Skip to content

Requirements

There are three core set of resources that organizations need to make available for a successful deployment and ongoing operations of the air-gap controller.

  1. Infrastructure
  2. DNS Records
  3. x.509 Certificate (optional)

Infrastructure

Production Deployment

The Highly Available (HA) option is the only recommended option for production deployments.

This table captures the minimum infrastructure requirements to provision and operate both the Kubernetes and the Controller application tech stack.

Requirement Description
Operating System CentOS 7.8, 7.9
Number of Instances FOUR (4)
CPU/Memory MINIMUM 16 CPUs, 64 GB Memory
Root Disk 60 GB
Data Disk 500 GB formatted, attached as data volume
Open Inbound Ports 443/tcp
Inter Node Networking All nodes should be able to communicate via any tcp/udp port

Note

Data storage requirements can vary based on scale of deployments that need to be supported and required data retention periods.


Non Production Deployment

This option is not recommended for production deployments. It may be used for a quick test drive to get a view of what the installation process looks like.

This table captures the minimum infrastructure requirements to provision and operate both the Kubernetes and the Controller application tech stack.

Requirement Description
Operating System CentOS 7.8, 7.9
Number of Instances ONE
CPU/Memory MINIMUM 16 CPUs, 64 GB Memory
Root Disk Min 100 GB
Data Disk Min 500 GB formatted, attached as data volume
Open Inbound Ports 443/tcp

DNS Requirements

The installation of the controller requires "wildcard records". The DNS records for the wildcard FQDN should point to the controller's node IP address.

Example: "*.controller.example.com"

Underneath the covers, the controller exposes a number of unique and distinct endpoints backed by specific services. This microservices architecture allows the controller to scale specific components up and down as required in the deployment.

Note

Contact the support team if you would like us to host the DNS domain for you.


x509 Certificates

All the endpoints exposed by the controller require the use of TLS for secure communications. A Certificate Authority (CA) signed wildcard certificate for the target DNS (e.g. *.controller.example.com) is necessary for production deployments.

If the wildcard certificate is not available, the controller will automatically generate "self-signed" certificates by setting the "generate-self-signed-certs" key to "True" in the config.yaml file during installation.

Note

The self signed certificate option is not recommended if the controller needs to be deployed and operated on a public network.


Optionally, a company logo (size 150 x 100 pixels, ~200KB) in PNG format can be provided for a white labeled experience on the controller's web console.


Email Addresses

The installation also requires below email addresses.

  • An email address for the controller administration user
  • An email address for receiving support emails from the controller.
  • An email address for receiving alerts and notifications (Optional)