Lightup Self-hosted

Details on the Lightup Self-hosted deployment model.

Contact Lightup Support to begin

To get started, contact [email protected].

You will receive the following deployment resources in email:

  • A Lightup token
  • A Lightup TLA value

Before deployment, you'll need to provide Lightup with more information:

  • The e-mail address of the initial admin user, if it's not the same as the one that's making the request. This should be provided before the deployment.
  • The URL or IP address you will use to access the cluster. This can be supplied later but you won't be able to access the cluster until Lightup has this info.

There are also a number of prerequisite steps.


  1. Outbound connectivity— Your system instance must always have access to the following internet services for the proper functioning of Lightup. You should modify your firewall rules if you cannot access any of these services.
ServiceDomains to whitelist
Linux package repositories (apt/yum repositories): For support packages needed on the VM host environment.One of the following, depending on which Linux version you install:
- * (yum/dnf Repositories— enables RHEL/Fedora System Update Packages)
- * (apt Repositories— enables Ubuntu System Update Packages)
Replicated ( Lightup application software is packaged and licensed using Replicated. The application bundle (Kubernetes binaries, Docker containers, license file) are pulled from Replicated during the installation sequence and subsequent upgrades.- * (enables Upstream Docker images via The on-prem docker client uses a license ID to authenticate to This domain is owned by Replicated, Inc., headquartered in Los Angeles, CA.)
- (source of replicated images for releases)
- * (source of replicated images for releases)
- * (source of replicated images for releases)
- (source of Kubernetes cluster installation scripts and artifacts: an application identifier is sent in a URL path, and bash scripts and binary executables are served from This domain is owned by Replicated, Inc., headquartered in Los Angeles, CA)
- (source of tar.gz: packages are downloaded from Amazon S3. The IP ranges to whitelist for accessing these can be scraped dynamically from the AWS IP Address Ranges documentation.)
Datadog: Lightup uses Datadog for container logging, metric monitoring and Kubernetes pod health monitoring* (enables Lightup monitoring)
Lightup AWS Services: Lightup leverages a dedicated single-tenant service for install and upgrade requirements.* (enables Lightup system updates and calls)
  1. VM hardware— You need a minimum of 8 vCPUs, 64GB RAM, and 200GB of persistent, flat, unpartitioned hard disk capacity (EBS or similar).
  2. VM OS— You can install Ubuntu 20.04 or RHEL8.


Step 1: Set up Postgres Server 14

  1. Install Postgres Server 14 with the following resources:
    • 4 CPUs
    • 8 GB memory
    • 200 GB storage
    • 2000 IOPS
  2. Set up daily backups.
  3. When your Postgres instance is ready, log in and complete the following steps:
    a. Make note of the Postgres host, TCP port, username and password - you'll need them during the next installation step (when you bootstrap the Lightup data plane).
    b. Create three databases: adb, sdb, and udb.
    c. In each database, set max_connection >= 500 and run the following code:
SELECT * FROM pg_stat_statements LIMIT 1;
SELECT uuid_generate_v4();

Step 2: Bootstrap the Lightup data plane

  1. Set up a new VM running Ubuntu 20.04 or RHEL8.
  2. SSH into the VM.
  3. Make sure curl is installed.
  4. Run the following command, using the tla and token values from Lightup:
    curl -H 'Cache-Control: no-cache' -L \ | \
    LIGHTUP_TLA=<tla> LIGHTUP_TOKEN=<token> bash -s install
  5. Follow the prompts to complete Postgres configuration, entering the values you noted when you set up Postgres.

Step 3: Access the Lightup UI

You have two options: browse to the VM using its IP address or host name, or set up a custom URL for the VM and a certificate to match, and provide this URL to Lightup support.

Use the VM host name or IP address

  1. Provide the VM host name or IP address to Lightup support.
  2. When they acknowledge receipt, browse to https://<ip-address-or-host-name-of-your-VM>:8443 and log in to the Lightup app. Note that you'll see a warning about an insecure certificate.

Use a custom URL with a certificate

  1. After you bootstrap the Lightup data plane, set up a custom URL and certificate that resolve to the VM on port 8443.
  2. Provide this information to Lightup support. When they acknowledge receipt, browse to the custom URL and log in.