Prerequisites

What every host (validator, RPC / full node, seed) needs before you run bootstrap.sh or install the Helm chart. These apply to the public testnet (chain-id 473374); mainnet (47337) is identical.

For the per-role CPU / RAM / disk sizing and the cost / cheapest-baremetal guidance, see Hardware specs. This page is the software + host setup checklist.

Checklist

1. Docker Engine + Compose v2. Verify with docker --version and docker compose version — the space-separated v2 plugin, not the legacy docker-compose. The compose file uses the v2 schema (no top-level version: key).
2. NVMe mounted at DATA_DIR. Format and mount the NVMe volume at the path you set as DATA_DIR (default /var/lib/krypton/data). Confirm with lsblk / df -h that it is the fast device, not the root EBS/disk.
3. Time sync (NTP). CometBFT consensus is time-sensitive; clock skew causes missed proposals and peer rejection. Enable chrony or systemd-timesyncd and verify with timedatectl (System clock synchronized: yes).
4. Firewall. Install the host firewall before exposing the node — nftables on baremetal or an AWS Security Group. See Ports & firewall.
5. Non-root UID. Containers run as KRYPTON_UID:KRYPTON_GID (default 10000:10000), never root. bootstrap.sh chowns DATA_DIR to it. Do not run the stack as root.
6. Tools: jq (bootstrap uses it to assert the bundle chain-id), openssl (JWT generation), and git / curl. cast (Foundry) is handy for verification.

NVMe is REQUIRED for the execution layer

bera-reth stores state in an MDBX database with heavy random-write / fsync patterns. On slow or wear-prone storage (SD cards, network EBS below gp3, spinning disk) MDBX corrupts or wears out the volume and the EL falls behind or dies. Use local NVMe on baremetal; on AWS use gp3 (or io2 for RPC/archive) — never standard / sc1 / st1. The DATA_DIR mount must be the NVMe volume.

What else you'll need

Beyond the host setup, joining a network requires:

• The network bundle — eth-genesis.json + spec.toml + kzg-trusted-setup.json (a BUNDLE_URL or local BUNDLE_DIR). See Genesis & the network bundle.
• Peer strings — EL_BOOTNODES (enode) and CL_SEEDS (CometBFT node-id), from the bundle / launch coordinator.
• A reachable public IP — set as EXT_IP. A wrong value means no inbound peers.
• Validators only: your priv_validator_key.json from the genesis ceremony, placed at DATA_DIR/cl/config/priv_validator_key.json before running bootstrap.

Container path only

The supported install runs the clients as containers (Compose or Kubernetes / Helm). A non-Docker (raw systemd binaries) install is not provided.

Next: Quick start (spin up a node).