# Prerequisites

## Hardware requirements

Minimum requirements for Toucan are:

* An x86 Linux-based server. No requirements on the distribution or Kernel version.
* 2 Cores CPU
* 10 GB of RAM
* 20 GB of storage for the node, to host Kubernetes and the container images.
* +Additional block storage for your data (at least 50 GB).

<details>

<summary>Benchmarks</summary>

These results show the average memory usage of an **initial deployment**. **This is not the average memory usage of the stack under load.**

```shell
curity-admin-0                721Mi
curity-runtime                818Mi
dataexecution-api             3Mi
dataexecution-redis-master-0  6Mi
dataexecution-worker          7Mi
dataset                       533Mi
garage-0                      7Mi
gotenberg                     10Mi
impersonate                   8Mi
impersonate-redis-master-0    3Mi
laputa-0                      1983Mi
laputa-redis-master-0         5Mi
layout                        175Mi
layout-redis-master-0         4Mi
mongodb-0                     225Mi
postgresql-0                  104Mi
spicedb                       59Mi
tucana                        7Mi
vault-server-0                178Mi
```

</details>

Recommended requirements for Toucan are:

* An x86 Linux-based server. No requirements on the distribution or Kernel version.
* 4 Cores CPU
* 16 GB of RAM
* \>50 GB of storage for the node.
* +Additional block storage for your data (at least 50 GB).

## Software requirements

* Kubernetes 1.22+

  {% hint style="info" %} If you plan to host Kubernetes yourself, the following page will help you configure [k3s](https://k3s.io) for production.

  If you plan to test Toucan on Kubernetes, the next page will also present examples with [minikube](https://minikube.sigs.k8s.io/). {% endhint %}
* [Kubectl](https://kubernetes.io/docs/tasks/tools/) with an access to the Kubernetes cluster.
* [Helm 3+](https://helm.sh/docs/intro/install/).
* An access to Toucan's Quay registry. If you don't have access, [contact us using our mail address: go@toucantoco.com](mailto:go@toucantoco.com).
  * Test the access by running the following command:

    ```shell
    helm pull oci://quay.io/toucantoco/charts/toucan-stack
    ```
* A configurable DNS to forward traffic to the Toucan services.
* An Ingress controller like the [Nginx Ingress controller](https://kubernetes.github.io/ingress-nginx/) to expose the Toucan services.
* Have a Curity Community Edition license. You can sign up for one [here](https://developer.curity.io/).
* (optional) [cert-manager](https://cert-manager.io/docs/installation/) to handle certificates.

## Prerequisite knowledge

Even if the deployment is abstracted, basic understanding of components is recommended:

* Kubernetes critical concepts: [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) and [Persistent Volumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/).
* NGINX [Ingress controller](https://kubernetes.github.io/ingress-nginx/how-it-works/) and [reverse proxies](https://www.f5.com/glossary/reverse-proxy)
  * Required to [expose traffic to the Toucan services](https://kubernetes.io/docs/concepts/services-networking/ingress/).
* DNS records configuration (feel free to check the documentation of your DNS cloud provider, here's the [one provided by Cloudflare](https://developers.cloudflare.com/dns/manage-dns-records/how-to/create-dns-records/)).
  * Required to [forward traffic to the Toucan services based on domain names](https://kubernetes.io/docs/concepts/services-networking/ingress/).
* TLS configuration
  * Required to [secure traffic to the Toucan services](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls).
  * (optional) [cert-manager](https://cert-manager.io/docs/usage/) to automatically manage certificates.

{% hint style="warning" %}
**Are you self-hosting Kubernetes? Please read this.**

If this is your first time configuring Kubernetes, exposing traffic through the Ingress Controller may not be immediate. We recommend using one of the following methods in order of preference:

* **Cloud Controller Manager** (if possible): This is the optimal choice for multi-node deployments, as it automatically handles network configuration without the hassle of manual setup.
* [**MetalLB**](https://metallb.io): A solution for exposing traffic by announcing IP addresses of the Ingress Controller using L2 or BGP advertisements. MetalLB is ideal for multi-node setups where you need to manage load balancing and expose services over external IPs.
* [**ServiceLB**](https://docs.k3s.io/networking/networking-services#service-load-balancer): Included and exclusive to [k3s](https://k3s.io), ServiceLB is the simplest solution to expose traffic on a single-node Kubernetes deployment. It automatically opens ports on the host without the need for advertisements and is perfect for small or local deployments.
* [**NodePorts**](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport): This method opens ports between 30000 and 32767 on each node, but you’ll need to manually forward ports using your router. This is a simple solution but may not scale well in larger environments.

Storage may also require additional configuration, and we recommend the following methods:

* **Cloud Provider Storage Provisioner**: Using your cloud provider’s storage solution (e.g., AWS EBS, Google Persistent Disk, or Azure Disk) provides the benefits of an optimized storage plane, including replication, availability, and compliance. This is the most robust option for production-grade storage.
* [**Local-Path Provisioner**](https://github.com/rancher/local-path-provisioner): Included with [k3s](https://k3s.io), this provisioner mounts storage directly on the host. It's highly recommended for **single-node** setups but has the limitation of binding the Pod to a specific node. To optimize this setup, **we suggest mounting an additional block storage at `/opt/local-path-provisioner/`** to separate application data from infrastructure data on the same disk.
* **Other CSI Drivers (e.g., iSCSI)**: If you prefer, you can use other **Container Storage Interface (CSI) drivers**, such as [iSCSI](https://github.com/kubernetes-csi/csi-driver-iscsi), for more custom storage configurations.

We **do not** recommend using self-hosted solutions like **Ceph/Rook**, **NFS**, **Longhorn**, or any other parallel/network storage unless you have **dedicated storage nodes** and a **deep understanding of inter-node communication** and **performance tuning**. These solutions typically require significant network bandwidth and can complicate setup and maintenance.

If you ever have storage nodes, for a multi node setup, we recommend splitting the storage between the compute nodes. You can then apply [taints](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to designate certain nodes as "storage nodes" (e.g., `storage=true`), optimizing your storage layout:

<img src="https://1809014303-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZxYYf1KpgarKMgMsDCrw%2Fuploads%2Fgit-blob-3addaea6dd3120794970eee9ce485b7fb7c15af7%2Fstoragesetup.png?alt=media" alt="Multi-node setup with lightweight storage plane." data-size="original">

**If this is your first time self-hosting Kubernetes, we strongly recommend using** [**k3s**](https://k3s.io) **as your Kubernetes distribution. It simplifies network and storage configuration, making it the easiest way to get your cluster running with minimal effort.**
{% endhint %}

## Recommended tools

We recommend using the following tools:

* [VSCode](https://code.visualstudio.com/) or any IDE with YAML support.
* [Headlamp](https://headlamp.dev), a GUI for Kubernetes.

While [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) should be enough to interact with the cluster, these additional tools will help you quickly navigate through the cluster.

## Recommended documentation

* [Helm documentation - Customizing the chart before installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing)
* [Kubernetes Documentation](https://kubernetes.io/docs/concepts/)

{% hint style="warning" %}
**Warning**

Before deploying Toucan Stack, it is strongly advised to have a comprehensive understanding on how Kubernetes operates, specifically with regard to storage and network management using features such as [**PersistentVolume**](https://kubernetes.io/docs/concepts/storage/persistent-volumes/), and [**Ingress**](https://kubernetes.io/docs/concepts/services-networking/ingress/).
{% endhint %}

## What's next

Did you get everything ready?

Now it's time to deploy the stack! We'll also help you configure Kubernetes with the [k3s](https://k3s.io) distribution, if you haven't already deployed it.

{% content-ref url="deploy" %}
[deploy](https://docs-v3.toucantoco.com/self-hosted-toucan/getting-started/deploy)
{% endcontent-ref %}