The up
command-line provides a suite of tools to configure and interact with Upbound technologies.
The following flags are available for all commands.
Short flag | Long flag | Description |
---|---|---|
-h | --help | Show context-sensitive help. |
--pretty | Pretty print output. | |
-q | --quiet | Suppress all output. |
-v | --version | Print version and exit. |
configuration
The up configuration
command provides management operations for Git-synced configurations on Upbound.
up cfg
is an alias for up configuration
.All up configuration
commands support the following options:
Short flag | Long flag | Description |
---|---|---|
-a | --account=STRING | The username or organization to use for authentication. The default uses the authenticated user from up login . |
--domain=<URL> | The managed control plane domain to connect to. The default is https://upbound.io | |
--insecure-skip-tls-verify | Unsafe - Don’t validate the SSL certificate offered by the remote server. This command isn’t recommended. | |
--profile=<path> | Use a custom Up CLI profile at located at the provided path. The default is ~/.up/config.json |
configuration list
List the configurations in your Upbound accountup configuration list --configuration-name=STRING <name>
.
Examples
- List the configurations associated with an account in Upbound.
up cfg list
NAME TEMPLATE ID PROVIDER REPO BRANCH CREATED AT SYNCED AT
gcp-control-plane-api upbound/configuration-cloudsql github gcp-control-plane-api main 2023-03-27 13:48:12 +0000 UTC 2023-03-29 21:09:13.503641 +0000 UTC
internal-cloud-platform-api upbound/configuration-aws-icp github internal-cloud-platform-api main 2023-03-28 12:52:24 +0000 UTC 2023-04-03 12:35:56.650919 +0000 UTC
my-platform-api upbound/configuration-eks github my-platform-api main 2023-04-03 13:12:11 +0000 UTC 2023-04-03 13:12:28.722019 +0000 UTC
configuration create
Create a Git-synced configuration in Upboundup configuration create --context=STRING --template-id=STRING <name>
.
You can find a list of available templates by up configuration template list
.
Short flag | Long flag | Description |
---|---|---|
--context=STRING | Name of the GitHub account/org | |
--template-id=STRING | Name of the configuration template | |
--private | Create the GitHub repository as private. (Default: false) |
Examples
- Create a configuration in Upbound synced from a public repository from scratch
up cfg create --context=upbound --template-id=upbound/configuration-scratch my-platform-apis
No need to authorize Upbound Github App: already authorized
- Create a configuration in Upbound synced from a private repository from configuration-eks
up cfg create --context=upbound --template-id=upbound/configuration-eks my-platform-apis-2 --private
No need to authorize Upbound Github App: already authorized
context
with the name of your org/account in GitHub.configuration get
Get a Git-synced configuration in Upboundup configuration get <name>
.
You can find a list of available configurations by up configuration list
.
Examples
- Get a reference to a Git-synced configuration in Upbound called
my-platform-apis
up cfg get my-platform-apis
NAME TEMPLATE ID PROVIDER REPO BRANCH CREATED AT SYNCED AT
my-platform-apis upbound/configuration-scratch github my-platform-apis main 2023-04-03 18:25:28 +0000 UTC 2023-04-03 18:25:43.964217 +0000 UTC
configuration delete
Delete a Git-synced configuration in Upbound. This command requires confirmation unless using the --force
option.
up configuration create --context=STRING --template-id=STRING <name>
.
You can find a list of available configurations by up configuration list
.
Short flag | Long flag | Description |
---|---|---|
--force | Force deletion of the configuration. |
Examples
- Delete a configuration in Upbound called
my-platform-apis
up cfg delete my-platform-apis
Are you sure you want to delete this configuration? [y/n]: y
Deleting configuration my-platform-apis. This cannot be undone,
my-platform-apis deleted
- Force-delete a configuration in Upbound called
my-platform-apis-2
up cfg delete my-platform-apis-2 --force
my-platform-apis-2 deleted
configuration template list
List the available Crossplane configurations that are available to create a new Git-synced configuration fromup configuration template list
.
Examples
- List the configuration templates available to create a new Git-synced configuration from
up cfg template list
ID DESCRIPTION REPO
upbound/configuration-rds RDS as a Service github.com/upbound/configuration-rds
upbound/configuration-eks EKS as a Service github.com/upbound/configuration-eks
upbound/configuration-aws-icp AWS Internal Cloud Platform github.com/upbound/configuration-aws-icp
upbound/configuration-cloudsql CloudSQL as a Service github.com/upbound/configuration-cloudsql
upbound/configuration-scratch Scratch github.com/upbound/configuration-scratch
controlplane
The up controlplane
command provides management operations for managed control planes on Upbound. It also has commands for installing providers or configurations on Crossplane control planes generically.
The up
CLI relies on a kubeconfig
file to connect to the target Kubernetes cluster.
up ctp
is an alias for up controlplane
.All up controlplane
commands support the following options:
Short flag | Long flag | Description |
---|---|---|
-a | --account=STRING | The username or organization to use for authentication. The default uses the authenticated user from up login . |
--domain=<URL> | The managed control plane domain to connect to. The default is https://upbound.io | |
--kubeconfig=<path> | Use a custom kubeconfig file located at the given path. The default uses the active kubeconfig . | |
--insecure-skip-tls-verify | Unsafe - Don’t validate the SSL certificate offered by the remote server. This command isn’t recommended. | |
--profile=<path> | Use a custom Up CLI profile at located at the provided path. The default is ~/.up/config.json |
controlplane list
List the managed control planes in your Upbound accountup controlplane list
.
Examples
- List the managed control planes associated with an account.
up ctp list
NAME ID STATUS DEPLOYED CONFIGURATION CONFIGURATION STATUS
first-control-plane b93baazd-a426-4a9b-8c85-c402bb67ba05 ready first-configuration ready
second-control-plane cb1sb6aa-3b22-4c69-a5a8-ae3dd5b5eb80 ready first-configuration ready
third-control-plane f2h88eb1-59e0-4211-96af-f92428a4561f ready second-configuration ready
controlplane create
Create a managed control plane in Upbound and install referenced configuration on itup controlplane create --configuration-name=STRING <name>
.
View available configurations to install on the managed control plane with up configuration list
.
Short flag | Long flag | Description |
---|---|---|
-d | --description=STRING | Provide a text description for the managed control plane |
Examples
- Create a managed control plane and install a configuration called
my-control-plane-api
on it.
up ctp create --configuration-name=my-control-plane-api my-control-plane
my-control-plane created
my-control-plane-api
must first exist and have already been created in your account for this command to succeed.controlplane delete
Delete a managed control plane in Upboundup controlplane delete --configuration-name=STRING <name>
.
View available managed control planes to delete with up controlplane list
.
Examples
- Delete a managed control plane.
up ctp delete my-control-plane
my-control-plane deleted
controlplane get
Get a managed control plane in Upboundup controlplane get <name>
.
View available managed control planes with up controlplane list
.
Examples
- Get a managed control plane called
my-control-plane
.
up ctp get my-control-plane
NAME ID STATUS DEPLOYED CONFIGURATION CONFIGURATION STATUS
my-control-plane 2012c379-5743-4f65-a473-30037861ef6e ready my-configuration ready
controlplane connect
Connect a Kubernetes app cluster outside of Upbound to a managed control plane in Upbound. This command creates an APIService
resource in the Kubernetes app cluster for every claim API in the managed control plane. As a result, the claim APIs are available in the Kubernetes app cluster just like all native Kubernetes API.
up controlplane connect <name> <namespace>
.
Short flag | Long flag | Description |
---|---|---|
--token=STRING | API token used to authenticate. Creates a new robot and a token if a token isn’t provided. | |
--cluster-name=STRING | Name of the cluster connecting to the control plane. Uses the namespace argument if a cluster-name isn’t provided. | |
--kubeconfig=STRING | Override the default kubeconfig path. | |
-n | --installation-namespace="kube-system" | Kubernetes namespace for the Managed Control Plane Connector. Default is kube-system ($MCP_CONNECTOR_NAMESPACE). |
--set=KEY=VALUE;... | Set parameters. | |
-f | --file=FILE | Parameters file. |
--bundle=BUNDLE | Local bundle path. |
Examples
- Connect an app cluster to a managed control plane called
my-control-plane
and connected to a namespacemy-app-ns-1
.
up ctp connect my-control-plane my-app-ns-1
<install MCP Connector>
controlplane configuration install
Install a Crossplane configuration packages into a Kubernetes cluster withup controlplane configuration install <package>
.
View packages installed by up controlplane configuration install
with kubectl get configuration
.
Short flag | Long flag | Description |
---|---|---|
--name=<name> | Manually define a name to apply to the configuration. By default Upbound uses the package name. | |
--package-pull-secrets=<secret>,<secret>... | One or more Kubernetes secrets to use to download the configuration package. Comma-seperate more than one secret. | |
-w | -w --wait=<number><unit> | The amount of time to wait for a package to install and report HEALTHY . If a package isn’t healthy when the wait expires the command returns an error. Go’s ParseDuration defines valid time units. |
--wait
, packages that aren’t HEALTHY
when the wait time expires aren’t removed and continue to install in the background.Examples
- Install the Upbound AWS reference platform.
up ctp configuration install xpkg.upbound.io/upbound/platform-ref-aws
upbound-platform-ref-aws installed
- Install a package and name it
my-package
in Kubernetes.
up ctp configuration install xpkg.upbound.io/upbound/platform-ref-aws --name my-package
my-package installed
controlplane provider install
Install a Crossplane provider packages into a Kubernetes cluster withup controlplane provider install <package>
.
View packages installed by up controlplane provider install
with kubectl get configurations
and kubectl get providers
.
Short flag | Long flag | Description |
---|---|---|
--name=<name> | Manually define a name to apply to the configuration. By default Upbound uses the package name. | |
--package-pull-secrets=<secret>,<secret>... | One or more Kubernetes secrets to use to download the configuration package. Comma-seperate more than one secret. | |
-w | -w --wait=<number><unit> | The amount of time to wait for a package to install and report HEALTHY . If a package isn’t healthy when the wait expires the command returns an error. Go’s ParseDuration defines valid time units. |
--wait
, packages that aren’t HEALTHY
when the wait time expires aren’t removed and continue to install in the background.Examples
- Install the Upbound AWS reference platform.
up ctp configuration install xpkg.upbound.io/upbound/provider-aws
upbound-provider-aws installed
- Install a package and name it
my-package
in Kubernetes.
up ctp configuration install xpkg.upbound.io/upbound/provider-aws --name my-provider
my-provider installed
controlplane pull-secret create
Create a new Kubernetes secret object with
up controlplane pull-secret create
This command creates secrets the same as described in the Kubernetes documentation
on pulling images from private registries
using kubectl create secret
.
View secrets created by up controlplane pull-secret create
with kubectl get secrets
Short flag | Long flag | Description |
---|---|---|
-f | --file=<path> | Path to credentials file. Uses the profile credentials if not specified. |
-n | --namespace=<namespace> | Kubernetes namespace for pull secret ($UPBOUND_NAMESPACE). |
controlplane kubeconfig get
Uses a personal access token to create an entry in the default kubeconfig file for the specified managed control plane.
The --file
flag uses the supplied configuration instead.
An incorrect token or control plane name produces an error and doesn’t change the current context.
up controlplane kubeconfig get --token=STRING
Short flag | Long flag | Description |
---|---|---|
-f | --file=STRING | File to merge kubeconfig. |
--token=STRING | Required token to use in the generated kubeconfig to access the specified managed control plane. Upbound manages this token. |
Examples
- Configure your kubeconfig to connect to
my-control-plane
and grep APIs for Crossplane installed on it
up ctp kubeconfig get --token <my-token> -a my-org my-control-plane
Current context set to upbound-my-org-my-mcp
kubectl api-resources | grep "crossplane.io"
compositeresourcedefinitions xrd,xrds apiextensions.crossplane.io/v1 false CompositeResourceDefinition
compositionrevisions apiextensions.crossplane.io/v1beta1 false CompositionRevision
compositions apiextensions.crossplane.io/v1 false Composition
environmentconfigs apiextensions.crossplane.io/v1alpha1 false EnvironmentConfig
configurationrevisions pkg.crossplane.io/v1 false ConfigurationRevision
configurations pkg.crossplane.io/v1 false Configuration
controllerconfigs pkg.crossplane.io/v1alpha1 false ControllerConfig
locks pkg.crossplane.io/v1beta1 false Lock
providerrevisions pkg.crossplane.io/v1 false ProviderRevision
providers pkg.crossplane.io/v1 false Provider
storeconfigs secrets.crossplane.io/v1alpha1 false StoreConfig
license
The up license
command prints the license of the up
command-line software.
Examples
- Print the license of the up CLI
up license
By using Up, you are accepting to comply with terms and conditions in https://licenses.upbound.io/upbound-software-license.html
login
The up login
command authenticates to Upbound, generates and stores a JSON credentials file locally in ~/.up/config.json
. Commands requiring authentication to Upbound services use the JSON file to authenticate (such as interacting with Upbound or the Marketplace)up login
.
If run without arguments, up login
asks for the username and password from the terminal. View the current authentication status with up organization list
.
Short flag | Long flag | Description |
---|---|---|
-u | --username=STRING | The username to authenticate. Defaults to the value of the environmental variable UP_USER |
-p | --password=STRING | The password to authenticate. Defaults to the value of the environmental variable UP_PASS |
-t | --token=STRING | An Upbound user token to use in place of a username and password |
-a | --account=STRING | Authenticate as a member of an organization. |
Examples
- Login without arguments
up login
Username: my-name
Password:
my-name logged in
- Login with a token
up login -t eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIyYWY2NmFjMi1iY2NhLTRkOWUtODRjNy1kZDJhOTFlNzNjODEiLCJzdWIiOiJ1c2VyfDE0NjMifQ.EEk1Ukei$fkhKKx2yQKeq0pIs3dnjkbOvvjD22_osdKXntGE39G8CsrORO0XT7w300Apw1HW8f21GyGAeO0ilxW6B8efKAqILd0V4-9eAL-VnCK6iLU6wHVt_vP6JwRLyEJrnn7ldYbaz1i4LONZhd5UfsRe4bOztnohkWNsUeIEOnRj_PBntGA5o1VQEyv4kwOS5vp5aVNF9zYWyW7RFKjpmgPdDqLQ_SSKrqmUQPXW4X886lfNWsgtdcTthoo3NEiKPDfrpSh1ZW-4jurGvrgdhfOO2kMRkk-5lZQ0usPYZ62gqTnayjxYP4TCKA7HCKhjoZlX5MS2WlObeTIgA
2af6a653-abcd-4d9e-84c7-dd3a91e73c81 logged in
- Login to an organization
up organization list
NAME ROLE
my_org owner
If not logged in, the command returns an error.
up org list
up: error: permission denied: {"message":"Unauthorized"}
logout
Log out of Upbound services by invalidating the current login token.
Examples
- Log out of Upbound
up logout
my-name logged out
organization
The up organization
commands create and manage organizations on Upbound.
up org
is an alias for up organization
.All up configuration
commands support the following options:
Short flag | Long flag | Description |
---|---|---|
-a | --account=STRING | The username or organization to use for authentication. The default uses the authenticated user from up login . |
--domain=<URL> | The managed control plane domain to connect to. The default is https://upbound.io | |
--insecure-skip-tls-verify | Unsafe - Don’t validate the SSL certificate offered by the remote server. This command isn’t recommended. | |
--profile=<path> | Use a custom Up CLI profile at located at the provided path. The default is ~/.up/config.json |
organization create
Create an organization in Upboundup organization create <name>
.
Examples
- Create an organization called
my-org
in Upbound
up org create my-org
my-org created
organization delete
Delete an organization in Upboundup organization delete <name>
.
Short flag | Long flag | Description |
---|---|---|
--force | Force deletion of the organization. |
Examples
- Delete an organization called
my-org
in Upbound
up org delete my-org
Are you sure you want to delete this organization? [y/n]: y
Deleting organization my-org. This cannot be undone.
my-org deleted
organization list
List the organizations belonged to by the account currently logged inup organization list
.
Examples
- List all organizations belonged to by the user
up org list
ID NAME ROLE
433 my-org owner
organization get
Get an organization in Upboundup organization get <name>
.
Examples
- Get an organization called
my-org
up org get my-org
ID NAME ROLE
433 my-org owner
organization user
The up organization user
commands create and manage users in an organization on Upbound.
All up organization user
commands support the following options:
Short flag | Long flag | Description |
---|---|---|
-a | --account=STRING | The username or organization to use for authentication. The default uses the authenticated user from up login . |
--domain=<URL> | The managed control plane domain to connect to. The default is https://upbound.io | |
--insecure-skip-tls-verify | Unsafe - Don’t validate the SSL certificate offered by the remote server. This command isn’t recommended. | |
--profile=<path> | Use a custom Up CLI profile at located at the provided path. The default is ~/.up/config.json |
organization user invite
Invite a user to an organization on Upboundup organization user invite <org-name> <email>
.
Short flag | Long flag | Description |
---|---|---|
-p | --permission="member" | Role of the user to invite (owner or member). |
Examples
- Invite a user into AcmeCo org on Upbound
up org user invite acmeco idontexist@acmeco.org
idontexist@acmeco.org invited
organization user delete-invite
Delete an invite for a user to an organization on Upboundup organization user delete-invite <org-name> <email>
.
Short flag | Long flag | Description |
---|---|---|
--force | Force deletion of the invite. |
Examples
- Delete an invite for a user to the AcmeCo org on Upbound
up org user delete-invite acmeco idontexist@acmeco.org
Are you sure you want to delete this invite? [y/n]: y
Deleting invite idontexist@acmeco.org. This cannot be undone.
Invitation 517 deleted
organization user list-invite
List the pending invites for an organization on Upboundup organization user list-invites <org-name>
.
Examples
- List the invites for AcmeCo org on Upbound
up org user list-invites acmeco
ID EMAIL PERMISSION
517 idontexist@acmeco.org
organization user list-members
List the members of an organization on Upboundup organization user list-members <org-name>
.
Examples
- List the members of AcmeCo org on Upbound
up org user list-members acmeco
ID NAME PERMISSION
517 Test User owner
518 Test User2 member
organization user remove-members
Remove a members from an organization on Upboundup organization user remove-member <org-name> <user-id>
.
Short flag | Long flag | Description |
---|---|---|
--force | Force deletion of the invite. |
Examples
- Remove a user from an org in Upbound
up org user remove-user acmeco 517
Are you sure you want to remove this member? [y/n]: y
Removing member 517. This cannot be undone.
User 517 removed from acmeco
profile
The up profile
command lets you view and manage up
command-line profiles with up profile commands.
All up profile
commands support the following options:
Short flag | Long flag | Description |
---|---|---|
-a | --account=STRING | The username or organization to use for authentication. The default uses the authenticated user from up login . |
--domain=<URL> | The managed control plane domain to connect to. The default is https://upbound.io | |
--kubeconfig=<path> | Use a custom kubeconfig file located at the given path. The default uses the active kubeconfig . | |
--insecure-skip-tls-verify | Unsafe - Don’t validate the SSL certificate offered by the remote server. This command isn’t recommended. | |
--profile=<path> | Use a custom Up CLI profile at located at the provided path. The default is ~/.up/config.json |
profile current
Get the current Upbound profileup profile current
.
Examples
- Print the current Upbound profile
up profile current
{
"default": {
"id": "my-name",
"type": "user",
"session": "REDACTED",
"account": "my-org",
"base": {
"color": "blue"
}
}
}
profile list
List all configured profiles.up profile list
.
Examples
- Print the available profiles
up profile list
CURRENT NAME TYPE ACCOUNT
* default user my-org
profile use
Select a profile to use for all commands in up
up profile use
.
Examples
- use an Upbound profile called
test
up profile use test
profile view
Prints all configured profiles for up
.up profile view
.
Examples
- view all profiles for
up
up profile view
{
"default": {
"id": "my-name",
"type": "user",
"session": "REDACTED",
"account": "my-org",
"base": {
"color": "blue"
}
}
}
profile config
Settings apply to the current profile in use. Supply a JSON file of settings for bulk changes.up profile config
.
Short flag | Long flag | Description |
---|---|---|
-f | --file = <profile JSON file> | a JSON file of key-value pairs |
Examples
- set a key-value pair
up profile config set color blue
- unset a key-value pair
up profile config unset color
repository
The up repository
command provides management operations for Upbound repository accounts.
up repo
is an alias for up repository
.All up repository
commands support the following options:
Short flag | Long flag | Description |
---|---|---|
-a | --account=STRING | The username or organization to use for authentication. The default uses the authenticated user from up login . |
--domain=<URL> | The managed control plane domain to connect to. The default is https://upbound.io | |
--insecure-skip-tls-verify | Unsafe - Don’t validate the SSL certificate offered by the remote server. This command isn’t recommended. | |
--profile=<path> | Use a custom Up CLI profile at located at the provided path. The default is ~/.up/config.json |
repository create
Create a repository with the given nameup repository create <name>
.
Examples
- Create a repository called
my-repo
up repo create my-repo
acmeco/my-repo created
repository delete
Delete a repository with the given nameup repository delete <name>
.
Short flag | Long flag | Description |
---|---|---|
--force | Force deletion of repository. |
Examples
- Delete a repository called
my-repo
up repo delete my-repo
Are you sure you want to delete this repository? [y/n]: y
Deleting repository acmeco/my-repo. This cannot be undone.
acmeco/my-repo deleted
repository list
List the repositories belonging to this accountup repository list
.
Examples
- List the repositories in Upbound belonging to this account
up repo list
NAME TYPE PUBLIC UPDATED
c934895d-7271-422b-9f50-0c7553962891 configuration false 7d6h
375e8c55-7684-4a4d-9fc4-886ca2d0630a configuration false 6d7h
c7fcd651-d370-4773-b688-da128338b599 configuration false 4d21h
repository get
Get a repository in this accountup repository get
.
Examples
- Get a repository called
my-repo
up repo get my-repo
NAME TYPE PUBLIC UPDATED
my-repo unknown true n/a
robot
The up robot
command provides management operations for robots in Upbound. Robots are identities used for authentication that are independent from a single user and aren’t tied to specific usernames or passwords. Robots have their own authentication credentials and configurable permissions.
All up robot
commands support the following options:
Short flag | Long flag | Description |
---|---|---|
-a | --account=STRING | The username or organization to use for authentication. The default uses the authenticated user from up login . |
--domain=<URL> | The managed control plane domain to connect to. The default is https://upbound.io | |
--insecure-skip-tls-verify | Unsafe - Don’t validate the SSL certificate offered by the remote server. This command isn’t recommended. | |
--profile=<path> | Use a custom Up CLI profile at located at the provided path. The default is ~/.up/config.json |
robot create
Create a robot in your account’s organizationup robot create <name>
.
Short flag | Long flag | Description |
---|---|---|
--description=STRING | Description of robot. |
Examples
- Create a robot called
my-robot
up robot create my-robot
my-org/my-robot created
robot delete
Delete a robot from your account’s organizationup robot delete <name>
.
Examples
- Delete a robot called
my-robot
up robot delete my-robot
Are you sure you want to delete this robot? [y/n]: y
Deleting robot my-org/my-robot. This cannot be undone.
my-org/my-robot deleted
robot list
List the robots in your account’s organizationup robot delete <name>
.
Examples
- List all robots in this account’s organization
up robot list
NAME ID DESCRIPTION CREATED
my-robot 3f76eec5-b7e0-4f6e-aeec-8adbec2c44a6 28m
robot get
Get a robot from your account’s organizationup robot get <name>
.
Examples
- Get a robot called
my-robot
up robot get
NAME ID DESCRIPTION CREATED
my-robot 3f76eec5-b7e0-4f6e-aeec-8adbec2c44a6 28m
robot token
Manage robot authentication tokens for existing robot accounts withup robot token
.
robot token create
Create a robot authentication tokens for an robot accounts withup robot token create --output=STRING <robot-name> <token-name>
.
Examples
- Create a robot token
up robot token create my-robot my-token --output=~/my-robot-token.json
my-org/my-robot/my-token created
cat ~/my-robot-token.json
{"accessId":"a857e667-526a-8424-8dff-d29d3204adae","token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJhODU3ZTY2Ny01MjZhLTQwNDItOGRlMy1kMjlkMzIwNGFkYWUiLCJzdWIiOiJyb2JvdHwzZjc2ZWVjNS1iN2UwLTRmNmUtYWVlYy04YWRiZWMyYzQ0YTYifQ.F00nFGsINl3wrRvI6YQd4AlwevdiZZZeiJFZXi7QxZ3pYEhDjeL0pLw-ln-qyFLQXNX42jw-n0sAlmV6T1IVU9fLjQOaPIiFbhovlf4uNlPL51ih3qwswMC7kgdzCpg3e4l3HngEsHsIhnv_5ipliJXx7Pk7eRfybDQyGM7nodbd5Zk-bOI9MMRJPrwxanlRoPnt3oiUhSBcmHaJh7GbSs_8bCKq1hSK1HK6nj8nHgS2zOI3oe1Xrk1SKnNw2wC_MpPDxpoW9xitMapjzhKdzdl5T3peIrsEW9z2i-Sm1yKFpe80a6wRKNgiK1caxj7gjPVuvEoVop-uKayN9DMViQ"}
robot token delete
Delete a robot authentication tokens from a robot account withup robot token delete <robot-name> <token-name>
.
Short flag | Long flag | Description |
---|---|---|
--force | Force deletion of repository. |
Examples
- Delete a token called
my-token
from a robot calledmy-robot
up robot token delete my-robot my-token
Are you sure you want to delete this robot token? [y/n]: y
Deleting robot token my-org/my-robot/my-token. This cannot be undone.
my-org/my-robot/my-token deleted
robot token list
List the authentication tokens of a robot account withup robot token list <robot-name>
.
Examples
- List the tokens for a robot called
my-robot
up robot token list my-robot
NAME ID CREATED
my-token 1987b8c2-b364-4787-9ce2-39493f3db6ad 3m40s
robot token get
Get an authentication tokens of a robot account withup robot token get <robot-name> <token-name>
.
Examples
- Get a token called
my-token
from a robot calledmy-robot
up robot token get my-robot my-token
NAME ID CREATED
my-token 1987b8c2-b364-4787-9ce2-39493f3db6ad 5m20s
space
The up space
commands allow you to install and manage an Upbound Space on a Kubernetes cluster.
All up space
commands support the following options:
Short flag | Long flag | Description |
---|---|---|
-a | --account=STRING | The username or organization to use for authentication. The default uses the authenticated user from up login . |
--domain=<URL> | The managed control plane domain to connect to. The default is https://upbound.io | |
--insecure-skip-tls-verify | Unsafe - Don’t validate the SSL certificate offered by the remote server. This command isn’t recommended. | |
--profile=<path> | Use a custom Up CLI profile at located at the provided path. The default is ~/.up/config.json |
space init
Initialize an Upbound Spaces deploymentup space init [<version>] --token-file=TOKEN-FILE
.
You must provide the desired version of Spaces to install. You can find a list of available versions in Product Lifecycle. You must provide a token (given to you by Upbound) for the install to proceed.
Short flag | Long flag | Description |
---|---|---|
--token-file=TOKEN-FILE | File containing authentication token. | |
--yes | Answer yes to all questions during the install process. | |
--public-ingress | For AKS, EKS, and GKE, expose ingress publicly | |
--kubeconfig=STRING | Override default kubeconfig path. | |
--set=KEY=VALUE;... | Set parameters. | |
-f | --file=FILE | Parameters file. |
--bundle=BUNDLE | Local bundle path. |
Examples
- Install v1.0.1 of Spaces
up space init "v1.0.1"
- Install v1.0.1 of Spaces and expose public ingress
up space init "v1.0.1" --public-ingress=true
space destroy
Remove the Upbound Spaces deploymentup space destroy
.
Short flag | Long flag | Description |
---|---|---|
--kubeconfig=STRING | Override default kubeconfig path. | |
--set=KEY=VALUE;... | Set parameters. | |
-f | --file=FILE | Parameters file. |
--bundle=BUNDLE | Local bundle path. |
Examples
- Remove an installation of an Upbound Space in a Kubernetes cluster
up space destroy
space upgrade
Upgrade an Upbound Spaces deploymentup space upgrade [<version>] --token-file=TOKEN-FILE
.
You must provide the desired version of Spaces to upgrade to. You can find a list of available versions in Product Lifecycle. You must provide a token (given to you by Upbound) for the install to proceed.
Short flag | Long flag | Description |
---|---|---|
--token-file=TOKEN-FILE | File containing authentication token. | |
--rollback | Rollback to the previous installed version on failed upgrade. | |
--kubeconfig=STRING | Override default kubeconfig path. | |
--set=KEY=VALUE;... | Set parameters. | |
-f | --file=FILE | Parameters file. |
--bundle=BUNDLE | Local bundle path. |
Examples
- Upgrade from a release candidate to v1.0.1
up space upgrade v1.0.1 --token-file=./token.json
space billing
The up space billing
commands manages configuration and fetching of billing data in an Upbound Space.
All up space billing
commands support the following options:
Short flag | Long flag | Description |
---|---|---|
-a | --account=STRING | The username or organization to use for authentication. The default uses the authenticated user from up login . |
--domain=<URL> | The managed control plane domain to connect to. The default is https://upbound.io | |
--insecure-skip-tls-verify | Unsafe - Don’t validate the SSL certificate offered by the remote server. This command isn’t recommended. | |
--profile=<path> | Use a custom Up CLI profile at located at the provided path. The default is ~/.up/config.json |
space billing get
Get a billing report for submission to Upboundup space billing get --provider=PROVIDER --bucket=STRING --account=STRING --billing-month=TIME
.
Supply the storage location for the billing data used to create the report using the optional --provider
, --bucket
, and --endpoint
flags. If these flags are missing, it retrieves values from the Spaces cluster from your kubeconfig. Set --endpoint=""
to use the storage provider’s default endpoint without checking your Spaces cluster for a custom
endpoint.
Supply the credentials other storage provider configuration according to the instructions for each provider below.
AWS S3
Supply configuration by setting these environment variables: AWS_REGION
, AWS_ACCESS_KEY_ID
, and AWS_SECRET_ACCESS_KEY
. For more options, see the documentation at
https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html.
GCP Cloud Storage
Supply credentials by setting the environment variable GOOGLE_APPLICATION_CREDENTIALS
with the location of a credential JSON file. For more options, see the documentation at
https://cloud.google.com/docs/authentication/application-default-credentials.
Azure Blob Storage
Supply configuration by setting these environment variables: AZURE_TENANT_ID
, AZURE_CLIENT_ID
, and AZURE_CLIENT_SECRET
. For more options, see the documentation at
https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication.
Short flag | Long flag | Description |
---|---|---|
--provider=PROVIDER | Storage provider. Must be one of: aws, gcp, azure ($UP_BILLING_PROVIDER). | |
--bucket=STRING | Storage bucket ($UP_BILLING_BUCKET). | |
--endpoint=STRING | Custom storage endpoint ($UP_BILLING_ENDPOINT). | |
--account=STRING | Name of the Upbound account whose billing report is collected ($UP_BILLING_ACCOUNT). | |
--azure-storage-account=STRING | Name of the Azure storage account. Required for –provider=azure ($UP_AZURE_STORAGE_ACCOUNT). | |
--billing-month=TIME | Get a report for a billing period of one calendar month. Format: 2006-01 ($UP_BILLING_MONTH). | |
--billing-custom=BILLING-CUSTOM | Get a report for a custom billing period. Date range is inclusive. Format: 2006-01-02/2006-01-02 ($UP_BILLING_CUSTOM). | |
--force-incomplete | Get a report for an incomplete billing period ($UP_BILLING_FORCE_INCOMPLETE). | |
-o | --out="upbound_billing_report.tgz" | Name of the output file ($UP_BILLING_OUT). |
--token-file=TOKEN-FILE | File containing authentication token. | |
--rollback | Rollback to the previous installed version on failed upgrade. | |
--kubeconfig=STRING | Override default kubeconfig path. | |
--set=KEY=VALUE;... | Set parameters. | |
-f | --file=FILE | Parameters file. |
--bundle=BUNDLE | Local bundle path. |
Examples
- Get the billing data from an AWS bucket for 09/2023.
up space billing get --provider=aws --bucket=my-bucket --account=acmeco --billing-month=2023-09
uxp
The up uxp
commands allow you to install and manage Upbound Universal Crossplane (UXP) on a Kubernetes cluster.
All up uxp
commands support the following options:
Short flag | Long flag | Description |
---|---|---|
-a | --account=STRING | The username or organization to use for authentication. The default uses the authenticated user from up login . |
--domain=<URL> | The managed control plane domain to connect to. The default is https://upbound.io | |
--insecure-skip-tls-verify | Unsafe - Don’t validate the SSL certificate offered by the remote server. This command isn’t recommended. | |
--profile=<path> | Use a custom Up CLI profile at located at the provided path. The default is ~/.up/config.json |
uxp install
Install UXP into a target Kubernetes app clusterup uxp install
.
UXP installs the latest stable release by default. The list of available UXP versions is in the charts.upbound.io/stable listing.
The UXP install guide lists all install-time settings.
Short flag | Long flag | Description |
---|---|---|
--kubeconfig=STRING | Override default kubeconfig path. | |
-n | --namespace="upbound-system" | Kubernetes namespace for UXP ($UXP_NAMESPACE). |
--unstable | Allow installing unstable versions. | |
--set=KEY=VALUE;... | Set parameters. | |
-f | --file=FILE | Parameters file. |
--bundle=BUNDLE | Local bundle path. |
Examples
- Install the latest version of UXP
up uxp install
- Install the latest version of UXP and set the image pull policy
up uxp install --set image.pullPolicy=IfNotPresent
uxp uninstall
Uninstall UXP from a Kubernetes app clusterup uxp uninstall
.
Short flag | Long flag | Description |
---|---|---|
--kubeconfig=STRING | Override default kubeconfig path. | |
-n | --namespace="upbound-system" | Kubernetes namespace for UXP ($UXP_NAMESPACE). |
Examples
- Uninstall UXP
up uxp uninstall
uxp upgrade
UXP upgrades can be from one UXP version to another or from open source Crossplane to a compatible UXP versionup uxp upgrade [<version>]
.
Short flag | Long flag | Description |
---|---|---|
--kubeconfig=STRING | Override default kubeconfig path. | |
-n | --namespace="upbound-system" | Kubernetes namespace for UXP ($UXP_NAMESPACE). |
--rollback | Rollback to the last installed version on a failed upgrade. | |
--force | Force upgrade even if versions are incompatible. | |
--set=KEY=VALUE;... | Set parameters. | |
-f | --file=FILE | Parameters file. |
--bundle=BUNDLE | Local bundle path. |
Examples
- Upgrade to UXP version v1.7.0-up.1
up uxp upgrade v1.7.0-up.1
- Upgrade Crossplane to UXP
up uxp upgrade v1.7.0-up.1 -n crossplane-system
xpkg
The up xpkg
commands create and interact with Crossplane Packages. Packages are a set of YAML configuration files packaged as a single OCI container image. Read the Creating and Pushing Packages section for information on building and pushing packages to the Upbound Marketplace.
All up xpkg
commands support the following options:
Short flag | Long flag | Description |
---|---|---|
-a | --account=STRING | The username or organization to use for authentication. The default uses the authenticated user from up login . |
--domain=<URL> | The managed control plane domain to connect to. The default is https://upbound.io | |
--insecure-skip-tls-verify | Unsafe - Don’t validate the SSL certificate offered by the remote server. This command isn’t recommended. | |
--profile=<path> | Use a custom Up CLI profile at located at the provided path. The default is ~/.up/config.json |
xpkg build
Build an OCI-compliant image of a set of configuration files. Use this image to create a specific Crossplane control-plane or Provider.
up xpkg build
.
The up xpkg build command supports two different image types:
- Configuration - Configuration images consist of Custom Resource Definitions, Compositions and package metadata which define a custom control-plane.
- Provider - An image consisting of a provider controller and all related Custom Resource Definitions. The Crossplane crossplane-contrib repository contains the packages used for open source Crossplane Providers. For example, the image contents for provider-aws.
Short flag | Long flag | Description |
---|---|---|
--name=STRING | [DEPRECATED: use –output] Name of the package to build. Uses name in crossplane.yaml if not specified. Doesn’t correspond to package tag. | |
-o | --output=STRING | Path for package output. |
--controller=STRING | Controller image used as base for package. | |
-f | --package-root="." | Path to package directory. |
-e | --examples-root="./examples" | Path to package examples directory. |
-a | --auth-ext="auth.yaml" | Path to an authentication extension file. |
-f | --ignore=IGNORE,... | Paths, specified relative to –package-root, to exclude from the package. |
Examples
- Create a Crossplane configuration package
up xpkg build -o my_control_plane.xpkg
xpkg saved to my_control_plane.xpkg
- Create a Crossplane provider package
up xpkg build \
--controller my_controller-amd64 \
--package-root ./package \
--examples-root ./examples \
--output ./my_provider.xpkg
xpkg saved to my_provider.xpkg
xpkg init
Use a wizard to generate a crossplane.yaml
file for a configuration or provider withup xpkg init
.
Short flag | Long flag | Description |
---|---|---|
-p | --package-root="." | Path to directory to write new package. |
-t | --type="configuration" | Package type to initialize. |
Examples
- Generate a configuration package file
up xpkg init
Package name: my_configuration
What version contraints of Crossplane will this package be compatible with? [e.g. v1.0.0, >=v1.0.0-0, etc.]: >=v1.8.0-0
Add dependencies? [y/n]: y
Provider URI [e.g. crossplane/provider-aws]: xpkg.upbound.io/crossplane/provider-aws
Version constraints [e.g. 1.0.0, >=1.0.0-0, etc.]: >=v0.24.1
Done? [y/n]: y
xpkg initialized at /home/user/crossplane.yaml
# Looking at contents
cat crossplane.yaml
apiVersion: meta.pkg.crossplane.io/v1
kind: Configuration
metadata:
name: my_configuration
spec:
crossplane:
version: '>=v1.8.0-0'
dependsOn:
- provider: xpkg.upbound.io/crossplane/provider-aws
version: '>=v0.24.1'
- Generate a provider package file
up xpkg init -t provider -p provider-init/
Package name: my-provider
What version contraints of Crossplane will this package be compatible with? [e.g. v1.0.0, >=v1.0.0-0, etc.]: >=1.9.0-0
Controller image: my-controller
xpkg initialized at /home/user/provider-init/crossplane.yaml
# Looking at contents
cat /home/vagrant/provider-init/crossplane.yaml
apiVersion: meta.pkg.crossplane.io/v1
kind: Provider
metadata:
name: my-provider
spec:
controller:
image: my-controller
crossplane:
version: '>=1.9.0-0'
xpkg dep
Download the dependencies of a package for the Crossplane Language Server withup xpkg dep [<package>]
.
Short flag | Long flag | Description |
---|---|---|
-d | --cache-dir | The location of the cache directory. Defaults to ~/.up/cache/ |
-c | --clean-cache | Removes all files in the cache directory. |
Examples
- Download and cache the dependency files for an example Configuration package.
up xpkg dep
Dependencies added to xpkg cache:
- crossplane/provider-aws (v0.32.0)
xpkg push
Publish images created by up xpkg build to the Upbound Marketplace withup xpkg push <tag>
.
Short flag | Long flag | Description |
---|---|---|
-f | --package=PACKAGE,... | Path to packages. Uses the current directory if not specified. |
--create | Create repository on push if it doesn’t exist. |
Example
- Push a package called
getting-started.xpkg
to the test repository inside theupbound-docs organization
. Mark it as versionv0.2
.
up xpkg push upbound-docs/test:v0.2 -f getting-started.xpkg
xpkg pushed to upbound-docs/test:v0.2
To push to other repositories, besides the Upbound marketplace, like Docker Hub, provide the full URL of the image registry.
For example, to push a package to index.docker.io
:
up xpkg push index.docker.io/dockeruser/test:v0.2 -f getting-started.xpkg
xpkg pushed to index.docker.io/dockeruser/test:v0.2
<!-- vale Upbound.Spelling = NO -->
<!-- ignore xpls -->
## xpls
The `up xpls` starts the xpls language server.
<!-- vale Upbound.Spelling = NO -->
<!-- ignore xpls -->
### xpls serve
<!-- vale Upbound.Spelling = YES -->
run a server for Crossplane definitions using the Language Server Protocol with
`up xpls serve`.
Short flag
Long flag
Description
--cache="~/.up/cache"
Directory path for dependency schema cache.
**Examples**
<!-- vale Upbound.Spelling = NO -->
<!-- ignore xpls -->
* Start xpls
<!-- vale Upbound.Spelling = YES -->
```shell {copy-lines="1"}
up xpls serve
install-completions
Install shell completions with up install-completions
. You can uninstall shell completions via up install-completions --uninstall
.
alpha
Options under the up alpha
command are “alpha” features and may change in the future.
Upbound uses up alpha
to try out new features or test new platform behaviors.
alpha xpkg xp-extract
Extract package contents into a Crossplane cache compatible format. Fetches from a remote registry by defaultup alpha xpkg xp-extract
Short flag | Long flag | Description |
---|---|---|
--from-daemon | Fetch the image from the Docker daemon. | |
--from-xpkg | Fetch the image from a local xpkg. If package isn’t specified the command uses the current directory. | |
-o | --output="out.gz" | Package output path. Extension must be .gz . |