From 3c0bee4e4d020c844d39b17517c744f47f461a50 Mon Sep 17 00:00:00 2001
From: jonathan-d-zhang <69145546+jonathan-d-zhang@users.noreply.github.com>
Date: Sun, 1 Sep 2024 11:15:08 -0400
Subject: [PATCH] docs: Add cluster whitelisting instructions to bootstrap

Signed-off-by: jonathan-d-zhang <69145546+jonathan-d-zhang@users.noreply.github.com>
---
 docs/bootstrap.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/docs/bootstrap.md b/docs/bootstrap.md
index 106ffa6..afffd9c 100644
--- a/docs/bootstrap.md
+++ b/docs/bootstrap.md
@@ -10,6 +10,7 @@ You will need:
   - kubernetes: create, delete
   - If replacing an existing cluster:
     - load_balancer: read, delete
+    - database: read, update
 - `PWD` set to the root of this repo
 - [`kubectl`](https://kubernetes.io/docs/tasks/tools/#kubectl)
 - [`helm`](https://helm.sh/docs/intro/install/)
@@ -41,6 +42,20 @@ for more options. The cluster may take a few minutes to provision.
 
 **Note**: `doctl k8s cluster create` sets the `kubectl` context to the newly created cluster.
 
+## Add the cluster to the database whitelist
+
+I recommend using the DO Control Panel, but it is possible via the CLI as well.
+
+### With CLI
+
+```bash
+databasename=<database-name>
+clustername=<cluster-name>
+
+doctl databases firewalls append $(doctl databases list -o json | jq ".[] | select(.name == \"$databasename\") | .id" -r) \
+  --rule k8s:$(doctl k8s cluster get $clustername --format ID --no-header)
+```
+
 ## Apply `cert-manager` CRDs
 
 ```bash