Skip to main content

Prerequisites Overview

Before deploying the Onehouse dataplane, your cloud environment must meet the following requirements. These concepts apply across all clouds — the specific setup steps differ per platform.

Onehouse Request ID

You will need a request ID from Onehouse before you can deploy. This ID is used to:

  • Name Onehouse-managed resources in your account
  • Establish cross-account trust (AWS external ID / GCP/Azure federation)
  • Configure Terraform state storage bucket names

Contact your Onehouse account team to obtain your request ID before proceeding.

Networking

Every cloud deployment requires:

  • Private subnets — the Kubernetes cluster nodes run here
  • NAT gateway / egress — nodes need outbound internet access to reach the Onehouse control plane on port 443; no inbound connections are required
  • Storage endpoint — a VPC/VNet service endpoint to cloud storage (S3 / GCS / Azure Blob) to avoid routing data traffic through NAT

IP Address Sizing

The required sizes are the same across all clouds: a /16 VPC and /20 private subnets. How pod IPs are allocated differs by CNI plugin, but the sizing guidance is consistent:

  • AWS (VPC CNI) — Pod IPs are allocated directly from the node's /20 private subnet. Every pod consumes a subnet IP, so large private subnets are essential.
  • GCP (Alias IPs) — Pods use secondary IP ranges separate from the node subnet. The node subnet is still /20 for headroom, with additional /20 (pods) and /24 (services) secondary ranges reserved.
  • Azure (Azure CNI Overlay) — Similar to GCP; pods use a dedicated pod CIDR separate from the node subnet. The node subnet is /20, with an additional /16 for pods and /16 for services.

The specific CIDR requirements for each cloud are documented in their respective prerequisites pages.

Cloud Storage

You need:

  1. A Terraform state bucket named onehouse-customer-bucket-<RequestIdPrefix> in the same region as your deployment
  2. A lakehouse bucket (S3 / GCS / Azure Blob) in the same region for your data
caution

Buckets in a different region will incur cross-region data transfer costs.

IAM / Permissions

You will need administrator-level access to your cloud account to run the customer stack deployment. The Terraform module creates IAM roles/service accounts/managed identities on your behalf.

Tooling

ToolVersion
Terraform1.11.0
AWS CLIAny recent
gcloud CLIAny recent
Azure CLIAny recent
yq, jq, curlAny recent

Cloud-Specific Prerequisites