> For the complete documentation index, see [llms.txt](https://cocktailcloud.gitbook.io/cube/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cocktailcloud.gitbook.io/cube/overview/system-requirements.md). # Infrastructure Specifications ## Resource Specifications ### Minimum resource requirements (For Kubernetes only) * 2 vCPUs * 2 GB RAM * 20 GB Storage ### Minimum resource requirements (For Installation of Cocktail) | 구분 | 수량 | CPU | Memory | Disk | 비고 | | ---------------- | -------- | -------: | -----: | ----: | ------------ | | Control plane | 3식 | 8 vCore | 16 G | 500 G | | | Worker nodes | 1식 | 16 vCore | 32 G | 500 G | 동시 빌드 15개 기준 | | Private Registry | 1식 | 8 vCore | 16 G | 1 TB | | | NFS | 1식 | | | 1 TB | | | Bastion | optional | 4 vCore | 4 G | 500 G | 설치, 원격운영지원 | ### Recommended resource requirements (For Installation of Cocktail) | 구분 | 수량 | CPU | Memory | Disk | 비고 | | ---------------- | -------- | -------: | -----: | ----: | ----------- | | Control plane | 3식 | 16 vCore | 32 G | 500 G | | | Worker nodes | 3식 | 16 vCore | 32 G | 500 G | 동시 빌드 5개 기준 | | Private Registry | 1식 | 8 vCore | 16 G | 1 TB | | | NFS | 1식 | | | 2 TB | | | Bastion | optional | 4 vCore | 4 G | 500 G | 설치, 원격운영지원 | ## Firewall Settings *※ all nodes* | Protocol | Direction | Port Range | Description | | -------- | ---------------- | :--------: | -------------------------------------------- | | SSH | Inbound/outbound | 22 | | | TCP | Inbound/outbound | 80 | http | | TCP | Inbound/outbound | 443 | https | | 4(IPv4) | Inbound/outbound | | calico(ipip) | | TCP | Inbound/outbound | 179 | calico(ipip) | | UDP | Inbound/outbound | 4789 | calico(vxlan) | | TCP/UDP | Inbound/outbound | 111 | when using nfs | | TCP/UDP | Inbound/outbound | 2049 | when using nfs | | HTTP | outbound | 8080 | on air gaped network | | TCP | Inbound/outbound | 4240 | cilium(health check) | | TCP | Inbound/outbound | 4244 | cilium(Hubble server) | | TCP | Inbound/outbound | 4245 | cilium(Hubble Relay) | | TCP | Inbound/outbound | 4250 | cilium(Mutual Authentication port) | | TCP | Inbound/outbound | 8472 | cilium(vxlan) | | TCP | Inbound/outbound | 6081 | cilium(Geneve) | | TCP | Inbound/outbound | 9962 | cilium(cilium-agent Prometheus metrics) | | TCP | Inbound/outbound | 9963 | cilium(cilium-operator Prometheus metrics) | | TCP | Inbound/outbound | 9964 | cilium(cilium-envoy Prometheus metrics) | | TCP | Inbound/outbound | 51871 | cilium(WireGuard encryption tunnel endpoint) | | TCP | Inbound/outbound | ICMP 8/0 | cilium(health check) | *※ control plane* | Protocol | Direction | Port Range | Purpose | Used By | | -------- | ---------------- | :--------: | ----------------------- | ---------------------------- | | TCP | Inbound | 2379\~2380 | etcd server client API | kube-apiserver, etcd, cilium | | TCP | Inbound/outbound | 4240 | cilium(health check) | cilium | | TCP | Inbound | 6443 | Kubernetes API server | All | | TCP | Inbound/outbound | 8472 | cilium(vxlan) | cilium | | TCP | Inbound/outbound | 10250 | Kubelet API | Self, Control plane | | TCP | Inbound | 10257 | kube-controller-manager | Self | | TCP | Inbound | 10259 | kube-scheduler | Self | | TCP | Inbound/outbound | ICMP 8/0 | cilium(health check) | cilium | *※ worker nodes* | Protocol | Direction | Port Range | Purpose | Used By | | -------- | ---------------- | :---------: | ---------------------- | ------------------- | | TCP | Inbound/outbound | 2379\~2380 | etcd server client API | etcd, cilium | | TCP | Inbound/outbound | 4240 | cilium(health check) | cilium | | TCP | Inbound/outbound | 8472 | cilium(vxlan) | cilium | | TCP | Inbound/outbound | 10250 | Kubelet API | Self, Control-plane | | TCP | Inbound | 30000-32767 | NodePort Service Range | All | | TCP | Inbound/outbound | ICMP 8/0 | cilium(health check) | cilium | *※ registry (harbor + linux-local-repository, optional)* | Protocol | Direction | Port Range | Purpose | Used By | | -------- | --------- | :--------: | --------------------------------------------- | ------- | | TCP | Inbound | 443 | harbor https | All | | TCP | Inbound | 8080 | linux-local-repository (on air gaped network) | All | ## Sudoers Table | Bin | Control-Planes | Workers | Registry | Bastion | NOPASSWD | After-Install | Description | | ----------------------------- | :------------: | :-----: | :------: | :-----: | :------: | :-----------: | ---------------- | | /usr/bin/sh | ⚫ | ⚫ | ⚫ | | 필수 | × | cubectl(ansible) | | /usr/local/bin/podman | | | | ⚫ | 필수 | × | run in cubectl | | /usr/bin/cp | | | | ⚫ | 필수 | × | run in cubectl | | /usr/bin/tar | | | | ⚫ | 필수 | × | run in cubectl | | /usr/bin/helm | ⚫ | | | | | ○ | | | /usr/bin/cp | ⚫ | ⚫ | ⚫ | | | ○ | 노드 관리용도 | | /usr/bin/tar | ⚫ | ⚫ | ⚫ | | | ○ | 노드 관리용도 | | /usr/bin/ls | ⚫ | ⚫ | ⚫ | ⚫ | | ○ | 노드 관리용도 | | /usr/bin/cat | ⚫ | ⚫ | ⚫ | ⚫ | | ○ | 노드 관리용도 | | /usr/bin/systemctl | ⚫ | ⚫ | ⚫ | | | ○ | 노드 관리용도 | | /usr/bin/journalctl | ⚫ | ⚫ | ⚫ | | | ○ | 노드 관리용도 | | /usr/bin/kubectl | ⚫ | ⚫ | | | | ○ | 노드 관리용도 | | /usr/bin/kubeadm | ⚫ | ⚫ | | | | ○ | 노드 관리용도 | | /usr/bin/crictl | ⚫ | ⚫ | | | | ○ | 노드 관리용도 | | /usr/sbin/ipvsadm | ⚫ | ⚫ | | | | ○ | 노드 관리용도 | | /usr/bin/calicoctl | ⚫ | ⚫ | | | | ○ | 노드 관리용도 | | /usr/bin/netstat | ⚫ | ⚫ | | | | ○ | 노드 관리용도 | | /usr/bin/etcdctl | ⚫ | | | | | ○ | 노드 관리용도 | | /usr/local/bin/docker-compose | | | ⚫ | | | ○ | 노드 관리용도 | | /usr/bin/docker | | | ⚫ | | | ○ | 노드 관리용도 | | /usr/bin/vi | ⚫ | ⚫ | ⚫ | | | × | 트러블 슈팅용도 | | /usr/bin/chown | ⚫ | ⚫ | ⚫ | | | × | 트러블 슈팅용도 | | /usr/bin/chmod | ⚫ | ⚫ | ⚫ | | | × | 트러블 슈팅용도 | | /usr/bin/df | ⚫ | ⚫ | ⚫ | | | × | 트러블 슈팅용도 | | /usr/bin/lsmod | ⚫ | ⚫ | ⚫ | | | × | 트러블 슈팅용도 | | /usr/bin/modprobe | ⚫ | ⚫ | ⚫ | | | × | 트러블 슈팅용도 | | /usr/bin/swapoff | ⚫ | ⚫ | ⚫ | | | × | 트러블 슈팅용도 | | /usr/bin/grep | ⚫ | ⚫ | ⚫ | | | × | 트러블 슈팅용도 | | /usr/bin/regctl | | | ⚫ | | | ○ | 이미지 관리용도 | ## Running `cubectl` * OS : linux, darwin(osx) * CPU : amd64(x86\_64), arm64(aarch64) * CentOS 7, RedHat Enterprise Linux 7 은 `/proc/sys/user/max_user_namespaces` 10000 이상 값설정 필요. * RedHat Enterprise Linux 7(arm64)는 `cubectl` 실행을 지원하지 않습니다. * Kubernetes v1.33부터 최소 지원 kernel version이 4.19 이상입니다. * 현재 RedHat Enterprise Linux 8, Rocky8은 v1.33으로 Upgrade가 불가능 합니다. * Cubectl은 Kubernetes version v1.30 이상부터 cri-o를 이용한 설치를 지원합니다. * Kubernetes v1.34부터 registry.k8s.io/pause:3.10.1을 지원합니다. * extend-images.tgz를 다운로드 후 push registry 명령어를 이용하여 upload를 해야합니다. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://cocktailcloud.gitbook.io/cube/overview/system-requirements.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.