Requirements
There are three core set of resources that organizations need to make available for a successful deployment and ongoing operations of the air-gap controller.
- Infrastructure
- DNS Records
- x.509 Certificate (optional)
Infrastructure¶
Production Deployment¶
The Highly Available (HA) option is the only recommended option for production deployments.
This table captures the minimum infrastructure requirements to provision and operate both the Kubernetes and the Controller application tech stack.
| Requirement | Description |
|---|---|
| Operating System | CentOS 7.8 and 7.9, RHEL 7.8 |
| Number of Instances | FOUR (4) |
| CPU/Memory | MINIMUM 16 CPUs, 64 GB Memory |
| Root Disk | 100 GB |
| Data Disk | 500 GB formatted, attached as data volume |
| Open Inbound Ports | 443/tcp |
| Inter Node Networking | All nodes should be able to communicate via any tcp/udp port |
Note
Data storage requirements can vary based on scale of deployments that need to be supported and required data retention periods.
Non Production Deployment¶
This option is not recommended for production deployments. It may be used for a quick test drive to get a view of what the installation process looks like.
This table captures the minimum infrastructure requirements to provision and operate both the Kubernetes and the Controller application tech stack.
| Requirement | Description |
|---|---|
| Operating System | CentOS 7.8 |
| Number of Instances | ONE |
| CPU/Memory | MINIMUM 16 CPUs, 64 GB Memory |
| Root Disk | Min 100 GB |
| Data Disk | Min 500 GB formatted, attached as data volume |
| Open Inbound Ports | 443/tcp |
DNS Requirements¶
The installation of the controller requires "wildcard records". The DNS records for the wildcard FQDN should point to the controller's node IP address.
Example: "*.controller.example.com"
Underneath the covers, the controller exposes a number of unique and distinct endpoints backed by specific services. This microservices architecture allows the controller to scale specific components up and down as required in the deployment.
Note
Contact the support team if you would like us to host the DNS domain for you.
x509 Certificates¶
All the endpoints exposed by the controller require the use of TLS for secure communications. A Certificate Authority (CA) signed wildcard certificate for the target DNS (e.g. *.controller.example.com) is necessary for production deployments.
If the wildcard certificate is not available, the controller will automatically generate "self-signed" certificates by setting the "generate-self-signed-certs" key to "True" in the config.yaml file during installation.
Note
The self signed certificate option is not recommended if the controller needs to be deployed and operated on a public network.
Company Logo¶
Optionally, a company logo (size 150 x 100 pixels, ~200KB) in PNG format can be provided for a white labeled experience on the controller's web console.
Email Addresses¶
The installation also requires below email addresses.
- An email address for the controller administration user
- An email address for receiving support emails from the controller.
- An email address for receiving alerts and notifications (Optional)