// Guides kcli configuration and provider setup. Use when setting up ~/.kcli/config.yml, configuring providers (KVM, AWS, GCP, Azure, etc.), or managing profiles.
Guides deployment and management of Kubernetes clusters with kcli. Use when deploying OpenShift, k3s, kubeadm, or other Kubernetes distributions.
Guides creation of kcli plan files for deploying VMs, networks, and infrastructure. Use when writing YAML plans with Jinja2 templating or debugging plan execution issues.
Guides implementation of new virtualization providers for kcli. Use when adding support for a new cloud platform, hypervisor, or infrastructure provider.
Comprehensive guide for kcli usage. Use when creating VMs, deploying plans, managing clusters, or performing any kcli operations. Covers all common user workflows.
Guides testing and code quality for kcli. Use when writing tests, running linting, or validating changes before committing.
Guides VM lifecycle operations with kcli. Use when creating, managing, or troubleshooting virtual machines across providers.
| name | kcli-configuration |
| description | Guides kcli configuration and provider setup. Use when setting up ~/.kcli/config.yml, configuring providers (KVM, AWS, GCP, Azure, etc.), or managing profiles. |
~/.kcli/
├── config.yml # Main configuration (clients/providers)
├── profiles.yml # VM profiles (optional, can be in config.yml)
├── id_rsa / id_rsa.pub # SSH keys for VM access
├── id_ed25519 # Alternative SSH key
└── clusters/ # Cluster state (created by kcli)
default:
client: localhost # Default provider to use
numcpus: 2
memory: 512
pool: default
nets:
- default
disks:
- size: 10
# Provider definitions
localhost:
type: kvm
host: 127.0.0.1
| Type | Description | Required Fields |
|---|---|---|
kvm | Local/remote libvirt | host |
aws | Amazon Web Services | access_key_id, access_key_secret, region |
gcp | Google Cloud Platform | credentials, project, zone |
azure | Microsoft Azure | subscription_id, credentials (file) |
kubevirt | VMs on Kubernetes | context, host |
openstack | OpenStack cloud | auth_url, user, password, project |
ovirt | oVirt/RHV | host, user, password, datacenter |
vsphere | VMware vSphere | host, user, password, datacenter |
proxmox | Proxmox VE | host, user, password |
hcloud | Hetzner Cloud | token |
ibm | IBM Cloud | iam_api_key, region, vpc |
# Local libvirt
localhost:
type: kvm
host: 127.0.0.1
pool: default
# Remote libvirt via SSH
remote-kvm:
type: kvm
host: 192.168.1.100
protocol: ssh # ssh (default), tcp, or tls
user: root # SSH user
pool: default
# url: qemu+ssh://root@host/system # Or custom URI
myaws:
type: aws
access_key_id: AKIAIOSFODNN7EXAMPLE
access_key_secret: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
region: us-east-1
keypair: mykey # EC2 key pair name
mygcp:
type: gcp
credentials: ~/service-account.json # Service account JSON
project: my-project-id
zone: us-central1-a
region: us-central1 # Optional, derived from zone
myazure:
type: azure
subscription_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
credentials: ~/.azure/credentials.json
# Or use environment: AZURE_AUTH_LOCATION
location: eastus
resource_group: my-rg # Optional, created if needed
mykubevirt:
type: kubevirt
context: my-k8s-context # kubectl context
host: api.cluster.local # API server for SSH tunneling
pool: my-storageclass # StorageClass name
multus: true # Use Multus CNI
cdi: true # Use CDI for images
myopenstack:
type: openstack
auth_url: https://openstack:5000/v3
user: admin
password: secret
project: myproject
domain: Default
myovirt:
type: ovirt
host: ovirt-engine.local
user: admin@internal
password: secret
datacenter: Default
cluster: Default
pool: DataDomain
ca_file: ~/ovirt.pem # Engine CA certificate
default:
# Client selection
client: localhost
# Compute
numcpus: 2
memory: 512 # MB
cpumodel: host-model
nested: true # Nested virtualization
# Storage
pool: default
disks:
- size: 10
diskinterface: virtio
diskthin: true
# Network
nets:
- default
reservedns: false
reservehost: false
reserveip: false
# OS/Cloud-init
cloudinit: true
keys: [] # SSH public keys
cmds: [] # Post-boot commands
files: [] # Files to inject
# Access
tunnel: false # SSH tunneling for console
insecure: false # Ignore SSH host keys
enableroot: true # Allow root SSH
# Metadata
storemetadata: false
planview: false
# In ~/.kcli/profiles.yml or config.yml profiles section
small:
numcpus: 1
memory: 1024
disks:
- size: 10
medium:
numcpus: 2
memory: 2048
disks:
- size: 20
large:
numcpus: 4
memory: 4096
disks:
- size: 40
- size: 100
webserver:
image: centos9stream
numcpus: 2
memory: 4096
nets:
- default
cmds:
- dnf -y install nginx
- systemctl enable --now nginx
base: medium # Inherit from another profile
default:
client: local-kvm # Default client
local-kvm:
type: kvm
host: 127.0.0.1
remote-kvm:
type: kvm
host: 192.168.1.100
myaws:
type: aws
access_key_id: ...
access_key_secret: ...
region: us-east-1
Switch clients:
kcli switch local-kvm # Change default
kcli -C myaws list vm # Use specific client
# List configured clients
kcli list client
# Check client connectivity
kcli list host
# Info about current client
kcli info host
# Switch default client
kcli switch <client>
# Test with specific client
kcli -C <client> list vm
Some values can come from environment:
GOOGLE_APPLICATION_CREDENTIALS - GCP credentials pathAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY - AWS credentialsAZURE_AUTH_LOCATION - Azure credentials pathOS_* - OpenStack credentials (standard OS_ vars)Connection refused (KVM):
# Check libvirt is running
sudo systemctl status libvirtd
# Test virsh connection
virsh -c qemu:///system list
SSH key issues:
# Generate kcli SSH key
ssh-keygen -t rsa -N '' -f ~/.kcli/id_rsa
# Or use ed25519
ssh-keygen -t ed25519 -N '' -f ~/.kcli/id_ed25519
Debug mode:
kcli -d list vm # Shows provider connection details