Embedded Cluster Installation Requirements
This topic lists the installation requirements for Replicated Embedded Cluster. Ensure that the installation environment meets these requirements before attempting to install.
System Requirements
-
Linux operating system
-
x86-64 architecture
-
systemd
-
At least 2GB of memory and 2 CPU cores
-
The disk on the host must have a maximum P99 write latency of 10 ms. This supports etcd performance and stability. For more information about the disk write latency requirements for etcd, see Disks in Hardware recommendations and What does the etcd warning “failed to send out heartbeat on time” mean? in the etcd documentation.
-
The filesystem at
/var/lib/embedded-clusterhas 40Gi or more of total space and must be less than 80% fullnoteThe directory used for data storage can be changed by passing the
--data-dirflag with the Embedded Cluster install command. For more information, see Embedded Cluster Install Command Options.Note that in addition to the primary
/var/lib/embedded-clusterdirectory, Embedded Cluster creates directories and files in the following locations:/etc/cni/etc/k0s/opt/cni/opt/containerd/run/calico/run/containerd/run/k0s/sys/fs/cgroup/kubepods/sys/fs/cgroup/system.slice/containerd.service/sys/fs/cgroup/system.slice/k0scontroller.service/usr/libexec/k0s/var/lib/calico/var/lib/cni/var/lib/containers/var/lib/kubelet/var/log/calico/var/log/containers/var/log/pods/usr/local/bin/k0s
-
(Online installations only) Access to replicated.app and proxy.replicated.com or your custom domain for each
-
Embedded Cluster is based on k0s, so all k0s system requirements and external runtime dependencies apply. See System requirements and External runtime dependencies in the k0s documentation.
Port Requirements
Embedded Cluster requires that the following ports are open and available:
- 2379/TCP *
- 2380/TCP
- 4789/UDP
- 6443/TCP
- 7443/TCP
- 9091/TCP
- 9099/TCP *
- 9443/TCP
- 10248/TCP *
- 10249/TCP
- 10250/TCP
- 10256/TCP
- 10257/TCP *
- 10259/TCP *
- 30000/TCP ***
- 50000/TCP * ** ***
* These ports are used only by processes running on the same node. Ensure that there are no other processes using them. It is not necessary to create firewall openings for these ports.
** Required for air gap installations only.
*** By default, the Admin Console and Local Artifact Mirror (LAM) run on ports 30000 and 50000, respectively. If these ports are occupied, you can select different ports during installation. For more information, see Embedded Cluster Install Command Options.
Firewall Openings for Online Installations
The domains for the services listed in the table below need to be accessible from servers performing online installations. No outbound internet access is required for air gap installations.
For services hosted at domains owned by Replicated, the table below includes a link to the list of IP addresses for the domain at replicatedhq/ips in GitHub. Note that the IP addresses listed in the replicatedhq/ips repository also include IP addresses for some domains that are not required for installation.
For third-party services hosted at domains not owned by Replicated, the table below lists the required domains. Consult the third-party's documentation for the IP address range for each domain, as needed.
| Host | Embedded Cluster | KOTS Existing Cluster | kURL Clusters | Description |
|---|---|---|---|---|
| Docker Hub | Not Required | Required | Required | Some dependencies of KOTS are hosted as public images in Docker Hub. The required domains for this service are index.docker.io, cdn.auth0.com, *.docker.io, and *.docker.com. |
replicated.app | Required | Required | Required | Upstream application YAML and metadata is pulled from For the range of IP addresses for |
proxy.replicated.com | Required | Required* | Required* | Private Docker images are proxied through For the range of IP addresses for |
registry.replicated.com | Required** | Required** | Required** | Some applications host private images in the Replicated registry at this domain. The on-prem docker client uses a license ID to authenticate to For the range of IP addresses for |
kots.io | Not Required | Required | Not Required | Requests are made to this domain when installing the Replicated KOTS CLI. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA. |
github.com | Not Required | Required | Not Required | Requests are made to this domain when installing the Replicated KOTS CLI. For information about retrieving GitHub IP addresses, see About GitHub's IP addresses in the GitHub documentation. |
k8s.kurl.shs3.kurl.sh | Not Required | Not Required | Required | kURL installation scripts and artifacts are served from kurl.sh. An application identifier is sent in a URL path, and bash scripts and binary executables are served from kurl.sh. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA. For the range of IP addresses for The range of IP addresses for |
amazonaws.com | Not Required | Not Required | Required | tar.gz packages are downloaded from Amazon S3 during installations with kURL. For information about dynamically scraping the IP ranges to allowlist for accessing these packages, see AWS IP address ranges in the AWS documentation. |
* Required only if the application uses the Replicated proxy registry. Contact your software vendor for more information.
** Required only if the application uses the Replicated registry. Contact your software vendor for more information.