Installation and setup

Constellation runs entirely in your cloud environment and can be controlled via a dedicated command-line interface (CLI) or a Terraform provider.

Prerequisites

Make sure the following requirements are met:

• Your machine is running Linux
• You have admin rights on your machine
• kubectl is installed

• You have requestad an User Access Token (UAT) for the Infrastructure API via Service request.
  Constellation on STACKIT requires a User Access Token (UAT) for the Infrastructure API and a STACKIT service account. The UAT already has all required permissions by default.
• You have a STACKIT service account: Create a service account
• The STACKIT service account needs the editor role to create STACKIT LoadBalancers. You have assigned the required project permissions to this service account: Assign permissions to a service account
• You have created an Access Token for this service account: Get access token

Install the Constellation CLI

If you prefer to use Terraform, you can alternatively use the Terraform provider to manage the cluster’s lifecycle.

The CLI executable is available at GitHub. Install it with the following commands:

Linux (amd64)

1. Download the CLI:

   curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64

2. Optional: Verify the signature
3. Install the CLI to your PATH:

   sudo install constellation-linux-amd64 /usr/local/bin/constellation

Linux (arm64)

1. Download the CLI:

   curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-arm64

2. Optional:Verify the signature
3. Install the CLI to your PATH:

   sudo install constellation-linux-arm64 /usr/local/bin/constellation

Windows (amd64)

1. Download the CLI:

   Invoke-WebRequest -OutFile./constellation.exe -Uri 'https://github.com/edgelesssys/constellation/releases/latest/download/constellation-windows-amd64.exe'

2. Optional:Verify the signature
3. Install the CLI underC:\Program Files\Constellation\bin\constellation.exe
4. Add the CLI to your PATH:
   1. Open Advanced system settings by searching for the App in the Windows search
   2. Go to the Advanced tab
   3. ClickEnvironment Variables…
   4. Click variable called Pathand click Edit…
   5. Click New
   6. Enter the path to the folder containing the binary you want on your PATH: C:\Program Files\Constellation\bin and confirm two times with OK

The CLI supports autocompletion for various shells. To set it up, run constellation completion and follow the given steps.

Set up cloud credentials

You need to authenticate with the infrastructure API (OpenStack). The following lists the required steps for testing and production environments.

1. Create a configuration file ~/.config/openstack/clouds.yaml (%AppData%\openstack\clouds.yaml on Windows) containing the UAT name, UAT password, the STACKIT project ID and the STACKIT project name:

   clouds:
      stackit:
         auth:
            auth_url: https://keystone.api.iaas.eu01.stackit.cloud/v3
            username: <UAT_TOKEN_NAME>
            password: <UAT_PASSWORD>
            project_id: <STACKIT_PROJECT_ID>
            project_name: <STACKIT_PROJECT_NAME>
            user_domain_name: portal_mvp
            project_domain_name: portal_mvp
         region_name: RegionOne
         identity_api_version: 3

2. Create a configuration file under ~/.stackit/credentials.json (%USERPROFILE%\.stackit\credentials.json on Windows) with the following content:

   {"STACKIT_SERVICE_ACCOUNT_TOKEN":"REPLACE_WITH_TOKEN"}

You are now ready to Create a Confidential Kubernetes cluster.