Versions Compared

Version Old Version 24 New Version Current
Changes made by

Space Sync for Confluence

Space Sync for Confluence

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Key Requirements

Info

We use Kubernetes, an open-source container orchestration system to manage our applications.

...

At the moment the only Kubernetes distribution supported is K3s (click here for the official documentation) by Suse Linux for both on-premise and cloud deployments.

The minimum requirements for the Kubernetes cluster is a single node (1 virtual machine) with the following specs:

Synergy

CPU cores (x86_64 processor with speed of 2.2 GHz or more)

EDC

Focus

Enterprise (Synergy + Focus)

DDC / DSPM

EDC + DDC + DSPM

CPU

8 cores

16 cores

20 cores

⚠️ The CPU must support the instructions SSE4.1, SSE4.2, AVX, AVX2, FMA

8

16

20

RAM

.

Only x86_64 architecture is supported. Minimum CPU speed is 2.2 GHz

Memory

32GB

64GB

80GB

Free SDD disk space
⚠️ K3s will be installed in /var

500GB

600GB

700GB

OS

We recommend Ubuntu 20.04 LTS Server (Focal Fossa), but you can also use RHEL 8.6, CentOS 7.9 or Suse Linux 15.3.
⚠️ If you are using CentOS or RHEL please refer to the official K3s documentation and our troubleshooting guide for additional setup.

Storage

500GB

Min available inodes for ext4: 32M

600GB

Min available inodes for ext4: 39M

700GB

Min available inodes for ext4: 45M

Storage and partition details

  • only SSD storage is supported

  • SWAP must be disabled

  • / rootrequires at least 20GB

    /var requires at least 20GB

    /var/lib/rancher requires at least 500GB (in case of EDC, use the correct disk space according to the type of deployment shown above).
    /tmp requires at least 75GB

  1. if neither /var nor /var/lib/rancher /tmp is specifically assigned to a partition you must assign the full 500GB to root

  2. if /var is specifically assign to a partition but /var/lib/rancher is not, then you must assign the 500GB to /var

  3. if /var/lib/rancher is specifically assign to a partition but /var is not, then you must assign the 500GB to /var/lib/rancher

Operating System

Ubuntu 20.04 LTS Server is recommended, other supported operating systems include:

  • Ubuntu 22.04, 24.04

  • RHEL 8.8, 8.10, 9.2 and 9.4

  • Suse Linux 15.5

Only Server edition versions are supported. No Desktop Environment installed. No other linux distributions are supported.

Note

Root access to the server is

required

necessary during the deployment process and may also be required for support tickets

/

and troubleshooting.

Please ensure that the service user account accessing the server

, will be

and deploying the K3s installer has sudo

privilege

privileges to access and run the installer

from the

as root.

Firewall

The K3s server needs port

  • Port 443/TCP to be open to allow the clients to access

Synergy/Focus

  • dashboard and API

.Outbound internet access: In order to download the

  • To download application artifacts (Docker images and binaries), updates, and configuration files, the cluster

needs

  • requires a public internet connection with a minimum download speed of 40 Mbps

or more

  • and an upload speed of 8 Mbps

or more. To speed up the initial setup process it is recommended to have

  • . For a faster initial setup, a download speed of 100 Mbps or more is recommended.

K3s version support

1.23, 1.24

Installation

...

, 1.26

Other requirements

  • Domain Name Service (DNS) with public name resolution enabled

  • Network Time Protocol (NTP)

...

  • service configured

  • Internet access to a network-based repository for software update packages

...

  • Fixed private IPv4 address

  • Unique static hostname

...

As root run the following command to install K3s

...

For hardened systems, see: Deploying Product in CIS hardened OS or K3s

When deploying using RHEL / CentOS / Suse:

When deploying using Ubuntu:

  • disable ufw, systemd-resolved, apparmor

  • /var partition should not have noexec flag

Installation

If using proxy, please run this before using curl:

Code Block
export http_proxy="$PROXY_IP"
export https_proxy="$PROXY_IP"
Info

When running k3s.sh script you need to provide product name in a form of PRODUCT_NAME argument.

Allowed product names are: synergy focus dspm enterprise ultimate

If you want to ensure the environment meets all the prerequisites, you can use ONLY_PRECHECK=true argument, so your for checking against enterprise requirements will look like:

Code Block
languagebash
curl -sfL https://assets.master.k3s.getvisibility.com/k3s/k3s.sh | \
INSTALL_K3S_VERSION="v1.26.10+k3s1" K3S_KUBECONFIG_MODE="644" PRODUCT_NAME=enterprise ONLY_PRECHECK=true sh -s - server --node-name=local-01
Note

You need to be logged as a root user to perform installation.

Tip

Here is the syntax for the k3s.sh installer to perform full prerequisites check and start the installation of ultimate product:

Code Block
languagebash
curl -sfL https://assets.master.k3s.getvisibility.com/k3s/k3s.sh | \
INSTALL_K3S_VERSION="v1.
24
26.
9
10+
k3s2
k3s1" K3S_KUBECONFIG_MODE="644" PRODUCT_NAME=ultimate sh -s - server --node-name=local-01
Info

We provide a number of optional switches to use with k3s.sh installer, check below what functionality they offer.

Argument

Description

SKIP_PRECHECK=true

to skip all built in checks

SKIP_SYSTEM_CHECKS=true

to skip hardware checks

SKIP_NETWORK_CHECKS=true

to skip connectivity checks

ONLY_PRECHECK=true

will run precheck only and stop after that

...

Run the kubectl registration command:

Note

The command below is just an example, it will not work during deployment. For direct customers, Customer Support Team will provide the registration command, otherwise you should have been provided registration command in the Welcome Email.

...

  1. Costs — K3s is 100% open source and there’s no need to pay for any expensive licenses.

  2. Less setup overhead — a lot of time is saved when setting up a new environment because you don’t need to go through a lengthy process of acquiring extra licenses based on how many CPU cores you have. Also, K3s can be installed using only one command.

  3. It supports many Linux distros K3s supports popular Linux distributions including open source ones, it can also run both on-premise and in the cloud (AWS, Azure, GCP).

  4. It’s fast and lightweight K3s is packaged as a single <100MB binary and its lightweight architecture makes it faster than stock Kubernetes for the workloads that it runs.

  5. Easy to update — Thanks to its reduced dependencies.

  6. Batteries included — CRI, CNI, service load balancer, and ingress controller are included.

  7. Smaller attack surface — Thanks to its small size and reduced amount of dependencies.

  8. Certified — K3s is an official CNCF project that delivers a powerful certified Kubernetes distribution.

  9. Flexible — you can run K3s using single-node or multi-node cluster setup.

Proxy settings

Info

Replace $RESELLER_NAME with the name of the Rancher management server you’ll be registered to.
You can find it in the registration command you received, e.g: https://rancher.CLUSTERNAME.k3s.getvisibility.com/v3/import/....

Note

The settings below are only valid for clusters that have Secure mode enabled.

If your proxy is configured to intercept/inspect HTTPS traffic on the fly, then make sure the following hosts are bypassed (not intercepted):

...

Network settings

Your network should be configured to allow the following public urls to be accessible over port 443 (HTTPS) and HTTPS traffic is bypassed (NOT intercepted):

Code Block
https://assets.master.k3s.getvisibility.com

...

 (Custom K3s installation files)
https://

...

images.

...

master.k3s.getvisibility.com

...

 (Private Docker registry)
https://

...

charts.master.k3s.getvisibility.com

...

Your internal proxy should be configured to allow the following public urls to be accessible over port 443 (HTTPS):

Code Block
 (Private Helm registry)
https://assetsapi.master.k3s.getvisibility.com (Custom K3s installation files)
Priva
https://imagesrancher.master.k3s.getvisibility.com (PrivateRancher Dockermanagement registryserver)
https://chartsrancher.master$RESELLER_NAME.k3s.getvisibility.com (Private Helm registry)
Rancher management server, where $RESELLER_NAME is Getvisibility for direct customers)

https://prod-eu-west-1-starport-layer-bucket.s3.eu-west-1.amazonaws.com (Docker registry AWS CDN)
https://rpm.rancher.io (Rancher RPM repo for configuring SELinux packages on RHEL or CentOS)
https://api.master.k3s.getvisibility.com (Private API server)
https://rancher.$RESELLER_NAME.k3s.getvisibility.com (Rancher management server)
Info

For Helm-based installation you only need the first five from the above list.

For more details on how to configure Rancher behind a proxy click here.

...