Requirements
Last updated
Was this helpful?
Last updated
Was this helpful?
Garden Enterprise is a self-hosted distribution of Garden Cloud that includes additional enterprise features. It is distributed via and installed into your infrastructure with a single command using Replicated's .
Below you'll find an overview of the requirements for installing Garden Enterprise. Some sections will link to more detailed and use case specific guides.
The Garden Enterprise License will be delivered to you prior to the installation. It is then uploaded via the Replicated admin console, a web application that runs on localhost, during the initial set up.
Garden Enterprise runs in a Kubernetes cluster and is installed via the . The container images for the system services are pulled from a private registry thatβs set up automatically during the installation process.
The cluster:
Must be version 1.26 or higher.
Should generally have at least 3 worker nodes, minimum 4 vCPUs and 16GB RAM each. The ideal size and number of nodes depends on whether Garden Enterprise is used to run workflows or not, and if so, how many concurrent workflows are expected to be running at a given time.
When using workflows, itβs advisable to raise the node size by 2-4x relative to the minimum size. See below for a note on workflow runnersβ resource usage. Ideally, use auto-scaling on the worker nodes to handle load bursts if you expect to be running a large number of concurrent workflows concurrent workflows.
Should have 20 GB of persistent storage.
The workflow runners are only used if Garden Enterprise is used to run workflows on VCS events. They are ephemeral pods that are spun up on VCS events, and that run workflows via Garden Core. These pods are isolated in their own namespace with limited permissions.
Note that several workflow runners can run at the same time (due to multiple inbound VCS events) and resource usage depends on the size of the project in question.
Garden Enterprise requires access to a PostgreSQL database. The database:
Must run PostgreSQL version 11 or higher.
Must be accessible from the Garden Enterprise API service.
Should have at least a 40GB storage capacity.
Should have at least 1 vCPU and 2 GB RAM.
Must have the uuid-ossp
extension installed.
The bulk of database operations are caused by events and log entries that are streamed from Garden Core. This happens when:
A logged in user runs a Garden command
Garden is run from CI where a personal access token has been set
A workflow runner runs a workflow when triggered by VCS events
Therefore, database load is mostly determined by Garden Core usage from authenticated actors.
We generally recommend a managed cloud service where possible, e.g. AWSβ RDS, GCPβs Cloud SQL or Azureβs Database for PostgreSQL.
Garden Enterprise bundles Vault by default and the following only applies for customers that want to manage their own Vault instances.
If you prefer to manage your own Vault, the Vault server instance (or instances):
Must be accessible from the API service over HTTP(s).
You will need to set up a load balancer or an ingress controller for your Garden Enterprise cluster and point a DNS record to it. The connection must be over HTTPs and you must have the hostname at hand during installation.
In general, there's a single entrypoint to Garden Enterprise, but you can optionally expose some of the monitoring services as well.
Garden Enterprise connects to your VCS provider so that can you import your Garden projects. We currently support GitHub (.com or Enterprise) and GitLab (.com or self-managed). Garden Enterprise also uses your VCS provider as an authentication provider. Other SSO implementations are possible but evaluated on a case-by-case basis. Furthermore, GitHub or GitLab can be optionally used to enable Garden Enterprise to run workflows on VCS events.
During the installation you will need to provide a public/private key pair. This is used for signing JSON Web Tokens and authenticating against Vault instance.
You can use the following command to generate a self-signed public/private key pair:
KOTS Kubectl Plugin
Vault CLI
Most cloud managed databases will have the required settings out of the box, but you can refer to our for the exact configuration details.
Please refer to the of our Environment Configuration guide for the exact values you need to have at hand during the installation.
Must have the enabled.
Must be configured to use the authentication method.
You can find more details on the recommended Vault set up in our .
Please refer to the of our Environment Configuration guide for the exact values you need to have at hand during the installation.
If you choose to bundle Vault with Garden Enterprise, you will need to create a cloud KMS Key which is used during the .
Please refer to the of our Environment Configuration guide for the exact values you need to have at hand during the installation.
For more information on the monitoring services that Garden Enterprise optionally bundles, see .
Therefore, you'll need to configure GitHub or GitLab to work with Garden Enterprise. You'll find detailed instructions for and for .
Please refer to the of our Environment Configuration guide for the exact values you need to have at hand during the installation.
You'll need the for installing and updating Garden Enterprise. You can install it by running the following command:
If you choose to bundle Vault with Garden Enterprise, you'll also need the during the installation process. It's used when initializing Vault for the first time. You can download it .
Before installing Garden Enterprise, we highly recommend that you look at our . It contains a list of all the configuration options for Garden Enterprise and the values you need to have at hand during the installation (e.g. database host name, GitHub/GitLab IDs, etc).