$ roxctl central [command] [flags]
Commands related to the Central service.
$ roxctl central [command] [flags]
Command | Description |
---|---|
|
Create a backup of the Red Hat Advanced Cluster Security for Kubernetes (RHACS) database and the certificates. |
|
Download the certificate chain for the Central service. |
|
Control the database operations. |
|
Debug the Central service. |
|
Generate the required YAML configuration files containing the orchestrator objects for the deployment of Central. |
|
Initialize bundles for Central. |
|
Log in to the Central instance to obtain a token. |
|
Manage the user certificate authorization providers. |
|
Display information about the current user and their authentication method. |
The roxctl central
command supports the following options inherited from the parent roxctl
command:
Option | Description |
---|---|
|
Specify a custom CA certificate file path for secure connections. Alternatively, you can specify the file path by using the |
|
Set |
|
Set the endpoint for the service to contact. Alternatively, you can set the endpoint by using the |
|
Force the use of HTTP/1 for all connections. Alternatively, by setting the |
|
enable insecure connection options. Alternatively, by setting the |
|
Skip the TLS certificate validation. Alternatively, by setting the |
|
Disable the color output. Alternatively, by setting the |
|
Specify the password for basic authentication. Alternatively, you can set the password by using the |
|
Use an unencrypted connection. Alternatively, by setting the |
|
Set the TLS server name to use for SNI. Alternatively, you can set the server name by using the |
|
Use the API token provided in the specified file for authentication. Alternatively, you can set the token by using the |
These options are applicable to all the sub-commands of the |
Create a backup of the RHACS database and certificates.
$ roxctl central backup [flags]
Option | Description |
---|---|
|
Specify to only back up the certificates. When using an external database, this option is used to generate a backup bundle with certificates. The default value is |
|
Specify where you want to save the backup. The behavior depends on the specified path:
|
|
Specify the timeout for API requests. It represents the maximum duration of a request. The default value is |
Download the certificate chain for the Central service.
$ roxctl central cert [flags]
Option | Description |
---|---|
|
Specify the file name to which you want to save the PeM certificate. You can generate a standard output by using |
|
Specify the timeout after which API requests are retried. A value of zero means that the entire request duration is waited for without retrying. The default value is |
|
Specify the timeout for API requests representing the maximum duration of a request. The default value is |
Login to the Central instance to obtain a token.
$ roxctl central login [flags]
Option | Description |
---|---|
|
Specify the timeout for API requests representing the maximum duration of a request. The default value is |
Display information about the current user and their authentication method.
$ roxctl central whoami [flags]
Option | Description |
---|---|
|
Specify the timeout after which API requests are retried. A value of zero means that the entire request duration is waited for without retrying. The default value is |
|
Specify the timeout for API requests representing the maximum duration of a request. The default value is |
Control the database operations.
$ roxctl central db [flags]
Option | Description |
---|---|
|
Specify the timeout for API requests representing the maximum duration of a request. The default value is |
Restore the RHACS database from a previous backup.
$ roxctl central db restore <file> [flags] (1)
1 | For <file> , specify the database backup file that you want to restore. |
Option | Description |
---|---|
|
If set to |
|
If set to |
Generate a Central database bundle.
$ roxctl central db generate [flags]
Option | Description |
---|---|
|
If set to |
|
Specify the path to the Helm templates in your local file system. For more details, run the |
|
If set to |
Generate Kubernetes YAML files for deploying Central’s database components.
$ roxctl central db generate k8s [flags]
Option | Description |
---|---|
|
Specify the Central database image that you want to use. If not specified, a default value corresponding to the |
|
Specify the default settings for container images. It controls the repositories from which the images are downloaded, the image names and the format of the tags. The default value is |
|
Specify the directory to which you want to save the deployment bundle. The default value is |
Cancel the ongoing Central database restore process.
$ roxctl central db restore cancel [flags]
Option | Description |
---|---|
|
If set to |
Display information about the ongoing database restore process.
$ roxctl central db restore status [flags]
Generate Kubernetes YAML files for persistent volume claims (PVCs) in Central.
$ roxctl central db generate k8s pvc [flags]
Option | Description |
---|---|
|
Specify the external volume name for the Central database. The default value is |
|
Specify the external volume size in gigabytes for the Central database. The default value is |
|
Specify the storage class name for the Central database. This is optional if you have a default storage class configured. |
Generate an OpenShift YAML manifest for deploying a Central database instance on a Red Hat OpenShift cluster.
$ roxctl central db generate openshift [flags]
Option | Description |
---|---|
|
Specify the Central database image that you want to use. If not specified, a default value corresponding to the |
|
Specify the default settings for container images. It controls the repositories from which the images are downloaded, the image names and the format of the tags. The default value is |
|
Specify the Red Hat OpenShift major version 3 or 4 for the deployment. The default value is |
|
Specify the directory to which you want to save the deployment bundle. The default value is |
Generate a Kubernetes YAML manifest for a database deployment with a hostpath volume type in Central.
$ roxctl central db generate k8s hostpath [flags]
Option | Description |
---|---|
|
Specify the path on the host. The default value is |
|
Specify the node selector key. Valid values include |
|
Specify the node selector value. |
Generate an OpenShift YAML manifest for a database deployment with a persistent volume claim (PVC) in Central.
$ roxctl central db generate openshift pvc [flags]
Option | Description |
---|---|
--name string |
Specify the external volume name for the Central database. The default value is |
--size uint32 |
Specify the external volume size in gigabytes for the Central database. The default value is |
--storage-class string |
Specify the storage class name for the Central database. This is optional if you have a default storage class configured. |
Add a hostpath external volume to the Central database.
$ roxctl central db generate openshift hostpath [flags]
Option | Description |
---|---|
|
Specify the path on the host. The default value is |
|
Specify the node selector key. Valid values include |
|
Specify the node selector value. |
Debug the Central service.
$ roxctl central debug [flags]
Control the debugging of the database.
$ roxctl central debug db [flags]
Option | Description |
---|---|
|
Specify the timeout for API requests representing the maximum duration of a request. The default value is |
Retrieve the current log level.
$ roxctl central debug log [flags]
Option | Description |
---|---|
|
Specify the log level to which you want to set the modules. Valid values include |
|
Specify the modules to which you want to apply the command. |
|
Specify the timeout after which API requests are retried. A value of zero means that the entire request duration is waited for without retrying. The default value is |
|
Specify the timeout for API requests, which is the maximum duration of a request. The default value is |
Download a bundle containing the debug information for Central.
$ roxctl central debug dump [flags]
Option | Description |
---|---|
|
If set to |
|
Specify the output directory for the bundle content. The default value is an automatically generated directory name within the current directory. |
|
Specify the timeout for API requests, which is the maximum duration of a request. The default value is |
Control the statistics of the Central database.
$ roxctl central debug db stats [flags]
enable or disable authorization tracing in Central for debugging purposes.
$ roxctl central debug authz-trace [flags]
Option | Description |
---|---|
|
Specify the timeout for API requests representing the maximum duration of a request. The default value is |
Reset the statistics of the Central database.
$ roxctl central debug db stats reset [flags]
Download a bundle containing a snapshot of diagnostic information about the platform.
$ roxctl central debug download-diagnostics [flags]
Option | Description |
---|---|
|
Specify a comma-separated list of the Sensor clusters from which you want to collect the logs. |
|
Specify the output directory in which you want to save the diagnostic bundle. |
|
Specify the timestamp from which you want to collect the logs from the Sensor clusters. |
|
Specify the timeout for API requests, which specifies the maximum duration of a request. The default value is |
Generate the required YAML configuration files that contain the orchestrator objects to deploy Central.
$ roxctl central generate [flags]
Option | Description |
---|---|
|
Specify the path to the backup bundle from which you want to restore the keys and certificates. |
|
If set to |
|
Specify the path to Helm templates on your local file system. For more details, run the |
|
Specify the PeM certificate bundle file that you want to use as the default. |
|
Specify the PeM private key file that you want to use as the default. |
|
If set to |
|
Specify the administrator password. The default value is automatically generated. |
|
Specify the ports or endpoints you want to use for unencrypted exposure as a comma-separated list. |
Generate the required YAML configuration files to deploy Central into a Kubernetes cluster.
$ roxctl central generate k8s [flags]
Option | Description |
---|---|
|
Specify the Central database image you want to use. If not specified, a default value corresponding to the |
|
Specify a list of configuration maps that you want to add as declarative configuration mounts in Central. |
|
Specify a list of secrets that you want to add as declarative configuration mounts in Central. |
|
Specify whether you want to enable telemetry. The default value is |
|
Specify the default settings for container images. The specified settings control the repositories from which the images are downloaded, the image names and the format of the tags. The default value is |
|
Generate deployment files that support the specified Istio version. Valid values include |
|
Specify the method in which you want to suspend Central. Valid values include |
|
Specify the main image that you want to use. If not specified, a default value corresponding to the |
|
Specify whether you want to run RHACS in offline mode, avoiding a connection to the Internet. The default value is |
|
Specify the directory to which you want to save the deployment bundle. The default value is |
|
Specify the deployment tool that you want to use. Valid values include |
|
Specify the Scanner database image that you want to use. If not specified, a default value corresponding to the |
|
Specify the Scanner image that you want to use. If not specified, a default value corresponding to the `--image-defaults" is used. |
Generate Kubernetes YAML files for persistent volume claims (PVCs) in Central.
$ roxctl central generate k8s pvc [flags]
Option | Description |
---|---|
|
Specify the external volume name for the Central database. The default value is |
|
Specify the external volume size in gigabytes for the Central database. The default value is |
|
Specify the storage class name for the Central database. This is optional if you have a default storage class configured. |
|
Specify the external volume name for Central. The default value is |
|
Specify the external volume size in gigabytes for Central. The default value is |
|
Specify the storage class name for Central. This is optional if you have a default storage class configured. |
Generate the required YAML configuration files to deploy Central in a Red Hat OpenShift cluster.
$ roxctl central generate openshift [flags]
Option | Description |
---|---|
|
Specify the Central database image that you want to use. If not specified, a default value is created corresponding to the |
|
Specify a list of configuration maps that you want to add as declarative configuration mounts in Central. |
|
Specify a list of secrets that you want to add as declarative configuration mounts in Central. |
|
Specify whether you want to enable telemetry. The default value is |
|
Specify the default settings for container images. It controls the repositories from which the images are downloaded, the image names and the format of the tags. The default value is |
|
Generate deployment files that support the specified Istio version. Valid values include |
|
Specify the method of exposing Central. Valid values include |
|
Specify the main image that you want to use. If not specified, a default value corresponding to |
|
Specify whether you want to run RHACS in offline mode, avoiding a connection to the Internet. The default value is |
|
Specify integration with Red Hat OpenShift 4 monitoring. The default value is |
|
Specify the Red Hat OpenShift major version 3 or 4 for the deployment. |
|
Specify the directory to which you want to save the deployment bundle. The default value is |
|
Specify the deployment tool that you want to use. Valid values include |
|
Specify the Scanner database image that you want to use. If not specified, a default value corresponding to the |
|
Specify the Scanner image that you want to use. If not specified, a default value corresponding to |
Generate interactive resources in Central.
$ roxctl central generate interactive [flags]
Generate a Kubernetes YAML manifest for deploying a Central instance by using the hostpath volume type.
$ roxctl central generate k8s hostpath [flags]
Option | Description |
---|---|
|
Specify the path on the host for the Central database. The default value is |
|
Specify the node selector key for the Central database. Valid values include |
|
Specify the node selector value for the Central database. |
|
Specify the path on the host. The default value is |
|
Specify the node selector key. Valid values include |
|
Specify the node selector value. |
Generate a OpenShift YAML manifest for deploying a persistent volume claim (PVC) in Central.
$ roxctl central generate openshift pvc [flags]
Option | Description |
---|---|
|
Specify the external volume name for the Central database. The default value is |
|
Specify the external volume size in gigabytes for the Central database. The default value is |
|
Specify the storage class name for the Central database. This is optional if you have a default storage class configured. |
|
Specify the external volume name for Central. The default value is |
|
Specify the external volume size in gigabytes for Central. The default value is |
|
Specify the storage class name for Central. This is optional if you have a default storage class configured. |
Add a hostpath external volume to the deployment definition in Red Hat OpenShift.
$ roxctl central generate openshift hostpath [flags]
Option | Description |
---|---|
|
Specify the path on the host for the Central database. The default value is |
|
Specify the node selector key. Valid values include |
|
Specify the node selector value for the Central database. |
|
Specify the path on the host. The default value is |
|
Specify the node selector key. Valid values include |
|
Specify the node selector value. |
Initialize bundles in Central.
$ roxctl central init-bundles [flag]
Option | Description |
---|---|
|
Specify the timeout after which API requests are retried. A value of |
|
Specify the timeout for API requests representing the maximum duration of a request. The default value is |
List the available initialization bundles in Central.
$ roxctl central init-bundles list [flags]
Revoke one or more cluster initialization bundles in Central.
$ roxctl central init-bundles revoke <init_bundle_ID or name> [<init_bundle_ID or name> ...] [flags] (1)
1 | For <init_bundle_ID or name> , specify the ID or the name of the initialization bundle that you want to revoke. You can provide multiple IDs or names separated by using spaces. |
Fetch the certificate authority (CA) bundle from Central.
$ roxctl central init-bundles fetch-ca [flags]
Option | Description |
---|---|
|
Specify the file that you want to use for storing the CA configuration. |
Generate a new cluster initialization bundle.
$ roxctl central init-bundles generate <init_bundle_name> [flags] (1)
1 | For <init_bundle_name> , specify the name for the initialization bundle you want to generate. |
Option | Description |
---|---|
|
Specify the file you want to use for storing the newly generated initialization bundle in the Helm configuration form. You can generate a standard output by using |
|
Specify the file that you want to use for storing the newly generated initialization bundle in Kubernetes secret form. You can generate a standard by using |
Manage the user certificate authorization providers.
$ roxctl central userpki [flags]
Display all the user certificate authentication providers.
$ roxctl central userpki list [flags]
Option | Description |
---|---|
|
enable the JSON output. The default value is |
|
Specify the timeout after which API requests are retried. A value of zero means that the entire request duration is waited for without retrying. The default value is |
|
Specify the timeout for API requests representing the maximum duration of a request. The default value is |
Create a new user certificate authentication provider.
$ roxctl central userpki create name [flags]
Option | Description |
---|---|
|
Specify the PeM files of the root CA certificates. You can specify several certificate files. |
|
Specify the timeout after which API requests are retried. A value of zero means that the entire request duration is waited for without retrying. The default value is |
|
Specify the minimum access role for users of this provider. |
|
Specify the timeout for API requests representing the maximum duration of a request. The default value is |
Delete a user certificate authentication provider.
$ roxctl central userpki delete id|name [flags]
Option | Description |
---|---|
|
If set to |
|
Specify the timeout after which API requests are retried. A value of zero means that the entire request duration is waited for without retrying. The default value is |
|
Specify the timeout for API requests representing the maximum duration of a request. The default value is |