by NLnet Labs

Version 0.8.1

OS Ubuntu 18.04



The Krill 1-Click App brings together all of the puzzle pieces needed to administer and run an RPKI Certificate Authority and publication server in the DigitalOcean cloud. The Krill 1-Click App allows you to easily set up Delegated RPKI with one or more Regional or National Internet Registries and seamlessly manage ROAs for all address space as a single pool. This 1-Click App allows publishing ROAs yourself using the included NGINX and rsync servers, or lets you publish with a third party.

Designed to meet your availability and capacity needs, whether big or small, this 1-Click App builds on Docker and Gluster to scale from the smallest DigitalOcean Droplet to a fleet of Droplets behind a DigitalOcean Load Balancer adding availability and capacity for both RRDP and rsync clients, or take RRDP to the max with Content Delivery Network edge caching of RRDP content.

Get insights by streaming metrics from the provided Prometheus endpoints to DigitalOcean Prometheus Kubernetes and by using Fluentd outputs to send logs to targets such as DigitalOcean Spaces or a log analysis provider of your choice.

Get the simplicity and flexibility you need by using the provided Krill Manager wizard to get you quickly up and running using an optional, automatically managed Let's Encrypt TLS certificate.

Software Included

Getting started after deploying Krill

An introduction video demonstrates how to run Delegated RPKI under a Regional Internet Registry with the Krill 1-Click App in just 6 minutes. Detailed instructions are available in the Krill Manager manual.

Quick instructions for a single Droplet

  • Create the 1-Click Droplet.
  • Configure DNS to point one or more A records at the Droplet IP address.
  • SSH to the Droplet as user root.
  • Run the setup wizard with this command: krillmanager init.
  • Follow the on-screen prompts.


Professional support services are available for Krill, offering premium support, consultancy hours, early security warnings under non-disclosure, as well as priority feature requests. For all other clients support will be on a best-effort basis only. Please report any issues via the GitHub issue tracker.

API Creation

In addition to creating a Droplet from the Krill 1-Click App via the control panel, you can also use the DigitalOcean API.

As an example, to create a 4GB Krill Droplet in the SFO2 region, you can use the following curl command. You’ll need to either save your API access token to an environment variable or substitute it into the command below.

  curl -X POST -H 'Content-Type: application/json' \
       -H 'Authorization: Bearer '$TOKEN'' -d \
      '{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image":"nlnetlabs-krill-18-04"}' \

Support Details

Supported By:NLnet Labs
Hours:0900-1800 Central European Time
Support URL: