System Requirements (Minimum)
The topic describes the requirements for installing the application on existing Kubernetes Cluster be it EKS, AKS, GKE .
A dedicated cluster is a prerequisite for iceDQ installation, as its architecture is incompatible with single-namespace deployment.
| Item | Requirement |
|---|---|
| Kubernetes Service | Azure Kubernetes Service, Amazon Elastic Kubernetes Service, Google Kubernetes Engine |
| Kubernetes Version | v1.29, v1.28 or v1.27 |
| Cluster Size | 2 Node Cluster |
| CPU Resource | 16 vCPUs per node |
| Memory Resource | 32GB RAM per node |
| Storage Resource | 1TB RWX (Storage Class) |
| Load Balancer | Azure Load Balancer, Amazon Load Balancer, Google Load Balancer |
| Backup Store (Optional) | Azure Blob, AWS S3, Google Cloud Storage |
| External Database (Optional) | Managed Postgres |
- Store backups and snapshot in backup store
- Use LB to access application UI (443) and platform installer UI (8800)
- Map TCP ports
443to32222and8800to8800Kubernetes ports in Load balancer.
Critical Prerequisites
Port Forwarding
To support port forwarding, Kubernetes clusters require that the Socket CAT (socat) package is installed on each node.
If the package is not installed on each node in the cluster, you see the following error message when the installation script attempts to connect to the admin console: unable to do port forwarding: socat not found.
To check if the package that provides socat is installed, you can run which socat. If the package is installed, the which socat command prints the full path to the socat executable file. For example, usr/bin/socat.
If the output of the which socat command is socat not found, then you must install the package that provides the socat command. The name of this package can vary depending on the node's operating system.
RBAC Requirements
The user that runs the installation command must have at least the minimum role-based access control (RBAC) permissions that are required by the app manager. If the user does not have the required RBAC permissions, then an error message displays: Current user has insufficient privileges to install Admin Console.
Currently, the application requires cluster-scoped access. With cluster-scoped access, a Kubernetes ClusterRole and ClusterRoleBinding are created that grant the app manager access to all resources across all namespaces in the cluster.
To install the app manager with cluster-scoped access, the user must meet the following RBAC requirements:
- The user must be able to create workloads, ClusterRoles, and ClusterRoleBindings.
- The user must have cluster-admin permissions to create namespaces and assign RBAC roles across the cluster.
Outbound URL Requirements
Our recommendation is to perform the installation in online mode. For this following domains need to be accessible from servers performing online installations. For a list of IP addresses for these services, see replicatedhq/ips in GitHub.
| Exception | Purpose |
|---|---|
| k8s.kurl.sh | Installation script |
| kurl.sh | Installation script |
| amazonaws.com | Installation script dependencies |
| registry.icedq.com | Container images |
| proxy.icedq.com | Container images |
| get.icedq.com | Installation script |
| icedq.azurecr.io | Container dependency images |
| resource.icedq.com | Installer license verification |
| auth.docker.io | Docker authentication |
| registry-1.docker.io | Docker registry |
| production.cloudflare.docker.com | Docker infrastructure |
Private Registry Requirements
Private registries are required for air gap environments because you push the admin console container images to a private registry during installation. For online environments, it is optional to use private registries.
Make sure that you use a compatible registry. The app manager has been tested for compatibility with the following registries:
- Amazon Elastic Container Registry
- Azure Container Registry
- Docker Hub
- JFrog Artifactory
- Sonatype Nexus
- Harbor
To avoid docker rate limit use a Pro or Team account.
External Database
The application is bundled with a postgreSQL database repository for POC purposes. For production deployment we recommend using external postgreSQL 10.X and above database server.
Embedded database is not accessible from outside the cluster.
Terraform Scripts
To streamline your installation experience, iceDQ offers Terraform scripts for effortless AKS and EKS cluster creation. Submit a request to [email protected] when you're ready to get started.
Limitations
- Changing annotations, labels, resources, node selector, tolerations, or affinity settings for the iceDQ Platform Installer pods is not currently supported.
- The StorageClass for the iceDQ Platform Installer pods is required to be default and cannot currently be changed.
- Multiple iceDQ installs into the same cluster is not currently supported.