Skip to content

configure-lifecycle.mdx

Latest commit

 

History

History
89 lines (64 loc) · 2.8 KB

configure-lifecycle.mdx

File metadata and controls

89 lines (64 loc) · 2.8 KB
title tags
Additional Configuration
configure
lifecycle
install
setup

import { Callout } from "nextra/components";

We are in the final step of the setup process.

This step is Optional but highly recommended to ensure the default IP Whitelist is set for the environments created by the Lifecycle app. This will help in securing the environments and restricting access to only the specified IPs or CIDR blocks.

Set Default IP Whitelist

  • Connect to the postgres database using the psql command line tool or any other database client.

    Database password was auto generated during the infra setup and can be found retrieved from the app-postgres secret in the lifecycle-app namespace.

  • Retrieve the database password:

   kubectl get secret app-postgres --namespace lifecycle-app \
      -o jsonpath='{.data}' | jq 'with_entries(.value |= @base64d)'
  • Run the following SQL commands to update the configuration:
-- provide a default IP whitelist for the environments, default is open to all IPs
UPDATE public.global_config
SET
    config = (
        config::jsonb ||
        '{
            "defaultIPWhiteList": "{ 0.0.0.0/0 }"
         }'::jsonb
    )::json,
    "updatedAt" = NOW()
WHERE "key" = 'serviceDefaults';
Note that the infra setup with the OpenTofu modules below will **open your cluster to the world.**
🛡️ Make sure to **shield** your cluster by implementing appropriate network policies and access controls after the initial setup.

Replace the defaultIPWhiteList under global_config.serviceDefaults with your actual IP whitelist or CIDR block to restrict access to the deployed environments.

Enable Environment Lens Globally

The environment lens banner can be enabled globally for all services via the features row in global_config. Individual services can still override this by setting envLens explicitly in their lifecycle.yaml.

-- Enable envLens globally for all services
INSERT INTO public.global_config ("key", config, "createdAt", "updatedAt")
VALUES ('features', '{"envLens": true}'::json, NOW(), NOW())
ON CONFLICT ("key")
DO UPDATE SET
    config = (public.global_config.config::jsonb || '{"envLens": true}'::jsonb)::json,
    "updatedAt" = NOW();

After running this, refresh the config cache to apply the change.

Refresh config cache

curl -X PUT https://app.<your_domain>/api/v1/config/cache

This will refresh the configuration cache and apply the changes you made to the database for the Lifecycle app.

We are all set! 🎉 And ready to create our first PR based ephemeral environment.