The pre-requisites for installation of the self hosted controller in Bare Metal/VM environments is described below.
|Operating System||CentOS 7.9 OR Ubuntu 20.04 LTS|
|# Instances||One (1)|
|System Specs||16 CPUs, 64 GB RAM or higher|
|Root Disk||100 GB or higher|
|/tmp||>30 GB, if not part of root disk|
|Data Disk||500 GB formatted. Attached as /data|
|Networking||Inbound 443/tcp allowed to all instances. All localhost ports reachable|
|DNS||If no DNS, ensure 300053/UDP is reachable|
|Firewall||Disabled in all nodes|
Installation of the self hosted controller requires wildcard records as described below. In the example beelow, replace "company.example.com" with the desired domain. DNS records for the wildcard FQDN should point to the controller nodes’ IP addresses.
In case, wildcard DNS is not available, individual records as below are needed.
*.api.company.example.com console.company.example.com fluentd-aggr.company.example.com ops-console.company.example.com rcr.company.example.com regauth.company.example.com *.core.company.example.com *.core-connector.company.example.com *.kubeapi-proxy.company.example.com *.user.company.example.com *.cdrelay.company.example.com
Provide a company logo of size less than 200KB in png format for white labeling and branding purposes.
X509 Certificates (Optional)¶
The controller uses TLS for secure communication. As a result, x509 certificates are required to secure all endpoints. Customers are expected to provide a trusted CA signed wildcard certificate for the target DNS (e.g. *.rafay.example.com)
For non-prod/internal to org scenarios, if signed certificates are not available, the controller can generate self-signed certificates automatically. This can be achieved by setting the “generate-self-signed-certs” key to “True” in config.yaml during installation.
The installation also requires below email addresses.
- Super user authentication to the controller’s admin
- Controller support
- Receive alerts and notifications (Optional)
Although not ideal, it is possible to specify the same email address for all three.