CLI Manual
- 13 May 2024
- 4 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
CLI Manual
- Updated on 13 May 2024
- 4 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The Greymatter CLI provides commands to interact with the Greymatter system such as listing objects, initializing projects, and syncing configurations.
Use the help flag during terminal sessions to view the help contents:
greymatter --helpThe CLI exposes its functionality through subcommands.
greymatter <subcommand> --helpCLI Configuration
The CLI requires some configuration to function properly, especially for the sync command.
It accepts configuration in this order with the higher methods overriding values below them:
Command line flags
Environment variables
Configuration file
The default location of the config is ~/.config/greymatter/config.toml. This can be overridden with the --config command line flag.
Global Flags
Global flags must come before any subcommand.
Command | Description |
|---|---|
-c, --config=”$HOME/.config/greymatter/config.toml” | Path to config file Environment Variable: GREYMATTER_CONFIG |
--log-level=”info” | Sets the log level, one of (debug, info, warning, error). |
--base64-config | base64 encoded TOML config file |
--api | Required for non-init commands. A fully qualified URL for the control API |
--catalog | Required for non-init commands. A fully qualified URL for the catalog API |
--help, -h | Shows the help page |
-v, --version | Print the version of the CLI. |
Subcommands
Init
The init subcommand allows for the generation of GSL projects and services.
The base init command instantiates a new GSL project. A GSL project comes bundled with resources such as starter Kubert's services will run. For example, if the project contains configurations for the “dashboard” tenant project, and that project's services are expected to run in the “dashboard” namespace, then the project name should be “dashboard”.
The containing folder name does not matter but should probably match the namespace for consistency.
Usage
greymatter init [options] <project name>Command | Description |
|---|---|
--api="http://controlensemble.greymatter.svc.cluster.local:5555" | The URL for the greymatter Control API of your targeted mesh. |
--branch="main" | The remote repository branch to checkout when using the greymatter sync service. |
--catalog="http://catalog.greymatter.svc.cluster.local:8080" | The URL for the greymatter Catalog API of your targeted mesh. |
--dir | The directory where the command creates the project. Defaults to the current directory. |
example | Initialize a working example GSL project. |
r, git-remote="" | The git remote repository watched by Sync [GREYMATTER_GIT_REMOTE]. |
--image="greymatter.jfrog.io/oci/greymatter-cli:[current-release]" | The container image for Sync. Refer to the release details to ensure you reference the appropriate CLI version for your deployment. |
--image-pull-secret="greymatter-image-pull" | The Kubernetes image pull secret that is utilized by the greymatter sync service. |
-i, --insecure | Enabling this flag removes all TLS/mTLS configuration from the outputted services. The default behavior of a greymatter.io service is 'secure'. |
--name="greymatter-sync | The value used for the sync service StatefulSet's pod label. |
--redis-addr="greymatter-datastore.greymatter.svc.cluster.local:6379" | The remote Redis connection address of your in-cluster greymatter Redis instance. [GREYMATTER_REDIS_ADDR]. |
--redis-db=0 | The remote Redis DB selector of your in-cluster Redis instance. [GREYMATTER_REDIS_DB]. |
--redis-passphrase="" | The remote Redis password required for connection to your in-cluster Redis instance. [GREYMATTER_REDIS_PASSWORD]. |
--redis-username="" | The remote Redis username required for connection to your in-cluster Redis instance. [GREYMATTER_REDIS_USERNAME] |
--spire | Enables spire based connections throughout the new GSL project. |
--sync-secret="greymatter-admin-sync" | The Kubernetes secret that hosts an SSH private which is utilized by the greymatter sync service. |
-h, --help | Display help page. |
Init Service
Initializes a new GSL service by generating a new GSL service file. This must be done from within a previously initialized GSL project. A GSL service holds all configuration for a single deployed service. The service name argument must match the name of the Kubernetes workload for which the GSL should apply to.
Usage
greymatter init service [options] <service name>Command | Description |
|---|---|
-t , --type=”” | The main type of the service. Used to control service-level options and the main listener. Possible values: [http, tcp, lambda, mongo, redis, udp] |
-p, --port=443 | Port of the service. The main listener on the data plane proxy will forward traffic to this port. |
-d, --dir=”” | The output directory where your service file will be created. The directory must exist. If this is not specified, the CLI writes the file to the current working directory. |
-n, --namespace="" | The namespace the generated service will get deployed into. Must match the project name. |
-i, --insecure | Generates a service configuration without any TLS configuration. |
--spire | Includes Spire mTLS configurations for all default listeners. |
--help, -h | Shows the help page. |
Init Bridge
Writes GSL configurations and a Kubernetes manifest for a new Greymatter failover proxy bridge to disk. This must be done from within a GSL project. A failover proxy bridge enables traffic to shift to a different regional cluster in the event of a service failure.
Command | Description |
|---|---|
-d, --dir=”” | The root of a greymatter project. Will create the bridge file in the greymatter core folder. |
-n, --namespace="" | The namespace the generated service will get deployed into. Must match the project name. |
-i, --insecure | Generates a service configuration without any TLS configuration. |
--spire | Includes Spire mTLS configurations for all default listeners. |
--help, -h | Shows the help page. |
Init Sync
Sync
In addition to interactive use, the CLI supports a continuous sync mode for performing GitOps using the sync subcommand.
To learn more about the Greymatter Sync Environment Vars, read this article.
To learn more about the Greymatter GitOps pipeline, read this article.
Usage
greymatter [options] sync Command | Environment Variable | Description | |
|---|---|---|---|
--branch="" | Required | GREYMATTER_GIT_BRANCH | The branch of the remote to sync with. |
--dry-run | Evaluates the GSL project without submitting the configuration to the mesh. | ||
-F, --forever | Required | Configures Sync to run forever. | |
-g, --git | Required | Configures Sync to use Git. | |
-d, --git-dir="gm_sync_checkout” | Configures the path to write cloned project to. The default likely shouldn’t need to change. | ||
-P, --git-password="" | GREYMATTER_GIT_PASSWORD | Password for cloning over HTTP. | |
-R, --git-remote=”” | Required | GREYMATTER_GIT_REMOTE | URL of the Git remote repository to clone, for example, git@github.com:your-org/tenat-project. |
--git-remote-ca=”” | GREYMATTER_GIT_REMOTE_CA | Path to a CA certificate bundle used to validate the remote Git repository | |
--git-tls-skip-verify | GREYMATTER_GIT_TLS_SKIP_VERIFY | If present, Sync will skip the verification of the remote Git repository’s certificate. | |
-U, --git-user="" | GREYMATTER_GIT_USER | Username for Git authentication over HTTP | |
-i, --interval=1 | GREYMATTER_SYNC_INTERVAL | The rate Sync will poll the Git repository in seconds if configured in --forever mode. | |
--redis-addr=”” | Required | GREYMATTER_REDIS_ADDR | Network address of the Greymatter Redis Datastore. Must include the port. Typically: "greymatter-datastore.greymatter.svc.cluster.local:6379" |
--redis-db=0 | GREYMATTER_REDIS_DB | Database selector to use for storing Sync state. | |
--redis-passphrase=”” | GREYMATTER_REDIS_PASSWORD | Password to use for a protected datastore instance. | |
--redis-username=”” | GREYMATTER_REDIS_USERNAME | Username to use for a protected datastore instance. | |
--relative-path=”” | GREYMATTER_RELATIVE_PATH | Path relative to the root of the repository that contains a GSL project. Use when the GSL project root is not the root of the repository. | |
-r, --root=”.”: | Path to the cloned GSL project. Typically should not change unless the --git-dir flag was changed. | ||
--service-name=”” | Use to print only the service configuration from --dry-run whose name matches the provided value. | ||
--ssh-passphrase=”” | GREYMATTER_SSH_PASSPHRASE | The password to decrypt a password-protected SSH private key. | |
--ssh-private-key="" | GREYMATTER_SSH_PRIVATE_KEY | Path to the SSH private key used for Git authentication (if using SSH-based authentication). |
Upgrade
Upgrade replace the GSL schemas with the latest versions as well as migrating any GSL services to those schemas if necessary.
Usage
greymatter upgrade [options] Flag | |
|---|---|
--migrate-import-paths | Modify pre-v1.8.4 GSL to reference new import path scheme. |
--safe | Guarantees your previous GSL module installation will be restored if the upgrade fails. |
--dir | The root of an existing greymatter GSL project. (default: current working directory) |
--add-service-info | Add service-info configuration to services without it. (default: true) |
Was this article helpful?
