Installer Preflights

The kURL installer runs several preflight checks to detect problems with the target environment early in the installation process.

These are system requirements for the admin processes running behind the Waydev application itself.

The system requirements for the Waydev application are listed later in this document.

Checks Run on All Nodes

The following checks run on all nodes where kURL is installed:

  • The installer is running on a 64-bit platform.

  • The installer is running on a supported OS.

  • Swap is disabled.

  • Docker is not being installed on EL 8.

  • Firewalld is disabled.

  • SELinux is disabled.

  • At least one nameserver is accessible on a non-loopback address.

  • TCP ports 10248 and 10250 are available for kubelet.

  • TCP port 10257 is available for the kube controller manager.

  • TCP port 10259 is available for the kube scheduler.

  • At least 4 GiB of memory is available. (Warn when less than 8GiB).

  • /var/lib/kubelet has at least 30GiB total space and is less than 80% full. (Warn when more than 60% full).

  • The server has at least 2 CPUs. (Warn when less than 4 CPUs).

  • The system clock is synchronized and the time zone is set to UTC.

Initial Primary

These checks run only on new installs on primary nodes:

  • TCP port 6443 is available for the Kubernetes API server.

  • TCP ports 2379, 2380 and 2381 are available for etcd.

  • The load balancer address is propery configured to forward TCP traffic to the node. (This check only runs on the first primary).

  • 99th percentile filesystem write latency in the etcd data directory is less than 20ms. (Warn when more than 10ms). See cloud recommendations.

Join

These checks run on all primary and secondary nodes joining an existing cluster:

  • Can connect to the Kubernetes API server address.


Add-on preflights

Weave

  • All existing nodes in the cluster can be reached on TCP port 6783.

  • TCP ports 6781, 6782 and 6783 are available on the current host.

OpenEBS

  • If using block storage, check that at least one block device is available with a minimum size of 10GiB.

Prometheus

  • TCP port 9100 is available for the node exporter.

Longhorn

  • /var/lib/longhorn has at least 50GiB total space and is less than 80% full. (Warn when more than 60% full).

Docker

  • /var/lib/docker has at least 30GiB total space and is less than 80% full. (Warn when more than 60% full).


Supported OS

  • Ubuntu 16.04 (Kernel version >= 4.15)

  • Ubuntu 18.04 (Recommended)

  • Ubuntu 20.04 (Docker version >= 19.03.10)

  • CentOS 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8.1, 8.2, 8.3, 8.4 (CentOS 8.x requires Containerd)

  • RHEL 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8.1, 8.2, 8.3, 8.4 (RHEL 8.x requires Containerd)

  • Oracle Linux 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8.1, 8.2, 8.3, 8.4 (OL 8.x requires Containerd)

  • Amazon Linux 2


System Requirements

The Waydev application runs many different processes in the background that are fairly resource-intensive. Because of this, we recommend the following system requirements for a bare-metal server or virtual machine:

  • A minimum of 8 CPU cores, recommended 16 CPU cores or more

  • A minimum of 32 GB of RAM, with a recommended amount of 64GB or more

  • TCP ports 10251 and 10252 open between cluster nodes

  • UDP ports 6783 and 6784 open between cluster nodes

  • A minimum of 100 GB of disk space for the main system (this is only for the root directory that contains the application data, and it is different from the storage needed for repository data)

  • A directory (or mounted volume) on the host for repository data. See Calculating Required Storage below.

Trial Tip: An EC2 m4.2xlarge should provide enough CPU and RAM resources to get you started with a trial install.

Calculating Required Storage

A minimum of 64 GB of storage is recommended for the repository work directory. However, this is just a guess based on the average size of customer data. To truly calculate how much storage you require, you should perform the following tasks:

  • For each repository you intend to analyze with Waydev, locate its current size

  • Sum them all together

  • Add 25% for growth

We strongly recommend that the directory used be something that can be easily exchanged or grown. However, it does not need to be "permanent" storage. It can be ephemeral.

Trial Tip: A 100 GB EBS volume should provide enough space to get you started with a trial install.

kURL Dependencies Directory

kURL will install additional dependencies in the directory /var/lib/kurl/. These dependencies include utilities as well as system packages and container images. This directory must be writeable by the kURL installer and must have sufficient disk space (5 GB).


Networking Requirements

Firewall Openings for Online Installations

The following domains need to accessible from servers performing online kURL installs. IP addresses for these services can be found in replicatedhq/ips.

Host

Description

amazonaws.com

tar.gz packages are downloaded from Amazon S3 during embedded cluster installations. The IP ranges to allowlist for accessing these can be scraped dynamically from the AWS IP Address Ranges documentation.

k8s.kurl.sh

Kubernetes cluster installation scripts and artifacts are served from kurl.sh. Bash scripts and binary executables are served from kurl.sh. This domain is owned by Replicated, Inc which is headquartered in Los Angeles, CA.

No outbound internet access is required for airgapped installations.

Host Firewall Rules

The kURL install script will prompt to disable firewalld. Note that firewall rules can affect communications between containers on the same machine, so it is recommended to disable these rules entirely for Kubernetes. Firewall rules can be added after or preserved during an install, but because installation parameters like pod and service CIDRs can vary based on local networking conditions, there is no general guidance available on default requirements.

The following ports must be open between nodes for multi-node clusters:

Primary Nodes

Protocol

Direction

Port Range

Purpose

Used By

TCP

Inbound

6443

Kubernetes API server

All

TCP

Inbound

2379-2380

etcd server client API

Primary

TCP

Inbound

10250

kubelet API

Primary

TCP

Inbound

6783

Weave Net control

All

UDP

Inbound

6783-6784

Weave Net data

All

Secondary Nodes

Protocol

Direction

Port Range

Purpose

Used By

TCP

Inbound

10250

kubelet API

Primary

TCP

Inbound

6783

Weave Net control

All

UDP

Inbound

6783-6784

Weave Net data

All

These ports are required for Kubernetes and Weave Net.

Ports Available

In addition to the ports listed above that must be open between nodes, the following ports should be available on the host for components to start TCP servers accepting local connections.

Port

Purpose

2381

etcd health and metrics server

6781

weave network policy controller metrics server

6782

weave metrics server

10248

kubelet health server

10249

kube-proxy metrics server

9100

prometheus node-exporter metrics server

10257

kube-controller-manager health server

10259

kube-scheduler health server

It is recommended that it be able to connect to port HTTPS/443 on external addresses for access to installer files during the install and later for updates. This, obviously, could be scheduled to coincide with your maintenance schedules.

For data analysis, your Waydev Enterprise system must have access to your Git repositories and your ticket system. The following ports should be allowed to those instances:

  • HTTP/80 and HTTPS/443: This should be the standard ports where your Git repository and ticket system server data for both Git data and API information.

  • SSH: Most Git vendors also allow for SSH download of the repositories they serve. This is sometimes port 22 and sometimes port 7999 or a custom port.

For access to the system itself by your users, it also requires the following ports be open to internal users:

  • HTTP/80: This must be open for internal health-check pings.

  • HTTPS/443: This must be open for users to use the interface.

  • HTTPS/8800: This port is used to reach the administration interface with a web browser. It does not have to be open to general users, but must be available to system administrators.

  • SSH/22: System administrators will need access to SSH on the server instance running Waydev Enterprise for occasional updates and maintenance.

Trial Tip: Talk to your Network Administrator and find out where Waydev should be located on your network and how it will communicate with your repositories, ticketing system, and users.


Database Requirements

Waydev Enterprise requires a MySQL database that meets the following specifications:

  • Version 5.7.19

  • A minimum of 2 CPU cores, recommended 4 CPU cores or more

  • A minimum of 8 GB of RAM

Trial Tip: We recommend using the embedded database during the trial. The database can be migrated to RDS later.


E-mail Server Requirements

To offer a full experience to users, Waydev Enterprise requires that an email server is provided. This e-mail server and information is required for the system to function. You must choose an e-mail server that meets the following criteria:

  • It must be able to send e-mail from the e-mail you choose to use as the "From" address in system e-mails.

  • It must be able to send e-mail to any users you intend to invite into the system.

  • It must be able to be reached on the given hostname and port from your chosen server.

  • It must not be a one-off installation of SendMail or Postfix on the local host server running the application.

Trial Tip: Waydev can be installed even if a connection to the SMTP server is not possible during the install.

Did this answer your question?