Installation¶
Version
By default the installer deploys the latest available version. To pin a specific release, add --version vX.Y.Z.
Quick Install¶
Verify:
Installer Reference¶
Required flags (install/upgrade mode)¶
| Flag | Description |
|---|---|
--token TOKEN |
GHCR token (PAT with read:packages scope) |
--license-key KEY |
SLOpilot license key |
Required flags (template mode)¶
| Flag | Description |
|---|---|
--token TOKEN |
GHCR token for chart pull |
Note: --license-key is not required in template mode.
Optional flags¶
| Flag | Default | Description |
|---|---|---|
--version VERSION |
Latest | Version to deploy (e.g., v1.2.0) |
--namespace NAME |
slopilot |
Target Kubernetes namespace |
--values FILE |
— | Extra Helm values file (repeatable) |
--token-file FILE |
— | Read token from file (mutually exclusive with --token) |
--license-key-file FILE |
— | Read license key from file (mutually exclusive with --license-key) |
--template |
— | Render manifests to stdout; do not deploy |
--yes |
— | Skip confirmation prompt |
--help, -h |
— | Show help |
Verifying the Installation¶
After a successful install, confirm all pods are running and access the UI:
# Watch pods come up
kubectl get pods -n slopilot -w
# Port-forward to access the UI
kubectl port-forward -n slopilot svc/slopilot-rightsizing 8080:80
# Open in browser
open http://localhost:8080
Template Mode¶
Template mode renders the full set of Kubernetes manifests to stdout without deploying anything to a cluster. This is useful for reviewing what will be applied, auditing changes before rollout, or feeding output into a GitOps pipeline.
curl -fsSL -o slopilot-install.sh https://slopilot.eu/install.sh
chmod +x slopilot-install.sh
./slopilot-install.sh \
--token <ghcr-token> \
--template > manifests.yaml
--license-key is not required in template mode. The rendered output can be piped directly to kubectl apply -f - or committed to a GitOps repository.
Using Custom Values Files¶
Pass --values one or more times to layer additional Helm values on top of the defaults:
./slopilot-install.sh \
--token <ghcr-token> \
--license-key "SLOPILOT-XXXX" \
--values my-overrides.yaml
Restricted overrides
Values files must not contain nameOverride or fullnameOverride. These keys break secret name resolution and the installer will reject them with an error.
Reading Credentials from Files¶
For automation and CI/CD pipelines, credentials can be read from files instead of being passed on the command line:
./slopilot-install.sh \
--token-file ./secrets/ghcr-token \
--license-key-file ./secrets/license-key
--token and --token-file are mutually exclusive. The same applies to --license-key and --license-key-file.
What the Installer Does¶
The installer performs five steps in order:
-
Validates inputs — checks that all required flags are present, verifies that
helmandkubectlare available inPATH, tests connectivity to the target cluster, and performs RBAC preflight checks to confirm the calling user has sufficient permissions. -
Creates the namespace — applies
kubectl create namespace <namespace>using--dry-run=client | kubectl apply -f -, making the operation idempotent. -
Creates Kubernetes secrets:
{release}-license— stores the license key supplied via--license-key(or--license-key-file).{release}-users— stores the JWT signing secret used for user authentication. Preserved across upgrades.registry-pull-secret— Docker registry credentials for pulling images fromghcr.io.
-
Authenticates to the Helm OCI registry — logs into
ghcr.iousing the supplied token to pull the Helm chart. -
Runs
helm upgrade --install— deploys the chart with--atomic, which automatically rolls back to the previous revision if the new release fails its health checks.
Upgrading¶
Re-run the installer. Existing secrets and data are preserved automatically. Omit --version to upgrade to the latest available release, or specify it to pin a version.
curl -fsSL https://slopilot.eu/install.sh | bash -s -- \
--yes \
--token <ghcr-token> \
--license-key "SLOPILOT-XXXX" \
--version vNEW.VERSION
Key points:
- The JWT signing secret is read from the existing Kubernetes Secret and preserved unchanged.
- The
--atomicflag ensures the cluster is automatically restored to the previous revision if the new release fails health checks. - Downtime is limited to the pod restart; the chart uses a Recreate deployment strategy.
Rolling Back¶
# View release history
helm history slopilot-rightsizing -n slopilot
# Roll back to the previous revision
helm rollback slopilot-rightsizing -n slopilot
Migration from Static Manifests¶
If you previously deployed SLOpilot using a generated YAML manifest (kubectl apply), follow these steps to migrate to a Helm-managed deployment.
Back up your data before migration
-
Identify your namespace and release name from the existing manifest metadata.
-
Remove
NamespaceandPersistentVolumeClaimobjects from your manifest to preserve your data: -
Delete the old resources (this preserves the namespace and PVCs):
-
Clean up cluster-scoped resources:
-
Install via Helm (use
--release-nameto match your existing release name if it differs from the defaultslopilot-rightsizing):
Your data (user accounts, monitoring configuration) is preserved in the existing PersistentVolumeClaim.
Uninstalling¶
PersistentVolumeClaims are retained
Both the application data PVC and the Prometheus data PVC are annotated with helm.sh/resource-policy: keep. They are not deleted when you uninstall the Helm release. To remove them manually:
To also remove the namespace: