edbctl hybrid-manager v1

Suggest edits

The edbctl hybrid-manager command manages Hybrid Manager (HM) instances, including lifecycle operations, setup, monitoring access, PostgreSQL diagnostics, and troubleshooting. These commands interact directly with the Kubernetes cluster via kubectl context. API credentials are not required.

Commands

edbctl hybrid-manager command has the following options:

edbctl hybrid-manager create-install-secrets

Interactively creates secrets on a Kubernetes cluster in preparation for Hybrid Manager bootstrapping. You can also use the edbctl hm alias for this command.

edbctl hybrid-manager create-install-secrets --version <version> [--scenario <scenarios>] [--force] [options]

Where options are:

    --version string      The version of Hybrid Manager to install on the cluster (required).
                          Use "latest" or "latest-ir" for the latest Innovation Release,
                          or "latest-lts" for the latest LTS release.
-s, --scenario strings    The scenarios to install secrets for (all scenarios if not specified).
-f, --force               Force update of existing secrets.
-I, --interactive         Execute command interactively.
-y, --yes                 Auto-confirm all confirmations.
-h, --help                Help for create-install-secrets.

These examples show how to create install secrets:

# Interactive mode (default): requires interactive_mode config set to on
edbctl hm create-install-secrets --version v2026.2.0 --scenario core --scenario ai
edbctl hm create-install-secrets --version v2026.2.0           # creates secrets for all scenarios
edbctl hm create-install-secrets --version v2026.2.0 --force   # updates existing secrets
edbctl hm create-install-secrets --version latest-ir            # resolves to the latest Innovation Release
edbctl hm create-install-secrets --version latest-lts           # resolves to the latest LTS release

# Skip confirmations: use --yes flag or set confirm_mode config to off
edbctl hm create-install-secrets --version v2026.2.0 -y

# Non-interactive mode (for CI/CD pipelines): set interactive_mode and confirm_mode config to off,
# then provide credentials via environment variables (e.g. EDB_CORE_ADMIN_EMAIL1)
# edbctl config set interactive_mode off
# edbctl config set confirm_mode off
# export EDB_CORE_ADMIN_EMAIL1=admin@example.com
edbctl hm create-install-secrets --version v2026.2.0 --force

edbctl hybrid-manager diagnostic-container

Launches an ephemeral diagnostic container on a target pod or node for troubleshooting. Attaches an interactive TTY session to the debug container. The container is removed when the session ends.

edbctl hybrid-manager diagnostic-container --pod <pod> [--type pod|node] [--namespace <namespace>] [--version <version>] [--registry <registry>] [options]

Where options are:

    --pod string        Target pod or node name (required).
-t, --type string       Target type: pod or node (default: pod).
-n, --namespace string  Target namespace (required for pod targets).
-v, --version string    Diagnostic image tag (omit to use the image default).
-r, --registry string   Container registry URL (default "docker.enterprisedb.com/pgai-platform").
-h, --help              Help for diagnostic-container.

These examples show how to launch a diagnostic container:

edbctl hybrid-manager diagnostic-container --pod my-pod -n my-namespace
edbctl hybrid-manager diagnostic-container --pod my-node --type node
edbctl hybrid-manager diagnostic-container --pod my-pod -n my-namespace --version 2026.2.0

edbctl hybrid-manager get-pg-activity

Queries the Beacon database for cluster activity records such as create and delete operations.

edbctl hybrid-manager get-pg-activity --pg-id <cluster-id> [options]

Where options are:

    --pg-id string      PG cluster ID.
-c, --create            Show CREATE activities only.
-d, --delete            Show DELETE activities only.
-t, --timestamp-only    Show timestamps only.
-o, --output string     [table json yaml xml json-raw] (default "table").
-h, --help              Help for get-pg-activity.

These examples show how to display PG cluster activity:

edbctl hybrid-manager get-pg-activity --pg-id p-abc123def
edbctl hybrid-manager get-pg-activity --pg-id p-abc123def --create
edbctl hybrid-manager get-pg-activity --pg-id p-abc123def -o json

edbctl hybrid-manager get-pg-all

Retrieves all PostgreSQL cluster data in a single invocation: cluster info and instance status, GUC parameters, disk usage per pod, and activity history. Equivalent to running get-pg-info, get-pg-gucs, get-pg-disk, and get-pg-activity in sequence.

edbctl hybrid-manager get-pg-all --pg-id <cluster-id> [options]

Where options are:

    --pg-id string      PG cluster ID.
-o, --output string     [table json yaml xml json-raw] (default "table").
-h, --help              Help for get-pg-all.

These examples show how to run all PG cluster queries:

edbctl hybrid-manager get-pg-all --pg-id p-abc123def
edbctl hybrid-manager get-pg-all --pg-id p-abc123def -o json

edbctl hybrid-manager get-pg-disk

Shows filesystem usage, base size, temp size, and WAL size for a PostgreSQL pod. Use --pg-id to discover pods for a PG cluster automatically, or --pod to target a specific pod directly. Exactly one of --pg-id or --pod must be provided.

edbctl hybrid-manager get-pg-disk [--pg-id <cluster-id> | --pod <pod>] [options]

Where options are:

    --pg-id string      PG cluster ID (discovers pods automatically).
    --pod string        Target a specific pod directly.
-n, --namespace string  Override namespace (with --pod only; auto-detected if omitted).
-a, --all               Show disk info for all pods in the cluster (with --pg-id only).
-o, --output string     [table json yaml xml json-raw] (default "table").
-I, --interactive       Execute command interactively.
-h, --help              Help for get-pg-disk.

These examples show how to display PG pod disk usage:

edbctl hybrid-manager get-pg-disk --pg-id p-abc123def
edbctl hybrid-manager get-pg-disk --pg-id p-abc123def --all
edbctl hybrid-manager get-pg-disk --pod p-abc123def-a-1
edbctl hybrid-manager get-pg-disk --pod p-abc123def-a-1 -n custom-namespace
edbctl hybrid-manager get-pg-disk --pg-id p-abc123def -o json

edbctl hybrid-manager get-pg-gucs

Reads GUC (Grand Unified Configuration) parameters from the ClusterWrapper CRD per instance.

edbctl hybrid-manager get-pg-gucs --pg-id <cluster-id> [options]

Where options are:

    --pg-id string      PG cluster ID.
-o, --output string     [table json yaml xml json-raw] (default "table").
-h, --help              Help for get-pg-gucs.

These examples show how to display PostgreSQL GUC parameters:

edbctl hybrid-manager get-pg-gucs --pg-id p-abc123def
edbctl hybrid-manager get-pg-gucs --pg-id p-abc123def -o json

edbctl hybrid-manager get-pg-info

Retrieves cluster metadata and per-instance health from ClusterWrapper and CNP Cluster CRDs.

edbctl hybrid-manager get-pg-info --pg-id <cluster-id> [options]

Where options are:

    --pg-id string      PG cluster ID.
-o, --output string     [table json yaml xml json-raw] (default "table").
-h, --help              Help for get-pg-info.

These examples show how to display PG cluster overview and instance status:

edbctl hybrid-manager get-pg-info --pg-id p-abc123def
edbctl hybrid-manager get-pg-info --pg-id p-abc123def -o json

edbctl hybrid-manager get-pg-owner

Queries the Beacon database to find the user who created the PG cluster.

edbctl hybrid-manager get-pg-owner --pg-id <cluster-id> [options]

Where options are:

    --pg-id string      PG cluster ID.
-o, --output string     [table json yaml xml json-raw] (default "table").
-h, --help              Help for get-pg-owner.

These examples show how to display PG cluster owner:

edbctl hybrid-manager get-pg-owner --pg-id p-abc123def
edbctl hybrid-manager get-pg-owner --pg-id p-abc123def -o json

edbctl hybrid-manager list-install-secrets

Provides a formatted list of secrets required for the given Hybrid Manager version and scenario set. You can also use the edbctl hm alias for this command.

edbctl hybrid-manager list-install-secrets --version <version> [--scenario <scenarios>] [options]

Where options are:

    --version string      The version of Hybrid Manager to list secrets for (required).
                          Use "latest" or "latest-ir" for the latest Innovation Release,
                          or "latest-lts" for the latest LTS release.
-s, --scenario strings    The scenarios to list secrets for (all scenarios if not specified).
-o, --output string       [table json yaml xml json-raw] (default "table").
-h, --help                Help for list-install-secrets.

These examples show how to list install secrets:

edbctl hm list-install-secrets --version v2026.2.0 --scenario core --scenario ai
edbctl hm list-install-secrets --version v2026.2.0      # lists secrets for all scenarios
edbctl hm list-install-secrets --version latest-ir       # resolves to the latest Innovation Release
edbctl hm list-install-secrets --version latest-lts      # resolves to the latest LTS release

edbctl hybrid-manager open-alertmanager

Opens the Alertmanager web UI via port-forward and browser. Sets up a port-forward to the alertmanager-operated service and opens the web UI in the default browser. Press Ctrl+C to stop.

edbctl hybrid-manager open-alertmanager [options]

Where options are:

-b, --background    Run port-forward in the background.
-h, --help          Help for open-alertmanager.

These examples show how to open the Alertmanager UI:

edbctl hybrid-manager open-alertmanager
edbctl hybrid-manager open-alertmanager --background

edbctl hybrid-manager open-grafana

Opens the Grafana web UI via port-forward and browser. Sets up a port-forward to the grafana service and opens the web UI in the default browser. Press Ctrl+C to stop.

edbctl hybrid-manager open-grafana [options]

Where options are:

-b, --background    Run port-forward in the background.
-h, --help          Help for open-grafana.

These examples show how to open the Grafana UI:

edbctl hybrid-manager open-grafana
edbctl hybrid-manager open-grafana --background

edbctl hybrid-manager open-prometheus

Opens the Prometheus web UI via port-forward and browser. Sets up a port-forward to the prometheus-k8s service and opens the web UI in the default browser. Press Ctrl+C to stop.

edbctl hybrid-manager open-prometheus [options]

Where options are:

-b, --background    Run port-forward in the background.
-h, --help          Help for open-prometheus.

These examples show how to open the Prometheus UI:

edbctl hybrid-manager open-prometheus
edbctl hybrid-manager open-prometheus --background

edbctl hybrid-manager open-thanos

Opens the Thanos Query web UI via port-forward and browser. Sets up a port-forward to the thanos-query-frontend service and opens the web UI in the default browser. Press Ctrl+C to stop.

edbctl hybrid-manager open-thanos [options]

Where options are:

-b, --background    Run port-forward in the background.
-h, --help          Help for open-thanos.

These examples show how to open the Thanos Query UI:

edbctl hybrid-manager open-thanos
edbctl hybrid-manager open-thanos --background
Note

The resume-component, retry-component, and suspend-component commands prompt for confirmation by default. Use --yes (-y) to skip the prompt for CI or scripted use.

edbctl hybrid-manager resume-component

Resumes a suspended Hybrid Manager component.

edbctl hybrid-manager resume-component <component-name> [options]

Where options are:

-y, --yes    Auto-confirm all confirmations.
-h, --help   Help for resume-component.

This example shows how to resume a component:

edbctl hybrid-manager resume-component upm-istio

edbctl hybrid-manager retry-component

Retries a Hybrid Manager component that is in an error state.

edbctl hybrid-manager retry-component <component-name> [options]

Where options are:

-y, --yes    Auto-confirm all confirmations.
-h, --help   Help for retry-component.

This example shows how to retry a component:

edbctl hybrid-manager retry-component upm-istio

edbctl hybrid-manager status

Checks the status of Hybrid Manager and its components.

edbctl hybrid-manager status [options]

Where options are:

-o, --output string   [table json yaml xml json-raw] (default "table").
-h, --help            Help for status.

This example shows how to check the Hybrid Manager status:

edbctl hybrid-manager status

edbctl hybrid-manager suspend-component

Suspends a Hybrid Manager component.

edbctl hybrid-manager suspend-component <component-name> [options]

Where options are:

-y, --yes    Auto-confirm all confirmations.
-h, --help   Help for suspend-component.

This example shows how to suspend a component:

edbctl hybrid-manager suspend-component upm-istio

edbctl hybrid-manager prepare-bootstrap-operator-conversion

Prepares a Bootstrap-installed Hybrid Manager for conversion to the Operator installation method. The command does two things in a single run: exports the existing HybridControlPlane CR (created by the bootstrap install) to a manifest so it can be re-applied under the operator, and transfers Helm ownership of the existing cluster resources from the bootstrap release to the operator release by deleting the bootstrap controller Deployments and re-annotating CRDs, RBAC, Services, the ServiceAccount, and webhook configurations.

No CRDs or database clusters are deleted. The transfer is idempotent and safe to re-run. Installing the operator chart and applying the exported CR remain manual follow-up steps.

You can also use the edbctl hm alias for this command.

edbctl hybrid-manager prepare-bootstrap-operator-conversion [options]

Where options are:

-o, --output string              File to write the exported HybridControlPlane CR (default "hybridmanager.yaml").
-n, --namespace string           Bootstrap namespace (default "edbpgai-bootstrap").
    --operator-namespace string  Namespace the operator chart will be installed into (default: same as --namespace).
    --source-release string      Helm release currently owning the resources (default "edbpgai-bootstrap").
    --target-release string      Helm release to transfer ownership to (default "edb-hcp-operator").
    --dry-run                    Preview deletions and annotations without changing the cluster.
-y, --yes                        Auto-confirm all confirmations.
-h, --help                       Help for prepare-bootstrap-operator-conversion.

These examples show how to prepare a Bootstrap-installed Hybrid Manager for conversion:

# Export the CR and transfer ownership (prompts before the transfer)
edbctl hm prepare-bootstrap-operator-conversion

# Preview everything without changing the cluster
edbctl hm prepare-bootstrap-operator-conversion --dry-run

# Write the exported CR to a specific path
edbctl hm prepare-bootstrap-operator-conversion -o hm.yaml

edbctl hybrid-manager upgrade-operator

Installs or upgrades the Hybrid Manager (HM) Operator to the latest available LTS version using Helm. Run this command to ensure the operator is up to date before installing or upgrading Hybrid Manager itself.

From the 1.4.0 LTS release (or the 2026.6.0 Innovation release) onwards, operator images are embedded in the HM release and synced with edbctl image sync-to-local-registry. As a result, you can install the operator directly from Cloudsmith or from a private registry.

Note

When deploying from a private registry, run this command only after you finish syncing images for the target HM version to that registry. Otherwise the operator image may not be present and the upgrade fails.

Note

This command uses Helm to install the operator. To uninstall it, run helm uninstall against the release.

Note

On OpenShift, installing the operator from the OperatorHub certified operator is often a better option than this command.

You can also use the edbctl hm alias for this command.

edbctl hybrid-manager upgrade-operator --registry-uri <registry-uri> --registry-username <username> --registry-password <password> [options]

Where options are:

    --registry-uri string        Container registry URI to pull the operator image from (required).
    --registry-username string   Username for authenticating to the container registry (required).
    --registry-password string   Password for authenticating to the container registry (required).
    --registry-insecure          Allow insecure connections to the container registry (for example, self-signed TLS).
    --release-name string        Helm release name to use for the operator chart (default "edb-hcp-operator").
    --namespace string           Kubernetes namespace where the operator is or will be installed (default "edb-hcp-operator-system").
    --set stringArray            Additional Helm chart values to set (for example, --set key=value).
    --timeout duration           Time to wait for the operator release to become ready before rolling back (default 5m0s).
    --verbose                    Show verbose Helm output (chart pull, resource creation, and readiness progress).
-y, --yes                        Auto-confirm all confirmations.
-h, --help                       Help for upgrade-operator.

These examples show how to install or upgrade the operator:

# Install or upgrade the operator directly from EDB Cloudsmith
edbctl hm upgrade-operator --registry-uri docker.enterprisedb.com/pgai-platform --registry-username <edb-cloudsmith-username> --registry-password <edb-cloudsmith-password>

# Install or upgrade the operator from a private registry
edbctl hm upgrade-operator --registry-uri <registry-uri> --registry-username <username> --registry-password <password>

# Install into a custom namespace with a custom Helm release name
edbctl hm upgrade-operator --registry-uri <registry-uri> --registry-username <username> --registry-password <password> --namespace my-operator-ns --release-name my-operator

# Skip TLS verification for a registry with a self-signed certificate
edbctl hm upgrade-operator --registry-uri <registry-uri> --registry-username <username> --registry-password <password> --registry-insecure

# Override additional chart values and extend the readiness timeout
edbctl hm upgrade-operator --registry-uri <registry-uri> --registry-username <username> --registry-password <password> --set hmRegistry.enabled=true --timeout 10m

# Auto-confirm the prompt (non-interactive)
edbctl hm upgrade-operator --registry-uri <registry-uri> --registry-username <username> --registry-password <password> --yes
← Prev

edbctl disaster-recovery

↑ Up

Using edbctl

Next →

edbctl image