System requirements

Basic pre-requisites

Ensure the following items are in place and configured properly:

  • Domain Name Service (DNS) with public name resolution enabled.
  • Network Time Protocol (NTP)
  • Software Update Service- access to a network-based repository for software update packages.
  • Fixed private IPv4 address
  • Unique static host name

Operating System

The commands have been tested on Ubuntu Server 20.04 LTS, SUSE Linux Enterprise Server 15 SP4 and RHEL 8.6.

Also, firewalldnm-cloud-setup.service and nm-cloud-setup.timer must be disabled and the server restarted before the installation, click here for more information.

Hardware requirements

The minimum requirement for the a single node Kubernetes cluster is one virtual machine with the following specs:

Table 1.
  FDC Forcepoint DSPM Ultimate
CPU cores 8 16 20
Memory 32GB 64GB 80GB
Storage 500GB

min 32M inodes

600GB

min 39M inodes

700GB

min 32M inodes

Note: These system requirements are subject to change, see the Requirements sections site to ensure minimum system requirements are met.

Networking Specifications

Outbound internet access with 100 Mbps downloads speed. The cluster needs a public internet connection to download Docker images, binaries, updates, and configuration files.

K3s needs port 443 open so clients can access the Forcepoint DSPM UI and API.

Your network should be configured to allow the following public URLs to be accessible over port 443 (HTTPS) and HTTPS traffic is bypassed (NOT intercepted):

https://assets.master.k3s.getvisibility.com (Custom K3s installation files)
https://images.master.k3s.getvisibility.com (Private Docker registry)
https://charts.master.k3s.getvisibility.com (Private Helm registry)
https://prod-eu-west-1-starport-layer-bucket.s3.eu-west-1.amazonaws.com (Docker registry AWS CDN)
https://rpm.rancher.io (Rancher RPM repo for configuring SELinux packages on RHEL or CentOS)
https://api.master.k3s.getvisibility.com (Private API server)
https://rancher.master.k3s.getvisibility.com (Rancher management server)
https://rancher.$RESELLER_NAME.k3s.getvisibility.com (Rancher management server, where $RESELLER_NAME is Getvisibility for direct customers)
Note: Rancher might try to reach to "git.rancher.io" since it is the default hard-coded repository, but we have our own private repository with all our charts. So, it is ok, to block it as we cannot disable it.
Note: If you are using a proxy then see the Configuring Rancher and Fleet agent to run behind an HTTP proxy article for details.

Downloads

Note: Below file downloads are also needed for Rancher and helm online type of deployments.

Download following file sets:

K3s and Antivirus

Draft comment: Dipshikha.Basu
Should we recommend disabling antivirus software?