Skip to main content

Installation Requirements

This topic describes the requirements for installing applications with Replicated.


This topic does not include any requirements specific to your software vendor. Ensure that you meet any additional requirements for the application defined by your software vendor.

Supported Browsers

The following table lists the browser requirements for the latest Replicated admin console.

Safari (Mac OS only)13+
Internet ExplorerUnsupported

Kubernetes Version Compatibility

Each release of the open source KOTS project maintains compatibility with the current Kubernetes version, and the two most recent versions at the time of its release. This includes support against all patch releases of the corresponding Kubernetes version.

Kubernetes versions 1.22 and earlier are end-of-life (EOL). Kubernetes version 1.23 is nearing EOL. For more information about Kubernetes versions, see Release History in the Kubernetes documentation.

Replicated recommends upgrading to a KOTS version that is compatible with Kubernetes 1.24 and higher.


The app manager is based on the open source KOTS project. The app manager version is the same as the KOTS version. For example, KOTS v1.92 is the same as the app manager v1.92.

KOTS VersionsKubernetes Compatibility
v1.71 and laterv1.25, 1.24, v1.23
v1.66 to v1.70v1.23
v1.61 to v1.65v1.23

Minimum System Requirements

This section describes the minimum system requirements for installing the Replicated admin console on an existing cluster or on an embedded cluster created by the Replicated Kubernetes installer.

Existing Cluster Requirements

To install the admin console on an existing cluster, the cluster must meet the following requirements:

  • Admin console minimum requirements: The admin console requires a minimum of 5GB of disk space on the cluster. This includes 4GB for the object store PersistentVolume and 1GB for the rqlite PersistentVolume. The admin console pod requests 100m CPU resources and 100Mi memory. Existing clusters that have LimitRanges specified must support these values. For more information, see Requirements for Admin Console State.

  • Kubernetes version compatibility: The version of Kubernetes running on the cluster must be compatible with the version of KOTS that you use to install the application. This compatibility requirement does not include any specific and additional requirements defined by the software vendor for the application.

    For more information about the versions of Kubernetes that are compatible with each version of KOTS, see Kubernetes Version Compatibility above.

  • OpenShift version compatibility: For Red Hat OpenShift clusters, the version of OpenShift must use a supported Kubernetes version. For more information about supported Kubernetes versions, see Kubernetes Version Compatibility above.

  • Storage class: The cluster must have an existing storage class available. For more information, see Storage Classes in the Kubernetes documentation.

  • Role-based access control (RBAC): Replicated requires the following RBAC permissions on the cluster:

    • An existing namespace and an RBAC binding that permits the user of the kubectl command-line tool to create workloads, ClusterRoles, and ClusterRoleBindings.

    • cluster-admin permissions to create namespaces and assign RBAC roles across the cluster.

      If the requireMinimalRBACPrivileges property is set to true in the Application custom resource manifest, or if the supportMinimalRBACPrivileges property is set to true in the Application custom resource manifest and the --use-minimal-rbac flag is passed to the kots install command, the app manager does not require the ability to create ClusterRoles and ClusterRoleBindings and uses a namespace-scoped Role and RoleBinding instead. For more information about the Application custom resource, see Application in Custom Resources.

  • Port forwarding: To support port forwarding, Kubernetes clusters require that the SOcket CAT (socat) package is installed on each node.

    If the package is not installed on each node in the cluster, you see the following error message when the installation script attempts to connect to the admin console: unable to do port forwarding: socat not found.

    To check if the package that provides socat is installed, you can run which socat. If the package is installed, the which socat command prints the full path to the socat executable file. For example, usr/bin/socat.

    If the output of the which socat command is socat not found, then you must install the package that provides the socat command. The name of this package can vary depending on the node's operating system.


Root access on nodes or workstations is not required to install an application on an existing cluster.

Kubernetes Installer Cluster Requirements

To install the admin console on an embedded cluster created by the Replicated Kubernetes installer, your environment must meet the following requirements.

Minimum System Requirements

  • 4 CPUs or equivalent per machine.
  • 8GB of RAM per machine.
  • 40GB of disk space per machine.
  • TCP ports 2379, 2380, 6443, 6783, 10250, 10251, and 10252 open between cluster nodes.
  • UDP ports 6783 and 6784 open between cluster nodes.
  • Root access is required.
  • (Rook Only) The Rook add-on version 1.4.3 and later requires block storage on each node in the cluster. For more information about how to enable block storage for Rook, see Block Storage in Rook Add-On in the kURL documentation.

Additional System Requirements

Because the Kubernetes installer is based on the open source kURL project, which is maintained by Replicated, you must meet the additional kURL system requirements when applicable:

  • Supported Operating Systems: For supported operating systems, see Supported Operating Systems in the kURL documentation.

  • kURL Dependencies Directory: kURL installs additional dependencies in the directory /var/lib/kurl and the directory requirements must be met. See kURL Dependencies Directory in the kURL documentation.

  • Networking Requirements: Networking requirements include firewall openings, host firewalls rules, and port availability. See Networking Requirements in the kURL documentation.

  • High Availability Requirements: If you are operating a cluster with high availability, see High Availability Requirements in the kURL documentation.

  • Cloud Disk Performance: For a list of cloud VM instance and disk combinations that are known to provide sufficient performance for etcd and pass the write latency preflight, see Cloud Disk Performance in the kURL documentation.

Firewall Openings for Online Installations

The following domains need to be accessible from servers performing online installations. For a list of IP addresses for these services, see replicatedhq/ips in GitHub.

No outbound internet access is required for air gapped installations.

HostExisting Cluster InstallationEmbedded Cluster InstallationDescription
Docker HubRequiredRequiredSome dependencies of KOTS are hosted as public images in Docker Hub.
proxy.replicated.comRequiredRequiredUpstream Docker images are proxied via The on-prem docker client uses a license ID to authenticate to This domain is owned by Replicated, Inc which is headquartered in Los Angeles, CA.
replicated.appRequiredRequiredUpstream application YAML and metadata is pulled from The current running version of the application (if any) will be sent, in addition to a license ID and an application IDs are sent to to authenticate and receive these YAML files. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.
kots.ioRequiredNot RequiredRequests are made to this domain when you are installing the kots CLI. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.
github.comRequiredNot RequiredRequests are made to this domain when you are installing the kots CLI.
k8s.kurl.shNot RequiredRequiredKubernetes cluster installation scripts and artifacts are served from An application identifier is sent in a URL path, and bash scripts and binary executables are served from This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.
amazonaws.comNot RequiredRequiredtar.gz packages are downloaded from Amazon S3 during embedded cluster installations. For information about dynamically scraping the IP ranges to allowlist for accessing these packages, see AWS IP address ranges in the AWS documentation.