Cluster Requirements
This guide outlines the requirements for connecting a Kubernetes cluster to TinySystems.
Kubernetes Version
TinySystems supports Kubernetes versions:
| Version | Status |
|---|---|
| 1.28+ | Fully supported |
| 1.26-1.27 | Supported |
| 1.25 | Limited support |
| < 1.25 | Not supported |
Check your version:
bash
kubectl version --shortResource Requirements
Minimum Resources
For development and testing:
| Resource | Minimum |
|---|---|
| CPU | 2 cores |
| Memory | 4 GB |
| Storage | 20 GB |
| Nodes | 1 |
Recommended Resources
For production workloads:
| Resource | Recommended |
|---|---|
| CPU | 4+ cores |
| Memory | 8+ GB |
| Storage | 50+ GB |
| Nodes | 3+ |
Per-Module Resources
Each module requires:
| Resource | Default | Heavy workload |
|---|---|---|
| CPU Request | 100m | 500m |
| CPU Limit | 500m | 2000m |
| Memory Request | 128Mi | 512Mi |
| Memory Limit | 512Mi | 2Gi |
Supported Environments
Cloud Providers
| Provider | Service | Status |
|---|---|---|
| Google Cloud | GKE | Fully supported |
| AWS | EKS | Fully supported |
| Azure | AKS | Fully supported |
| DigitalOcean | DOKS | Supported |
| Linode | LKE | Supported |
Local Development
| Tool | Status | Notes |
|---|---|---|
| minikube | Supported | Recommended for local dev |
| kind | Supported | Good for CI/testing |
| Docker Desktop | Supported | Easy setup on Mac/Windows |
| k3s | Supported | Lightweight option |
| Rancher Desktop | Supported | Alternative to Docker Desktop |
Self-Hosted
| Distribution | Status |
|---|---|
| kubeadm | Supported |
| k3s | Supported |
| RKE/RKE2 | Supported |
| OpenShift | Supported (with adjustments) |
Network Requirements
Outbound Connectivity
The cluster needs outbound access to:
| Destination | Port | Purpose |
|---|---|---|
| Platform API | 443 | Control plane communication |
| Container Registry | 443 | Pull module images |
| DNS | 53 | Name resolution |
Ingress (Optional)
For exposing HTTP endpoints:
| Requirement | Purpose |
|---|---|
| Ingress Controller | Route external traffic |
| LoadBalancer/NodePort | External access |
| TLS certificates | HTTPS support |
Internal Networking
- Pod-to-pod communication must work
- DNS resolution within cluster
- Service discovery functional
RBAC Requirements
TinySystems needs specific permissions:
Namespace-Scoped (Recommended)
Permissions within a single namespace:
yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: tinysystems-role
namespace: tinysystems
rules:
# Custom Resources
- apiGroups: ["operator.tinysystems.io"]
resources: ["*"]
verbs: ["*"]
# Core resources
- apiGroups: [""]
resources: ["pods", "services", "configmaps", "secrets"]
verbs: ["*"]
# Apps
- apiGroups: ["apps"]
resources: ["deployments", "replicasets"]
verbs: ["*"]
# Networking
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["*"]
# Coordination (leader election)
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["*"]Cluster-Scoped (Optional)
For cross-namespace operations:
yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tinysystems-cluster-role
rules:
- apiGroups: ["operator.tinysystems.io"]
resources: ["*"]
verbs: ["*"]
# Additional cluster-wide permissions...Storage Requirements
Persistent Storage (Optional)
Required for:
- State persistence
- Log aggregation
- Custom data stores
StorageClass requirements:
- Dynamic provisioning preferred
- ReadWriteOnce sufficient for most cases
Ephemeral Storage
Default modules use ephemeral storage:
- No PV/PVC required
- Data doesn't persist across restarts
- Suitable for stateless operations
Custom Resource Definitions
TinySystems requires these CRDs:
| CRD | Purpose |
|---|---|
| TinyModule | Module registration |
| TinyNode | Component instances |
| TinySignal | Message triggers |
CRDs are installed automatically when you deploy a module.
Security Requirements
Pod Security
Modules run with:
- Non-root user (UID 1000)
- Read-only root filesystem (configurable)
- No privileged access needed
- No host networking needed
Network Policies (Optional)
If using network policies, allow:
- Pod-to-pod within namespace
- Egress to DNS
- Egress to platform API
Secrets
For sensitive configuration:
- Kubernetes Secrets for credentials
- ConfigMaps for non-sensitive config
- Optional: External secret managers
Verification Checklist
Before connecting your cluster:
- [ ] Kubernetes version 1.26+
- [ ] Sufficient resources (CPU, memory)
- [ ] kubectl access configured
- [ ] Namespace created (or permissions to create)
- [ ] RBAC permissions granted
- [ ] Outbound network access available
- [ ] (Optional) Ingress controller installed
- [ ] (Optional) StorageClass available
Quick Verification Script
bash
#!/bin/bash
echo "Checking Kubernetes connection..."
kubectl cluster-info
echo -e "\nChecking version..."
kubectl version --short
echo -e "\nChecking nodes..."
kubectl get nodes
echo -e "\nChecking resources..."
kubectl top nodes 2>/dev/null || echo "Metrics not available"
echo -e "\nChecking RBAC..."
kubectl auth can-i create pods --namespace tinysystems
echo -e "\nChecking CRDs..."
kubectl get crd | grep tinysystems || echo "TinySystems CRDs not installed (normal for new clusters)"Next Steps
- Connecting Your Cluster - Connect to TinySystems
- Cluster Management - Manage your cluster
- Troubleshooting Clusters - Common issues