Conduktor CLI overview
Conduktor CLI (Command Line Interface) helps you to manage your Console and Gateway resources via commands or CI/CD pipelines.Install
You have three options to install Conduktor CLI:- Native binary - for individual use and testing
- Homebrew - for individual use and testing on MacOS
- Docker - for integration in CI/CD pipelines
Native binary
Download the latest binary from GitHub on Windows, Linux or MacOS. In the Assets list, download the build that corresponds to your machine (for Apple Silicon usedarwin-arm64
).
Homebrew
Use the Homebrew package manager to install our CLI:Docker
Pull the latest Dockerhub version of the CLI using the following command line:Configure
To use the Conduktor CLI, you need to set:- the URL of your Conduktor Console and/or Gateway API
- the authentication mechanism: either by using an API key, or user credentials
Authenticate to Console using API keys
These are the necessary environment variables for this authentication method::Admin API keys grant the maximum permissions in Console.
Generate an admin key named 'my-admin-key'
Authenticate to Console using user credentials
You can simply set the username and password of the local or LDAP user and use the CLI, or create an associated short-lived API key. This type of API key will have the permissions of the user who created it. This kind of authentication will be valid for the same duration as the configured session timeout.Generate a short-lived API key
Authenticate to Console using external authentication
By default, the Conduktor CLI authenticates with Console using a Console API key, or generates one based on the given credentials. This is theconsole
authentication mode (CDK_AUTH_MODE
is console
or empty).
Alternatively, you can use the external authentication mode to bypass token generation and use credentials from your identity provider or the API proxy instead. For that, set the CDK_AUTH_MODE
environment variable to external
:
Set up external authentication with a bearer token
Set up external authentication with client credentials
Authenticate to Gateway using API credentials
To use the CLI to manage Gateway objects, you need to set the URL of the Gateway API and the API credentials.Environment variables
This is the list of the supported environment variables:Environment variables | Description |
---|---|
Console | |
CDK_BASE_URL | Console base URL, e.g. http://localhost:8080 |
CDK_API_KEY | Console API key (admin or application key) |
CDK_USER | Console local or LDAP user username |
CDK_PASSWORD | Console local or LDAP user password |
CDK_AUTH_MODE | Authentication mode (external , console or empty (default)) |
Gateway | |
CDK_GATEWAY_BASE_URL | Gateway base URL, e.g. http://localhost:8888 |
CDK_GATEWAY_USER | Gateway user login email |
CDK_GATEWAY_PASSWORD | Gateway user login password |
TLS and mTLS | |
CDK_CACERT | Root CA certificate to verify the Conduktor Console certificate (.pem) |
CDK_INSECURE | Skip the TLS verification of the Conduktor Console. Defaults to false . |
CDK_CERT | Certificate to authenticate the CLI (.pem) |
CDK_KEY | Key to authenticate the CLI (.pem) |
CLI commands
The CLI offers a set of commands to manage Conduktor resources. You can use it to create, update, delete and get resources.Apply
Theapply
command allows you to deploy any resource.
The
--parallelism
flag allows you to run multiple applies at the same time, in parallel. This is useful when applying a large number of resources. Be careful not to set it too high, as it may overload the Console/Gateway API.Apply all resources in multiple directories
Apply a specific file
Apply all resources in the current directory and its subfolders
Template
Thetemplate
command allows you to get an example of a resource definition:
Delete
Thedelete
command allows you to delete a resource. It works the same way as the apply
.
Resources are deleted instantly and can’t be recovered. Any data or access associated with the resource is permanently lost.
Delete all resources in multiple directories
Delete a specific file
Delete all resources in the current directory and its subfolders
Get
Theget
command allows you to retrieve resources. You can specify a kind, a name, or list all the resources.
Get all users
Get a specific Kafka connect cluster
Get all the Console resources with a 'name' output format
Token
To run your CI/CD pipelines, you can use thetoken
command to manage your API keys.
Create an admin API keys
List Console admin API keys
Create an application instance API key
List API keys of an application instance
Delete an API key
Run
Therun
command allows you to run a few actions:
Generate a service account password for a virtual cluster
Generate a Partner Zone service account password
Get information about the credentials configured in the CLI
Version
Check the current version of your CLI:Check CLI version
CI/CD pipeline integration example
Conduktor CLI can be easily integrated to a CI/CD pipeline. This example presents two pipelines:- The first one triggers on each new PR and launches the CLI using the
--dry-run
flag, generating a report confirming that the resources can be successfully created or modified. - The second one triggers on a push to the
main
branch, making the changes live.
.github/workflows/on-pr.yml
.github/workflows/on-push.yml
Environment variables for secrets
The Conduktor CLI automatically substitutes environment variables in YAML manifests using${ENV_VAR}
patterns. This keeps sensitive data like credentials out of configuration files.
You can set a default value using POSIX notation ${ENV:-default}
.
By default, the CLI fails if an environment variable is undefined or empty, ensuring all required variables are properly configured.
Use the --permissive
flag to replace missing or empty variables with empty strings instead of failing.
The example below shows a Conduktor cluster configuration with credentials secured using environment variables: