Installation Requirements

Modified on Wed, 07 Jun 2023 at 04:37 PM

In order to install an instance of the Labfolder platform, some requirements have to be met and some may or may not need to be met depending on the deployment model. This article explains.



  • Min. 16GB of free RAM for the application (recommended 20-24GB for the VM, depending on the distribution).
  • Hard drive min. 300 GB (higher data volumes require the installation of more hard drive space).
    • The application data, container images, and logs are stored at /var.
    • If multiple mount points exist, ensure the disk space is available for the /var directory.
  • Min. 4 x84-64 CPUs or equivalent with 2.6 GHz or more. Virtual CPUs are equally accepted.


TLS Certificate

Labforward requires a valid TLS certificate for the domain and all subdomains. 

The certificate chain must include all entities, including the Certificate Authority. The options are (considering  as the domain):

  • One wildcard certificate covering all subdomains: *

  • Or one certificate with one Subject Alternative Name for each subdomain. The following subdomains must be mapped: - Admin console used for application management. Required for all customers; - Identity and Authentication Manager (IAM). Used to authenticate all users. Required for all customers; - File Object Storage. Used to download/upload files directly from the browser. Required for all customers; - Labfolder application. Required for Labfolder/Labregister clients; - Labregister application. Required for Labfolder/Labregister clients; - Laboperator application. Required for Laboperator clients; - Required for Laboperator clients; - Required for Laboperator clients.

All subdomain names are configurable. The example above uses the default values.

Labforward supports two options for providing the TLS certificate during the installation:

  • Custom x509 certificate - the customer provides the certificate (.crt) and key (.key)

If the custom certificate is self-signed or has an unknown CA for the browsers or operational systems using the application, then the root certificate (.crt) must be provided.

  • Cert-manager with an automatically generated certificate issued by Let's Encrypt - for more details, check

This certificate is recognized by all the common browsers and operational systems;

Let’s Encrypt requires access to the cluster to validate the certificate. For this reason, the following endpoint must be exposed on the public internet /.well-known/acme-challenge/*. Full example of the Let’s Encrypt validation request It makes one request for each subdomain available.

If exposing part of the cluster to the public internet is impossible, then the customer must provide a custom certificate.

DNS Requirements

Labforward requires a DNS routing the traffic to the cluster machine.

The DNS must cover all the domains used by the TLS certificate.

There are three options to configure the DNS:

  • Custom DNS - The customer is responsible for configuring the DNS

  • Labforward DNS - Labforward will configure the DNS in the address. The domain name must end with The subdomain and customer-name are configurable by the customer;

  • No DNS - The customer configures the cluster and each end-user device to connect to the application's IP. For example, by editing the etc/hosts file. This option requires all the clients to be in the same network as the Kubernetes cluster. Notice that changing the cluster IP will require updating all devices. It can be done at the proxy level. Given the extra complexity and security risks, this option is not recommended.

Regardless of the option, the DNS mapping pointing out to the Kubernetes cluster IP** or CNAME must include all the following subdomains:

domain.tld - the domain. It must be mapped for TLS certificate validations and internal redirects inside the cluster - Required for all customers; - Required for all customers; - Required for all customers; - Required for Labfolder/Labregister clients; - Required for Labfolder/Labregister clients; - Required for Laboperator clients; - Required for Laboperator clients; - Required for Laboperator clients.

  • Optionally, one wildcard entry plus the domain is accepted:

     *.domain.tld - wildcard for all subdomains;

    domain.tld - the main domain.

    ** By default, the cluster address is the same as its VM address.


Proxies are not required for the installation. 

A proxy in the cluster network must use a valid TLS certificate signed by a known CA or the same TLS certificate of the Kubernetes cluster inserted via the admin console.

Operating System

This information only applies if you want to install the cluster using the provided kURL installer.

Note: Labforward recommends ubuntu 20.04 or newer.

Alternative operating systems

  • RHEL 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7;
  • Oracle Linux 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7;
  • Amazon Linux 2.

Access Requirements

  • SSH access via root, to run the installer
  • port 8800 access via port-forwarding or firewall rule, to access the administration interface

Tip: For more details about supported systems, check


The installation script installs all the required software, if not already installed; except for CURL, it must be installed before the installation.

Kubernetes Cluster

Any Kubernetes cluster must meet all these requirements: 

  • Kubernetes version 1.27.0 or above;

  • Kubernetes environment - EKS, GKE, AKS, DigitalOcean, kURL;

  • Containerd version 1.6+ as the container runtime;

  • Docker can not be installed in the machine;

  • A persistent volume storage class for the ReadWriteOnce and ReadWriteMany access modes;

  • Cert Manager version 1.7.0 or higher  (optional - when CertManager should be used for certificates);

  • Ingress Controller - we recommend ingress-nginx version 4.0.13 or higher;

  • A fresh namespace. We recommend naming it labforward. KOTS requires root access to this namespace;

Note: The cluster installed via Labforward’s installation script meets all these requirements. In this case, ensure that the installation machine does not have any of the items mentioned above previously installed, as Labforward will install everything for you. It is highly recommended to make the new installation in a fresh machine without any custom dependency.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article