Guides

Requirements

Manifest Self-Hosted runs on a single Linux host. That same host is also where you run the manifest-installer CLI to drive installation and upgrades — there is no separate installation client. The sections below describe the host, software, and network requirements.

Host Requirements

Supported Operating Systems

  • Debian 12
  • RHEL 9
  • Ubuntu 24.04

Only x86_64 architectures are supported at this time.

Resource Requirements

MinimumRecommended
Compute16 vCPU48 vCPU
Memory64 GB192 GB
Storage300 GB3 TB

Required Software

The host must have the following installed before running manifest-installer:

  • Docker Engine — used to run the install-tools container that ships with each bundle. Podman is not supported.
  • AWS CLI v2 — used to pull the installation bundle and the install-tools container image from Manifest's distribution endpoints.
  • Python 3 — required by Ansible, which provisions k3s and the cluster components.
  • SSH servermanifest-installer uses Ansible to configure the host, including when the host is the same machine you run the CLI on. The user running the installer must be able to SSH to the host (typically localhost) and have passwordless sudo.

On RHEL 9, you can install Docker and the AWS CLI using the helper script that ships in the bundle:

sudo ./scripts/install-docker-awscli.sh

On Ubuntu 24.04 and Debian 12, follow the upstream Docker install instructions and install the AWS CLI from your distribution's package manager or the AWS CLI installer.

Network Environment Requirements

DNS

You will need to configure DNS records pointing to your host's IP address. This includes records for the main application, API, authentication service, and object storage buckets. Review the DNS Configuration guide to understand the required DNS records and plan your DNS setup.

Firewall

The Manifest deployment uses the following ports on the host:

  • TCP 22 (SSH — required by Ansible during install)
  • TCP 80 (HTTP)
  • TCP 443 (HTTPS)
  • TCP 6443 (Kubernetes API)
  • TCP 30000-32767 (Kubernetes NodePorts)

If your environment restricts outbound traffic, you must also allow access to external services required for installation and runtime operations. Review the Firewall Configuration guide for the complete list of domains that must be accessible.

Next Steps

Once you have verified that your environment meets these requirements, proceed to gather the required credentials.