Skip to main content

Installing in an Online (Internet-connected) Environment

You can install an application to an existing Kubernetes cluster that contains nodes that can access the internet. In an online installation, the Replicated app manager pulls container images from the upstream registries directly.

Install with the App Manager

To start, run the command that was provided by the application vendor:

kubectl kots install application-name

With KOTS v1.67.0 and later, you can install a specific version of the application. Use the app-version-label flag and the version label for a particular version of your vendor's application. Example: kubectl kots install application-name --app-version-label=3.1.0.

The kubectl plugin will walk you through the necessary steps to install the application:

$ kubectl kots install application-name
Enter the namespace to deploy to: application-name
• Deploying Admin Console
• Creating namespace ✓
• Waiting for datastore to be ready ✓
Enter a new password to be used for the Admin Console: ••••••••
• Waiting for Admin Console to be ready ✓

• Press Ctrl+C to exit
• Go to http://localhost:8800 to access the Admin Console

After this has completed, the kots CLI plugin will create a port-forward to the Replicated admin console interface. The admin console API and Web server are exposed over a ClusterIP service in the namespace provided. The port-forward will be active as long as the CLI is running. Pressing Ctrl+C will end the port forward.

After this has completed, click the link, or visit http://localhost:8800 to complete the setup using the admin console web-based UI.

Set up the Application

At this point, visit http://localhost:8800 to complete the setup of the application.

Unlock the Admin Console

Secure Console

Enter the password provided during the setup, and you'll be redirected to the "Upload License" screen.

Provide a License File

At this point, the admin console is still just an admin console without an application. Providing a license file will include the entitlements necessary to pull the manifest and images and start the application. If the license is outdated, the latest license will be fetched and used instead.

Upload License

After the license file is installed, if air gapped installations are enabled, an option will be presented to proceed with an air gapped setup.

Configure the Application

Most applications include some required and some optional configuration. This is used to build the final deployable Kubernetes manifests for the application.

The admin console configuration screen prompts for initial values to use in the application. These can be changed later, but must be completed to continue.

Initial Config

Pass Preflight Checks

The app manager runs preflight checks (conformance tests) against the target namespace and cluster to ensure that the environment meets the minimum requirements to support the application.

Preflight Checks

Resolve strict preflight checks

When one or more strict preflight checks are present, the application deployment is blocked until these strict checks are run. Strict preflight checks must not contain failures and block the release from being deployed until the failures are resolved. Strict preflight checks help enforce that vendor-specific requirements are met before the application is deployed.

Resolve role-based access control checks

When the installation uses minimal role-based access control (RBAC), the app manager recognizes if the preflight checks failed due to insufficient privileges.

Run Preflight Checks Manually

When this occurs, a kubectl preflight command is displayed that you must run manually in the cluster to run the preflight checks. When the command runs and completes, the results are automatically uploaded to the app manager.


curl | bash
kubectl preflight secret/<namespace>/kotsadm-<appslug>-preflight

Specify proxies

When installing behind a proxy, the admin console needs to be able to use the proxy to communicate with the APIs on the internet as well as local services.

Both the kots install and kots pull CLI commands provide arguments to specify proxy settings for the admin console containers.

If either http-proxy or https-proxy is specified, no-proxy should also be specified. The no-proxy string should include all localhost addresses as well as the local network and Kubernetes cluster CIDRs.

For example:

kubectl kots install app --http-proxy \
--no-proxy localhost,,,

If the copy-proxy-env flag is specified, proxy settings will be read from the environment of the shell where the kots command is running.

For more information, see install and pull in the kots CLI documentation.