Skip to main content

astroctl_cloud_gcp_selfHosted

astroctl cloud gcp selfHosted

Self-hosted cluster prerequisite management

Synopsis

Manage prerequisites for self-hosted (vanilla Kubernetes) clusters on GCP.

Credentials are stored in the platform's encrypted vault — never in cluster YAML.

Workflows: Fully automated (recommended): setup → creates service account, roles, APIs, GCS bucket via gcloud → auto-stores SA key in vault (no manual copy needed) apply → cluster YAML uses credentials.type: vault

Bring your own credentials (BYOC): connect → validates your SA key + stores in vault apply → cluster YAML uses credentials.type: vault

Commands: setup Deploy prerequisites + auto-store credentials in vault connect Validate your own SA key and store in vault disconnect Revoke stored credentials from vault (keeps infra) validate Pre-flight validation only (no storage) cleanup Remove GCP resources + purge vault credentials

Examples

  # Fully automated: setup creates everything + stores creds in vault
  astroctl cloud gcp selfHosted setup --project-id my-proj --region us-central1

  # Bring your own credentials: connect stores your SA key in vault
  astroctl cloud gcp selfHosted connect --project-id my-proj --region us-central1 \
      --credentials /path/to/key.json --bucket my-bucket --cluster-name prod

  # Rotate credentials
  astroctl cloud gcp selfHosted disconnect --cluster-name prod
  astroctl cloud gcp selfHosted connect --project-id my-proj ...

  # Cleanup everything
  astroctl cloud gcp selfHosted cleanup --project-id my-proj

Options

  -h, --help   help for selfHosted

Options inherited from parent commands

  -o, --output string   Output format (json|yaml) (default "yaml")

SEE ALSO