Chef 360 Platform requirements

Review the following requirements for Chef 360 Platform Server, nodes, and skills.

Licensing

A valid Chef 360 Platform license is required to install and run Chef 360 Platform.

Chef 360 Platform Server requirements

Hardware

Chef 360 Platform supports single-node and multi-node deployments. Select a topology based on your availability and scalability requirements.

For production environments, run a benchmark test to determine your system’s requirements. The benchmark test should include the number of nodes you plan to enroll, job frequency, output size, job duration, and check-in frequency.

Note

If the root directory has space restrictions, mount the following directories before installing Chef 360 Platform:

/var/lib/k0s/
/run/k0s/
/var/lib/embedded-cluster
/etc/k0s/

Chef Declarative State Management

Starting with Chef 360 Platform 1.6.0, Declarative State Management (DSM) is included with Chef 360 Platform by default. The hardware requirements listed here include DSM.

If you’re upgrading from a version before 1.6.0, verify that your nodes meet the current requirements.

Single-node requirements

A single-node Chef 360 Platform deployment (hyperconverged non-HA) has the following minimum requirements. Adjust these values based on your specific usage patterns and workload. For sizing recommendations tailored to your environment, contact your Customer Architect or Customer Success Manager.

vCPU	Memory	Storage
16	32 GB	200 GB

Multi-node requirements

All nodes must meet or exceed the requirements for their assigned role. Minimum node counts and node sizing requirements must both be satisfied. Using fewer nodes with larger specifications doesn’t replace the required node count. Node roles must be deployed exactly as defined for each topology.

These requirements support reliable operation and high availability of the platform.

Multi-node systems have the following minimum requirements:

Topology	Roles	Nodes	vCPU	Memory (GB)	Disk (GB)
Hyperconverged-HA	Controller + Frontend + Backend	3	16	32	200
Tiered-HA	Controller + Backend	3	16	32	200
	Frontend	3 or more	8	16	50
Hyperscale-HA	Controller	3	4	16	50
	Frontend	3 or more	8	16	50
	Backend	3	16	32	200

Node sizing requirements can vary based on workload characteristics, scale expectations, performance objectives, availability requirements, and integration patterns. The requirements documented here represent a baseline configuration. Work with a Chef 360 Platform Architect to validate and refine node sizing and ensure your deployment meets the specific needs of your environment.

For more information about cluster topologies and adding nodes, see Cluster management.

File system requirements

Chef 360 Platform has the following file system requirements:

A mounted XFS filesystem with the ftype=1 option. This is the default in recent RHEL versions.
The /var directory isn’t mounted with the noexec option.

Ports

Chef 360 Platform requires the following ports for all deployments. Open the following ports if you are using default ports.

Ports for inbound connections:

Port	Description
22	SSH
5985-5986	WinRM
30000	Chef 360 Platform console (not applicable for Bring Your Own Kubernetes (BYOK) deployments)
31000	API Gateway
31050	RabbitMQ
31101	Mailpit (optional)

Ports for outbound connections:

Port	Description
443	For non-air gapped installations

Ports for multi-node deployment

Multi-node deployments require additional ports for node-to-node communication. Create firewall rules to allow bidirectional traffic between nodes on these ports.

Port	Description
2380	etcd server client API (TCP)
4789	Flannel VXLAN overlay network (UDP)
6443	Kubernetes API server (TCP)
9091	Prometheus metrics (TCP)
9443	Webhook server (TCP)
10249	kube-proxy (TCP)
10250	Kubelet API (TCP)
10256	kube-proxy health check and metrics (TCP)
30000	Admin Console (TCP), required for nodes joining the cluster

Fully qualified domain name

Chef 360 Platform Server requires a fully qualified domain name (FQDN) that’s RFC 1123 compliant and registered with the Domain Name System (DNS).

Disaster recovery

Disaster recovery has the following requirements:

Chef 360 Platform 1.7.0 or later installed and running.
S3-compatible object storage accessible to the Chef 360 Platform cluster. The following storage options are supported:
- AWS S3
- MinIO: Must be configured to use HTTP or HTTPS with a certificate issued by a publicly trusted certificate authority. MinIO with self-signed certificates isn’t supported.

In an air-gapped environment, your S3-compatible object storage must be accessible from within your virtual private cloud (VPC) without public internet access. Configure access using one of the following methods:

A VPC endpoint for S3 (recommended)
Custom network routing to S3

Verify that your IAM permissions and security group rules allow Chef 360 Platform to read from and write to the S3 bucket.

Node requirements

Nodes can be enrolled using two different methods, with a Chef Infra cookbook or with single-node enrollment from Chef 360 Platform. See the node requirements for those methods in the following sections.

Ports

Open the following default ports for outbound connections.

Port	Description
443	HTTPS
31050	RabbitMQ AMQP/AMQP-TLS
31000	Nginx Reverse Proxy NodePort
22	SSH (optional)
80	HTTP (optional)

Cookbook-based enrollment

Nodes enrolled with Chef 360 Platform using a Chef Infra cookbook have the following requirements:

Nodes must have Chef Infra Client installed.
Nodes have a public DNS or public IP address.
Nodes can’t have localhost (127.0.0.1) as an IP address.
Nodes can’t have a CIDR address in the same range as the Chef 360 Platform services. The default CIDR range for Chef 360 Platform services is 10.244.0.0/16 or 10.96.0.0/12.
You must have sudo privileges on the node.

Single-node enrollment

Nodes enrolled using single-node enrollment have the following requirements.

Connection requirements

Nodes must be accessible through SSH or WinRM:
- Linux nodes must be enrolled using SSH.
- Windows nodes must be enrolled using WinRM.
Nodes must have a public DNS name or public IP address.
A node’s IP address can’t be 127.0.0.1 (localhost).
A node’s CIDR address must not overlap with the Chef 360 Platform services’ CIDR range. The default CIDR ranges for Chef 360 Platform services are 10.244.0.0/16 and 10.96.0.0/12.
The node’s ports for RabbitMQ and the nginx API gateway must be open to Chef 360 Platform. Chef 360 Platform must also allow inbound connections to these ports from the node.
For nodes running Windows Server 2016, download and manually install curl. After installation, ensure the curl executable is added to the system’s PATH environment variable.

SSH connection requirements

Port 22 must be open.
The user must have sudo privileges.
The user must authenticate using an ed25519 or RSA (2048-bit) key without a passphrase.
If you’re enrolling a node with a username and password, disable sudo password prompts for the SSH user account on that node.

WinRM connection requirements

Ports 5985 (HTTP) and 5986 (HTTPS) must be open.

Configure WinRM by running the following commands:

winrm quickconfig   # Select 'Yes' when prompted
winrm set winrm/config/service/Auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow
netsh advfirewall firewall add rule name="WinRM-HTTPS" dir=in localport=5986 protocol=TCP action=allow

Skill requirements

Chef 360 Platform skills are supported on the following platforms.

OS	Architecture	Version
Linux	x86_64	Kernel 5.4 or later
Windows	x86_64	Windows Server 2016 Base and later

Skills have the following dependencies:

The Chef Infra Client interpreter requires that Chef Infra Client is installed on the node.
The InSpec interpreter requires that Chef InSpec is installed on the node.