kctl CLI reference
kctl is the command-line interface for managing kcore clusters. Global flags: -s / --controller (controller address, repeatable for HA), -k / --insecure (skip TLS verification), -c / --config (path to config file), --node (node address for direct node commands).
You are browsing in YAML mode. This page lists CLI commands; for manifest kinds and fields see the YAML manifest reference.
create
kctl create is idempotent. Re-running the same command (or re-applying the same manifest with -f) performs a server-side upsert: it creates the resource if missing, updates mutable fields if they drifted, rejects changes to immutable fields with InvalidArgument, or prints unchanged when the stored state already matches. See Idempotency and upsert for the mutable/immutable field tables.
| Subcommand | Description |
|---|
vm | Create a VM from CLI flags or -f YAML manifest |
container | Create a container on a node |
network | Create a network |
cluster | Initialise PKI and mTLS context for a new cluster |
get
| Subcommand | Aliases |
|---|
vms | vm |
containers | container |
nodes | node |
networks | network |
storage-classes | storage-class |
compliance-report | compliance |
conflicts | |
replication-status | |
describe
| Subcommand | Aliases |
|---|
vm | vms |
node | nodes |
network | networks |
storage-class | storage-classes |
ssh-key | sshkey |
compliance-report | compliance |
delete
| Subcommand | Description |
|---|
vm | Delete a VM |
network | Delete a network |
image | Delete a stored image |
container | Delete a container |
start / stop
| Subcommand | Description |
|---|
vm | Start or stop a VM |
container | Start or stop a container |
set
| Subcommand | Description |
|---|
vm | Set desired state (running / stopped). Supports --target-node. |
update
| Subcommand | Description |
|---|
vm | Resize CPU / memory of a VM. Supports --target-node. |
cluster (alias os) | Host OS rollout: plan, apply, get, list, approve, cancel, rollback — see Cluster & node upgrades. |
node
| Subcommand | Description |
|---|
disks | List disks on a node |
nics | List network interfaces on a node |
install | Install kcore on a bare-metal node |
approve | Approve a pending node join request |
reject | Reject a pending node join request |
apply-nix | Apply NixOS configuration to a node |
apply-disko | Apply Disko disk layout to a node |
upload-image | Upload a VM image to a node |
ssh-key
| Subcommand | Description |
|---|
create | Register a new SSH public key |
delete | Remove an SSH key |
list | List all SSH keys |
get | Show details for an SSH key |
drain
| Subcommand | Description |
|---|
node | Live-migrate all VMs off a node. Use --target-node to specify the destination node. |
rotate
| Subcommand | Description |
|---|
certs | Rotate the controller TLS certificate |
sub-ca | Generate a new sub-CA |
apply
Apply a NixOS configuration to the controller. Flags: -f (config file), --dry-run (preview without applying).
workload
| Subcommand | Description |
|---|
create | Create a workload. Use --kind container or --kind vm. |
list | List all workloads |
get | Show workload details |
delete | Delete a workload |
start | Start a workload |
stop | Stop a workload |
security-group (alias: sg)
| Subcommand | Description |
|---|
create | Create a security group from -f YAML |
apply | Apply / update a security group from -f YAML |
list | List all security groups |
get | Show security group details |
delete | Delete a security group |
attach | Attach a security group to a VM or network |
detach | Detach a security group from a VM or network |