Lightup Hybrid deployment lets you keep your data in your environment and use the Lightup control plane to help manage and troubleshoot your deployment. See Deployment models for more information.

This page provides prerequisites to help you prepare for Lightup deployment. Please contact Lightup Support to arrange for actual deployment.

Lightup Hybrid can be deployed to an existing self-managed or AWS EKS-managed Kubernetes cluster that meets the following prerequisites.

Prerequisites

Outbound connectivity— Your system instance must always have access to the following internet services for the proper functioning of Lightup. You should modify your firewall rules if you cannot access any of these services.

Service	Domains to whitelist
Replicated (replicated.com): Lightup application software is packaged and licensed using Replicated. The application bundle (Kubernetes binaries, Docker containers, license file) are pulled from Replicated during the installation sequence and subsequent upgrades.	- .replicated.com (enables Upstream Docker images via proxy.replicated.com. The on-prem docker client uses a license ID to authenticate to proxy.replicated.com. This domain is owned by Replicated, Inc., headquartered in Los Angeles, CA.) quay.io (source of replicated images for releases) .gcr.io (source of replicated images for releases) *.docker.io (source of replicated images for releases) k8s.kurl.sh (source of Kubernetes cluster installation scripts and artifacts: an application identifier is sent in a URL path, and bash scripts and binary executables are served from kurl.sh. This domain is owned by Replicated, Inc., headquartered in Los Angeles, CA) amazonaws.com (source of tar.gz: packages are downloaded from Amazon S3. The IP ranges to whitelist for accessing these can be scraped dynamically from the AWS IP Address Ranges documentation.)
Datadog: Lightup uses Datadog for container logging, metric monitoring and Kubernetes pod health monitoring	.datadoghq.com (enables Lightup monitoring)
Lightup AWS Services: Lightup leverages a dedicated single-tenant service for install and upgrade requirements.	.lightup.ai (enables Lightup system updates and calls)

Service

Domains to whitelist

Replicated (replicated.com): Lightup application software is packaged and licensed using Replicated. The application bundle (Kubernetes binaries, Docker containers, license file) are pulled from Replicated during the installation sequence and subsequent upgrades.

- *.replicated.com (enables Upstream Docker images via proxy.replicated.com. The on-prem docker client uses a license ID to authenticate to proxy.replicated.com. This domain is owned by Replicated, Inc., headquartered in Los Angeles, CA.)

quay.io (source of replicated images for releases)
*.gcr.io (source of replicated images for releases)
*.docker.io (source of replicated images for releases)
k8s.kurl.sh (source of Kubernetes cluster installation scripts and artifacts: an application identifier is sent in a URL path, and bash scripts and binary executables are served from kurl.sh. This domain is owned by Replicated, Inc., headquartered in Los Angeles, CA)
amazonaws.com (source of tar.gz: packages are downloaded from Amazon S3. The IP ranges to whitelist for accessing these can be scraped dynamically from the AWS IP Address Ranges documentation.)

Datadog: Lightup uses Datadog for container logging, metric monitoring and Kubernetes pod health monitoring

.datadoghq.com (enables Lightup monitoring)

Lightup AWS Services: Lightup leverages a dedicated single-tenant service for install and upgrade requirements.

.lightup.ai (enables Lightup system updates and calls)

A supported Kubernetes version— We currently support versions 1.24 through 1.27.
AWS EKS— If you’re using AWS EKS, make sure that the following add-ons or equivalent have been installed:
Sufficient cluster resources— You need a minimum of 4 vCPUs / 16 GB memory per node and a minimum total resources across all nodes of 8 vCPUs, 64GB RAM.