Requirements
The pre-requisites for installation of the self hosted controller in Bare Metal/VM environments is described below.
Infrastructure¶
| Requirement | Description |
|---|---|
| Operating System | CentOS 7.9, RHEL 8, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS |
| # Instances | One (1) |
| System Specs | 16 CPU threads, 64 GB RAM or higher |
| Root Disk | 100 GB or higher |
| /tmp | >30 GB, if not part of root disk |
| Data Disk | 500 GB formatted. Attached as /data |
| Networking | Inbound 443/tcp allowed to all instances. All localhost ports reachable |
| DNS | If no DNS, ensure 300053/UDP is reachable |
| Firewall | Disabled in all nodes |
DNS Records¶
Installation of the self hosted controller requires wildcard records as described below. In the example below, replace "company.example.com" with the desired domain. DNS records for the wildcard FQDN should point to the controller nodes’ IP addresses.
*.company.example.com
In case, wildcard DNS is not available, individual records as below are needed.
*.api.company.example.com
console.company.example.com
fluentd-aggr.company.example.com
ops-console.company.example.com
rcr.company.example.com
regauth.company.example.com
*.core.company.example.com
*.core-connector.company.example.com
*.kubeapi-proxy.company.example.com
*.user.company.example.com
*.cdrelay.company.example.com
*.connector.infrarelay.example.com
*.user.infrarelay.example.com
Logo (Optional)¶
Provide a company logo of size less than 200KB in png format for white labeling and branding purposes.
X509 Certificates (Optional)¶
The controller uses TLS for secure communication. As a result, x509 certificates are required to secure all endpoints. Customers are expected to provide a trusted CA signed wildcard certificate for the target DNS (e.g. *.rafay.example.com)
For non-prod/internal to org scenarios, if signed certificates are not available, the controller can generate self-signed certificates automatically. This can be achieved by setting the “generate-self-signed-certs” key to “True” in config.yaml during installation.
Email Addresses¶
The installation also requires below email addresses.
- Super user authentication to the controller’s admin
- Controller support
- Receive alerts and notifications (Optional)
Note: Although not ideal, it is possible to specify the same email address for all three.
Backup and Restore¶
Organizations should have a backup and restore process for their existing bare metal and virtual machine environments. It is recommended that users follow their organization's processes.