1. Environment

VanillaStack can run on literally any environment, for instance:

  • Bare-Metal

  • VMs

  • Private Cloud Environments

  • Public Cloud Environments

  • Azure

  • AWS

  • Google Cloud

We recommend creating dedicated VPCs (or similar) in Hyper-Scaler environments such as AWS, Azure or Google Cloud.

2. Setup Requirements

2.1. Installation

2.1.1. Installer

To start the deployment, you need at least one node with docker installed to run the VanillaStack installer.

2.1.2. Commandline

To install Vanillastack via CLI, you need ansible 2.9 and git installed.

3. Hardware

3.1. Bastion Node

The node used to install Vanillastack has no special needs, it only has to has access to your cluster via ssh and to the kubernetes api on port 6443

3.2. High Available Cluster using Rook as Storagebackend

  • 3 master nodes

  • 3 worker nodes

Minimal Hardware Requirements

Table 1. Requirements with Rook
Node Role Memory Cores


8 GB

4 Cores


16+ GB

8+ Core

Make sure to provide at least one raw disk-device, as it is necessary for rook to install successfully.

3 Worker nodes are no recommendation for production environments! Make sure, at least 4 Nodes are available.

4. Operating System and Configuration

At least a minimum of 6 machines have to be provisioned, for instance:

  • The only supported Operating System at the moment is Debian 10, others will be added in future.

  • If you install via CLI, make sure, you have a ssh keypair and your public key is populated to all nodes of the cluster

  • At the moment, all servers need access to the internet, if they are isolated, make sure a proxy is configured properly

5. Network

the VanillaStack network requirements depends on the selected workload:

5.1. VanillaStack network

used for: * management * internal K8s traffic * external application traffic

requirements: * each VanillaStack node need a network interface with IP address in this network

6. LoadBalancer

VanillaStack API and worklods need an loadbalancer to enable the high availability functionalities as well as easy access to the deployed workloads. As we decided to focus on DNS-based infrastructures, it is mandatory, that your Cluster Domain is resolvable. That is mainly needed for the kube api but should be done for all services of vanillastack:

api.<Cluster Domain> needs to be resolvable to install vanillastack. That can be reached with entries in /etc/hosts on all nodes or via DNS. It has to point to your Loadbalancer / Loadbalancer IP which needs to have port 6443 opened and forwarded to your three master nodes


# virtual IP for Loadbalancer:
# Cluster Domain:
# Entry in /etc/hosts:
# DNS Entry: 600 IN A
If you use an external LB, you have to configure it before installation
All Kubernetes API calls are addresses by the loadbalancer domain name / ip address. If the loadbalaner is not available Kubernetes is not able to community via API.

6.1. Overview

Architecure communication loadbalancer

6.2. Internal LoadBalancer

Vanillastack provides an internal loadbalancer functionality by using HAproxy and Keepalived. All required rules are preconfigured and managed by the VanillaStack installer.

the internal loadbalancer is used for API access as well as Ingress traffic. DNS records for API and workloads should point to the LoadBalancer IP.
all internal services are created as subdomain/endpoint by using the cluster IP. its easier to create a wildcard domain record and point to the loadbalancer ip instead of creating all required dns records manually.

6.2.1. Requirements

To use the internal loadbalancer vanillastack needs an additional ip address for the loadbalancer service. this ip address will be added to the master nodes, controlled by Keepalived.

A Cluster domain (example: is required. The cluster domain records needs to point to the cluster IP.

6.3. External LoadBalancer

Instead of using the internal loadbalancer VanillaStack can be configured to use an external loadbalancer. It is possible to use different loadbalancer for different workloads (e.g. one for API access, one for dedicated workloads, etc)

VanillaStack does not handle loadbalancer rules for external loadbalancers. this rules needs to be managed by the administrator!

6.3.1. Requirements

VanillaStack needs to know the IP Address of the external LoadBalancer. A Cluster domain (example: is required. The cluster domain records needs to point to the cluster IP.

The following rules needs to be defined by the administrator:

Table 2. Loadbalancer rules
Loadbalancer port target nodes target port used for




Ingress HTTP traffic




Ingress HTTPS traffic




Kubernetes API