# Install krane with Homebrew, apk, Nix

Kubernetes deploy tool with rollout verification. Version 3.9.1 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:krane
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install krane
```

  Evidence: local Homebrew formula metadata

### Linux

- apk (92%):

```sh
sudo apk add krane
```

  Evidence: Alpine Linux edge package indexes: krane from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz

- Nix (92%):

```sh
nix profile install nixpkgs#krane
```

  Evidence: nixpkgs package indexes: pkgs/by-name/kr/krane/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:krane
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/krane>
- **Version:** 3.9.1
- **Source summary:** Kubernetes deploy tool with rollout verification
- **Homepage:** <https://github.com/Shopify/krane>
- **Repository:** <https://github.com/Shopify/krane>
- **Upstream docs:** <https://github.com/Shopify/krane#readme>
- **License:** MIT
- **Source archive:** <https://rubygems.org/downloads/krane-3.9.1.gem>
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- krane (cli)
- krane (alias)

## Dependencies

- kubernetes-cli
- ruby

## Uses from macOS

- libffi

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 3.9.1
- Local data: ok
- Upstream repository: https://github.com/Shopify/krane
- info: No package-manager update timestamp was available.
- info: No cached GitHub release or tag data was available.
## Project history and usage

krane is Shopify's Kubernetes deployment CLI with rollout verification. It occupies the space between raw kubectl apply and heavier deployment systems by giving CI/CD jobs a clearer pass/fail answer and debug context.

### Project history

The project began publicly as Shopify's kubernetes-deploy tooling; the GitHub repository was created on 2017-01-17. Its README explains that krane wraps kubectl apply rather than replacing Kubernetes primitives, with rollout watching, failure diagnostics, predeploy phases, EJSON secret handling, render, run, restart, and global-deploy commands.

The 1.0 migration guide documents the rename from kubernetes-deploy to krane at version 1.0.0. That release redesigned the CLI, renamed the Ruby namespace, moved metrics to the krane prefix, and split behavior such as rendering and global resources into clearer commands.

### Adoption history

Shopify used krane with its open-source Shipit deployment application, which made the tool visible as part of Shopify's Kubernetes deployment story. Packaging through RubyGems and Homebrew made it usable both as a Ruby library/tool and as a standalone CLI in developer and CI environments.

### How it is used

A typical krane deploy command targets an application namespace and Kubernetes context, using kubeconfig credentials from $KUBECONFIG or ~/.kube/config. For Google Cloud authentication, the README documents $GOOGLE_APPLICATION_CREDENTIALS as an additional credentials source.

krane is commonly used where a deploy job needs to apply manifests, wait for workload rollout, print actionable failure information, and optionally run one-off tasks or render templates before deploy.

### Why package nerds care

krane is a useful packaging example because it is a Ruby-origin Kubernetes tool that installs like a CLI but delegates core state changes to kubectl and kubeconfig. Its history also shows a clean package rename from a descriptive old name to a shorter executable and namespace.

### Timeline

- 2017-01-17: The Shopify krane repository was created.
- 2019-11-18: Version 1.0.0 committed the rename from kubernetes-deploy to krane.
- 2024-01-29: Version v3.4.1 was published on GitHub.

### Related projects

- kubectl is the deployment primitive krane uses underneath. Shopify Shipit is the related deployment application named in the README. EJSON is related through krane's encrypted Kubernetes secret workflow.

### Sources

- <https://github.com/Shopify/ejson>
- <https://github.com/Shopify/krane>
- <https://github.com/Shopify/krane/blob/main/1.0-Upgrade.md>
- <https://github.com/Shopify/krane/releases/tag/v3.4.1>
- <https://github.com/Shopify/shipit-engine#kubernetes>


## Security Notes

infrastructure mutation or orchestration signal.

- **Geiger risk:** orange / medium
- infrastructure mutation or orchestration signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Credential files

- Unix: $KUBECONFIG, ~/.kube/config, $GOOGLE_APPLICATION_CREDENTIALS
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** krane
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Nix - krane: normalized package name match | nixpkgs package indexes: pkgs/by-name/kr/krane/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- apk - krane - 0.20.7-r4: normalized package name match | Alpine Linux edge package indexes: krane from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Drop-in replacement for crane with built-in cloud workload identity auth | https://github.com/google/go-containerregistry/tree/main/cmd/krane


## Related links

- [Cloud CLI packages](https://www.automicvault.com/pkg/cloud-clis/) - Belongs to a cloud or infrastructure command family.
- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [kubernetes-cli](https://www.automicvault.com/pkg/brew/kubernetes-cli/) - Runtime dependency declared by Homebrew.
- [ruby](https://www.automicvault.com/pkg/brew/ruby/) - Runtime dependency declared by Homebrew.
- [helmfile](https://www.automicvault.com/pkg/brew/helmfile/) - Shares av.db curated category or tags: cli, cloud-infrastructure, deployment, kubernetes.
- [helmsman](https://www.automicvault.com/pkg/brew/helmsman/) - Shares av.db curated category or tags: cli, cloud-infrastructure, deployment, kubernetes.
- [nelm](https://www.automicvault.com/pkg/brew/nelm/) - Shares av.db curated category or tags: cli, cloud-infrastructure, deployment, kubernetes.
- [helm](https://www.automicvault.com/pkg/brew/helm/) - Shares av.db curated category or tags: cli, cloud-infrastructure, deployment, kubernetes.
- [ko](https://www.automicvault.com/pkg/brew/ko/) - Shares av.db curated category or tags: cli, cloud-infrastructure, deployment, kubernetes.
- [werf](https://www.automicvault.com/pkg/brew/werf/) - Shares av.db curated category or tags: cli, cloud-infrastructure, deployment, kubernetes.
- [aws-elasticbeanstalk](https://www.automicvault.com/pkg/brew/aws-elasticbeanstalk/) - Shares av.db curated category or tags: cli, cloud-infrastructure, deployment.
- [bosh-cli](https://www.automicvault.com/pkg/brew/bosh-cli/) - Shares av.db curated category or tags: cli, cloud-infrastructure, deployment.

## Combined YAML source

View the package source record on GitHub. [combined/krane.yml](https://github.com/automic-vault/db/blob/main/combined/krane.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
