a leading-dot key like .dockerconfigjson is kept literally | |
--name | Name of the addon (required) | |
--stack | Stack name (cluster mode; required when the addon exists in multiple stacks) |
ankra cluster encrypt manifest
Encrypt a specific key in a manifest using SOPS. —key takes the YAML key name whose values should be encrypted (for a Secret’s data.password, that is “password”). SOPS matches key names anywhere in the document, not dotted paths; a dotted —key is normalised to its last segment. A key whose own name starts with a dot (such as “.dockerconfigjson” in a kubernetes.io/dockerconfigjson Secret) is kept literally. After encrypting, the CLI verifies the value is actually ENC[…] ciphertext and fails if it is not. Two modes: Cluster mode (default): fetch the manifest from a live cluster, encrypt the key, and push the result back via the partial-stack PATCH endpoint. The owning stack is resolved automatically. File mode (-f cluster.yaml): rewrite a local cluster.yaml’s referenced from_file in place, adding the key to encrypted_paths in the file. Used by GitOps workflows where the source of truth is on disk. Examples:Cluster mode against the selected cluster
ankra cluster encrypt manifest db-secret —key passwordCluster mode against a specific cluster
ankra cluster encrypt manifest db-secret —key password —cluster prodFile mode
ankra cluster encrypt manifest db-secret —key password -f cluster.yaml| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster (name or ID); defaults to the active selection (cluster mode) | |
-f, --file | Path to a local cluster YAML (enables file mode) | |
--key | YAML key name to encrypt (required); dotted paths are normalised to the last segment, a leading-dot key like .dockerconfigjson is kept literally |
ankra cluster get
Get Kubernetes resources from the active cluster. Examples: ankra cluster get pods ankra cluster get deployments -n kube-system ankra cluster get nodes ankra cluster get services —all-namespacesankra cluster get configmaps
List configmaps in the cluster| Flag | Default | Description |
|---|---|---|
-A, --all-namespaces | false | List across all namespaces |
--name | Filter by resource name | |
-n, --namespace | Kubernetes namespace | |
-o, --output | table | Output format: table, json, yaml |
-l, --selector | Label selector |
ankra cluster get cronjobs
List cronjobs in the cluster| Flag | Default | Description |
|---|---|---|
-A, --all-namespaces | false | List across all namespaces |
--name | Filter by resource name | |
-n, --namespace | Kubernetes namespace | |
-o, --output | table | Output format: table, json, yaml |
-l, --selector | Label selector |
ankra cluster get daemonsets
List daemonsets in the cluster| Flag | Default | Description |
|---|---|---|
-A, --all-namespaces | false | List across all namespaces |
--name | Filter by resource name | |
-n, --namespace | Kubernetes namespace | |
-o, --output | table | Output format: table, json, yaml |
-l, --selector | Label selector |
ankra cluster get deployments
List deployments in the cluster| Flag | Default | Description |
|---|---|---|
-A, --all-namespaces | false | List across all namespaces |
--name | Filter by resource name | |
-n, --namespace | Kubernetes namespace | |
-o, --output | table | Output format: table, json, yaml |
-l, --selector | Label selector |
ankra cluster get events
List events in the cluster| Flag | Default | Description |
|---|---|---|
-A, --all-namespaces | false | List across all namespaces |
--name | Filter by resource name | |
-n, --namespace | Kubernetes namespace | |
-o, --output | table | Output format: table, json, yaml |
-l, --selector | Label selector |
ankra cluster get ingresses
List ingresses in the cluster| Flag | Default | Description |
|---|---|---|
-A, --all-namespaces | false | List across all namespaces |
--name | Filter by resource name | |
-n, --namespace | Kubernetes namespace | |
-o, --output | table | Output format: table, json, yaml |
-l, --selector | Label selector |
ankra cluster get k8s-jobs
List Kubernetes jobs in the cluster| Flag | Default | Description |
|---|---|---|
-A, --all-namespaces | false | List across all namespaces |
--name | Filter by resource name | |
-n, --namespace | Kubernetes namespace | |
-o, --output | table | Output format: table, json, yaml |
-l, --selector | Label selector |
ankra cluster get namespaces
List namespaces in the cluster| Flag | Default | Description |
|---|---|---|
--name | Filter by resource name | |
-o, --output | table | Output format: table, json, yaml |
-l, --selector | Label selector |
ankra cluster get nodes
List nodes in the cluster| Flag | Default | Description |
|---|---|---|
--name | Filter by resource name | |
-o, --output | table | Output format: table, json, yaml |
-l, --selector | Label selector |
ankra cluster get pods
List pods or get a specific pod’s manifest| Flag | Default | Description |
|---|---|---|
-A, --all-namespaces | false | List across all namespaces |
--name | Filter by pod name (contains) | |
-n, --namespace | Kubernetes namespace | |
--node | Filter by node name | |
-o, --output | table | Output format: table, json, yaml |
ankra cluster get resources
Fetch any Kubernetes resource type. Use for kinds not covered by dedicated commands. Example: ankra cluster resources PersistentVolumeClaim -n default ankra cluster resources NetworkPolicy —all-namespaces| Flag | Default | Description |
|---|---|---|
-A, --all-namespaces | false | List across all namespaces |
--api-version | v1 | API version (e.g. v1, v1beta1) |
--group | API group (e.g. apps, networking.k8s.io) | |
--name | Filter by resource name | |
-n, --namespace | Kubernetes namespace | |
-o, --output | table | Output format: table, json, yaml |
-l, --selector | Label selector |
ankra cluster get secrets
List secrets in the cluster| Flag | Default | Description |
|---|---|---|
-A, --all-namespaces | false | List across all namespaces |
--name | Filter by resource name | |
-n, --namespace | Kubernetes namespace | |
-o, --output | table | Output format: table, json, yaml |
-l, --selector | Label selector |
ankra cluster get services
List services in the cluster| Flag | Default | Description |
|---|---|---|
-A, --all-namespaces | false | List across all namespaces |
--name | Filter by resource name | |
-n, --namespace | Kubernetes namespace | |
-o, --output | table | Output format: table, json, yaml |
-l, --selector | Label selector |
ankra cluster get statefulsets
List statefulsets in the cluster| Flag | Default | Description |
|---|---|---|
-A, --all-namespaces | false | List across all namespaces |
--name | Filter by resource name | |
-n, --namespace | Kubernetes namespace | |
-o, --output | table | Output format: table, json, yaml |
-l, --selector | Label selector |
ankra cluster helm
Commands to list and uninstall Helm releases running in the cluster.ankra cluster helm releases
List Helm releases in the cluster| Flag | Default | Description |
|---|---|---|
-A, --all-namespaces | false | List across all namespaces (default) |
-n, --namespace | Kubernetes namespace | |
-o, --output | table | Output format: table, json |
ankra cluster helm uninstall
Uninstall a Helm release from the cluster| Flag | Default | Description |
|---|---|---|
-n, --namespace | Kubernetes namespace (required) | |
--yes | false | Skip the confirmation prompt |
ankra cluster hetzner
Commands to create, deprovision, and scale Hetzner clusters.ankra cluster hetzner control-plane
Inspect and change the control plane configuration. The cluster must be stopped to change the controller count or instance type. Only 1 or 3 controllers are allowed (etcd needs an odd number of voting members for quorum). Changes apply the next time the cluster is started.ankra cluster hetzner control-plane get
Show the current control plane configuration| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster hetzner control-plane set-count
Change the controller count (1 or 3)| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster hetzner control-plane set-instance-type
Change the controller instance type| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster hetzner create
Create a new Hetzner cluster| Flag | Default | Description |
|---|---|---|
--bastion-server-type | cx23 | Bastion server type |
--control-plane-count | 1 | Number of control plane nodes |
--control-plane-server-type | cx33 | Control plane server type |
--credential-id | Hetzner API credential ID (required) | |
--distribution | k3s | Kubernetes distribution |
--external-cloud-provider | true | Install the Hetzner CCM and CSI (cloud-provider=external) for LoadBalancers and persistent volumes (default on; pass —external-cloud-provider=false to skip, which also disables —include-networking) |
--gitops-branch | master | GitOps branch to commit to |
--gitops-credential-name | GitOps GitHub credential name; when set with —gitops-repository, the generated hcloud stack is committed to Git (optional) | |
--gitops-repository | GitOps repository (e.g. org/repo) to commit the generated stack to (optional) | |
--include-networking | true | Install Traefik + cert-manager for ingress (default on; pass —include-networking=false to skip). Requires —external-cloud-provider (the ingress LoadBalancer is provisioned by the cloud controller manager) |
--kubernetes-version | Kubernetes version (optional) | |
--location | Hetzner location (required) | |
--name | Cluster name (required) | |
--network-ip-range | 10.0.0.0/16 | Network IP range |
-o, --output | Output format: json or yaml (default: human-readable) | |
--ssh-key-credential-id | SSH key credential ID (single key, use —ssh-key-credential-ids for multiple) | |
--ssh-key-credential-ids | [] | SSH key credential IDs (comma-separated or repeated) |
--subnet-range | 10.0.1.0/24 | Subnet range |
--worker-count | 1 | Number of worker nodes |
--worker-server-type | cx33 | Worker server type |
ankra cluster hetzner deprovision
Initiate asynchronous deprovision of a Hetzner cluster. The platform schedules teardown jobs that delete cloud resources (servers, networks, SSH keys). Cloud resources are not deleted by the time this command returns; track progress via operations or the UI.| Flag | Default | Description |
|---|---|---|
--force | false | Force deprovision without waiting for the cluster agent (use only when the cluster agent is permanently offline; cloud resources may leak) |
-o, --output | Output format: json or yaml (default: human-readable) | |
--yes | false | Skip the confirmation prompt |
ankra cluster hetzner k8s-version
Get current Kubernetes version for a Hetzner cluster| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster hetzner locations
List the Hetzner Cloud locations the supplied credential can deploy in. Only these locations are valid for cluster creation.| Flag | Default | Description |
|---|---|---|
--credential-id | Hetzner API credential ID (required) |
ankra cluster hetzner node-group
List, add, scale, upgrade, and delete node groups.ankra cluster hetzner node-group add
Add a node group| Flag | Default | Description |
|---|---|---|
--count | 1 | Number of nodes (0-100) |
--instance-type | cx33 | Server type for nodes |
--name | Node group name (required) | |
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
ankra cluster hetzner node-group delete
Delete a node group and all its nodes| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
--yes | false | Skip the confirmation prompt |
ankra cluster hetzner node-group list
List node groups| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster hetzner node-group scale
Scale a node group| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
ankra cluster hetzner node-group upgrade
Upgrade instance type for a node group (cannot be reversed)| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
ankra cluster hetzner nodes
Inspect every server Ankra manages for the cluster (control plane, workers, and bastion or gateway). Soft-deleted entries from a stopped cluster are included so the saved topology is visible before re-provisioning.ankra cluster hetzner nodes get
Show full spec and metadata for a single node| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster hetzner nodes list
List all nodes for the cluster| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster hetzner scale
Scale the number of worker nodes up or down for a Hetzner cluster.| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster hetzner server-types
List Hetzner Cloud server types. Pass —location to see which types are currently available for provisioning there, and —available-only to hide the rest.| Flag | Default | Description |
|---|---|---|
--available-only | false | Only show server types available for provisioning (use with —location) |
--credential-id | Hetzner API credential ID (required) | |
--location | Filter availability by location |
ankra cluster hetzner upgrade
Upgrade the Kubernetes (k3s) version on all nodes in a Hetzner cluster.| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster hetzner workers
Get current worker count for a Hetzner cluster| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster info
Show details of a specific cluster. If no name is provided, shows details for the currently selected cluster.| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster k3s-versions
List the k3s versions the platform can provision or upgrade to. Use one of these values withankra cluster upgrade <cluster_id> <target_version> (the provider is detected automatically).
ankra cluster kube-token
Print a short-lived Kubernetes ExecCredential so kubectl can authenticate to the Ankra cluster gateway. This command is intended to be invoked by kubectl as a client-go credential plugin, for example in a kubeconfig: users:- name: ankra user: exec: apiVersion: client.authentication.k8s.io/v1 command: ankra args: [“cluster”, “kube-token”, “—cluster”, “<cluster-name-or-id>”, “—org”, “<organisation-id>”]
| Flag | Default | Description |
|---|---|---|
--cluster | Cluster name or ID (defaults to the selected cluster) |
ankra cluster kubeconfig
Add, remove, and list the Ankra cluster contexts in your kubeconfig. By default ‘add’ writes an exec-based context that fetches a short-lived token on demand via ‘ankra cluster kube-token’, so credentials stay ephemeral and SSO-backed (run ‘ankra login’ once). Other clusters/users/contexts already in your kubeconfig are left untouched. These commands read and write a single file: —kubeconfig if given, otherwise the first entry of $KUBECONFIG, otherwise ~/.kube/config. Examples: ankra cluster kubeconfig add —cluster my-cluster —use ankra cluster kubeconfig add —all ankra cluster kubeconfig add —cluster my-cluster —print > my-cluster.yaml ankra cluster kubeconfig list ankra cluster kubeconfig remove —cluster my-cluster ankra cluster kubeconfig remove —allankra cluster kubeconfig add
Add or update an Ankra context in your kubeconfig| Flag | Default | Description |
|---|---|---|
--all | false | Add every cluster you can access |
--cluster | Cluster name or ID (defaults to the selected cluster) | |
--embed-token | false | Embed a short-lived token instead of the exec credential plugin |
--exec-command | ankra | Executable kubectl invokes for credentials in exec mode (use an absolute path if ‘ankra’ is not on PATH) |
--insecure-skip-tls-verify | false | Skip TLS verification for the cluster server (dev only) |
--kubeconfig | Path to the kubeconfig file (default: $KUBECONFIG or ~/.kube/config) | |
--namespace | Default namespace for the context | |
--print | false | Print a standalone kubeconfig to stdout instead of writing the file |
--use | false | Set the added context as the active current-context |
ankra cluster kubeconfig list
List Ankra-managed contexts in your kubeconfig| Flag | Default | Description |
|---|---|---|
--kubeconfig | Path to the kubeconfig file (default: $KUBECONFIG or ~/.kube/config) |
ankra cluster kubeconfig remove
Remove Ankra contexts from your kubeconfig| Flag | Default | Description |
|---|---|---|
--all | false | Remove all Ankra-managed contexts |
--cluster | Cluster name or ID | |
--kubeconfig | Path to the kubeconfig file (default: $KUBECONFIG or ~/.kube/config) |
ankra cluster list
List all clusters| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster logs
Stream log output from a pod in the active cluster. Example: ankra cluster logs my-pod -n default -c my-container —tail 100| Flag | Default | Description |
|---|---|---|
-c, --container | Container name (defaults to pod name) | |
-n, --namespace | Kubernetes namespace (required) | |
--since | 0 | Seconds of logs to retrieve |
--tail | 0 | Number of lines from the end of the logs |
ankra cluster manifests
Commands to list, view, upgrade, and delete manifests.ankra cluster manifests delete
Disconnect a manifest from its stack. The manifest’s resources are removed from the cluster and dependent resources are reconnected to the manifest’s own parents. The owning stack is discovered automatically (manifest names are unique per cluster). Use —dry-run to preview the target without making changes.| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster (name or ID); defaults to the active selection | |
--dry-run | false | Print the manifest that would be disconnected without making changes |
--yes | false | Skip the confirmation prompt |
ankra cluster manifests get
Print the current YAML content of a manifest. By default the decoded YAML is written to stdout, making it easy to pipe into a file or edit and re-apply with —from-file: ankra cluster manifests get web > web.yaml ankra cluster manifests get web -o raw # base64-encoded form| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster (name or ID); defaults to the active selection | |
-o, --output | Output format: yaml (decoded, default) or raw (base64) |
ankra cluster manifests list
List manifests for the active cluster; or show details for a single manifest| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster manifests upgrade
Upgrade a manifest by patching just the fields you supply. At least one mutating flag is required. Examples:Patch a single path in-place, e.g. bump a Deployment image tag
ankra cluster manifests upgrade web—set ‘spec.template.spec.containers[name=app].image=nginx:1.27’
—cluster website-demo
When the manifest holds multiple documents, select which one to edit
ankra cluster manifests upgrade web —target-kind Deployment —target-name web—set ‘spec.replicas=3’ —cluster website-demo
Replace the manifest content from a file
ankra cluster manifests upgrade demo-namespace—from-file manifests/demo-namespace.yaml —cluster website-demo
Read the manifest from stdin
cat manifest.yaml | ankra cluster manifests upgrade demo-namespace—manifest - —cluster website-demo —set/—set-string/—set-file MUTATE the existing manifest YAML and address list items by a stable field (e.g. containers[name=app]) as well as by numeric index (containers[0]). —from-file / —manifest - REPLACE the whole manifest and are mutually exclusive with —set*. When no content or —set flag is supplied, the existing content is re-sent unchanged (only namespace is updated). This is required because the backend’s manifest validation rejects empty manifest_base64.
| Flag | Default | Description |
|---|---|---|
--add-parent | [] | Add a dependency parent, e.g. —add-parent name=infisical-ns,kind=manifest (kind defaults to manifest; repeatable) |
--cluster | Target cluster (name or ID); defaults to the active selection | |
--dry-run | false | Print the proposed before/after spec without applying changes |
--from-file | Path to manifest YAML file (REPLACES the entire manifest) | |
--manifest | Use - to read manifest YAML from stdin (REPLACES the entire manifest) | |
--namespace | Change the manifest’s namespace | |
-o, --output | Output format: json or yaml (default: human-readable) | |
--remove-parent | [] | Remove a dependency parent, e.g. —remove-parent name=infisical-ns,kind=manifest (repeatable) |
--set | [] | In-place edit of the manifest YAML, e.g. —set ‘spec.template.spec.containers[name=app].image=nginx:1.27’ (MUTATES existing content; repeatable, comma-separated) |
--set-file | [] | Like —set but reads the value from a file: key=path or key=@path |
--set-parent | [] | Replace ALL dependency parents with the given set (repeatable) |
--set-string | [] | Like —set but always treats the value as a string |
--target-kind | With —set: select the document to edit by Kubernetes kind (e.g. Deployment) when the manifest holds multiple documents | |
--target-name | With —set: select the document to edit by metadata.name when the manifest holds multiple documents | |
--yes | false | Skip confirmation prompts |
ankra cluster metrics
Query the Prometheus metrics source configured for a cluster. The query is proxied through the Ankra agent to the in-cluster Prometheus endpoint configured in Cluster Settings > Metrics. Flags| Flag | Default | Description |
|---|---|---|
--cluster | Cluster name (defaults to the selected cluster) |
ankra cluster metrics query
Run an instant PromQL query against the cluster’s Prometheus source. Examples: ankra cluster metrics query ‘up’ ankra cluster metrics query ‘sum(rate(container_cpu_usage_seconds_total[5m])) by (pod)’| Flag | Default | Description |
|---|---|---|
-o, --output | table | Output format: table, json, yaml |
--timeout | 0 | Query timeout in seconds (default server-side) |
ankra cluster metrics query-range
Run a range PromQL query against the cluster’s Prometheus source. Provide either —range (a duration relative to now) or both —start and —end (Unix seconds). When —step is omitted a sensible step is chosen automatically. Examples: ankra cluster metrics query-range ‘up’ —range 1h ankra cluster metrics query-range ‘rate(node_cpu_seconds_total[5m])’ —range 6h —step 5m ankra cluster metrics query-range ‘up’ —start 1717000000 —end 1717003600 —step 1m| Flag | Default | Description |
|---|---|---|
--end | Range end as Unix seconds (use with —start) | |
-o, --output | table | Output format: table, json, yaml |
--range | Duration relative to now (e.g. 15m, 1h, 6h, 24h, 7d) | |
--start | Range start as Unix seconds (use with —end) | |
--step | Resolution step (e.g. 30s, 1m, 5m) | |
--timeout | 0 | Query timeout in seconds (default server-side) |
ankra cluster node-group
List, add, scale, upgrade, and delete node groups on a cloud cluster. The cloud provider (Hetzner, OVH, or UpCloud) is detected automatically from the cluster.ankra cluster node-group add
Add a node group| Flag | Default | Description |
|---|---|---|
--count | 1 | Number of nodes |
--instance-type | Server type / flavor / plan for nodes (required) | |
--name | Node group name (required) | |
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
ankra cluster node-group delete
Delete a node group and all its nodes| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
--yes | false | Skip the confirmation prompt |
ankra cluster node-group list
List node groups| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster node-group scale
Scale a node group| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
ankra cluster node-group upgrade
Upgrade instance type for a node group (cannot be reversed)| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
ankra cluster operations
Commands to list, inspect, retry, and cancel executions and their steps.ankra cluster operations cancel
Cancel one or more running executions| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster operations cancel-step
Cancel a specific step within an execution| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster operations list
List executions for the active cluster; optionally, provide an ID for details| Flag | Default | Description |
|---|---|---|
--failed | false | Shortcut for —status failed —status critical |
--interval | 5s | Polling interval used when —watch is set |
--limit | 50 | Maximum number of executions to return (max 100) |
-o, --output | Output format: json or yaml (default: human-readable) | |
--status | [] | Filter by execution status (repeatable). Examples: failed, critical, running |
-w, --watch | false | Continuously poll and refresh until all executions reach a terminal state |
ankra cluster operations retry
Retry a terminal execution (failed/cancelled/timeout)| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster operations steps
List steps for a specific execution| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ovh
Commands to create, deprovision, and scale OVH Cloud clusters.ankra cluster ovh access-info
Show the gateway (bastion) and control plane IPs plus ready-to-use SSH jump and Kubernetes API port-forward commands.| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ovh control-plane
Inspect and change the control plane configuration. The cluster must be stopped to change the controller count or instance type. Only 1 or 3 controllers are allowed (etcd needs an odd number of voting members for quorum). Changes apply the next time the cluster is started.ankra cluster ovh control-plane get
Show the current control plane configuration| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ovh control-plane set-count
Change the controller count (1 or 3)| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ovh control-plane set-instance-type
Change the controller instance type| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ovh create
Create a new OVH cluster| Flag | Default | Description |
|---|---|---|
--control-plane-count | 1 | Number of control plane nodes |
--control-plane-flavor-id | b2-15 | Control plane instance flavor |
--credential-id | OVH API credential ID (required) | |
--dhcp-end | 10.0.1.200 | DHCP range end |
--dhcp-start | 10.0.1.100 | DHCP range start |
--distribution | k3s | Kubernetes distribution |
--external-cloud-provider | true | Install the OpenStack CCM and Cinder CSI (cloud-provider=external) for LoadBalancers and persistent volumes (default on; pass —external-cloud-provider=false to skip, which also disables —include-networking) |
--gateway-flavor-id | b2-7 | Gateway instance flavor |
--gitops-branch | master | GitOps branch to commit to |
--gitops-credential-name | GitOps GitHub credential name; when set with —gitops-repository, the generated ovh-cloud stack is committed to Git (optional) | |
--gitops-repository | GitOps repository (e.g. org/repo) to commit the generated stack to (optional) | |
--include-networking | true | Install Traefik + cert-manager for ingress (default on; pass —include-networking=false to skip). Requires —external-cloud-provider (the ingress LoadBalancer is provisioned by the cloud controller manager) |
--kubernetes-version | Kubernetes version (optional) | |
--name | Cluster name (required) | |
--network-vlan-id | 0 | Network VLAN ID |
-o, --output | Output format: json or yaml (default: human-readable) | |
--region | OVH Cloud region (required) | |
--ssh-key-credential-id | SSH key credential ID (required) | |
--subnet-cidr | 10.0.1.0/24 | Subnet CIDR |
--worker-count | 1 | Number of worker nodes |
--worker-flavor-id | b2-15 | Worker instance flavor |
ankra cluster ovh deprovision
Deprovision an OVH cluster| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--yes | false | Skip the confirmation prompt |
ankra cluster ovh k8s-version
Get current Kubernetes version for an OVH cluster| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ovh node-group
List, add, scale, upgrade, label, taint, and delete node groups.ankra cluster ovh node-group add
Add a node group| Flag | Default | Description |
|---|---|---|
--count | 1 | Number of nodes (0-100) |
--instance-type | b2-15 | Instance flavor for nodes |
--labels | Comma-separated key=value labels to apply to the node group | |
--name | Node group name (required) | |
-o, --output | Output format: json or yaml (default: human-readable) | |
--taints | Comma-separated key=value:Effect taints to apply to the node group | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
ankra cluster ovh node-group delete
Delete a node group and all its nodes| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
--yes | false | Skip the confirmation prompt |
ankra cluster ovh node-group labels
Replace the labels on every node in the group. Pass —labels as a comma-separated list of key=value pairs, or —clear to remove all labels.| Flag | Default | Description |
|---|---|---|
--clear | false | Remove all labels from the node group |
--labels | Comma-separated key=value pairs to set on the group | |
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
ankra cluster ovh node-group list
List node groups| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ovh node-group scale
Scale a node group| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
ankra cluster ovh node-group taints
Replace the taints on every node in the group. Pass —taints as a comma-separated list of key=value:Effect (value optional, effect defaults to NoSchedule), or —clear to remove all taints.| Flag | Default | Description |
|---|---|---|
--clear | false | Remove all taints from the node group |
-o, --output | Output format: json or yaml (default: human-readable) | |
--taints | Comma-separated key=value:Effect taints to set on the group | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
ankra cluster ovh node-group upgrade
Upgrade instance type for a node group (cannot be reversed)| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
ankra cluster ovh nodes
Inspect every server Ankra manages for the cluster (control plane, workers, and bastion or gateway). Soft-deleted entries from a stopped cluster are included so the saved topology is visible before re-provisioning.ankra cluster ovh nodes get
Show full spec and metadata for a single node| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ovh nodes list
List all nodes for the cluster| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ovh regions
List the OVH Cloud regions the supplied credential’s project can deploy in. Only these regions are valid for cluster creation.| Flag | Default | Description |
|---|---|---|
--credential-id | OVH API credential ID (required) | |
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ovh scale
Scale the number of worker nodes up or down for an OVH cluster.| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ovh ssh-keys
Get and set the SSH key credentials authorised to access an OVH cluster’s nodes.ankra cluster ovh ssh-keys get
Show SSH keys attached to an OVH cluster| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ovh ssh-keys set
Replace the SSH key credentials attached to an OVH cluster. Changes take effect on the next reconciliation.| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--ssh-key-credential-ids | [] | SSH key credential IDs to attach (comma-separated or repeated) |
ankra cluster ovh start
Start (re-provision) a stopped OVH cluster. Use —scope control_plane to bring up only the control plane.| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--scope | all | Provisioning scope: ‘all’ or ‘control_plane’ |
ankra cluster ovh stop
Stop an OVH cluster’s compute while keeping its configuration so it can be started again later.| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ovh upgrade
Upgrade the Kubernetes (k3s) version on all nodes in an OVH cluster.| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ovh workers
Get current worker count for an OVH cluster| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster provision
Start a managed cluster that was previously created but is not yet running. If no cluster name is provided, uses the currently selected cluster.| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster reconcile
Trigger a reconciliation for a cluster to sync desired state with actual state. If no cluster name is provided, uses the currently selected cluster. If a cluster name is provided, reconciles that specific cluster.| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster roll-to
Roll a cluster to a specific resource version. Uses the currently selected cluster unless —cluster is provided. Example: ankra cluster roll-to —version abc123| Flag | Default | Description |
|---|---|---|
--version | Resource version ID to roll to (required) |
ankra cluster scale
Scale the number of default-pool worker nodes up or down for a cloud cluster. The cloud provider (Hetzner, OVH, or UpCloud) is detected automatically from the cluster, so you do not need to remember which provider it runs on. To scale a named node group instead, use ‘ankra cluster node-group scale’. Example: ankra cluster scale 62f4559a-a44d-46d7-aab3-a57c9dd6b4c6 3| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster select
Select a cluster and save it as the active cluster for subsequent commands. If a cluster name is provided, it will be selected directly without prompting. If no name is provided, an interactive picker is shown. Examples: ankra cluster select ankra cluster select my-clusterankra cluster sops-config
Show the SOPS encryption configuration including the public key used for encrypting secrets.ankra cluster ssh-keys
Get, set, and re-sync the SSH key credentials authorised to access a cloud cluster’s nodes. The cloud provider (Hetzner, OVH, or UpCloud) is detected automatically from the cluster.ankra cluster ssh-keys get
Show SSH keys attached to a cluster| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ssh-keys resync
Re-sync the cluster’s SSH key with the cloud provider. Use this to repair a stale provider-side SSH key reference (for example when the key was deleted and re-created in the provider console) that blocks new node creation, and to re-apply the authorised keys to running nodes.| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster ssh-keys set
Replace the SSH key credentials attached to a cluster. Changes take effect on the next reconciliation and are applied to running nodes. Pass —clear to remove all user SSH keys (the Ankra-managed key always remains).| Flag | Default | Description |
|---|---|---|
--clear | false | Remove all user SSH keys (the Ankra-managed key is retained) |
-o, --output | Output format: json or yaml (default: human-readable) | |
--ssh-key-credential-ids | [] | SSH key credential IDs (comma-separated or repeated) |
ankra cluster stacks
Commands to list, create, delete, rename, and view history of stacks.ankra cluster stacks clone
Clone a stack from the current cluster to a target cluster. The cloned stack will be created as a draft in the target cluster, allowing you to review and modify it before deployment. Encrypted values will be stripped during cloning for security reasons and will need to be reconfigured in the target cluster.| Flag | Default | Description |
|---|---|---|
--include-config | true | Include addon configurations |
-n, --name | New stack name (optional, defaults to original) | |
-o, --output | Output format: json or yaml (default: human-readable) | |
-t, --to | Target cluster name or ID (required) |
ankra cluster stacks delete
Delete a stack| Flag | Default | Description |
|---|---|---|
--yes | false | Skip the confirmation prompt |
ankra cluster stacks history
Show history of changes for a stack| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster stacks list
List stacks for the active cluster; or show details for a single stack| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster stacks rename
Rename a stackankra cluster stacks variables
Manage variables on a specific stack. Stack variables are the most specific scope and shadow cluster and organisation variables of the same name when this stack’s manifests/addons are rendered. ankra cluster stacks variables list <stack> ankra cluster stacks variables get <stack> DB_HOST ankra cluster stacks variables set <stack> DB_HOST db.prod.example.com ankra cluster stacks variables delete <stack> DB_HOST Stack variables are stored on the stack spec itself; edits use the same partial-stack PATCH endpoint as manifests/addons upgrade.ankra cluster stacks variables delete
Delete a variable from a stack| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster (name or ID); defaults to the active selection | |
--yes | false | Skip the confirmation prompt |
ankra cluster stacks variables get
Get a single stack variable| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster (name or ID); defaults to the active selection |
ankra cluster stacks variables list
List variables on a stack| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster (name or ID); defaults to the active selection | |
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster stacks variables set
Create or update a stack variable. The value can be read from stdin by passing ”-”.| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster (name or ID); defaults to the active selection | |
--dry-run | false | Print the proposed change without writing |
ankra cluster upcloud
Commands to create, deprovision, and scale UpCloud clusters.ankra cluster upcloud control-plane
Inspect and change the control plane configuration. The cluster must be stopped to change the controller count or instance type. Only 1 or 3 controllers are allowed (etcd needs an odd number of voting members for quorum). Changes apply the next time the cluster is started.ankra cluster upcloud control-plane get
Show the current control plane configuration| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster upcloud control-plane set-count
Change the controller count (1 or 3)| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster upcloud control-plane set-instance-type
Change the controller instance type| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster upcloud create
Create a new UpCloud cluster| Flag | Default | Description |
|---|---|---|
--bastion-plan | 1xCPU-2GB | Bastion plan |
--control-plane-count | 1 | Number of control plane nodes |
--control-plane-plan | 2xCPU-4GB | Control plane plan |
--credential-id | UpCloud API credential ID (required) | |
--distribution | k3s | Kubernetes distribution |
--external-cloud-provider | true | Install the UpCloud CCM and CSI (cloud-provider=external) for LoadBalancers and persistent volumes (default on; pass —external-cloud-provider=false to skip, which also disables —include-networking) |
--gitops-branch | master | GitOps branch to commit to |
--gitops-credential-name | GitOps GitHub credential name; when set with —gitops-repository, the generated upcloud-cloud-provider stack is committed to Git (optional) | |
--gitops-repository | GitOps repository (e.g. org/repo) to commit the generated stack to (optional) | |
--include-networking | true | Install Traefik + cert-manager for ingress (default on; pass —include-networking=false to skip). Requires —external-cloud-provider (the ingress LoadBalancer is provisioned by the cloud controller manager) |
--kubernetes-version | Kubernetes version (optional) | |
--name | Cluster name (required) | |
--network-ip-range | 10.0.0.0/16 | Network IP range |
-o, --output | Output format: json or yaml (default: human-readable) | |
--ssh-key-credential-id | SSH key credential ID (required) | |
--worker-count | 1 | Number of worker nodes |
--worker-plan | 2xCPU-4GB | Worker plan |
--zone | UpCloud zone (required) |
ankra cluster upcloud deprovision
Deprovision an UpCloud cluster| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--yes | false | Skip the confirmation prompt |
ankra cluster upcloud k8s-version
Get current Kubernetes version for an UpCloud cluster| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster upcloud node-group
List, add, scale, upgrade, and delete node groups.ankra cluster upcloud node-group add
Add a node group| Flag | Default | Description |
|---|---|---|
--count | 1 | Number of nodes (0-100) |
--instance-type | 2xCPU-4GB | Server plan for nodes |
--name | Node group name (required) | |
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
ankra cluster upcloud node-group delete
Delete a node group and all its nodes| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
--yes | false | Skip the confirmation prompt |
ankra cluster upcloud node-group list
List node groups| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster upcloud node-group scale
Scale a node group| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
ankra cluster upcloud node-group upgrade
Upgrade server plan for a node group| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) | |
--timeout | 10m0s | Maximum time to wait when —wait is set |
--wait | false | Wait for the operation to finish and report success or failure (default: submit and return immediately) |
ankra cluster upcloud nodes
Inspect every server Ankra manages for the cluster (control plane, workers, and bastion or gateway). Soft-deleted entries from a stopped cluster are included so the saved topology is visible before re-provisioning.ankra cluster upcloud nodes get
Show full spec and metadata for a single node| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster upcloud nodes list
List all nodes for the cluster| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster upcloud scale
Scale the number of worker nodes up or down for an UpCloud cluster.| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster upcloud start
Start (re-provision) a stopped UpCloud cluster. Use —scope control_plane to bring up only the control plane.| Flag | Default | Description |
|---|---|---|
--scope | all | Provisioning scope: ‘all’ or ‘control_plane’ |
ankra cluster upcloud stop
Stop an UpCloud cluster’s compute while keeping its configuration so it can be started again later.ankra cluster upcloud upgrade
Upgrade the Kubernetes (k3s) version on all nodes in an UpCloud cluster.| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster upcloud workers
Get current worker count for an UpCloud cluster| Flag | Default | Description |
|---|---|---|
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster upgrade
Upgrade the Kubernetes (k3s) version on all nodes in a cloud cluster. The cloud provider (Hetzner, OVH, or UpCloud) is detected automatically from the cluster, so you do not need to remember which provider it runs on. List the available target versions with ‘ankra cluster k3s-versions’. Example: ankra cluster upgrade 62f4559a-a44d-46d7-aab3-a57c9dd6b4c6 v1.36.1+k3s1ankra cluster validate
Validate an ImportCluster YAML file. The local structural, dependency, and YAML checks run first (the same ones as ‘ankra cluster apply —dry-run’), then the file is sent to the Ankra API for server-side validation that the offline checks cannot perform:- chart existence in the Helm registries connected to your organisation
- plaintext Kubernetes Secret / unencrypted addon value detection
- parent references resolved against a cluster’s existing resources
| Flag | Default | Description |
|---|---|---|
--cluster | Validate against an existing cluster’s resources (cluster ID) | |
-f, --file | Path to the ImportCluster YAML file to validate | |
-o, --output | Output format: json or yaml (default: human-readable) | |
--strict-secrets | false | Treat plaintext secrets as errors instead of warnings |
ankra cluster variables
Manage cluster-scoped variables that are available to every stack on the cluster as template substitutions in manifests and addon values. Cluster variables shadow organisation variables of the same name on this cluster. ankra cluster variables list ankra cluster variables get DB_HOST —cluster prod ankra cluster variables set DB_HOST db.prod.example.com ankra cluster variables delete DB_HOST When —cluster is omitted, the active selection is used.ankra cluster variables delete
Delete a cluster variable| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster (name or ID); defaults to the active selection | |
--yes | false | Skip the confirmation prompt |
ankra cluster variables get
Get a single cluster variable| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster (name or ID); defaults to the active selection | |
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster variables list
List variables for a cluster| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster (name or ID); defaults to the active selection | |
-o, --output | Output format: json or yaml (default: human-readable) |
ankra cluster variables set
Create or update a cluster variable (upsert). The value can be read from stdin by passing ”-”.| Flag | Default | Description |
|---|---|---|
--cluster | Target cluster (name or ID); defaults to the active selection | |
--description | Optional human-readable description |