Skip to main content


This is the installation guide for Kubero. It will guide you through the installation of the required components, the Kubero Operator and the Kubero UI.

All these steps can be performed with the Kubero CLI or kubectl. You can download the latest Kubero CLI version from the releases page



Ingress Controller

The Installation of the Ingress Controller depends on your Kubernetes provider. For example, if you are using Kind, you can use the following command:

  kubectl apply -f

For other Kubernetes providers, please use one of the following resources

Metrics Server

The Metrics Server is required for the Kubero UI to display CPU and Memory usage. You can install it with the following command:

  kubectl apply -f

Cert Manager

The Certmanager is requirede to generate and manage TLS certificates.

  kubectl apply -f

Kubero Operator

There are two ways to install Kubero: 1) Minimal installation 2) Full installation with OLM (Operator Lifecycle Manager)

Option 1) Minimal installation

The minimal installation will install the Kubero Operator and the required CRDs. The Kubero UI will be installed on a later step.

  kubectl apply -f

Option 2) Full installation with OLM

The OLM installation will install the Operator Lifecycle Manager and the Kubero Operator. The Kubero UI will be installed on a later step.

OLM (Operator Lifecycle Manager)

kubectl create -f

kubectl create -f

Kubero Operator

kubectl create -f

Kubero UI

The Kubero UI provides an API and a web interface to manage your Kubero installation. Without the Kubero UI, you can still use the Kubero Operator to manage your applications but you will need to use the kubectl to apply the rescources.

Install Kubero UI with the Kubero CLI

kubero install -c kubero-ui

Install Kubero UI with kubectl

These steps are not required if you have installed the Kubero UI with the Kubero CLI.

Crate the namespace

kubectl create namespace kubero

Create the secrets

kubectl create secret generic kubero-secrets \
--from-literal=KUBERO_WEBHOOK_SECRET=$(openssl rand -hex 20) \
--from-literal=KUBERO_SESSION_KEY=$(openssl rand -hex 20) \
-n kubero
GIT_DEPLOYMENTKEY_PUBLICdeprecated(Bug in Operator =< v0.0.70, set to random string)
GIT_DEPLOYMENTKEY_PRIVATE_B64deprecated(Bug in Operator =< v0.0.70, set to random string)
KUBERO_WEBHOOK_SECRETrequiredRandom secret string
KUBERO_SESSION_KEYrequiredRandom secret string
KUBECONFIG_BASE64optionalBase64 encoded Kubeconfig, may contain multiple contexts (required for multi cluster)
KUBERO_USERSoptionalBase64 encoded jsonfile (see Authentication chapter)
GITHUB_PERSONAL_ACCESS_TOKENoptionalPersonal access token for GitHub API
GITEA_PERSONAL_ACCESS_TOKENoptionalPersonal access token for Gitea API

Deploy the Kubero UI

 kubectl apply -f -n kubero

Enable the Kubero Registry


This config requires Kubero Operator >= v0.0.137

This step is optional.

The Kubero Registry is a central place to store and share your CI/CD images. It is required to use the Dockerfile and Nixpacks buildstrategy for your applications.

kubectl edit kuberoes kubero -n kubero

Edit/add the registry section:

enabled: true # creates registry credentials for a external or a local registry (required for build strategy apps)
create: true # spins up a local registry
#host: registry.kubero.svc.cluster.local # works for pushes, but not for pulls. DO NOT USE THIS :( since it requires to configure all nodes ot acceppt this "insecure" registry
#host: # requires a docker account. Might be the best choice when running on a non public domain
host: # will make your images publicly avaialble with a basic auth protection
# create account with:
# docker run --entrypoint htpasswd httpd:2 -Bbn [username] [password]
# (use bcrypt)
username: MyUser
password: MyPassword
port: 443
storage: 1Gi