This guide explains how to add a new environment (e.g., stg) to the platform.
- Access to infrastructure and deploy repositories
- Doppler project access
- Auth0 tenant access (if environment needs authentication)
Update the environment list in 3 ApplicationSet files:
| File | Path |
|---|---|
| Services | apps/templates/services/services-appset.yaml |
| PostgreSQL | apps/templates/data/postgres-clusters.yaml |
| Redis | apps/templates/data/redis-clusters.yaml |
Add your environment to the list.elements:
- list:
elements:
- env: dev
imageConstraint: "~0-0"
- env: stg # <- add this
imageConstraint: "~0"
- env: prd
imageConstraint: "~0"Note: For postgres and redis files, only
envfield is needed (noimageConstraint).
Create helm-values/data/postgres-stg-defaults.yaml.
Reference: CloudNativePG Resource Management — memory should be ≥4x
shared_buffers
type: postgresql
version:
postgresql: "17"
cluster:
instances: 2
storage:
storageClass: longhorn
resources:
requests:
cpu: 200m
memory: 384Mi
limits:
cpu: 750m
memory: 896Mi
monitoring:
enabled: true
podMonitor:
enabled: true
# Backups - https://cloudnative-pg.io/documentation/current/backup/
backups:
enabled: true
provider: s3
retentionPolicy: "14d"
endpointURL: <S3_ENDPOINT>
destinationPath: s3://<S3_BUCKET_CNPG>/
s3:
region: auto
bucket: <S3_BUCKET_CNPG>
secret:
create: false
name: cnpg-backup-s3
scheduledBackups:
- name: daily
schedule: "0 0 2 * * *"
backupOwnerReference: cluster
method: barmanObjectStore
data:
compression: gzip
jobs: 1
wal:
compression: gzip
maxParallel: 1
recovery:
method: object_store
provider: s3
endpointURL: <S3_ENDPOINT>
destinationPath: s3://<S3_BUCKET_CNPG>/
s3:
region: auto
bucket: <S3_BUCKET_CNPG>
secret:
create: false
name: cnpg-backup-s3Create helm-values/data/redis-stg-defaults.yaml:
mode: standalone # or sentinel for HA
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 256Mi
storage:
enabled: true
storageClass: longhorn
size: 2Gi
redisExporter:
enabled: true
serviceMonitor:
enabled: true
auth:
enabled: true
secretStore: doppler-stgCreate manifests/core/cluster-secret-stores/doppler-stg.yaml:
apiVersion: external-secrets.io/v1
kind: ClusterSecretStore
metadata:
name: doppler-stg
spec:
provider:
doppler:
auth:
secretRef:
dopplerToken:
name: doppler-token-stg
namespace: external-secrets
key: dopplerTokenFor each service, create services/<service>/values-stg.yaml:
replicaCount: 2
resources:
requests:
cpu: 200m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
env:
ENVIRONMENT: "staging"- Open Doppler Dashboard
- Navigate to your project
- Click Add Config → name it
stg - Add required secrets (see README - Required Secrets)
- Generate Service Token (Access → Service Tokens)
- Create K8s secret:
kubectl create secret generic doppler-token-stg \
--namespace external-secrets \
--from-literal=dopplerToken="dp.st.stg.XXXX"If the new environment requires authentication:
- Open Auth0 Dashboard
- Go to Applications → Create Application
- Configure callback URLs for the new environment
- Add the new URLs to
whitelist_domainsin OAuth2 Proxy config
To expose services in the new environment, edit charts/protected-services/values.yaml:
services:
myservice-stg:
enabled: true
oauth2: false
namespace: myservice-stg
backend:
name: myservice-stg
port: 8080To enable automatic deployments, create manifests/apps/image-updater/<service>.yaml with a stg application reference.
- Updated 3 ApplicationSet files (services, postgres, redis)
- Created postgres defaults file
- Created redis defaults file
- Created ClusterSecretStore manifest
- Created service values in deploy repo
- Created Doppler config with secrets
- Created doppler-token-stg K8s secret
- Configured Auth0 (if needed)
- Synced ArgoCD