uctl CLI#
The uctl CLI provides functionality for Union administrators to manage Union-specific entities like users, roles, and Union configuration.
It also includes much of the functionality of the union CLI, but since it is a compiled binary (written in Go), it is faster and more efficient than the Python-based union CLI and more suitable for situations like running in a CI/CD environment where you might want to avoid the overhead of large Python dependencies.
Note
If you are not a Union administrator, or if you will be interacting with Union in an environment where Python is installed, you should use the union CLI instead.
Installation#
To install uctl on a Mac, use Homebrew, curl, or manually download the binary.
Homebrew
$ brew tap unionai/homebrew-tap
$ brew install uctl
curl
To use curl, set BINDIR to the install location (it defaults to ./bin) and run the following command:
$ curl -sL https://raw.githubusercontent.com/unionai/uctl/main/install.sh | bash
Manual download
To download the binary manually, see the uctl releases page.
To install uctl on Linux, use curl or manually download the binary.
curl
To use curl, set BINDIR to the install location (it defaults to ./bin) and run the following command:
$ curl -sL https://raw.githubusercontent.com/unionai/uctl/main/install.sh | bash
Manual download
To download the binary manually, see the uctl releases page.
To install uctl on Windows, use curl or manually download the binary.
curl
To use curl, in a Linux shell (such as WSL), set BINDIR to the install location (it defaults to ./bin) and run the following command:
$ curl -sL https://raw.githubusercontent.com/unionai/uctl/main/install.sh | bash
Manual download
To download the binary manually, see the uctl releases page.
Configuration#
To create a configuration file that contains your Union connection information, run the following command, replacing <union-host-url> with the URL of your Union instance:
$ uctl config init --host <union-host-url>
This will create a new configuration file at ~/.union/config.yaml:
union:
connection:
host: dns:///<union-host-url>
insecure: false
auth:
type: Pkce
admin:
endpoint: dns:///<union-host-url>
insecure: false
authType: Pkce
Note
PKCE is the default authentication type. To specify a different authentication type in the configuration file, see CLI authentication types.
Configuration file location hierarchy#
By default, the uctl CLI will use the configuration file at ~/.union/config.yaml to connect to your Union instance unless you override it. uctl searches for configuration files in the following order:
--config <path-to-config>flagUNION_CONFIGenvironment variableUCTL_CONFIGenvironment variable~/.union/config.yamlfile~/.uctl/config.yamlfile
Options#
Option |
Type |
Description |
|---|---|---|
|
string |
Audience to use when initiating OAuth2 authorization requests. |
|
string |
Type of OAuth2 flow used for communicating with admin.ClientSecret, Pkce, ExternalCommand are valid values (default “ClientSecret”) |
|
string |
Custom metadata header to pass JWT |
|
string |
This is the URL to your IdP’s authorization server. It’ll default to Endpoint |
|
string |
Use specified certificate file to verify the admin server peer. |
|
string |
Client ID (default “flytepropeller”) |
|
string |
Environment variable containing the client secret |
|
string |
File containing the client secret (default “/etc/secrets/client_secret”) |
|
strings |
Command for external authentication token generation |
|
string |
|
|
string |
amount of time the device flow would poll the token endpoint if auth server doesn’t return a polling interval. Okta and google IDP do return an interval’ (default “5s”) |
|
string |
grace period from the token expiry after which it would refresh the token. (default “5m0s”) |
|
string |
amount of time the device flow should complete or else it will be cancelled. (default “10m0s”) |
|
string |
For admin types, specify where the uri of the service is located. |
|
string |
OPTIONAL: HTTP Proxy to be used for OAuth requests. |
|
Use insecure connection. |
|
|
InsecureSkipVerify controls whether a client verifies the server’s certificate chain and host name. Caution : shouldn’t be use for production usecases’ |
|
|
string |
Max delay for grpc backoff (default “8s”) |
|
int |
Max number of gRPC retries (default 4) |
|
string |
gRPC per retry timeout (default “15s”) |
|
string |
grace period from the token expiry after which it would refresh the token. (default “5m0s”) |
|
string |
Amount of time the browser session would be active for authentication from client app. (default “2m0s”) |
|
strings |
List of scopes to request |
|
string |
Max duration between token refresh attempt and token expiry. (default “0s”) |
|
string |
OPTIONAL: Your IdP’s token endpoint. It’ll be discovered from flyte admin’s OAuth Metadata endpoint if not provided. |
|
Use Audience configured from admins public endpoint config. |
|
|
Deprecated: Auth will be enabled/disabled based on admin’s dynamically discovered information. |
|
|
string |
config file (default is $HOME/.flyte/config.yaml) |
|
string |
Endpoint of console, if different than flyte admin |
|
string |
Specifies the Flyte project’s domain. |
|
Pass in archive file either an http link or local path. |
|
|
string |
Custom assumable iam auth role to register launch plans with. |
|
Continue on error when registering files. |
|
|
string |
Location of source code in container. |
|
Execute command without making any modifications. |
|
|
Enable the schedule if the files contain schedulable launchplan. |
|
|
Force use of version number on entities registered with flyte. |
|
|
string |
Deprecated. Please use |
|
string |
Custom kubernetes service account auth role to register launch plans with. |
|
string |
Custom output location prefix for offloaded types (files/schemas). |
|
string |
Deprecated: Update flyte admin to avoid having to configure storage access from uctl. |
|
string |
Version of the entity to be registered with flyte which are un-versioned after serialization. |
|
help for uctl |
|
|
string |
Sets logging format type. (default “json”) |
|
int |
Sets the minimum logging level. (default 3) |
|
Mutes all logs regardless of severity. Intended for benchmarks/tests only. |
|
|
Includes source code location in logs. |
|
|
string |
Specifies the output type - supported formats [TABLE JSON YAML DOT DOTURL]. NOTE: dot, doturl are only supported for Workflow (default “TABLE”) |
|
string |
Specifies the Flyte project. |
|
int |
Maximum size of the cache where the Blob store data is cached in-memory. If not specified or set to 0, cache is not used |
|
int |
Sets the garbage collection target percentage. |
|
string |
Access key to use. Only required when authtype is set to accesskey. |
|
string |
Auth Type to use [iam, accesskey]. (default “iam”) |
|
Disables SSL connection. Should only be used for development. |
|
|
string |
URL for storage client to connect to. |
|
string |
Region to connect to. (default “us-east-1”) |
|
string |
Secret to use when accesskey is set. |
|
string |
Initial container (in s3 a bucket) to create -if it doesn’t exist-.’ |
|
string |
Sets time out on the http client. (default “0s”) |
|
If this is true, then the container argument is overlooked and redundant. This config will automatically open new connections to new containers/buckets as they are encountered |
|
|
int |
Maximum allowed download size (in MBs) per call. (default 2) |
|
stringToString |
Configuration for stow backend. Refer to github/flyteorg/stow (default []) |
|
string |
Kind of Stow backend to use. Refer to github/flyteorg/stow |
|
string |
Sets the type of storage to configure [s3/minio/local/mem/stow]. (default “s3”) |
Commands#
Used for updating various Union/Flyte resources, including cluster configs. |
|
Runs various config commands. |
|
Creates various Flyte resources such as tasks, workflows, launch plans, executions, and projects. |
|
Terminates/deletes various Flyte resources, such as executions and resource attributes. |
|
Provides commands for starting and interacting with a standalone minimal local environment for running Flyte. |
|
Fetches various Flyte resources such as tasks, workflows, launch plans, executions, and projects. |
|
Registers tasks, workflows, and launch plans from a list of generated serialized files. |
|
Update Flyte resources e.g., projects. |
|
Fetches |