Ankra CLI - Ankra Platform

What is Ankra CLI?

The Ankra CLI is a powerful command-line interface for interacting with the Ankra platform. It enables you to manage clusters, chat with AI about your infrastructure, browse Helm charts, manage credentials, deploy stacks, and automate platform operations directly from your terminal.

Features

SSO Login Browser-based authentication with PKCE
AI Chat Interactive and one-shot AI-powered troubleshooting
Organisation Management List, switch, create organisations, manage members
Cluster Management List, select, reconcile, provision, deprovision, delete, and clone clusters
Kubernetes Resources Browse pods, deployments, services, nodes, and other resources directly
Pod Logs Stream and tail pod logs with namespace and container filtering
Stack Management Create, list, rename, delete, clone between clusters, and view stack history
Addon Management List, configure, update, and uninstall cluster addons
Operations & Jobs Track operations, cancel running jobs, filter by kind and timestamp
Agent Management View agent status, manage tokens, trigger upgrades
Manifest Management List and inspect cluster manifests
In-Cluster Helm List and uninstall Helm releases running in the cluster
Helm Charts Browse, search, and get details on available charts
Helm Registries Manage organisation Helm registries and registry credentials
SOPS Encryption Encrypt and decrypt manifest and addon configuration files
Hetzner Cloud Provision and manage Hetzner Kubernetes clusters
OVH Cloud Provision and manage OVH Kubernetes clusters
UpCloud Provision and manage UpCloud Kubernetes clusters
Credentials Manage cloud provider and Git credentials
API Tokens Create, list, revoke, and delete API tokens
Shell Completion Generate completion scripts for bash, zsh, fish, and powershell
Agent Skills Install the curated Ankra Agent Skills into Cursor/Claude (works offline)
Secure Credentials stored locally in ~/.ankra.yaml

Installation

Single Command Installation (Recommended)

bash <(curl -sL https://github.com/ankraio/ankra-cli/releases/latest/download/install.sh)

After installation, verify with:

ankra --version

Direct Download

Download the binary directly from GitHub Releases.

chmod +x ankra
mv ankra ~/bin/ankra  # or /usr/local/bin/ankra

Authentication

The easiest way to authenticate is using browser-based SSO:

ankra login

This will:

Open your browser to the Ankra login page
After you authenticate, save your credentials locally
You can then use all ankra CLI commands

Your credentials are saved to ~/.ankra.yaml. To logout and clear credentials:

ankra logout

Environment Variables (Alternative)

You can also use environment variables:

export ANKRA_API_TOKEN=your-token-here
export ANKRA_BASE_URL=https://platform.ankra.app  # optional

Add to your shell profile (~/.zshrc or ~/.bashrc) for persistence.

Quick Start

# 1. Login with SSO
ankra login

# 2. List your clusters
ankra cluster list

# 3. Select a cluster to work with
ankra cluster select

# 4. Start chatting with AI about your infrastructure
ankra chat "What's the status of my deployments?"

Command Reference

Authentication

Authenticate with the Ankra platform using browser-based SSO.

ankra login

logout

Remove saved credentials from ~/.ankra.yaml.

ankra logout

Organisation Management

Aliases: ankra org, ankra organisation, ankra organization

org list

List all organisations you belong to.

ankra org list

org switch

Switch to a different organisation. This persistently changes your selected organisation for all future commands.

ankra org switch <org_id>

Run a single command against another organisation

Use the global --org flag (organisation name or ID) to scope a single command to a different organisation without changing your selected organisation. You can also set the ANKRA_ORG environment variable to scope a whole shell session.

ankra --org "Acme Corp" cluster list                  # by name, just this command
ankra --org <org_id> get pods my-cluster               # by ID

export ANKRA_ORG="Acme Corp"                           # for the whole session
ankra cluster list

The override is applied per request; it never calls ankra org switch. You must be an active member of the target organisation, otherwise the API returns a permission error.

org current

Show the currently selected organisation.

ankra org current

org create

Create a new organisation.

ankra org create <name>
ankra org create <name> --country <code>

org members

List members of an organisation.

ankra org members              # current organisation
ankra org members <org_id>     # specific organisation

org invite

Invite a user to the current organisation.

ankra org invite <email>
ankra org invite <email> --role admin    # role: member, admin, read-only

org remove

Remove a user from the current organisation.

ankra org remove <user_id>
ankra org remove <user_id> -f   # skip confirmation

org variables

Manage organisation-scoped template variables. These are available to every cluster in the organisation as substitutions in stack manifests and addon values at deploy time, and are shadowed by cluster- or stack-scoped variables of the same name.

ankra org variables list                                       # list all
ankra org variables get DB_HOST                                # show one
ankra org variables set DB_HOST db.example.com                 # upsert
ankra org variables set API_TOKEN -                            # value from stdin
ankra org variables delete DB_HOST                             # delete (prompts)

Subcommand	Notable flags
`list`	`-o json\|yaml`
`get`	`-o json\|yaml`
`set`	`--description <text>` (creates or updates; pass `-` for the value to read from stdin)
`delete`	`--yes` skips the confirmation prompt

AI Chat

chat

AI-powered chat for troubleshooting and assistance. Interactive mode:

ankra chat
ankra chat --cluster my-cluster  # with cluster context

One-shot mode:

ankra chat "Why are my pods in CrashLoopBackOff?"
ankra chat --cluster staging "How do I scale my deployment?"

Commands in interactive mode:

exit, quit, q Exit chat
clear Clear conversation history

chat health

Get AI-analyzed cluster health for the selected cluster.

ankra chat health
ankra chat health --ai  # include detailed AI analysis (default: true)

chat history

List previous chat conversations.

ankra chat history
ankra chat history --cluster my-cluster  # filter by cluster
ankra chat history --limit 10            # max conversations (default: 20)

chat show

Show a specific conversation.

ankra chat show <conversation_id>

chat delete

Delete a conversation.

ankra chat delete <conversation_id>

Cluster Operations

cluster list

List all clusters.

ankra cluster list

cluster info

Show details of a specific cluster. Defaults to the currently selected cluster if no name is provided. Aliases: ankra cluster get-cluster

ankra cluster info                  # uses selected cluster
ankra cluster info <cluster-name>   # specific cluster

cluster select

Select a cluster for subsequent commands. Supports both interactive selection and direct selection by name.

ankra cluster select                 # interactive picker
ankra cluster select <cluster-name>  # select directly by name

cluster clear

Clear the active cluster selection.

ankra cluster clear

cluster reconcile

Trigger cluster reconciliation to sync desired state with actual state.

ankra cluster reconcile                  # uses selected cluster
ankra cluster reconcile <cluster-name>   # specific cluster

cluster apply

Apply an ImportCluster YAML to the Ankra API.

ankra cluster apply -f <file>

cluster clone

Clone stacks from an existing cluster to a new cluster configuration.

# Clone all stacks
ankra cluster clone source-cluster.yaml new-cluster.yaml

# Clone from a remote URL
ankra cluster clone https://github.com/org/repo/raw/main/cluster.yaml new-cluster.yaml

# Clone only specific stacks
ankra cluster clone cluster.yaml new-cluster.yaml --stack "monitoring" --stack "networking"

# Replace all stacks in target
ankra cluster clone cluster.yaml new-cluster.yaml --clean

# Force merge even with conflicts
ankra cluster clone cluster.yaml new-cluster.yaml --force

# Copy missing files from skipped stacks
ankra cluster clone cluster.yaml new-cluster.yaml --copy-missing

Flag	Description
`--clean`	Replace all stacks in the target (clean copy)
`--force`	Force merge even when names conflict
`--copy-missing`	Copy missing files even for skipped stacks
`--stack`	Clone only specific stacks by name (repeatable)

cluster provision

Provision (start) a managed cluster.

ankra cluster provision                  # uses selected cluster
ankra cluster provision <cluster-name>   # specific cluster

cluster deprovision

Deprovision (stop) a managed cluster.

ankra cluster deprovision                             # uses selected cluster
ankra cluster deprovision <cluster-name>              # specific cluster
ankra cluster deprovision <cluster-name> --auto-delete  # auto-delete after deprovision
ankra cluster deprovision <cluster-name> --force        # force even if unexpected state

Flag	Description
`--auto-delete`	Automatically delete the cluster after deprovisioning
`--force`	Force deprovision even if cluster is in an unexpected state

cluster roll-to

Roll a cluster resource to a specific version.

ankra cluster roll-to --version <resource_version_id>
ankra cluster roll-to --version <resource_version_id> --cluster <cluster_id>

Flag	Description
`--version`	Resource version ID to roll to (required)
`--cluster`	Cluster ID (defaults to selected cluster)

delete cluster

Delete a cluster by name.

ankra delete cluster <name>
ankra delete cluster <name> -f   # skip confirmation

SOPS Encryption

Encrypt and decrypt manifest and addon configuration values using SOPS. All encrypt and decrypt subcommands support two modes:

Cluster mode (default) — fetch the resource from a live cluster, encrypt or decrypt via the SOPS API, and (for encrypt) push the result back via the partial-stack PATCH endpoint along with encrypted_paths. No local files needed. The owning stack is resolved automatically.
File mode (-f cluster.yaml) — rewrite the local from_file referenced by a cluster.yaml, updating encrypted_paths in the YAML. Used by GitOps workflows where the source of truth lives on disk.

The two modes are mutually exclusive. Without -f, the CLI uses the selected cluster (or the cluster passed via --cluster <name|id>).

cluster sops-config

Display the SOPS encryption configuration including the public key for the organisation.

ankra cluster sops-config

cluster encrypt manifest

Encrypt a specific key in a manifest.

# Cluster mode (selected cluster)
ankra cluster encrypt manifest <manifest_name> --key <key_name>

# Cluster mode (specific cluster)
ankra cluster encrypt manifest <manifest_name> --key <key_name> --cluster <name|id>

# File mode
ankra cluster encrypt manifest <manifest_name> --key <key_name> -f <cluster.yaml>

Flag	Description
`--key`	Key (path) to encrypt — required
`--cluster`	Target cluster (name or ID); defaults to the active selection (cluster mode)
`-f`, `--file`	Path to a local `cluster.yaml` (enables file mode)

cluster encrypt addon

Encrypt a specific key in an addon’s Helm values.

# Cluster mode
ankra cluster encrypt addon --name <addon_name> --key <key_name> [--cluster <name|id>] [--stack <stack>]

# File mode
ankra cluster encrypt addon --name <addon_name> --key <key_name> -f <cluster.yaml>

Flag	Description
`--name`	Addon name — required
`--key`	Key (path) to encrypt — required
`--cluster`	Target cluster (cluster mode)
`--stack`	Required (cluster mode) when the addon exists in multiple stacks
`-f`, `--file`	Path to a local `cluster.yaml` (enables file mode)

cluster decrypt manifest

Decrypt and print a manifest. Cluster mode fetches from the live cluster; file mode reads the referenced from_file from a local cluster.yaml.

ankra cluster decrypt manifest <manifest_name> [--cluster <name|id>]
ankra cluster decrypt manifest <manifest_name> -f <cluster.yaml>

cluster decrypt addon

Decrypt and print an addon’s Helm values. Cluster mode fetches from the live cluster; file mode reads the referenced from_file from a local cluster.yaml.

ankra cluster decrypt addon --name <addon_name> [--cluster <name|id>] [--stack <stack>]
ankra cluster decrypt addon --name <addon_name> -f <cluster.yaml>

You can add new encrypted keys to files that are already SOPS-encrypted, as long as they were encrypted with your organisation’s key.

If a file was encrypted by a different organisation, you’ll need to decrypt it first using the original key, then encrypt it with your organisation’s key.

Stack Management

All stack commands operate on the currently selected cluster.

cluster stacks list

List all stacks for the active cluster.

ankra cluster stacks list
ankra cluster stacks list <stack-name>  # show details for a specific stack

cluster stacks create

Create a new stack.

ankra cluster stacks create my-stack
ankra cluster stacks create my-stack --description "Application stack"

cluster stacks delete

Delete a stack.

ankra cluster stacks delete <stack-name>

cluster stacks rename

Rename a stack.

ankra cluster stacks rename <old-name> <new-name>

cluster stacks history

Show change history for a stack.

ankra cluster stacks history <stack-name>

cluster stacks clone

Clone a stack to another cluster as a draft.

ankra cluster stacks clone <stack-name> --to <target-cluster>
ankra cluster stacks clone my-stack --to production --name my-stack-prod
ankra cluster stacks clone my-stack --to production --include-config=false

Flag	Short	Description
`--to`	`-t`	Target cluster name or ID (required)
`--name`	`-n`	Custom name for the cloned stack
`--include-config`		Include addon configurations (default: true)

Encrypted values are not transferred during cloning. You’ll need to reconfigure secrets in the target cluster.

cluster stacks variables

Manage stack-scoped variables — the most specific scope, shadowing cluster and organisation variables of the same name when this stack’s manifests/addons are rendered. Edits travel through the same partial-stack PATCH used by manifests upgrade / addons upgrade.

ankra cluster stacks variables list <stack>                            # list
ankra cluster stacks variables get <stack> DB_HOST                     # print value
ankra cluster stacks variables set <stack> DB_HOST db.example.com      # upsert
ankra cluster stacks variables set <stack> NEW_KEY new-val --dry-run   # preview
ankra cluster stacks variables delete <stack> DB_HOST [--yes]          # delete

Subcommand	Notable flags
`list`	`--cluster <name\|id>`, `-o json\|yaml`
`get`	`--cluster <name\|id>`
`set`	`--cluster <name\|id>`, `--dry-run` (pass `-` for the value to read from stdin)
`delete`	`--cluster <name\|id>`, `--yes`

cluster variables

Manage cluster-scoped variables that are available to every stack on the cluster. Cluster variables shadow organisation variables of the same name on this cluster, and are shadowed by stack variables.

ankra cluster variables list                       # list (uses selected cluster)
ankra cluster variables get DB_HOST --cluster prod
ankra cluster variables set DB_HOST db.prod.example.com [--description <text>]
ankra cluster variables delete DB_HOST [--yes]

Subcommand	Notable flags
`list`	`--cluster <name\|id>`, `-o json\|yaml`
`get`	`--cluster <name\|id>`, `-o json\|yaml`
`set`	`--cluster <name\|id>`, `--description <text>` (pass `-` for the value to read from stdin)
`delete`	`--cluster <name\|id>`, `--yes`

Resolution order: when a variable name appears at multiple scopes, the most specific scope wins — stack > cluster > organisation.

Addon Management

All addon commands operate on the currently selected cluster.

cluster addons list

List all addons for the active cluster, or show details for a specific addon.

ankra cluster addons list
ankra cluster addons list <addon-name>

cluster addons available

List addons available for installation.

ankra cluster addons available

cluster addons settings

Get settings for a specific addon.

ankra cluster addons settings <addon-name>

cluster addons values

Print the addon’s current Helm values document. The decoded YAML is written to stdout, ready to pipe to a file or edit and re-apply.

ankra cluster addons values <addon-name>
ankra cluster addons values <addon-name> -o raw   # base64-encoded form

cluster addons update

Update settings for an addon from a JSON file.

ankra cluster addons update <addon-name> -f <settings.json>

cluster addons upgrade

Upgrade an addon in-place by patching only the fields you supply: bump the chart version, mutate Helm values with helm-style --set, replace the whole values document, swap registry credentials, or change the namespace.

# Bump the chart version
ankra cluster addons upgrade ankra-website --chart-version 1.0.146

# Mutate a single Helm values field (the CLI fetches and patches existing values)
ankra cluster addons upgrade website --set image.tag=1.0.146

# Address a list item by a stable field instead of a numeric index
ankra cluster addons upgrade website --set 'env[name=LOG_LEVEL].value=debug'

# Edit dependency parents (controls deployment ordering inside the stack)
ankra cluster addons upgrade infisical --add-parent name=infisical-ns,kind=manifest

Flag	Description
`--chart-version`	New chart version to install
`--set`	Mutate one Helm value (repeatable, helm-style; supports `foo[0]` and `foo[name=bar]` selectors)
`--set-string`	Like `--set` but always treats the value as a string
`--set-file`	Like `--set` but reads the value from a file (`key=path` or `key=@path`)
`--add-parent`	Add a dependency parent `name=<n>,kind=<manifest\|addon>` (kind defaults to `manifest`; repeatable)
`--remove-parent`	Remove a dependency parent (repeatable)
`--set-parent`	Replace ALL dependency parents with the given set (repeatable)
`--values-from-file`	Replace the entire values document from a file
`--values -`	Replace the entire values document from stdin
`--registry-name` / `--registry-url` / `--registry-credential-name`	Retag the addon’s registry
`--namespace`	Change the namespace (destructive: Helm reinstall)
`--stack`	Required when the addon exists in multiple stacks
`--dry-run`	Print the before/after spec without applying
`-o json\|yaml`	Machine-readable output

--set* (mutate) and --values-from-file / --values - (replace) are mutually exclusive. --set-parent replaces the parent list wholesale and cannot be combined with --add-parent/--remove-parent; removing the last parent clears the link.

cluster addons uninstall

Uninstall an addon from the cluster.

ankra cluster addons uninstall <addon-name>
ankra cluster addons uninstall <addon-name> --delete  # also delete permanently

Flag	Description
`--delete`	Also delete the addon permanently

Operations Management

All operations commands operate on the currently selected cluster.

cluster operations list

List operations for the active cluster, or show details for a specific operation.

ankra cluster operations list
ankra cluster operations list <operation_id>

cluster operations cancel

Cancel a running operation.

ankra cluster operations cancel <operation_id>

cluster operations cancel-job

Cancel a specific job within an operation.

ankra cluster operations cancel-job <operation_id> <job_id>

cluster operations jobs

List jobs for a specific operation.

ankra cluster operations jobs <operation_id>
ankra cluster operations jobs <operation_id> --kind reconcile
ankra cluster operations jobs <operation_id> --since "2025-01-01T00:00:00Z"

Flag	Description
`--kind`	Filter by job kind
`--since`	Show jobs updated since this UTC timestamp

Agent Management

All agent commands operate on the currently selected cluster.

cluster agent status

Get the agent status for the selected cluster.

ankra cluster agent status

cluster agent token

Get or generate the agent token.

ankra cluster agent token
ankra cluster agent token --generate  # generate a new token

cluster agent upgrade

Upgrade the agent on the selected cluster.

ankra cluster agent upgrade

Manifest Management

cluster manifests list

List manifests for the active cluster, or show details for a specific manifest.

ankra cluster manifests list
ankra cluster manifests list <manifest-name>

cluster manifests get

Print a manifest’s current Kubernetes YAML. The decoded content is written to stdout, ready to pipe to a file or edit and re-apply with --from-file.

ankra cluster manifests get <manifest-name>
ankra cluster manifests get <manifest-name> -o raw   # base64-encoded form

cluster manifests upgrade

Upgrade a manifest in-place. Replace the whole manifest from a file or stdin, or patch a single path inside the Kubernetes YAML with helm-style --set (for example, to bump a Deployment image tag).

# Bump a Deployment's image tag in place
ankra cluster manifests upgrade web \
  --set 'spec.template.spec.containers[name=app].image=nginx:1.27'

# Pick a document when the manifest holds several
ankra cluster manifests upgrade web \
  --target-kind Deployment --target-name web \
  --set 'spec.replicas=3'

# Replace the whole manifest from a file
ankra cluster manifests upgrade demo-namespace --from-file manifests/demo.yaml

# Edit dependency parents (controls deployment ordering inside the stack)
ankra cluster manifests upgrade web --add-parent name=infisical-ns,kind=manifest

Flag	Description
`--set`	Mutate one path in the manifest YAML (repeatable; supports `containers[0]` and `containers[name=app]` selectors)
`--set-string`	Like `--set` but always treats the value as a string
`--set-file`	Like `--set` but reads the value from a file (`key=path` or `key=@path`)
`--target-kind`	With `--set`: pick the document by Kubernetes kind (multi-doc manifests)
`--target-name`	With `--set`: pick the document by `metadata.name` (multi-doc manifests)
`--add-parent`	Add a dependency parent `name=<n>,kind=<manifest\|addon>` (kind defaults to `manifest`; repeatable)
`--remove-parent`	Remove a dependency parent (repeatable)
`--set-parent`	Replace ALL dependency parents with the given set (repeatable)
`--from-file`	Replace the entire manifest from a file
`--manifest -`	Replace the entire manifest from stdin
`--namespace`	Change the manifest’s namespace
`--dry-run`	Print the before/after spec without applying
`-o json\|yaml`	Machine-readable output

--set* MUTATE the existing manifest and are mutually exclusive with --from-file / --manifest -, which REPLACE it. A list selector that matches nothing fails with a clear error rather than guessing. Parent flags (--add-parent / --remove-parent / --set-parent) edit dependency parents; --set-parent replaces the list wholesale and cannot be combined with the others.

cluster manifests delete

Disconnect a manifest from its stack, removing its resources from the cluster. The owning stack is resolved automatically (manifest names are unique per cluster). A confirmation prompt protects the operation.

ankra cluster manifests delete <manifest-name>
ankra cluster manifests delete <manifest-name> --yes       # skip confirmation
ankra cluster manifests delete <manifest-name> --dry-run   # preview only

Flag	Description
`--yes`	Skip the confirmation prompt
`--dry-run`	Print the manifest that would be disconnected without making changes
`--cluster`	Target cluster (name or ID); defaults to the active selection

Kubernetes Resources

Browse and inspect Kubernetes resources in the active cluster. All commands operate on the currently selected cluster.

cluster get pods

List pods or get a specific pod’s manifest.

ankra cluster get pods
ankra cluster get pods -n kube-system
ankra cluster get pods --all-namespaces
ankra cluster get pods my-pod -n default           # get a specific pod's manifest
ankra cluster get pods --node worker-1             # filter by node
ankra cluster get pods --name nginx                # filter by name (contains)
ankra cluster get pods -o json                     # output as JSON

Flag	Short	Description
`--namespace`	`-n`	Kubernetes namespace
`--all-namespaces`	`-A`	List across all namespaces
`--node`		Filter by node name
`--name`		Filter by pod name (contains)
`--output`	`-o`	Output format: `table`, `json`, `yaml` (default: `table`)

cluster get <kind>

List resources of a specific kind. Dedicated commands are available for common resource types: deployments, services, nodes, namespaces, ingresses, events, configmaps, secrets, statefulsets, daemonsets, k8s-jobs, cronjobs

ankra cluster get deployments
ankra cluster get deployments -n kube-system
ankra cluster get services --all-namespaces
ankra cluster get nodes
ankra cluster get events -n default
ankra cluster get secrets -n my-app -o json
ankra cluster get deployments my-deploy -n default   # get a specific resource's manifest

Flag	Short	Description
`--namespace`	`-n`	Kubernetes namespace
`--all-namespaces`	`-A`	List across all namespaces
`--name`		Filter by resource name
`--selector`	`-l`	Label selector
`--output`	`-o`	Output format: `table`, `json`, `yaml` (default: `table`)

nodes and namespaces are cluster-scoped and do not accept namespace flags.

cluster get resources

Fetch any Kubernetes resource type by kind. Use this for resource kinds not covered by the dedicated commands above.

ankra cluster get resources PersistentVolumeClaim -n default
ankra cluster get resources NetworkPolicy --all-namespaces
ankra cluster get resources CertificateRequest --group cert-manager.io -o json

Flag	Short	Description
`--namespace`	`-n`	Kubernetes namespace
`--all-namespaces`	`-A`	List across all namespaces
`--name`		Filter by resource name
`--selector`	`-l`	Label selector
`--output`	`-o`	Output format: `table`, `json`, `yaml` (default: `table`)
`--api-version`		API version (default: `v1`)
`--group`		API group (e.g., `apps`, `networking.k8s.io`)

cluster logs

Stream log output from a pod in the active cluster.

ankra cluster logs my-pod -n default
ankra cluster logs my-pod -n default -c my-container
ankra cluster logs my-pod -n default --tail 100
ankra cluster logs my-pod -n default --since 3600

Flag	Short	Description
`--namespace`	`-n`	Kubernetes namespace (required)
`--container`	`-c`	Container name (defaults to pod name)
`--tail`		Number of lines from the end of the logs
`--since`		Seconds of logs to retrieve

Helm Charts

charts list

List available Helm charts.

ankra charts list
ankra charts list --page 2 --page-size 50
ankra charts list --subscribed  # show only subscribed charts

charts search

Search for Helm charts by name.

ankra charts search nginx
ankra charts search prometheus

charts info

Get detailed information about a chart.

ankra charts info nginx
ankra charts info grafana --repository https://grafana.github.io/helm-charts

In-Cluster Helm Releases

Manage Helm releases running in the active cluster. These commands operate on the currently selected cluster.

cluster helm releases

List Helm releases in the cluster.

ankra cluster helm releases
ankra cluster helm releases -n kube-system
ankra cluster helm releases --all-namespaces
ankra cluster helm releases -o json

Flag	Short	Description
`--namespace`	`-n`	Kubernetes namespace
`--all-namespaces`	`-A`	List across all namespaces (default)
`--output`	`-o`	Output format: `table`, `json` (default: `table`)

cluster helm uninstall

Uninstall a Helm release from the cluster.

ankra cluster helm uninstall my-release -n default

Flag	Short	Description
`--namespace`	`-n`	Kubernetes namespace (required)

Helm Registries

Manage organisation-level Helm chart registries and registry credentials.

helm registries list

List all Helm chart registries.

ankra helm registries list

helm registries get

Get details of a Helm chart registry.

ankra helm registries get <name>

helm registries create

Create a Helm chart registry from a JSON spec file.

ankra helm registries create -f registry-spec.json

Flag	Short	Description
`--file`	`-f`	Path to registry spec JSON file (required)

helm registries delete

Delete a Helm chart registry.

ankra helm registries delete <name>
ankra helm registries delete <name> -f   # skip confirmation

Flag	Short	Description
`--force`	`-f`	Skip confirmation prompt

Helm Registry Credentials

helm credentials list

List all Helm registry credentials.

ankra helm credentials list

helm credentials create

Create a Helm registry credential with username and password. The password is prompted interactively.

ankra helm credentials create --name my-cred --username user
# Password: ****
# Helm registry credential 'my-cred' created successfully!

Flag	Description
`--name`	Credential name (required)
`--username`	Registry username (required)

helm credentials delete

Delete a Helm registry credential.

ankra helm credentials delete <name>
ankra helm credentials delete <name> -f   # skip confirmation

Flag	Short	Description
`--force`	`-f`	Skip confirmation prompt

Hetzner Clusters

Provision, manage, and scale Kubernetes clusters on Hetzner Cloud.

cluster hetzner create

Create a new Hetzner cluster.

ankra cluster hetzner create \
  --name my-cluster \
  --credential-id <hetzner-credential-id> \
  --ssh-key-credential-ids <key-id-1>,<key-id-2> \
  --location fsn1

Flag	Default	Description
`--name`	required	Cluster name
`--credential-id`	required	Hetzner API credential ID
`--ssh-key-credential-ids`		SSH key credential IDs (comma-separated for multiple keys)
`--ssh-key-credential-id`		SSH key credential ID (single key, for backward compatibility)
`--location`	required	Hetzner datacenter (e.g., `fsn1`, `nbg1`, `hel1`)
`--control-plane-count`	`1`	Number of control plane nodes
`--control-plane-server-type`	`cx33`	Server type for control planes
`--worker-count`	`1`	Number of worker nodes
`--worker-server-type`	`cx33`	Server type for workers
`--bastion-server-type`	`cx23`	Server type for the bastion host
`--network-ip-range`	`10.0.0.0/16`	Private network IP range
`--subnet-range`	`10.0.1.0/24`	Subnet range
`--distribution`	`k3s`	Kubernetes distribution
`--kubernetes-version`	latest	Kubernetes version

cluster hetzner deprovision

Deprovision a Hetzner cluster and delete all associated resources.

ankra cluster hetzner deprovision <cluster_id>

cluster hetzner workers

Get the current worker count and scaling limits.

ankra cluster hetzner workers <cluster_id>

cluster hetzner node-group

Manage node groups for a Hetzner cluster.

ankra cluster hetzner node-group list <cluster_id>
ankra cluster hetzner node-group add <cluster_id> --name <name> --instance-type <type> --count <n>
ankra cluster hetzner node-group scale <cluster_id> <group_name> <count>
ankra cluster hetzner node-group upgrade <cluster_id> <group_name> <instance_type>
ankra cluster hetzner node-group delete <cluster_id> <group_name>

cluster hetzner scale

Scale all worker nodes up or down (legacy, prefer node-group scale).

ankra cluster hetzner scale <cluster_id> <worker_count>

Examples:

# Scale up to 5 workers
ankra cluster hetzner scale abc-123 5

# Scale down to 2 workers
ankra cluster hetzner scale abc-123 2

cluster hetzner k8s-version

Get the current Kubernetes version and distribution.

ankra cluster hetzner k8s-version <cluster_id>

cluster hetzner upgrade

Upgrade the Kubernetes (k3s) version on all nodes. Only supports upgrading one minor version at a time; downgrades are not supported.

ankra cluster hetzner upgrade <cluster_id> <target_version>

Examples:

# Upgrade to v1.35.1+k3s1
ankra cluster hetzner upgrade abc-123 v1.35.1+k3s1

OVH Clusters

Provision, manage, and scale Kubernetes clusters on OVH Cloud.

cluster ovh create

Create a new OVH cluster.

ankra cluster ovh create \
  --name my-cluster \
  --credential-id <ovh-credential-id> \
  --ssh-key-credential-id <ssh-key-credential-id> \
  --region GRA7

Flag	Default	Description
`--name`	required	Cluster name
`--credential-id`	required	OVH API credential ID
`--ssh-key-credential-id`	required	SSH key credential ID
`--region`	required	OVH Cloud region (e.g., `GRA7`, `SBG5`, `BHS5`)
`--control-plane-count`	`1`	Number of control plane nodes
`--control-plane-flavor-id`	`b2-15`	Instance flavor for control planes
`--worker-count`	`1`	Number of worker nodes
`--worker-flavor-id`	`b2-15`	Instance flavor for workers
`--gateway-flavor-id`	`b2-7`	Instance flavor for the gateway
`--network-vlan-id`	`0`	VLAN ID for the private network
`--subnet-cidr`	`10.0.1.0/24`	Subnet CIDR range
`--dhcp-start`	`10.0.1.100`	DHCP allocation range start
`--dhcp-end`	`10.0.1.200`	DHCP allocation range end
`--distribution`	`k3s`	Kubernetes distribution
`--kubernetes-version`	latest	Kubernetes version

cluster ovh deprovision

Deprovision an OVH cluster and delete all associated resources.

ankra cluster ovh deprovision <cluster_id>

cluster ovh workers

Get the current worker count and scaling limits.

ankra cluster ovh workers <cluster_id>

cluster ovh node-group

Manage node groups for an OVH cluster.

ankra cluster ovh node-group list <cluster_id>
ankra cluster ovh node-group add <cluster_id> --name <name> --instance-type <type> --count <n>
ankra cluster ovh node-group scale <cluster_id> <group_name> <count>
ankra cluster ovh node-group upgrade <cluster_id> <group_name> <instance_type>
ankra cluster ovh node-group delete <cluster_id> <group_name>

cluster ovh scale

Scale all worker nodes up or down (legacy, prefer node groups via Settings > Nodes).

ankra cluster ovh scale <cluster_id> <worker_count>

Examples:

# Scale up to 5 workers
ankra cluster ovh scale abc-123 5

# Scale down to 2 workers
ankra cluster ovh scale abc-123 2

cluster ovh k8s-version

Get the current Kubernetes version and distribution.

ankra cluster ovh k8s-version <cluster_id>

cluster ovh upgrade

Upgrade the Kubernetes (k3s) version on all nodes. Only supports upgrading one minor version at a time; downgrades are not supported.

ankra cluster ovh upgrade <cluster_id> <target_version>

Examples:

# Upgrade to v1.35.1+k3s1
ankra cluster ovh upgrade abc-123 v1.35.1+k3s1

UpCloud Clusters

Provision, manage, and scale Kubernetes clusters on UpCloud.

cluster upcloud create

Create a new UpCloud cluster.

ankra cluster upcloud create \
  --name my-cluster \
  --credential-id <upcloud-credential-id> \
  --ssh-key-credential-id <ssh-key-credential-id> \
  --zone fi-hel1

Flag	Default	Description
`--name`	required	Cluster name
`--credential-id`	required	UpCloud API credential ID
`--ssh-key-credential-id`	required	SSH key credential ID
`--zone`	required	UpCloud zone (e.g., `fi-hel1`, `de-fra1`, `nl-ams1`)
`--control-plane-count`	`1`	Number of control plane nodes
`--control-plane-plan`	`2xCPU-4GB`	Plan for control plane nodes
`--worker-count`	`1`	Number of worker nodes
`--worker-plan`	`2xCPU-4GB`	Plan for worker nodes
`--bastion-plan`	`1xCPU-2GB`	Plan for the bastion host
`--network-ip-range`	`10.0.0.0/16`	Private network IP range
`--distribution`	`k3s`	Kubernetes distribution
`--kubernetes-version`	latest	Kubernetes version

cluster upcloud deprovision

Deprovision an UpCloud cluster and delete all associated resources.

ankra cluster upcloud deprovision <cluster_id>

cluster upcloud workers

Get the current worker count and scaling limits.

ankra cluster upcloud workers <cluster_id>

cluster upcloud node-group

Manage node groups for an UpCloud cluster.

ankra cluster upcloud node-group list <cluster_id>
ankra cluster upcloud node-group add <cluster_id> --name <name> --instance-type <plan> --count <n>
ankra cluster upcloud node-group scale <cluster_id> <group_name> <count>
ankra cluster upcloud node-group upgrade <cluster_id> <group_name> <plan>
ankra cluster upcloud node-group delete <cluster_id> <group_name>

cluster upcloud scale

Scale all worker nodes up or down (legacy, prefer node-group scale).

ankra cluster upcloud scale <cluster_id> <worker_count>

Examples:

# Scale up to 5 workers
ankra cluster upcloud scale abc-123 5

# Scale down to 2 workers
ankra cluster upcloud scale abc-123 2

cluster upcloud k8s-version

Get the current Kubernetes version and distribution.

ankra cluster upcloud k8s-version <cluster_id>

cluster upcloud upgrade

Upgrade the Kubernetes (k3s) version on all nodes. Only supports upgrading one minor version at a time; downgrades are not supported.

ankra cluster upcloud upgrade <cluster_id> <target_version>

OVH Credentials

Manage OVH API credentials and SSH key credentials.

credentials ovh list

List all OVH API credentials.

ankra credentials ovh list

credentials ovh create

Create an OVH API credential. You will be prompted securely for the application key, application secret, and consumer key.

ankra credentials ovh create --name my-ovh-cred --project-id <project-id>
# OVH Application Key: mykey
# OVH Application Secret: ****
# OVH Consumer Key: ****
# OVH credential 'my-ovh-cred' created successfully!

Flag	Description
`--name`	Credential name (required)
`--project-id`	OVH Cloud project ID (required)

credentials ovh ssh-key list

List all SSH key credentials.

ankra credentials ovh ssh-key list

Aliases: ankra credentials ovh ssh-keys list, ankra credentials ovh ssh list

credentials ovh ssh-key create

Create an SSH key credential for OVH clusters.

# Generate a new keypair
ankra credentials ovh ssh-key create --name my-key --generate

# Provide your own public key
ankra credentials ovh ssh-key create --name my-key --public-key "ssh-ed25519 AAAA..."

Flag	Description
`--name`	Credential name (required)
`--public-key`	SSH public key string
`--generate`	Generate a new keypair (private key returned once)

When using --generate, the private key is displayed only once. Save it immediately.

Hetzner Credentials

Manage Hetzner API credentials and SSH key credentials. Aliases: ankra credentials hetzner, ankra creds hz

credentials hetzner list

List all Hetzner API credentials.

ankra credentials hetzner list

credentials hetzner create

Create a Hetzner API credential. The API token is prompted for securely (masked input, not stored in shell history).

ankra credentials hetzner create --name my-hetzner-token
# Hetzner API Token: ****
# Hetzner credential 'my-hetzner-token' created successfully!

Flag	Description
`--name`	Credential name (required)

credentials hetzner ssh-key list

List all SSH key credentials.

ankra credentials hetzner ssh-key list

Aliases: ankra credentials hetzner ssh-keys list, ankra credentials hetzner ssh list

credentials hetzner ssh-key create

Create an SSH key credential.

# Generate a new keypair
ankra credentials hetzner ssh-key create --name my-key --generate

# Provide your own public key
ankra credentials hetzner ssh-key create --name my-key --public-key "ssh-ed25519 AAAA..."

Flag	Description
`--name`	Credential name (required)
`--public-key`	SSH public key string
`--generate`	Generate a new keypair (private key returned once)

When using --generate, the private key is displayed only once. Save it immediately.

UpCloud Credentials

Manage UpCloud API credentials and SSH key credentials. Aliases: ankra credentials upcloud, ankra creds uc

credentials upcloud list

List all UpCloud API credentials.

ankra credentials upcloud list

credentials upcloud create

Create an UpCloud API credential. You will be prompted securely for the API token.

ankra credentials upcloud create --name my-upcloud-cred
# UpCloud API Token: ****
# UpCloud credential 'my-upcloud-cred' created successfully!

Flag	Description
`--name`	Credential name (required)

credentials upcloud ssh-key list

List all SSH key credentials.

ankra credentials upcloud ssh-key list

Aliases: ankra credentials upcloud ssh-keys list, ankra credentials upcloud ssh list

credentials upcloud ssh-key create

Create an SSH key credential for UpCloud clusters.

# Generate a new keypair
ankra credentials upcloud ssh-key create --name my-key --generate

# Provide your own public key
ankra credentials upcloud ssh-key create --name my-key --public-key "ssh-ed25519 AAAA..."

Flag	Description
`--name`	Credential name (required)
`--public-key`	SSH public key string
`--generate`	Generate a new keypair (private key returned once)

When using --generate, the private key is displayed only once. Save it immediately.

Credentials

Aliases: ankra credentials, ankra credential, ankra cred, ankra creds

credentials list

List all credentials.

ankra credentials list
ankra credentials list --provider github  # filter by provider

credentials get

Get details of a specific credential.

ankra credentials get <credential_id>

credentials validate

Check if a credential name is available.

ankra credentials validate my-new-credential

credentials delete

Delete a credential.

ankra credentials delete <credential_id>

API Tokens

Aliases: ankra tokens, ankra token

tokens list

List all API tokens.

ankra tokens list

tokens create

Create a new API token.

ankra tokens create my-ci-token
ankra tokens create my-temp-token --expires "2026-12-31T00:00:00Z"

tokens revoke

Revoke an API token (must be revoked before deletion).

ankra tokens revoke <token_id>

tokens delete

Delete a revoked API token.

ankra tokens delete <token_id>

Shell Completion

Generate or install shell completion scripts.

ankra completion bash                 # print bash completion script
ankra completion zsh                  # print zsh completion script
ankra completion fish                 # print fish completion script
ankra completion powershell           # print powershell completion script
ankra completion install              # install completions for current shell
ankra completion install --shell zsh  # install for a specific shell

Agent Skills

Install the curated Ankra Agent Skills into a Cursor/Claude skills directory so your AI agent follows Ankra’s recommended practices for the CLI, ImportCluster YAML, stacks/addons, GitOps, CI/CD, SOPS secrets, Helm registries, observability, alerts, Terraform, and cloud clusters. The skills are embedded in the CLI, so installation works offline.

ankra skills list                            # list available skills (marks installed ones)
ankra skills install                         # install all into ~/.cursor/skills (personal)
ankra skills install --project .             # install into ./.cursor/skills (project)
ankra skills install ankra-cli ankra-gitops  # install only named skills
ankra skills install --force                 # overwrite existing skills
ankra skills uninstall                       # remove all Ankra skills
ankra skills uninstall ankra-cli             # remove a named skill

ankra skills installs the static, curated skill set. To generate a SKILL.md describing one of your own clusters, use ankra openclaw skill instead.

Global Flags

Flag	Description
`--version`	Show CLI version
`--help`	Show help for any command
`--base-url`	Base URL for the Ankra API
`--config`	Config file (default: `~/.ankra.yaml`)
`--token`	API token for authentication

Configuration

The CLI stores configuration in ~/.ankra.yaml:

token: your-api-token
base-url: https://platform.ankra.app
token_id: token-uuid
token_name: ankra-cli-hostname-username

Token resolution priority (highest to lowest):

--token flag (explicit CLI argument)
Config file token (saved by ankra login)
ANKRA_API_TOKEN environment variable

The base URL can be overridden with --base-url or the ANKRA_BASE_URL environment variable.

Troubleshooting

Common Issues

PATH issues:

which ankra  # verify installation location
echo $PATH   # check PATH includes ankra location

Authentication errors:

ankra logout  # clear credentials
ankra login   # re-authenticate

Check version:

ankra --version

Get help:

ankra --help
ankra cluster --help
ankra chat --help

Error Messages

“No active cluster selected” Run ankra cluster select first
“Resource not found” Verify the resource name and selected cluster
“Unauthorized” Re-authenticate with ankra login

Support & Resources

Slack: Join Ankra Community
Email: hello@ankra.io
GitHub: ankraio/ankra-cli

For more advanced usage, see the full documentation or contact support.

Tokens OpenClaw

​What is Ankra CLI?

​Features

​Installation

​Single Command Installation (Recommended)

​Direct Download

​Authentication

​SSO Login (Recommended)

​Environment Variables (Alternative)

​Quick Start

​Command Reference

​Authentication

​login

​logout

​Organisation Management

​org list

​org switch

​Run a single command against another organisation

​org current

​org create

​org members

​org invite

​org remove

​org variables

​AI Chat

​chat

​chat health

​chat history

​chat show

​chat delete

​Cluster Operations

​cluster list

​cluster info

​cluster select

​cluster clear

​cluster reconcile

​cluster apply

​cluster clone

​cluster provision

​cluster deprovision

​cluster roll-to

​delete cluster

​SOPS Encryption

​cluster sops-config

​cluster encrypt manifest

​cluster encrypt addon

​cluster decrypt manifest

​cluster decrypt addon

​Stack Management

​cluster stacks list

​cluster stacks create

​cluster stacks delete

​cluster stacks rename

​cluster stacks history

​cluster stacks clone

​cluster stacks variables

​cluster variables

​Addon Management

​cluster addons list

​cluster addons available

​cluster addons settings

​cluster addons values

​cluster addons update

​cluster addons upgrade

​cluster addons uninstall

​Operations Management

​cluster operations list

​cluster operations cancel

​cluster operations cancel-job

​cluster operations jobs

​Agent Management

​cluster agent status

​cluster agent token

​cluster agent upgrade

​Manifest Management

​cluster manifests list

​cluster manifests get

​cluster manifests upgrade

​cluster manifests delete

​Kubernetes Resources

​cluster get pods

What is Ankra CLI?

Features

Installation

Single Command Installation (Recommended)

Direct Download

Authentication

SSO Login (Recommended)

Environment Variables (Alternative)

Quick Start

Command Reference

Authentication

login

logout

Organisation Management

org list

org switch

Run a single command against another organisation

org current

org create

org members

org invite

org remove

org variables

AI Chat

chat

chat health

chat history

chat show

chat delete

Cluster Operations

cluster list

cluster info

cluster select

cluster clear

cluster reconcile

cluster apply

cluster clone

cluster provision

cluster deprovision

cluster roll-to

delete cluster

SOPS Encryption

cluster sops-config

cluster encrypt manifest

cluster encrypt addon

cluster decrypt manifest

cluster decrypt addon

Stack Management

cluster stacks list

cluster stacks create

cluster stacks delete

cluster stacks rename

cluster stacks history

cluster stacks clone

cluster stacks variables

cluster variables

Addon Management

cluster addons list

cluster addons available

cluster addons settings

cluster addons values

cluster addons update

cluster addons upgrade

cluster addons uninstall

Operations Management

cluster operations list

cluster operations cancel

cluster operations cancel-job

cluster operations jobs

Agent Management

cluster agent status

cluster agent token

cluster agent upgrade

Manifest Management

cluster manifests list

cluster manifests get

cluster manifests upgrade

cluster manifests delete

Kubernetes Resources

cluster get pods