Installation Reference
kip install
Installs a production-ready Kubernetes cluster on a remote Linux server.
kip install --host <ip> [flags]Flags
| Flag | Required | Default | Description |
|---|---|---|---|
--host | Yes | — | IP address or hostname of the target server |
--ssh-key | No | ~/.ssh/id_ed25519 | Path to SSH private key |
--domain | No | <ip>.kipper.run | Custom domain for the cluster |
--admin-email | No | admin@skipper.local | Email for Let's Encrypt certificates and the admin account |
--org | No | — | Organisation short code (e.g. labbc), used as namespace prefix |
--org-display-name | No | — | Human-readable organisation name (e.g. Labb Consulting) |
What it installs
Preflight checks
Before installing, Skipper verifies:
- OS: Ubuntu 20.04, 22.04, 24.04, or Debian 11, 12
- CPU: Minimum 2 vCPU (4+ cores recommended)
- RAM: Minimum 4 GB (8 GB recommended, 16 GB for production workloads)
- Disk: Minimum 30 GB free (80 GB+ recommended)
- Ports: 80 (HTTP), 443 (HTTPS), and 6443 (Kubernetes API) must be available
Choosing a server
For production, a dedicated root server with 16 GB RAM, 8 cores, and 512 GB NVMe comfortably runs the full Skipper stack (monitoring, backups, autoscaling) plus several production applications with room to grow.
4 GB works for evaluation and testing but leaves little room for workloads. If you install on a 4-8 GB server, Skipper will warn you and suggest disabling the monitoring stack to free resources.
For comparison, Skipper's requirements are far smaller than enterprise platforms like OpenShift, which typically need 3+ nodes with 16 GB each (48 GB+ total) just for the control plane.
If your server has less than 8 GB RAM, consider disabling the monitoring stack to free ~1-2 GB:
kip monitoring disableSee Observability for details.
Components installed
| Component | Purpose |
|---|---|
| k3s | Lightweight Kubernetes distribution |
| Traefik | Ingress controller and reverse proxy |
| cert-manager | Automatic TLS certificates via Let's Encrypt |
| Longhorn | Distributed persistent storage |
| Dex | Identity provider (OAuth2/OIDC) |
| Prometheus + Grafana | Metrics and dashboards (can be disabled) |
| Loki | Log aggregation (can be disabled) |
| Velero | Backup and restore |
| KEDA | Event-driven autoscaling |
| Skipper Console | Web dashboard for cluster management |
Idempotent
The install command is safe to re-run. If a component is already installed, it will be updated rather than duplicated.
Sharing access with your team
After installing, you can give other developers access to the cluster without sharing SSH keys or server passwords. Export the cluster credentials and send the file to your team:
kip cluster export > my-cluster.kipTeam members import the file and start working immediately:
kip cluster add my-cluster.kip --set-current
kip statusSee Team Access for the full workflow, including managing multiple clusters, database tunnels, and shell access.
kip cluster
Manage cluster configurations on your local machine.
kip cluster export > file.kip # export credentials for sharing
kip cluster add file.kip # import a cluster
kip cluster add file.kip --set-current # import and switch to it
kip cluster list # list all clusters
kip cluster use <name> # switch active cluster
kip cluster remove <name> # remove local configSee Team Access for full documentation.
kip tunnel
Opens a secure tunnel from your machine to a service running in the cluster. Use this to connect desktop database clients (DBeaver, TablePlus, pgAdmin) to databases that are not exposed to the internet.
kip tunnel mydb # PostgreSQL on localhost:5432
kip tunnel cache # Redis on localhost:6379
kip tunnel mydb --local-port 15432 # custom local port| Flag | Required | Default | Description |
|---|---|---|---|
--local-port | No | Same as service port | Local port to listen on |
--project | No | default | Project name |
--environment | No | — | Target environment |
See Team Access for full documentation.
kip exec
Opens an interactive shell or runs a command inside a running container.
kip exec myapp # interactive shell
kip exec myapp -- cat /app/config.yaml # run a single command
kip exec mydb -- psql -U skipper app # SQL session in a database podSee Team Access for full documentation.
kip status
Shows cluster health, node status, and component availability.
kip statuskip node add
Joins a worker node to an existing cluster.
kip node add --host <ip> [--ssh-key <path>]kip node list
Lists all nodes in the cluster with role, status, version, and IP.
kip node listkip auth reset-password
Generates a new admin password, updates Dex, and displays the new credentials.
kip auth reset-passwordThis command requires the kubeconfig stored in ~/.kip/clusters/. Only someone with cluster admin access can run it.
kip app update
Updates the container image for a deployed application and triggers a rolling update.
kip app update api --image ghcr.io/acme/api:v2.1.0| Flag | Required | Description |
|---|---|---|
--image | Yes | New container image |
--project | No | Project name |
--environment | No | Target environment |
kip app scale
Sets the replica count for a deployed application.
kip app scale api --replicas 3| Flag | Required | Description |
|---|---|---|
--replicas | Yes | Number of replicas |
Setting replicas to 0 stops the application without deleting it.
kip app env / kip app secret
Manage environment variables and secrets for an application.
kip app env set api LOG_LEVEL=debug # set env var
kip app env list api # list with values visible
kip app env delete api LOG_LEVEL # remove
kip app secret set api DATABASE_URL # interactive hidden prompt
kip app secret list api # keys only, values masked
kip app secret reveal api DATABASE_URL # show a single value
kip app secret rollback api DATABASE_URL # restore previous value
kip app secret delete api DATABASE_URL # removeSee Secrets & Environment for full documentation.
kip app link / kip app unlink
Connect apps so one can reach another via a URL.
kip app link domain-service api-gateway # internal URL (backend-to-backend)
kip app link domain-service webapp --public # public URL (for frontend apps)
kip app unlink domain-service api-gateway # removes DOMAIN_SERVICE_URLUse --public when linking to a frontend app that runs in the browser. It injects the target's public HTTPS URL instead of the internal Kubernetes DNS.
See Deploying Apps: Linking apps for details.
kip service
Manage stateful services (databases, caches) with persistent storage.
kip service add postgres --name mydb # deploy PostgreSQL
kip service add redis --name cache # deploy Redis
kip service list # list all services
kip service info mydb # show connection details
kip service delete mydb --delete-data # delete (requires flag)See Stateful Services for full documentation.
kip project
Manage projects and environments.
kip project create yourr-name --environments test,acc,prod
kip project create yourr-name --display-name "yourr.name Domain Platform" --environments test,acc,prod
kip project list
kip project delete yourr-nameSee Projects & Environments for full documentation.
kip app promote
Promote an app from one environment to the next (copies the image tag only).
kip app promote api --from test --to acc --project yourr-name
kip app promote --all --from acc --to prod --project yourr-nameSee Projects & Environments for full documentation.
kip job
Run one-off tasks and scheduled jobs.
kip job run --name migrate --image myapp:latest --command "npm run migrate" --project yourr-name --environment test
kip job schedule --name cleanup --image myapp:latest --command "python cleanup.py" --cron "0 3 * * *"
kip job list --project yourr-name
kip job history cleanup
kip job delete cleanupSee Jobs & Scheduled Tasks for full documentation.
kip upgrade
Upgrades Skipper system components (console, console-api) to the latest version. Your apps and services are not affected.
kip upgrade