Requirements [GL ARC]

CNCF Certified Kubernetes

Core Kubernetes functionality like Namespaces, Deployments, StatefulSets, DaemonSets, Jobs, CronJobs, ConfigMaps, Secrets, Service Account Tokens

REQUIRED

RBAC

API access, dashboard access

REQUIRED

Custom Resources

Operators for metallb, TCP mapping

REQUIRED

Pod Security Policies

MetalLB, Prometheus, Grafana, Alertmanager

REQUIRED

Pod Disruption Budgets

Ingress Controllers (nginx, HAproxy)

REQUIRED

Certificate Signing Requests

Create TLS certificates via the Kubernetes Certificates API (see https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/ ).

REQUIRED

Multiple ingress controllers

VidiFlow public & private ingress

REQUIRED

Different ingress controller types

nginx for VidiFlow, HAproxy for StreamingServer

REQUIRED

Reverse proxy

All Web UIs (e.g. ConfigPortal, Workflow Monitor); many APIs (e.g. Workflow API)

REQUIRED

SSL/TLS termination

For SSL/TLS termination of UI and API endpoints

RECOMMENDED

TCP port mapping

VidiCore API; further APIs not exposed via reverse proxy on ports 80/443

REQUIRED

Upstream DNS server

Access to externally provided components, e.g. database, LDAP server

REQUIRED

Overlay network

Network communication between pods on different cluster nodes

REQUIRED

MAC address spoofing in pods

Only for node-locked VidiCore licence

OPTIONAL

Multiple hostnames and IP addresses for system endpoints

Users interfaces usually share one endpoint, but may be configured to different endpoints. VidiFlow needs an endpoint of its own.

REQUIRED

Internet access to Vidispine licence server

For VidiCore online licence

RECOMMENDED

Additional node IP via ARP announcement

For MetalLB in layer-2-mode

RECOMMENDED

External load balancer

For proper load distribution between the cluster nodes 

RECOMMENDED

BGP support in external load balancer

OPTIONAL

Fixes IP addresses

Once a node has been added to the Kubernetes cluster it's IP must not change any more. The IP address cannot be adjusted w/o taking the node out of the cluster and re-joining it.

REQUIRED

Sufficient log file storage

REQUIRED

Operating system updates

REQUIRED

Dedicated notes for Kubernetes master and etcd

RECOMMENDED

Node labels

For defining different node types (refer to hardware requirements guide).

REQUIRED

Clocks are in sync

Operating system clocks needs to be in sync on all cluster nodes.

REQUIRED

Add nodes during operation

For scaling when in production

RECOMMENDED

Remove nodes during operation

For scaling when in production

RECOMMENDED

Cluster upgrade with cordon/drain per node

Useful when cluster sizing has sufficient room to hold all pods even if one node is down

RECOMMENDED

Cluster upgrade w/o cordon/drain

Most likely scenario when cluster is fully booked

REQUIRED

etcd backup

The contents of the etcd cluster must be backed up on a regular basis. It is crucial for desaster recovery scenarios

REQUIRED

Overall backup & desaster recovery

RECOMMENDED

The Linux kernel must contain a fix for this kmem bug: https://bugzilla.redhat.com/show_bug.cgi?id=1507149#c101

When using CentOS or RHEL prior to version 7.7, please ensure a kernel version of kernel-3.10.0-1075.el7 or newer

REQUIRED

The Linux kernel should be newer than 4.9.25 to properly support xfs. See https://alexander.holbreich.org/elasticsearch-configuration/#the-filesystem

When using xfs as filesystem for node-local storage (e.g. Elasticsearch) please ensure proper kernel support for xfs. Otherwise ext4 is the preferred file system.

RECOMMENDED