YouPrep documentationHelp centerGet a demo

Prerequisites

Hardware requirements

Minimum requirements for Toucan are:

  • An x86 Linux-based server. No requirements on the distribution or Kernel version.

  • 2 Cores CPU

  • 10 GB of RAM

  • 20 GB of storage for the node, to host Kubernetes and the container images.

  • +Additional block storage for your data (at least 50 GB).

Benchmarks

These results show the average memory usage of an initial deployment. This is not the average memory usage of the stack under load.

curity-admin-0                721Mi
curity-runtime                818Mi
dataexecution-api             3Mi
dataexecution-redis-master-0  6Mi
dataexecution-worker          7Mi
dataset                       533Mi
garage-0                      7Mi
gotenberg                     10Mi
impersonate                   8Mi
impersonate-redis-master-0    3Mi
laputa-0                      1983Mi
laputa-redis-master-0         5Mi
layout                        175Mi
layout-redis-master-0         4Mi
mongodb-0                     225Mi
postgresql-0                  104Mi
spicedb                       59Mi
tucana                        7Mi
vault-server-0                178Mi

Recommended requirements for Toucan are:

  • An x86 Linux-based server. No requirements on the distribution or Kernel version.

  • 4 Cores CPU

  • 16 GB of RAM

  • >50 GB of storage for the node.

  • +Additional block storage for your data (at least 50 GB).

Software requirements

  • Kubernetes 1.22+

    {% hint style="info" %} If you plan to host Kubernetes yourself, the following page will help you configure k3s for production.

    If you plan to test Toucan on Kubernetes, the next page will also present examples with minikube. {% endhint %}

  • Kubectl with an access to the Kubernetes cluster.

  • Helm 3+.

  • An access to Toucan's Quay registry. If you don't have access, contact us using our mail address: [email protected].

    • Test the access by running the following command:

      helm pull oci://quay.io/toucantoco/charts/toucan-stack

  • A configurable DNS to forward traffic to the Toucan services.

  • An Ingress controller like the Nginx Ingress controller to expose the Toucan services.

  • Have a Curity Community Edition license. You can sign up for one here.

  • (optional) cert-manager to handle certificates.

Prerequisite knowledge

Even if the deployment is abstracted, basic understanding of components is recommended:

Are you self-hosting Kubernetes? Please read this.

If this is your first time configuring Kubernetes, exposing traffic through the Ingress Controller may not be immediate. We recommend using one of the following methods in order of preference:

  • Cloud Controller Manager (if possible): This is the optimal choice for multi-node deployments, as it automatically handles network configuration without the hassle of manual setup.

  • MetalLB: A solution for exposing traffic by announcing IP addresses of the Ingress Controller using L2 or BGP advertisements. MetalLB is ideal for multi-node setups where you need to manage load balancing and expose services over external IPs.

  • ServiceLB: Included and exclusive to k3s, ServiceLB is the simplest solution to expose traffic on a single-node Kubernetes deployment. It automatically opens ports on the host without the need for advertisements and is perfect for small or local deployments.

  • NodePorts: This method opens ports between 30000 and 32767 on each node, but you’ll need to manually forward ports using your router. This is a simple solution but may not scale well in larger environments.

Storage may also require additional configuration, and we recommend the following methods:

  • Cloud Provider Storage Provisioner: Using your cloud provider’s storage solution (e.g., AWS EBS, Google Persistent Disk, or Azure Disk) provides the benefits of an optimized storage plane, including replication, availability, and compliance. This is the most robust option for production-grade storage.

  • Local-Path Provisioner: Included with k3s, this provisioner mounts storage directly on the host. It's highly recommended for single-node setups but has the limitation of binding the Pod to a specific node. To optimize this setup, we suggest mounting an additional block storage at /opt/local-path-provisioner/ to separate application data from infrastructure data on the same disk.

  • Other CSI Drivers (e.g., iSCSI): If you prefer, you can use other Container Storage Interface (CSI) drivers, such as iSCSI, for more custom storage configurations.

We do not recommend using self-hosted solutions like Ceph/Rook, NFS, Longhorn, or any other parallel/network storage unless you have dedicated storage nodes and a deep understanding of inter-node communication and performance tuning. These solutions typically require significant network bandwidth and can complicate setup and maintenance.

If you ever have storage nodes, for a multi node setup, we recommend splitting the storage between the compute nodes. You can then apply taints to designate certain nodes as "storage nodes" (e.g., storage=true), optimizing your storage layout:

Multi-node setup with lightweight storage plane.

If this is your first time self-hosting Kubernetes, we strongly recommend using k3s as your Kubernetes distribution. It simplifies network and storage configuration, making it the easiest way to get your cluster running with minimal effort.

Recommended tools

We recommend using the following tools:

While kubectl should be enough to interact with the cluster, these additional tools will help you quickly navigate through the cluster.

Recommended documentation

Warning

Before deploying Toucan Stack, it is strongly advised to have a comprehensive understanding on how Kubernetes operates, specifically with regard to storage and network management using features such as PersistentVolume, and Ingress.

What's next

Did you get everything ready?

Now it's time to deploy the stack! We'll also help you configure Kubernetes with the k3s distribution, if you haven't already deployed it.

⛴️Deploy Toucan using Helm Charts

Last updated

Was this helpful?