Product Docs
Open Source
Education
Install Chainguard into the current kubernetes context.
chainctl clusters install [--name NAME] [--description DESCRIPTION] [--group GROUP_NAME|GROUP_ID | --invite-code INVITE_CODE | --skip-invite | --managed={eks,gke} --cluster=CLUSTER_NAME | --private]
# Install Chainguard on a GKE cluster using a managed agent, and linking it # under GROUP_ID in the Chainguard resource hierarchy. chainctl cluster install --group=GROUP_ID --managed=gke --cluster=gke_project-id_us-central1_cluster-name # Install or Update the chainguard agent on a cluster. chainctl cluster install --skip-invite # Install or Update the chainguard agent on a cluster with private API endpoint chainctl cluster install --private # Install the Chainguard agent with an explicit invite code. chainctl cluster install --invite-code=INVITE_CODE # Install the Chainguard agent using a temporary invite code under the group # with ID "GROUP_ID". chainctl cluster install --group=GROUP_ID # Install the Chainguard agent enabling a fail open policy mode. chainctl cluster install --opt=webhook_fail_open=true # Install the Chainguard agent using a temporary invite code under a group # determined via an interactive prompt. chainctl cluster install
--context string Indicates the name of the context (in kubectl) to be connect to Chainguard. -d, --description string The description of the resource. --gcp-serviceaccount-file string The path to a GCP service account JSON key file. --group string The group under which to create a temporary invite code and install the cluster. -h, --help help for install --invite-code string An invite code to use for joining this cluster into the IAM hierarchy. --managed string Indicates the cluster's agent should be managed by Chainguard. The value indicates the provider of the cluster, e.g. gke -n, --name string Given name of the resource. --opt strings extra key=value pairs to define enforcer profile options --private Kubernetes API endpoint isn't publicly accessible. Cannot be used with managed clusters. --profiles stringArray The names of Chainguard profiles to install into the cluster. --skip-invite When specified we perform installation without an invite code.
--api string The url of the Chainguard platform API. (default "https://console-api.enforce.dev") --audience string The Chainguard token audience to request. (default "https://console-api.enforce.dev") --config string A specific chainctl config file. --console string The url of the Chainguard platform Console. (default "https://console.enforce.dev") --issuer string The url of the Chainguard STS endpoint. (default "https://issuer.enforce.dev") -o, --output string Output format. One of: ["", "table", "tree", "json", "id", "wide"] --timestamp-authority string The url of the Chainguard Timestamp Authority endpoint. (default "https://tsa.enforce.dev") -v, --v int Set the log verbosity level.