Lightup Hybrid

If you prefer to host Lightup in your own environment, Lightup Hybrid can be deployed to a dedicated VM or to an existing Kubernetes cluster (self-managed or cloud-managed).

Lightup Hybrid deployment keeps all data-oriented processes, such as metric collection, monitor training, integrations, and alerting, within your environment.

This page provides prerequisites to help you prepare for Lightup deployment. Please contact Lightup Support to arrange for actual deployment.

Prerequisites

Outbound connectivity

Your system instance must always have access to the following internet services for the proper functioning of Lightup. You should modify your firewall rules if you cannot access any of these services.

ServiceDomains to whitelist
Linux package repositories (apt/yum repositories): For support packages needed on the VM host environment.One of the following, depending on which Linux version you install:

- *.fedoraproject.org (yum/dnf Repositories— enables RHEL/Fedora System Update Packages)
- *.ubuntu.com (apt Repositories— enables Ubuntu System Update Packages)
Replicated (replicated.com): Lightup application software is packaged and licensed using Replicated. The application bundle (Kubernetes binaries, Docker containers, license file) are pulled from Replicated during the installation sequence and subsequent upgrades.- *.replicated.com (enables Upstream Docker images via proxy.replicated.com. The on-prem docker client uses a license ID to authenticate to proxy.replicated.com. This domain is owned by Replicated, Inc., headquartered in Los Angeles, CA.)

- quay.io (source of replicated images for releases)
- *.gcr.io (source of replicated images for releases)
- *.docker.io (source of replicated images for releases)
- k8s.kurl.sh (source of Kubernetes cluster installation scripts and artifacts: an application identifier is sent in a URL path, and bash scripts and binary executables are served from kurl.sh. This domain is owned by Replicated, Inc., headquartered in Los Angeles, CA)
- amazonaws.com (source of tar.gz: packages are downloaded from Amazon S3. The IP ranges to whitelist for accessing these can be scraped dynamically from the AWS IP Address Ranges documentation.)
Datadog: Lightup uses Datadog for container logging, metric monitoring and Kubernetes pod health monitoring*.datadoghq.com (enables Lightup monitoring)
Lightup AWS Services: Lightup leverages a dedicated single-tenant service for install and upgrade requirements.*.lightup.ai (enables Lightup system updates and calls)
Auth0: Lightup uses Auth0 for best-in-class authentication, as well as integration with any SSO provider*auth0.com (enables authentication)

Deployment environment

Note: Once the Lightup deployment is complete, you should not change the VM hostname, otherwise it could impact the proper functioning of Lightup

Deployment targetSupported versionsMinimum hardware resources
New Linux VMUbuntu 20.04 or RHEL88 vCPUs, 64GB RAM, and 200GB of persistent, flat, unpartitioned hard disk capacity (EBS or similar)
Existing k8s clusterKubernetes 1.24 through 1.28Each node: 4 vCPUs / 32 GB RAM
Whole cluster: 8 vCPUs / 64GB RAM

Cloud-Managed Kubernetes (EKS, AKS, GKE)

If you’re using AWS EKS for your Kubernetes cluster, make sure that the following add-ons or equivalent have been installed:

Postgres Server 14

  1. Install Postgres Server 14 with the following resources:
    • 4 CPUs
    • 8 GB memory
    • 200 GB storage
    • 2000 IOPS
  2. Set up daily backups.
  3. When your Postgres instance is ready, log in and complete the following steps:
    a. Make note of the Postgres host, TCP port, username and password - you'll need them during the next installation step (when you bootstrap the Lightup data plane).
    b. Create three databases: adb, sdb, and udb.
    c. In each database, set max_connection >= 500 and run the following code:
CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
SELECT * FROM pg_stat_statements LIMIT 1;
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
SELECT uuid_generate_v4();

Set up a NAT gateway

If the Lightup application needs to use a singular, consistent IP address to access your datasources, you can configure a NAT gateway for your VM on any of the following platforms:

Custom Lightup Access Point

Lightup exposes a NodePort on port 30443 that you can use to access the Lightup UI.

If the nodes in your kubernetes cluster have public IP addresses, then you can access the UI at https\://<ip-address-or-host-name-of-your-VM>:30443. If the nodes do not have a public IP address or if you want to configure a URL, you can use a Load Balancer to access the UI. Lightup only works with supported domains, so you'll need to provide Lightup support with your IP address / hostname / URL.

The following example shows how you'd access the Lightup UI at https://lightup.my-company.com using a Network Load Balancer in AWS:

  1. Create a certificate for lightup.my-company.com with AWS Certificate Manager (ACM).

  2. Verify the certificate with the option to create records in Route 53.

  3. Copy the certificate ARN— you'll need this for the following step.

  4. Update the following manifest for the Kubernetes service that will generate the NLB, and save it as a file named lightup-nlb-service.yaml:

     apiVersion: v1  
       kind: Service  
       metadata:  
         name: lightup-backend  
         annotations:  
           external-dns.alpha.kubernetes.io/hostname: lightup.my-company.com  
           service.beta.kubernetes.io/aws-load-balancer-ssl-cert: YOUR_COPIED_CERTIFICATE_ARN  
           service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-FS-1-2-Res-2020-10  
           service.beta.kubernetes.io/aws-load-balancer-type: nlb  
         labels:  
           app: backend  
       spec:  
         externalTrafficPolicy: Local  
         loadBalancerSourceRanges:
    	 - 0.0.0.0/0  
      ports:
       - name: backend  
          port: 443  
          protocol: TCP  
          targetPort: 8000  
      selector:  
        app: backend  
        release: backend  
      type: LoadBalancer
    
  5. Deploy the NLB using kubectl and the YAML file you saved:
    kubectl apply -n lightup -f lightup-nlb-service.yaml

  6. Copy the generated NLB's URL.

  7. Create a new Route 53 A record for lightup.my-company.com to route to the NLB's URL.