Kubewall offers multiple installation methods to suit your environment and preferences. Choose the method that works best for you.
After installation, Kubewall is accessible at http://localhost:7080 by default.
Docker Run Kubewall as a Docker container with persistent storage:
docker run -p 7080:7080 -v kubewall:/.kubewall ghcr.io/kubewall/kubewall:latest
To access a local kind cluster, use the --network host Docker flag: docker run --network host -v kubewall:/.kubewall ghcr.io/kubewall/kubewall:latest
Docker with HTTPS Mount your certificates and configure HTTPS:
docker run -p 7080:7080 \ -v kubewall:/.kubewall \ -v $( pwd ) :/.certs \ ghcr.io/kubewall/kubewall:latest \ --certFile=/.certs/kubewall.test+3.pem \ --keyFile=/.certs/kubewall.test+3-key.pem
Helm Deploy Kubewall in your Kubernetes cluster using Helm:
helm install kubewall oci://ghcr.io/kubewall/charts/kubewall -n kubewall-system --create-namespace
With Helm, Kubewall runs on port 8443 with self-signed certificates by default. View the chart configuration for customization options. Helm chart configuration The Helm chart supports extensive configuration options:
Custom values.yaml
Install with custom values
# Example custom configuration replicaCount : 2 resources : limits : cpu : 1000m memory : 1Gi requests : cpu : 500m memory : 512Mi ingress : enabled : true className : "nginx" hosts : - host : kubewall.example.com paths : - path : / pathType : Prefix
Package managers Homebrew (macOS)
Snap (Linux)
Arch Linux
Winget (Windows)
Scoop (Windows)
Install Kubewall on macOS using Homebrew: brew install --cask kubewall/tap/kubewall
Install Kubewall on Linux using Snap: sudo snap install kubewall
Install Kubewall on Arch Linux using yay: Install Kubewall on Windows using Winget: winget install --id=kubewall.kubewall -e
Install Kubewall on Windows using Scoop: scoop bucket add kubewall https://github.com/kubewall/scoop-bucket.git scoop install kubewall
Binary downloads Download pre-compiled binaries for your platform:
Download the multi-architecture binary for macOS: curl -L https://github.com/kubewall/kubewall/releases/latest/download/kubewall_Darwin_all.tar.gz -o kubewall.tar.gz tar -xzf kubewall.tar.gz chmod +x kubewall sudo mv kubewall /usr/local/bin/
Download the binary for your architecture: curl -L https://github.com/kubewall/kubewall/releases/latest/download/kubewall_Linux_x86_64.tar.gz -o kubewall.tar.gz tar -xzf kubewall.tar.gz chmod +x kubewall sudo mv kubewall /usr/local/bin/
Download the executable for your architecture: Extract the zip file and add kubewall.exe to your system PATH. You can also download pre-compiled binaries directly from the Releases page. Setting up HTTPS For production deployments or when running Kubewall in a Kubernetes cluster, HTTPS is recommended.
When not used over HTTP/2, Server-Sent Events (SSE) suffer from a limitation to the maximum number of open connections. Using HTTPS ensures optimal performance. Learn more Using your own certificates Start Kubewall with your SSL/TLS certificates:
kubewall --certFile=/path/to/cert.pem --keyFile=/path/to/key.pem
Creating local trusted certificates with mkcert
Install mkcert
Install mkcert following their installation instructions for your platform.
Generate certificates
Run the following command to generate certificates for local development: mkcert kubewall.test localhost 127.0.0.1 ::1
This creates two files:
kubewall.test+3.pem (certificate)kubewall.test+3-key.pem (private key)
Start Kubewall with HTTPS
Launch Kubewall using the generated certificates: kubewall --certFile=kubewall.test+3.pem --keyFile=kubewall.test+3-key.pem
Custom address and port By default, Kubewall listens on [::]:7080 (all interfaces, IPv6 compatible). You can customize this using the --listen flag.
Bind to all interfaces
Bind to localhost only
Bind to specific interface
Binding to a specific network interface is useful when exposing Kubewall to a known private subnet or container network.
Next steps
Quick start Learn how to access and use Kubewall for the first time
HTTPS Setup Set up secure HTTPS connections