• Apollo
    • Search documentation
    karat

    +

    K

    DocumentationManaging EnvironmentsSpoke Environment prerequisites

    Spoke Environment prerequisites

    Overview

    A Kubernetes cluster must meet certain prerequisites before it can be managed by Apollo as an Environment.

    Kubernetes distribution

    A Spoke can run any CNCF certified distribution of Kubernetes.

    Apollo supports any version currently supported by the Kubernetes Community. If you require support for an older version, contact your Palantir representative to discuss options.

    Compute requirements

    • The Kubernetes cluster must have at least 3 compute nodes. We recommend the cluster has at least 10 vCPU cores and 16GB of memory total for the Apollo Spoke Control Plane.
    • The cluster must have root access to an instance located in the same Environment as your Kubernetes cluster to enable initial installation of the Apollo Spoke Control Plane.
    • The compute nodes in the cluster must support the x86_64 architecture.
    • The nodes in the cluster must be able to talk to each other.
    • If the Kubernetes Control Plane is separate from the compute nodes, as in the EKS architecture, the Control Plane must be able to talk to the compute nodes.
    • The cluster has a default storage class and supports provisioning of persistent volumes.

    Networking requirements

    • Your cluster’s egress IPs will need to be allowlisted to access the Apollo Hub. Please provide your Palantir representative with these IPs before getting started.
    • If your CI is hosted within your organization's network, please provide your Palantir representative with your organization’s egress IPs to allow access. This is necessary so that the CI system can publish metadata about new versions of software to Apollo.
    • The Spoke Environment must establish trust with the Apollo Hub. This will be done as part of the Spoke Control Plane bootstrapping process using an Environment Keypair and configuration file. Your Palantir representative will provide this after allowlisting the cluster IPs.

    Kubernetes cluster permissions

    The Apollo Spoke Control Plane that is responsible for managing Helm Charts within the Spoke Environment must be granted wildcard Kubernetes RBAC permissions. This allows Apollo to operate on any current or future Helm Charts that a user may need to manage with Apollo. Crucially, this prevents administrators from manually adding RBAC permissions to the helm-chart-operator piecemeal with each new Helm Chart that they would like to manage.