tctl install
tctl install
Generates install manifests and applies it to a cluster
Options
-h, --help help for install
Options inherited from parent commands
--config string Path to the config file to use. Can also be
specified via TCTL_CONFIG env variable. This flag
takes precedence over the env variable.
--debug Print debug messages for all requests and responses
-p, --profile string Use specific profile (default "default")
tctl install cluster-certs
Generate cluster certs for securely communicating with the management plane
tctl install cluster-certs [flags]
Examples
# Retrieve cluster certs
tctl install cluster-certs --cluster <cluster-name>`
Options
-c, --cluster string The name of the cluster to generate certs for.
-x, --context string The kube context for the management plane cluster.
-n, --controlplane string The namespace in the cluster that the control plane is installed in. (default "istio-system")
-h, --help help for cluster-certs
-k, --kubeconfig string The kubeconfig file for the management plane cluster. Must be able to manage secrets and cert-manager custom resources.
-m, --managementplane string The namespace that the management plane is installed in. (default "tsb")
Options inherited from parent commands
--config string Path to the config file to use. Can also be
specified via TCTL_CONFIG env variable. This flag
takes precedence over the env variable.
--debug Print debug messages for all requests and responses
-p, --profile string Use specific profile (default "default")
tctl install demo
Install a batteries-included Service Bridge into a single Kubernetes cluster.
Synopsis
Install a batteries-included Service Bridge into a single Kubernetes cluster.
The CLI will be automatically preconfigured to conenct to the installed Service Bridge as an Administrator. The configuration will be saved in a profile named after the configured Kubernetes context, and the Bridge connection configuration and the user configuration will be named after the Kubernetes cluster where Service Bridge has been installed.
tctl install demo [flags]
Examples
tctl install demo --registry <registry-location>
Options
-h, --help help for demo
-r, --registry string The docker registry with the service bridge images
Options inherited from parent commands
--config string Path to the config file to use. Can also be
specified via TCTL_CONFIG env variable. This flag
takes precedence over the env variable.
--debug Print debug messages for all requests and responses
-p, --profile string Use specific profile (default "default")
tctl install image-sync
Pull images from Tetrate's registry, re-tag and push them to another registry
tctl install image-sync [flags]
Examples
# Sync latest images
tctl image-sync --username <username> --apikey <apikey> --registry <registry-location>
Options
--accept-eula Accept the EULA. This should be used in CI/CD pipelines where users have already read and accepted the EULA.
-k, --apikey string Tetrate Container Registry API Key [required]
-h, --help help for image-sync
--just-print If set, the image list will be printed to stdout, but images will not be synchronized
-r, --registry string The user-provided registry where images are pushed [required]
-u, --username string Tetrate Container Registry username [required]
Options inherited from parent commands
--config string Path to the config file to use. Can also be
specified via TCTL_CONFIG env variable. This flag
takes precedence over the env variable.
--debug Print debug messages for all requests and responses
-p, --profile string Use specific profile (default "default")
tctl install manifest
Output the Kubernetes manifests for installing Service Bridge to stdout
Options
-h, --help help for manifest
Options inherited from parent commands
--config string Path to the config file to use. Can also be
specified via TCTL_CONFIG env variable. This flag
takes precedence over the env variable.
--debug Print debug messages for all requests and responses
-p, --profile string Use specific profile (default "default")
tctl install manifest cluster-operators
Output the Kubernetes manifests for installing the cluster operators (control plane and data plane) to stdout.
tctl install manifest cluster-operators [flags]
Examples
tctl install manifest cluster-operators --registry <registry-location>
Options
-c, --controlplane string The namespace to deploy the control plane and its operator into. (default "istio-system")
-d, --dataplane string The namespace to deploy the data plane and its operator into. (default "istio-gateway")
--exclude-controlplane Don't render the control plane operator.
--exclude-dataplane Don't render the data plane operator.
-h, --help help for cluster-operators
-r, --registry string The docker registry with the service bridge images
Options inherited from parent commands
--config string Path to the config file to use. Can also be
specified via TCTL_CONFIG env variable. This flag
takes precedence over the env variable.
--debug Print debug messages for all requests and responses
-p, --profile string Use specific profile (default "default")
tctl install manifest control-plane-secrets
Output the Kubernetes manifests for installing the control plane to stdout, including the relevant secrets.
Synopsis
This command provides an easy way to generate correctly formatted secrets for installing the control plane. It should be run as part of installation or upgrade of Service Bridge to ensure the correct secret format for the new version.
Manifests are printed to stdout so that they can be committed to source control or applied directly to a Kubernetes cluster depending on deployment preference.
It automatically generates tokens for the control plane to communicate with the management plane. Therefore, you must be logged into the management plane with the correct permissions to create the tokens. This token generation is safe to run multiple times and does not revoke previously created tokens.
tctl install manifest control-plane-secrets [flags]
Examples
# Output secrets with required flags
tctl install manifest control-plane-secrets \
--elastic-password tsb-elastic-password \
--elastic-username tsb \
--cluster demo
# Output secrets with default values for required flags
tctl install manifest control-plane-secrets -y
# Load overlay custom resource from flag
tctl install manifest control-plane -y -f control-cr.yaml
# Load overlay custom resource from stdin
cat control-cr.yaml | tctl install manifest control-plane -y -f-
# Apply directly to Kubernetes
tctl install manifest control-plane-secrets -y | kubectl apply -f-
Options
-y, --allow-defaults Use default values for required fields that aren't provided. DO NOT USE IN PRODUCTION
--cluster string The name of the cluster on which this control plane will be installed. This is what Service Bridge will refer to the cluster as. [required] (default "default")
--controlplane string The namespace of the control plane (default "istio-system")
-c, --create-cluster Create a cluster object in Service Bridge if it doesn't exist (default true)
--elastic-ca-certificate string The CA certificate to validate Elasticsearch connections when Elasticsearch is configured to present a self-signed certificate.
--elastic-password string The password Service Bridge will use to communicate with Elasticsearch. [required] (default "tsb-elastic-password")
--elastic-username string The username Service Bridge will use to communicate with Elasticsearch. [required] (default "tsb")
-f, --file string The custom resource file describing the control plane.
-h, --help help for control-plane-secrets
--xcp-certs string The kubernetes secret yaml string for the cluster cert used to securely communicate with the management plane. Can be generated from "tctl install cluster-certs".
Options inherited from parent commands
--config string Path to the config file to use. Can also be
specified via TCTL_CONFIG env variable. This flag
takes precedence over the env variable.
--debug Print debug messages for all requests and responses
-p, --profile string Use specific profile (default "default")
tctl install manifest management-plane-operator
Output the Kubernetes manifests for installing the management plane operator to stdout.
tctl install manifest management-plane-operator [flags]
Examples
tctl install manifest management-plane-operator --registry <registry-location>
Options
-h, --help help for management-plane-operator
-m, --managementplane string The namespace to deploy the management plane and its operator into. (default "tsb")
-r, --registry string The docker registry with the service bridge images
Options inherited from parent commands
--config string Path to the config file to use. Can also be
specified via TCTL_CONFIG env variable. This flag
takes precedence over the env variable.
--debug Print debug messages for all requests and responses
-p, --profile string Use specific profile (default "default")
tctl install manifest management-plane-secrets
Output the Kubernetes manifests for installing the management plane to stdout, including the relevant secrets.
Synopsis
This command provides an easy way to generate correctly formatted secrets for installing the management plane. It should be run as part of installation or upgrade of Service Bridge to ensure the correct secret format for the new version.
Manifests are printed to stdout so that they can be committed to source control or applied directly to a Kubernetes cluster depending on deployment preference.
If certificates are not passed to the command, it will automatically generate self-signed certficates using the hostname and organization you provide. It is not recommended to use self-signed certificates in production.
tctl install manifest management-plane-secrets [flags]
Examples
# Output secrets for all required flags
tctl install manifest management-plane-secrets \
--elastic-password tsb-elastic-password \
--elastic-username tsb \
--ldap-bind-dn cn=admin,dc=tetrate,dc=io \
--ldap-bind-password admin \
--postgres-password tsb-postgres-password \
--postgres-username tsb \
--tsb-admin-password admin \
--tsb-server-certificate $(cat foo.cert) \
--tsb-server-key $(cat foo.key)
# Output secrets with default values for required flags
tctl install manifest management-plane-secrets -y
# Load overlay custom resource from flag
tctl install manifest management-plane -y -f management-cr.yaml
# Load overlay custom resource from stdin
cat management-cr.yaml | tctl install manifest management-plane -y -f-
# Apply directly to Kubernetes
tctl install manifest management-plane-secrets -y -f management-cr.yaml | kubectl apply -f-
Options
-y, --allow-defaults Use default values for required fields that aren't provided. DO NOT USE IN PRODUCTION.
--elastic-ca-certificate string The CA certificate to validate Elasticsearch connections when Elasticsearch is configured to present a self-signed certificate.
--elastic-password string The password Service Bridge will use to communicate with Elasticsearch. [required] (default "tsb-elastic-password")
--elastic-username string The username Service Bridge will use to communicate with Elasticsearch. [required] (default "tsb")
-f, --file string The custom resource file describing the management plane.
-h, --help help for management-plane-secrets
--ldap-bind-dn string The DN of the user Service Bridge will use to connect to the LDAP server [required] (default "cn=admin,dc=tetrate,dc=io")
--ldap-bind-password string The password Service Bridge will use to connect to the LDAP server [required] (default "admin")
--ldap-ca-certificate string The CA certificate to validate LDAP connections when LDAP is configured to present a self-signed certificate.
--managementplane string The namespace to deploy the management plane and secrets into. (default "tsb")
--postgres-ca-certificate string The CA certificate to validate Postgres connections when Postgres is configured to present a self-signed certificate.
--postgres-client-certificate string The client certificate that Service Bridge needs to provide to Postgres when Postgres is configured to mutually authenticate.
--postgres-client-key string The client private key that Service Bridge needs to sign requests to Postgres with when Postgres is configured to mutually authenticate.
--postgres-password string The password Service Bridge will use to communicate with Postgres. [required] (default "tsb-postgres-password")
--postgres-username string The username Service Bridge will use to communicate with Postgres. [required] (default "tsb")
--tsb-admin-password string The Service Bridge admin password [required] (default "admin")
--tsb-server-certificate string The certificate for the Service Bridge API server to present. [required]
--tsb-server-key string The private key for the Service Bridge API server to sign requests with. [required]
--tsb-tls-hostname string A comma-separated list of hostnames and IPs for self-signed certificate generation if Service Bridge server certificate/key pair is not provided. (default "demo.tsb.tetrate.io")
--tsb-tls-org string The organization for self-signed certificate generation if Service Bridge server certificate/key pair is not provided. (default "tetrate")
--xcp-certs Automatically install management plane certs for secure communication with control planes. Assumes cert-manager is installed in the management plane cluster.
Options inherited from parent commands
--config string Path to the config file to use. Can also be
specified via TCTL_CONFIG env variable. This flag
takes precedence over the env variable.
--debug Print debug messages for all requests and responses
-p, --profile string Use specific profile (default "default")