Flipt’s default setup is designed to help you get up and running quickly. To run Flipt successfully in a production environment, you will likely need to modify a few configuration options.

Some of the configuration options and tips to consider when operating Flipt in production are as follows:

Database Connection Limits

By default, the Go database/sql client will have MaxOpenConn equal to 0 (unlimited), and MaxIdleConn equal to 2.

With the databases that listen over a network (MySQL, Postgres, CockroachDB), there are default server limits for the number of open connections it supports.

In high burst traffic scenarios, this can lead to the too many open connections error server side.

You should tweak that number to be above 0, and to whatever fits your use case. This can be altered either via the Flipt configuration file or environment variables:

FLIPT_DB_MAX_OPEN_CONN=5

The Go documentation states:

If MaxOpenConns is greater than 0 but less than the new MaxIdleConns, then the new MaxIdleConns will be reduced to match the MaxOpenConns limit.

Keep in mind that tuning MaxOpenConn may lead to tuning MaxIdleConn as well.

FLIPT_DB_MAX_IDLE_CONN=5

Prepared Statements

By default, all queries are run as prepared statements. This could pose a problem in some environments.

For instance, PGBouncer doesn’t support prepared statements in its transaction pooling mode.

You can disable prepared statements for the database client using:

FLIPT_DB_PREPARED_STATEMENTS_ENABLED=false

Debug Logging

Debug logging can be useful if you are actively developing or trying to fix problems in an environment, but can have the adverse effect of eating up CPU time under load. Enabling debug logging can end up mixing useful logs with non-useful ones.

It’s recommended to disable Flipt’s debug logging in a production environment by increasing the log level:

FLIPT_LOG_LEVEL=info

Profiling

Flipt exposes profiling endpoints (/debug/pprof) that can be useful for debugging and troubleshooting. However, these endpoints can be a security risk if exposed to the public internet.

You can disable these endpoints by setting the following configuration options:

FLIPT_DIAGNOSTICS_PROFILING_ENABLED=false

Prometheus Metrics

If your instance uses Prometheus as the storage engine for analytical data, Flipt will expose a metrics endpoint (/metrics) that can be scraped by Prometheus. Ensure that this endpoint is not publicly accessible, for example, by configuring your Istio Ingress setup appropriately.