System Requirements
Standalone Mode
The standalone CLI runs on Linux x86_64. No Kubernetes required.
| Requirement | Details |
|---|---|
| Platform | Linux x86_64 |
| Container runtime | Docker, Podman, containerd, or CRI-O (auto-detected) |
| Internet | Required for first run (downloads Trivy/ClamAV); use --offline after |
| Disk | ~200MB for cached tools at ~/.cache/reel/ |
Agent Mode: Kubernetes
| Version | Status | Notes |
|---|---|---|
| v1.30+ | Recommended | Checkpoint API enabled by default (beta) |
| v1.25 - v1.29 | Supported | Checkpoint API requires feature gate |
- • Helm 3.x
- • containerd 2.0+ or CRI-O 1.25+
Node OS
| OS | Status |
|---|---|
| Ubuntu 22.04+ | Supported |
| Amazon Linux 2023 | Supported |
| Red Hat Enterprise Linux | Supported |
| OpenShift | Coming soon |
Cloud Providers
GKE, EKS, and AKS standard clusters are supported.
Serverless options (GKE Autopilot, EKS Fargate) are not supported. They do not provide node-level access required by the agent.
CRIU
Checkpoint operations use CRIU v4.2 for process state capture. The agent includes CRIU, so no manual installation is required.
All other features (layers, SBOM, CBOM, malware, forensics) do not use CRIU.
Resources
Measured with 3 concurrent 5GB layer captures. Adjust based on workload.
| Component | CPU Request | CPU Limit | Memory Request | Memory Limit |
|---|---|---|---|---|
| Agent | 250m | 1000m | 128Mi | 256Mi |
| ClamAV (optional) | 100m | 500m | 1Gi | 2Gi |
ClamAV loads signature database into memory on startup (~1GB). The scheduler limits concurrency to 3 checkpoints and 2 layers at a time, with a 5-minute timeout per operation.
Storage sizing
Checkpoint and layer artifact sizes track the container's filesystem footprint. Layers only contain the diff from the base image, so a container that wrote little is far smaller than its image:
| Container Size | Approximate Artifact Size |
|---|---|
| 100MB | ~50-100MB |
| 500MB | ~200-400MB |
| 1GB+ | ~500MB-1GB |
Artifacts uploaded via upload stream to S3 and the server-side copy is deleted immediately. Apply S3 lifecycle rules to age out evidence. For node-local cleanup, delete layer <layer-id> removes a single capture, and delete checkpoint --older-than prunes checkpoints by age.