Skip to main content

What is Ankra CLI?

The Ankra CLI is a powerful command-line interface for interacting with the Ankra platform. It enables you to manage clusters, chat with AI about your infrastructure, browse Helm charts, manage credentials, deploy stacks, and automate platform operations directly from your terminal. Main use cases:
  • SSO authentication with the Ankra platform
  • AI-powered chat for troubleshooting and assistance
  • Cluster management (list, select, reconcile, clone)
  • Stack management (create, list, rename, delete)
  • Helm chart discovery and search
  • Credentials management
  • API token management

Features

  • SSO Login Browser-based authentication with PKCE
  • AI Chat Interactive and one-shot AI-powered troubleshooting
  • Cluster Management List, select, reconcile, and clone clusters
  • Stack Management Create, list, rename, delete, and view stack history
  • Helm Charts Browse, search, and get details on available charts
  • Credentials Manage cloud provider and Git credentials
  • API Tokens Create, list, revoke, and delete API tokens
  • Secure Credentials stored locally in ~/.ankra.yaml

Installation

bash <(curlsL https://github.com/ankraio/ankra-cli/releases/latest/download/install.sh)
After installation, verify with: 
ankra-version

Direct Download

Download the binary directly from GitHub Releases. 
chmod +x ankra
mv ankra ~/bin/ankra  # or /usr/local/bin/ankra

Authentication

The easiest way to authenticate is using browser-based SSO: 
ankra login
This will:
  1. Open your browser to the Ankra login page
  2. After you authenticate, save your credentials locally
  3. You can then use all ankra CLI commands
Your credentials are saved to ~/.ankra.yaml. To logout and clear credentials: 
ankra logout

Environment Variables (Alternative)

You can also use environment variables: 
export ANKRA_API_TOKEN=your-token-here
export ANKRA_BASE_URL=https://platform.ankra.app  # optional
Add to your shell profile (~/.zshrc or ~/.bashrc) for persistence.

Quick Start

# 1. Login with SSO
ankra login

# 2. List your clusters
ankra cluster list

# 3. Select a cluster to work with
ankra cluster select

# 4. Start chatting with AI about your infrastructure
ankra chat "What's the status of my deployments?"

Command Reference

Authentication

login

Authenticate with the Ankra platform using browser-based SSO. 
ankra login

logout

Remove saved credentials from ~/.ankra.yaml. 
ankra logout

AI Chat

chat

AI-powered chat for troubleshooting and assistance. Interactive mode: 
ankra chat
ankra chat-cluster my-cluster  # with cluster context
One-shot mode: 
ankra chat "Why are my pods in CrashLoopBackOff?"
ankra chat-cluster staging "How do I scale my deployment?"
Commands in interactive mode:
  • exit, quit, q Exit chat
  • clear Clear conversation history

chat health

Get AI-analyzed cluster health for the selected cluster. 
ankra chat health
ankra chat health-ai  # include detailed AI analysis

chat history

List previous chat conversations. 
ankra chat history
ankra chat history-cluster my-cluster  # filter by cluster
ankra chat history-limit 10

chat show

Show a specific conversation. 
ankra chat show <conversation_id>

chat delete

Delete a conversation. 
ankra chat delete <conversation_id>

Cluster Operations

cluster list

List all clusters. 
ankra cluster list

cluster get

Get details of a specific cluster. 
ankra cluster get <cluster-name>

cluster select

Interactively select a cluster for subsequent commands. 
ankra cluster select

cluster reconcile

Trigger cluster reconciliation to sync desired state with actual state. 
ankra cluster reconcile                  # uses selected cluster
ankra cluster reconcile <cluster-name>   # specific cluster

cluster clone

Clone stacks from an existing cluster to a new cluster configuration. 
# Clone all stacks
ankra cluster clone source-cluster.yaml new-cluster.yaml

# Clone from a remote URL
ankra cluster clone https://github.com/org/repo/raw/main/cluster.yaml new-cluster.yaml

# Clone only specific stacks
ankra cluster clone cluster.yaml new-cluster.yaml-stack "monitoring"-stack "networking"

# Replace all stacks in target
ankra cluster clone cluster.yaml new-cluster.yaml-clean

# Force merge even with conflicts
ankra cluster clone cluster.yaml new-cluster.yaml-force

# Copy missing files from skipped stacks
ankra cluster clone cluster.yaml new-cluster.yaml-copy-missing

SOPS Encryption

Encrypt and decrypt manifest and addon configuration files using SOPS.

cluster encrypt manifest

Encrypt a specific key in a manifest file. 
ankra cluster encrypt manifest <manifest_name>-key <key_name>f <cluster.yaml>
Example: 
ankra cluster encrypt manifest trinity-database-secret-key TRINITY_DB_PASSWORDf cluster.yaml
This will:
  1. Find the manifest in the cluster YAML
  2. Read the referenced manifest file
  3. Encrypt the specified key using your organisation’s SOPS key
  4. Update the manifest file with encrypted values
  5. Add the key to encrypted_paths in the cluster YAML

cluster encrypt addon

Encrypt a specific key in an addon configuration file. 
ankra cluster encrypt addon-name <addon_name>-key <key_name>f <cluster.yaml>
Example: 
ankra cluster encrypt addon-name grafana-key adminPasswordf cluster.yaml

cluster decrypt manifest

Decrypt and print a manifest file. 
ankra cluster decrypt manifest <manifest_name>f <cluster.yaml>
Example: 
ankra cluster decrypt manifest trinity-database-secretf cluster.yaml
You can add new encrypted keys to files that are already SOPS-encrypted, as long as they were encrypted with your organisation’s key.
If a file was encrypted by a different organisation, you’ll need to decrypt it first using the original key, then encrypt it with your organisation’s key.

Stack Management

All stack commands operate on the currently selected cluster.

cluster stacks list

List all stacks for the active cluster. 
ankra cluster stacks list
ankra cluster stacks list <stack-name>  # show details for a specific stack

cluster stacks create

Create a new stack. 
ankra cluster stacks create my-stack
ankra cluster stacks create my-stack-description "Application stack"

cluster stacks delete

Delete a stack. 
ankra cluster stacks delete <stack-name>

cluster stacks rename

Rename a stack. 
ankra cluster stacks rename <old-name> <new-name>

cluster stacks history

Show change history for a stack. 
ankra cluster stacks history <stack-name>

cluster stacks clone

Clone a stack to another cluster as a draft. 
ankra cluster stacks clone <stack-name>-to <target-cluster>
ankra cluster stacks clone my-stack-to production-name my-stack-prod
ankra cluster stacks clone my-stack-to production-include-config=false
FlagShortDescription
--to-tTarget cluster name or ID (required)
--name-nCustom name for the cloned stack
--include-configInclude addon configurations (default: true)
Encrypted values are not transferred during cloning. You’ll need to reconfigure secrets in the target cluster.

Helm Charts

charts list

List available Helm charts. 
ankra charts list
ankra charts list-page 2-page-size 50
ankra charts list-subscribed  # show only subscribed charts
Search for Helm charts by name. 
ankra charts search nginx
ankra charts search prometheus

charts info

Get detailed information about a chart. 
ankra charts info nginx
ankra charts info grafana-repository https://grafana.github.io/helm-charts

Hetzner Clusters

Provision, manage, and scale Kubernetes clusters on Hetzner Cloud.

cluster hetzner create

Create a new Hetzner cluster. 
ankra cluster hetzner create \
-name my-cluster \
-credential-id <hetzner-credential-id> \
-ssh-key-credential-ids <key-id-1>,<key-id-2> \
-location fsn1
FlagDefaultDescription
--namerequiredCluster name
--credential-idrequiredHetzner API credential ID
--ssh-key-credential-idsSSH key credential IDs (comma-separated for multiple keys)
--ssh-key-credential-idSSH key credential ID (single key, for backward compatibility)
--locationrequiredHetzner datacenter (e.g., fsn1, nbg1, hel1)
--control-plane-count1Number of control plane nodes
--control-plane-server-typecx33Server type for control planes
--worker-count1Number of worker nodes
--worker-server-typecx33Server type for workers
--bastion-server-typecx23Server type for the bastion host
--network-ip-range10.0.0.0/16Private network IP range
--subnet-range10.0.1.0/24Subnet range
--distributionk3sKubernetes distribution
--kubernetes-versionlatestKubernetes version

cluster hetzner deprovision

Deprovision a Hetzner cluster and delete all associated resources. 
ankra cluster hetzner deprovision <cluster_id>

cluster hetzner workers

Get the current worker count and scaling limits. 
ankra cluster hetzner workers <cluster_id>

cluster hetzner node-group

Manage node groups for a Hetzner cluster. 
ankra cluster hetzner node-group list <cluster_id>
ankra cluster hetzner node-group add <cluster_id>-name <name>-instance-type <type>-count <n>
ankra cluster hetzner node-group scale <cluster_id> <group_name> <count>
ankra cluster hetzner node-group upgrade <cluster_id> <group_name> <instance_type>
ankra cluster hetzner node-group delete <cluster_id> <group_name>

cluster hetzner scale

Scale all worker nodes up or down (legacy, prefer node-group scale). 
ankra cluster hetzner scale <cluster_id> <worker_count>
Examples: 
# Scale up to 5 workers
ankra cluster hetzner scale abc-123 5

# Scale down to 2 workers
ankra cluster hetzner scale abc-123 2

cluster hetzner k8s-version

Get the current Kubernetes version and distribution. 
ankra cluster hetzner k8s-version <cluster_id>

cluster hetzner upgrade

Upgrade the Kubernetes (k3s) version on all nodes. Only supports upgrading one minor version at a time; downgrades are not supported. 
ankra cluster hetzner upgrade <cluster_id> <target_version>
Examples: 
# Upgrade to v1.35.1+k3s1
ankra cluster hetzner upgrade abc-123 v1.35.1+k3s1

OVH Clusters

Provision, manage, and scale Kubernetes clusters on OVH Cloud.

cluster ovh create

Create a new OVH cluster. 
ankra cluster ovh create \
-name my-cluster \
-credential-id <ovh-credential-id> \
-ssh-key-credential-id <ssh-key-credential-id> \
-region GRA7
FlagDefaultDescription
--namerequiredCluster name
--credential-idrequiredOVH API credential ID
--ssh-key-credential-idrequiredSSH key credential ID
--regionrequiredOVH Cloud region (e.g., GRA7, SBG5, BHS5)
--control-plane-count1Number of control plane nodes
--control-plane-flavor-idb2-15Instance flavor for control planes
--worker-count1Number of worker nodes
--worker-flavor-idb2-15Instance flavor for workers
--gateway-flavor-idb2-7Instance flavor for the gateway
--network-vlan-id0VLAN ID for the private network
--subnet-cidr10.0.1.0/24Subnet CIDR range
--dhcp-start10.0.1.100DHCP allocation range start
--dhcp-end10.0.1.200DHCP allocation range end
--distributionk3sKubernetes distribution
--kubernetes-versionlatestKubernetes version

cluster ovh deprovision

Deprovision an OVH cluster and delete all associated resources. 
ankra cluster ovh deprovision <cluster_id>

cluster ovh workers

Get the current worker count and scaling limits. 
ankra cluster ovh workers <cluster_id>

cluster ovh scale

Scale all worker nodes up or down (legacy, prefer node groups via Settings > Nodes). 
ankra cluster ovh scale <cluster_id> <worker_count>
Examples: 
# Scale up to 5 workers
ankra cluster ovh scale abc-123 5

# Scale down to 2 workers
ankra cluster ovh scale abc-123 2

cluster ovh k8s-version

Get the current Kubernetes version and distribution. 
ankra cluster ovh k8s-version <cluster_id>

cluster ovh upgrade

Upgrade the Kubernetes (k3s) version on all nodes. Only supports upgrading one minor version at a time; downgrades are not supported. 
ankra cluster ovh upgrade <cluster_id> <target_version>
Examples: 
# Upgrade to v1.35.1+k3s1
ankra cluster ovh upgrade abc-123 v1.35.1+k3s1

OVH Credentials

Manage OVH API credentials and SSH key credentials.

credentials ovh list

List all OVH API credentials. 
ankra credentials ovh list

credentials ovh create

Create an OVH API credential. You will be prompted securely for the application key, application secret, and consumer key. 
ankra credentials ovh create-name my-ovh-cred-project-id <project-id>
# OVH Application Key: mykey
# OVH Application Secret: ****
# OVH Consumer Key: ****
# OVH credential 'my-ovh-cred' created successfully!
FlagDescription
--nameCredential name (required)
--project-idOVH Cloud project ID (required)

credentials ovh ssh-key list

List all SSH key credentials. 
ankra credentials ovh ssh-key list
Aliases: ankra credentials ovh ssh-keys list, ankra credentials ovh ssh list

credentials ovh ssh-key create

Create an SSH key credential for OVH clusters. 
# Generate a new keypair
ankra credentials ovh ssh-key create-name my-key-generate

# Provide your own public key
ankra credentials ovh ssh-key create-name my-key-public-key "ssh-ed25519 AAAA..."
FlagDescription
--nameCredential name (required)
--public-keySSH public key string
--generateGenerate a new keypair (private key returned once)
When using --generate, the private key is displayed only once. Save it immediately.

Hetzner Credentials

Manage Hetzner API credentials and SSH key credentials.

credentials hetzner list

List all Hetzner API credentials. 
ankra credentials hetzner list

credentials hetzner create

Create a Hetzner API credential. The API token is prompted for securely (masked input, not stored in shell history). 
ankra credentials hetzner create-name my-hetzner-token
# Hetzner API Token: ****
# Hetzner credential 'my-hetzner-token' created successfully!
FlagDescription
--nameCredential name (required)

credentials hetzner ssh-key list

List all SSH key credentials. 
ankra credentials hetzner ssh-key list
Aliases: ankra credentials hetzner ssh-keys list, ankra credentials hetzner ssh list

credentials hetzner ssh-key create

Create an SSH key credential. 
# Generate a new keypair
ankra credentials hetzner ssh-key create-name my-key-generate

# Provide your own public key
ankra credentials hetzner ssh-key create-name my-key-public-key "ssh-ed25519 AAAA..."
FlagDescription
--nameCredential name (required)
--public-keySSH public key string
--generateGenerate a new keypair (private key returned once)
When using --generate, the private key is displayed only once. Save it immediately.

Credentials

credentials list

List all credentials. 
ankra credentials list
ankra credentials list-provider github  # filter by provider
Aliases: ankra creds, ankra cred, ankra credential

credentials get

Get details of a specific credential. 
ankra credentials get <credential_id>

credentials validate

Check if a credential name is available. 
ankra credentials validate my-new-credential

credentials delete

Delete a credential. 
ankra credentials delete <credential_id>

API Tokens

tokens list

List all API tokens. 
ankra tokens list
Alias: ankra token list

tokens create

Create a new API token. 
ankra tokens create my-ci-token
ankra tokens create my-temp-token-expires "2024-12-31T00:00:00Z"

tokens revoke

Revoke an API token (must be revoked before deletion). 
ankra tokens revoke <token_id>

tokens delete

Delete a revoked API token. 
ankra tokens delete <token_id>

Global Flags

FlagDescription
--versionShow CLI version
--helpShow help for any command
--base-urlBase URL for the Ankra API
--configConfig file (default: ~/.ankra.yaml)
--tokenAPI token for authentication

Configuration

The CLI stores configuration in ~/.ankra.yaml: 
token: your-api-token
base-url: https://platform.ankra.app
token_id: token-uuid
token_name: ankra-cli-hostname-username
Environment variables take precedence over config file values:
  • ANKRA_API_TOKEN Override the stored token
  • ANKRA_BASE_URL Override the base URL

Troubleshooting

Common Issues

PATH issues: 
which ankra  # verify installation location
echo $PATH   # check PATH includes ankra location
Authentication errors: 
ankra logout  # clear credentials
ankra login   # re-authenticate
Check version: 
ankra-version
Get help: 
ankra-help
ankra cluster-help
ankra chat-help

Error Messages

  • “No active cluster selected” Run ankra cluster select first
  • “Resource not found” Verify the resource name and selected cluster
  • “Unauthorized” Re-authenticate with ankra login

Support & Resources

For more advanced usage, see the full documentation or contact support.