Skip to main content
Version: latest

Content

The content command supports the creation and management of content bundles, which are archives containing all the images and artifacts required for deploying an Edge cluster. You can also use this command to export cluster definitions from one or more cluster profiles in Palette, and to upload content bundles to Edge hosts.

Prerequisites

  • An Edge Native cluster profile. Refer to the Create Edge Native Cluster Profile guide to learn how to create an Edge Native cluster profile.

  • You must authenticate the Palette CLI with Palette using the login command.

  • You must provide an encryption passphrase to secure sensitive data. The passphrase must be between 8 to 32 characters long and contain a capital letter, a lowercase letter, a digit, and a special character. You can provide the passphrase through the PALETTE_ENCRYPTION_PASSWORD environment variable or the -k or --encryption-passphrase flag. Refer to the Encryption guide for more information on encryption.

Subcommands

The content command includes the following subcommands:

  • build - Build a content bundle.
  • copy - Copy a specific bundle from one repository to another.
  • definition - Display the definition of a content bundle.
  • list - List available content bundles.
  • push - Push the bundle to a specific OCI registry.
  • registry-login - Login to a private OCI registry.
  • save - Save the content bundle locally.
  • serve - Serve the content bundle as a registry.
  • upload - Upload the content bundle to an Edge host.

Build

Use the build subcommand to create a content bundle or export a cluster definition. Refer to the Build Content Bundle and Export Cluster Definition guides for additional information.

palette content build [flags]

The following flags are supported by the build subcommand.

Short FlagLong FlagDescriptionType
--application-release-nameThe name of the application release to be added as metadata to the bundle definition.string
--application-release-notesThe release notes for the application to be added as metadata to the bundle definition.string
--application-release-versionThe version of the application release to be added as metadata to the bundle definition.string
-a--archThe architecture of the bundle to be built. The available options are amd64 and arm64. When provided, Palette CLI will attempt to resolve all referenced images to single-architecture manifests for the selected platform. This alters the image digest and may invalidate signatures if the original images were signed as multi-arch. If this flag is not provided, Palette CLI pulls and preserves each image’s original form, whether single-arch or multi-arch. This ensures signature integrity when the images were signed in their original state.string
--build-typeThe type of build. The available options are local, where the build is performed locally, and remote, where the build is performed directly on the registry. The default value is local. To enable remote builds, you must also specify the registry address using the --registry flag.string
--ca-certThe path to the CA certificate file.string
--cluster-definition-nameThe filename of the cluster definition .tgz file.string
--cluster-definition-profile-idsA comma-separated list of cluster profile IDs to be included in the cluster definition.string
--compression-levelThe compression level for the archive file. The default value is 3.integer
--download-cluster-config-onlyIf enabled, only the cluster configuration will be downloaded.boolean
--existing-bundlesExisting .tar.zst bundle archives to include as part of the content bundle build. This avoids the need to redownload images, charts, and raw files that are already present in local bundles.string
-k--encryption-passphraseThe encryption passphrase used to secure sensitive data.string
--exclude-profilesA comma-separated list of cluster profile IDs whose content should be excluded from the generated content bundle.string
--fipsIf enabled, the bundle will include only FIPS service images.boolean
-h--helpHelp for the build subcommand.-
--images-onlyIncludes only images in the content bundle, excluding charts and tar.gz pack files. This flag is applicable only when used with the --packs flag.boolean
--include-core-palette-images-onlyWhether to include only the essential Palette images required for cluster creation, excluding day-2 images. This option is recommended for airgap installations to reduce the size of the content bundle. By default, this flag is set to false, and the build command includes both core and day-2 images.boolean
--include-packsIncludes tar.gz pack files in the content bundle, as they are not included by default. This flag is applicable only when used with the --profiles flag.boolean
--include-service-imagesWether to include Palette service images. The default value is true.boolean
-i--insecureSkips Transport Layer Security (TLS) verification (bypasses x509 verification).boolean
-f--metadata-fileThe file path to the content bundle definition metadata file bundle-definition.yaml to be used for building the content bundle.string
--metadata-onlyIf enabled, only the bundle definition metadata file bundle-definition.yaml is generated. You can edit this file, for example to change a registry path, and then use it with the --metadata-file flag to build a content bundle.boolean
-n--nameThe name of the content bundle. This is required to generate bundles with unique names. If not provided, the command generates a default name in the <bundle>-<project-id> format, which is not unique and may lead to issues, as bundles using the same default name can be overwritten during upload to Local UI.string
-o--outputThe output directory where the bundle will be saved. If not specified, the bundle will be saved to <current-directory>/output/content-bundle/ by default.string
--packsComma-separated list of local paths to the pack tar.gz archive or directory files to include in the bundle.string
--private-keyThe path to the private key used to sign the content bundle and cluster definition if it is present. If the Edge host has an embedded corresponding public key, the signature of the uploaded content will be verified. For more information, refer to Embed Public Key in Edge Artifacts.string
--profilesComma-separated list of cluster profile IDs to download content for the content bundle. Ensure that between all the profiles you include in the content bundle, only one infrastructure layer exists. For example, you can have one infrastructure profile and many add-on files, or one full profile and many add-on files, but you cannot have multiple infrastructure and full profiles.string
--progressDisplays the build progress output.boolean
--project-idThe ID of the Palette project.string
-p--pushPushes the content bundle to the OCI registry after creation. This applies only if the build type is set to local. The default value is false.boolean
-r--registryThe address of the OCI registry to push the images to. Applies if --push is set to true.string
--skip-cleanupSkips the clean up of temporary files generated during the build process in the output folder.boolean
--tls-certThe path to the TLS certificate file.string
--tls-keyThe path to the TLS key file.string

Examples

The following example creates a content bundle named example-bundle.tar.zst using the cluster profiles specified by the --profiles flag. The bundle is created in the <current-directory>/output/content-bundle/ folder by default.

palette content build --arch amd64 --profiles 12345678910 --project-id 1617181929 --name example-bundle
Example Output
-----------------------------
Build Summary
-----------------------------
bundle example-bundle saved to /home/ubuntu/output/content-bundle/example-bundle.tar.zst

The following example creates a cluster definition named example-definition.tgz using the cluster profiles specified by the --cluster-definition-profile-ids flag. The definition is created in the <current-directory>/output/ folder by default.

palette content build --arch amd64 --download-cluster-config-only --project-id 1617181929 --cluster-definition-name example-definition --cluster-definition-profile-ids 12345678910
Example Output
Downloaded cluster config at /home/ubuntu/output/example-definition.tgz

The following example creates both a content bundle named example-bundle.tar.zst and a cluster definition named example-definition.tgz. The definition is created in the <current-directory>/output/ folder, and the bundle is created in the <current-directory>/output/content-bundle/ folder by default. When you create a cluster definition and content bundle using a single build command, the cluster definition is also embedded into the content bundle.

palette content build --arch amd64 --profiles 12345678910 --project-id 1617181929 --cluster-definition-name example-definition --cluster-definition-profile-ids 12345678910 --name example-bundle
Example Output
-----------------------------
Build Summary
-----------------------------
bundle example-bundle saved to /home/ubuntu/output/content-bundle/example-bundle.tar.zst

The following example creates a bundle definition named bundle-definition.yaml in the <current-directory>/output/content-bundle/ folder.

palette content build --arch amd64 --metadata-only --profiles 12345678910 --project-id 1617181929 --name example-bundle
Example Output
Writing flattened bundle definition file at path /home/ubuntu/output/content-bundle/bundle-definition.yaml

You can modify the definition according to your use case. For example, you can change the registry path of the images and then use the --metadata-file flag to build a content bundle from the updated definition file.

palette content build --metadata-file /home/ubuntu/output/content-bundle/bundle-definition.yaml
Example Output
-----------------------------
Build Summary
-----------------------------
bundle example-bundle saved to /home/ubuntu/output/content-bundle/example-bundle.tar.zst

The following example creates a new content bundle named example-bundle.tar.zst using the cluster profiles specified by the --profiles flag and the existing bundle specified by the --existing-bundles flag. This avoids the need to redownload images defined in the profiles that are already present in the existing bundle.

palette content build --arch amd64 --profiles 12345678910 --project-id 1617181929 --name example-bundle --existing-bundles ./bundles/example-existing-bundle.tar.zst
Example Output
-----------------------------
Build Summary
-----------------------------
bundle example-bundle saved to /home/ubuntu/output/content-bundle/example-bundle.tar.zst

You can exclude content defined in specific cluster profiles from a content bundle using the --exclude-profiles flag. This is useful in day-2 scenarios, where a new version of a cluster profile includes most of the same content as before, with only minor additions, such as a new pack. By specifying the older profile version under --exclude-profiles, you can exclude any content that was already included in a previous bundle, ensuring that only the new content is added.

The following command creates a new content bundle named example-bundle.tar.zst using the cluster profiles specified by the --profiles flag, while excluding any images, charts, or raw files defined in the profiles listed under the --exclude-profiles flag. For example, suppose you created a content bundle on day-1 from cluster profile 11121314151, containing packs A, B, and C. On day-2, you create a new version of the cluster profile and add pack D. You can then use the --exclude-profiles flag to create a new bundle that includes only pack D and excludes the packs already present in the first profile version.

palette content build --arch amd64 --profiles 12345678910 --project-id 1617181929 --name example-bundle --exclude-profiles 11121314151
Example Output
-----------------------------
Build Summary
-----------------------------
bundle example-bundle saved to /home/ubuntu/output/content-bundle/example-bundle.tar.zst

Copy

Use the copy subcommand to copy a content bundle from one repository to another, either locally or remotely.

palette content copy [flags]

The following flags are supported by the copy subcommand.

Short FlagLong FlagDescriptionType
--annotation-selectorFilters artifacts based on key-value pairs. The default value is [].string
-a--archThe architecture of the bundle to be copied.string
--ca-certThe path to the CA certificate file.string
-d--destinationThe destination repository address. If the repository is remote, use a standard address format (for example, example.com/bundle/example-bundle.tar.zst). For local repositories, use the URI (Uniform Resource Identifier) format (file:///path/to/bundle).string
-h--helpHelp for the copy subcommand.-
-i--insecureSkips Transport Layer Security (TLS) verification (bypasses x509 verification).boolean
--progressDisplays the progress of the copy operation.boolean
-s--sourceThe source repository address. Specify a remote repository using the standard address format (for example, example.com/bundle/example-bundle.tar.zst), or use the URI format (file:///path/to/bundle) for local repositories.string
--tls-certThe path to the TLS certificate file.string
--tls-keyThe path to the TLS key file.string

Example

The following command copies the example-bundle.tar.zst bundle from the home/ubuntu/copy/ local repository to the home/ubuntu/paste/ repository.

palette content copy --source file:///home/ubuntu/copy/example-bundle.tar.zst --destination file:///home/ubuntu/paste
Example Output
-----------------------------
Copy Summary
-----------------------------
bundle /home/ubuntu/copy/tmp/bundle-extract/example-bundle.tar copied to /home/ubuntu/paste

Definition

Use the definition subcommand to retrieve the definition of a content bundle.

palette content definition [path] [flags]

The following flags are supported by the definition subcommand.

Short FlagLong FlagDescriptionType
-a--archThe architecture of the content bundle.string
--ca-certThe path to the CA certificate file.string
-h--helpHelp for the definition subcommand.-
-i--insecureSkips Transport Layer Security (TLS) verification (bypasses x509 verification).boolean
--progressDisplays the command progress.boolean
--tls-certThe path to the TLS certificate file.string
--tls-keyThe path to the TLS key file.string

Example

The following example prints the bundle definition of the content bundle located in output/bundle-definition.yaml.

palette content definition output/bundle-definition.yaml

List

Use the list subcommand to get a list of available content bundles in the specified remote repository.

palette content list [flags]

The following flags are supported by the list subcommand.

Short FlagLong FlagDescriptionType
-a--archThe architecture of the content bundle.string
--ca-certThe path to the CA certificate file.string
-h--helpHelp for the list subcommand.-
-i--insecureSkips Transport Layer Security (TLS) verification (bypasses x509 verification).boolean
--progressDisplays the command progress.boolean
-r--repoThe remote repository from which to list bundles.string
--tls-certThe path to the TLS certificate file.string
--tls-keyThe path to the TLS key file.string

Example

The following example command lists the content bundles in the docs repository.

palette content list --repo example.com/docs/bundle-definition
Example Output
Listing bundles
example.com/docs/bundle-definition:bundle-123456acbdecaec2e

Push

Use the push subcommand to push a content bundle to an OCI registry. Refer to the Upload Cluster Images to Registry with the CLI guide for more information on how to push content bundles to external registries.

palette content push [flags]

The following flags are supported by the push subcommand.

Short FlagLong FlagDescriptionType
--annotation-selectorFilters artifacts based on key-value pairs. The default value is [].string
-a--archThe architecture of the bundle to be pushed.string
--ca-certThe path to the CA certificate file.string
-f--fileThe file path of the content bundle.string
-h--helpHelp for the push subcommand.-
-i--insecureSkips Transport Layer Security (TLS) verification (bypasses x509 verification).boolean
--progressDisplays the command progress.boolean
-r--registryThe address of the registry to push the bundle to.string
--tls-certThe path to the TLS certificate file.string
--tls-keyThe path to the TLS key file.string

Example

The following example pushes the bundle named example-bundle.tar.zst to the example.com/bundle registry.

palette content push --file example-bundle.tar.zst --registry example.com/bundle
Example Output
-----------------------------
Push Summary
-----------------------------
local bundle example-bundle pushed to example.com/bundle

Registry-login

Use the registry-login subcommand to login to a private OCI registry using the provided credentials.

palette content registry-login [flags]

The following flags are supported by the registry-login subcommand.

Short FlagLong FlagDescriptionType
-a--archThe architecture of the bundle to be pushed.string
--ca-certThe path to the CA certificate file.string
-h--helpHelp for the registry-login subcommand.-
-i--insecureSkips Transport Layer Security (TLS) verification (bypasses x509 verification).boolean
-p--passwordThe password for the registry.string
--progressDisplays the command progress.boolean
-r--registryThe registry to log into.string
--tls-certThe path to the TLS certificate file.string
--tls-keyThe path to the TLS key file.string
-u--usernameThe username for the registry.string

Example

The following example logs into the example.com registry with the docs username and password.

palette content registry-login --registry example.com --username docs --password ********

Save

Use the save subcommand to save a content bundle from an OCI registry locally.

palette content save [flags]

The following flags are supported by the save subcommand.

Short FlagLong FlagDescriptionType
-a--archThe architecture of the bundle to be saved.string
--ca-certThe path to the CA certificate file.string
--compression-levelThe compression level for the archive file. The default value is 3.integer
--definition-onlySave only the bundle definition.boolean
-h--helpHelp for the save subcommand.-
-i--insecureSkips Transport Layer Security (TLS) verification (bypasses x509 verification).boolean
-o--outputThe output directory where the bundle will be saved.string
--progressDisplays the command progress.boolean
-s--sourceThe source registry address.string
--tls-certThe path to the TLS certificate file.string
--tls-keyThe path to the TLS key file.string

Example

The following example saves the content bundle example-bundle from the example.com/bundle registry locally in the output-example directory.

palette content save --source example.com/bundle/bundle-definition:example-bundle --output output-example
Example Output
-----------------------------
Save Summary
-----------------------------
bundle example.com/bundle/bundle-definition:example-bundle copied to /home/ubuntu/output-example
bundle example.com/bundle/bundle-definition:example-bundle saved to /home/ubuntu/output-example/example-bundle.tar

Serve

Use the serve subcommand to serve a content bundle as a registry.

palette content serve [flags]

The following flags are supported by the serve subcommand.

Short FlagLong FlagDescriptionType
-a--archThe architecture of the bundle to be served.string
-b--bundleThe path to the content bundle.string
--ca-certThe path to the CA certificate file.string
-d--diskThe path to the registry disk.string
-h--helpHelp for the serve subcommand.-
--hostThe host on which the bundle will be served.string
-i--insecureSkips Transport Layer Security (TLS) verification (bypasses x509 verification).boolean
-p--portThe port to serve the bundle on. The default port is 8080.string
--progressDisplays the command progress.boolean
--tls-certThe path to the TLS certificate file.string
--tls-keyThe path to the TLS key file.string

Example

The following example serves the output/example-bundle.tar.zst content bundle as a registry locally on port 5000.

palette content serve --port 5000 --bundle output/example-bundle.tar.zst --disk disk-example
Example Output
-----------------------------
Push Summary
-----------------------------
local bundle example-bundle pushed to :5000/bundle
tip

You can use the ORAS CLI tool to confirm that the content bundle is being served correctly. For example, the command oras repo list --plain-http localhost:5000/bundle should list all repositories available in the bundle. Replace localhost with the host's address if you are hosting the registry externally.

Upload

Use the upload subcommand to upload a content bundle to an Edge host. Refer to the Upload Content Bundle for additional information on how to upload content bundles to Edge hosts.

palette content upload [flags] [host]

The following flags are supported by the upload subcommand.

Short FlagLong FlagDescriptionType
--cluster-exportThe cluster definition .tgz file to be uploaded. You can only upload a cluster definition if a content bundle is not being uploaded in the same command execution.string
-f--fileThe file path of the content bundle to be uploaded.string
-h--helpHelp for the upload subcommand.-
-p--portThe Edge host target port. The default port is 5082.string
--tokenThe authentication token used to validate the client. The token is located on the Edge host at /opt/spectrocloud/.upload-auth-token.string

Example

The following example uploads the example-bundle.tar.zst content bundle to the Edge host at IP address 10.45.67.89. If the content bundle contains an embedded cluster definition, this definition will also be automatically uploaded to Local UI.

palette content upload --file output/example-bundle.tar.zst --token ABC1234566b31221do 10.45.67.89
Example Output
uploading file example-bundle.tar.zst to appliance
4.97 GiB / 4.97 GiB [=============================================================] 100.00%
response: Uploaded content successfully

After the upload, the content bundle can be viewed in Local UI under the Content section.

warning

The content bundle must have a unique name. This can be specified using the --name flag with the content build command. If a unique name is not provided, the build command generates a default name in the <bundle>-<project-id> format, which is not unique and may lead to issues, as bundles using the same default name can be overwritten during upload to Local UI.