From db9ec58f5d937dfed6efa1cba064e54c0d039f5f Mon Sep 17 00:00:00 2001
From: Ciara Hatcher <67052777+LumosViridi@users.noreply.github.com>
Date: Mon, 7 Oct 2024 03:23:42 -0500
Subject: [PATCH] Updating terraform and k8s files adding redis... (#7425)
Also updated the way secrets are generated with Terraform and some code
cleanup
---
.../k8s/manifests/deployment-db.yaml | 54 +++----
.../k8s/manifests/deployment-redis.yaml | 44 ++++++
.../k8s/manifests/deployment-server.yaml | 133 ++++++++++--------
.../k8s/manifests/deployment-worker.yaml | 106 +++++++-------
.../twenty-docker/k8s/manifests/ingress.yaml | 28 ++--
.../k8s/manifests/pv-docker-data.yaml | 11 ++
.../k8s/manifests/pvc-docker-data.yaml | 13 ++
.../k8s/manifests/service-db.yaml | 6 +-
.../k8s/manifests/service-redis.yaml | 18 +++
.../k8s/manifests/service-server.yaml | 8 +-
.../k8s/terraform/.terraform-docs.yml | 8 +-
.../twenty-docker/k8s/terraform/README.md | 29 ++--
.../k8s/terraform/deployment-redis.tf | 60 ++++++++
.../k8s/terraform/deployment-server.tf | 49 +++++--
.../k8s/terraform/deployment-worker.tf | 27 +++-
packages/twenty-docker/k8s/terraform/main.tf | 6 +-
.../k8s/terraform/pv-docker-data.tf | 19 +++
.../k8s/terraform/pvc-docker-data.tf | 15 ++
.../twenty-docker/k8s/terraform/secret.tf | 25 +++-
.../k8s/terraform/service-redis.tf | 18 +++
.../twenty-docker/k8s/terraform/variables.tf | 64 +++++----
21 files changed, 515 insertions(+), 226 deletions(-)
create mode 100644 packages/twenty-docker/k8s/manifests/deployment-redis.yaml
create mode 100644 packages/twenty-docker/k8s/manifests/pv-docker-data.yaml
create mode 100644 packages/twenty-docker/k8s/manifests/pvc-docker-data.yaml
create mode 100644 packages/twenty-docker/k8s/manifests/service-redis.yaml
create mode 100644 packages/twenty-docker/k8s/terraform/deployment-redis.tf
create mode 100644 packages/twenty-docker/k8s/terraform/pv-docker-data.tf
create mode 100644 packages/twenty-docker/k8s/terraform/pvc-docker-data.tf
create mode 100644 packages/twenty-docker/k8s/terraform/service-redis.tf
diff --git a/packages/twenty-docker/k8s/manifests/deployment-db.yaml b/packages/twenty-docker/k8s/manifests/deployment-db.yaml
index 2e317376d53b..31a3361774e4 100644
--- a/packages/twenty-docker/k8s/manifests/deployment-db.yaml
+++ b/packages/twenty-docker/k8s/manifests/deployment-db.yaml
@@ -22,33 +22,33 @@ spec:
app: twentycrm-db
spec:
volumes:
- - name: twentycrm-db-data
- persistentVolumeClaim:
- claimName: twentycrm-db-pvc
+ - name: twentycrm-db-data
+ persistentVolumeClaim:
+ claimName: twentycrm-db-pvc
containers:
- - env:
- - name: POSTGRES_PASSWORD
- value: "twenty"
- - name: BITNAMI_DEBUG
- value: "true"
- - image: twentycrm/twenty-postgres:latest
- imagePullPolicy: Always
- name: twentycrm
- ports:
- - containerPort: 5432
- name: tcp
- protocol: TCP
- resources:
- requests:
- memory: "256Mi"
- cpu: "250m"
- limits:
- memory: "1024Mi"
- cpu: "1000m"
- stdin: true
- tty: true
- volumeMounts:
- - mountPath: /bitnami/postgresql
- name: twentycrm-db-data
+ - name: twentycrm
+ image: twentycrm/twenty-postgres:latest
+ imagePullPolicy: Always
+ env:
+ - name: POSTGRES_PASSWORD
+ value: "twenty"
+ - name: BITNAMI_DEBUG
+ value: "true"
+ ports:
+ - containerPort: 5432
+ name: tcp
+ protocol: TCP
+ resources:
+ requests:
+ memory: "256Mi"
+ cpu: "250m"
+ limits:
+ memory: "1024Mi"
+ cpu: "1000m"
+ stdin: true
+ tty: true
+ volumeMounts:
+ - mountPath: /bitnami/postgresql
+ name: twentycrm-db-data
dnsPolicy: ClusterFirst
restartPolicy: Always
diff --git a/packages/twenty-docker/k8s/manifests/deployment-redis.yaml b/packages/twenty-docker/k8s/manifests/deployment-redis.yaml
new file mode 100644
index 000000000000..e09874aac262
--- /dev/null
+++ b/packages/twenty-docker/k8s/manifests/deployment-redis.yaml
@@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: twentycrm-redis
+ name: twentycrm-redis
+ namespace: twentycrm
+spec:
+ progressDeadlineSeconds: 600
+ replicas: 1
+ strategy:
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 1
+ type: RollingUpdate
+ selector:
+ matchLabels:
+ app: twentycrm-redis
+ template:
+ metadata:
+ labels:
+ app: twentycrm-redis
+ spec:
+ containers:
+ - name: redis
+ image: redis/redis-stack-server:latest
+ imagePullPolicy: Always
+ env:
+ - name: PORT
+ value: 6379
+ ports:
+ - containerPort: 6379
+ name: redis
+ protocol: TCP
+ resources:
+ requests:
+ memory: "1024Mi"
+ cpu: "250m"
+ limits:
+ memory: "2048Mi"
+ cpu: "500m"
+
+ dnsPolicy: ClusterFirst
+ restartPolicy: Always
diff --git a/packages/twenty-docker/k8s/manifests/deployment-server.yaml b/packages/twenty-docker/k8s/manifests/deployment-server.yaml
index b4596e9fc87b..b1229d649bbb 100644
--- a/packages/twenty-docker/k8s/manifests/deployment-server.yaml
+++ b/packages/twenty-docker/k8s/manifests/deployment-server.yaml
@@ -22,67 +22,78 @@ spec:
app: twentycrm-server
spec:
volumes:
- - name: twentycrm-server-data
- persistentVolumeClaim:
- claimName: twentycrm-server-pvc
+ - name: twentycrm-server-data
+ persistentVolumeClaim:
+ claimName: twentycrm-server-pvc
+ - name: twentycrm-docker-data
+ persistentVolumeClaim:
+ claimName: twentycrm-docker-data-pvc
containers:
- - env:
- - name: PORT
- value: 3000
- - name: SERVER_URL
- value: "https://crm.example.com:443"
- - name: FRONT_BASE_URL
- value: "https://crm.example.com:443"
- - name: PG_DATABASE_URL
- value: "postgres://twenty:twenty@twenty-db.twentycrm.svc.cluster.local/default"
- - name: ENABLE_DB_MIGRATIONS
- value: "true"
- - name: SIGN_IN_PREFILLED
- value: "true"
- - name: STORAGE_TYPE
- value: "local"
- - name: "MESSAGE_QUEUE_TYPE"
- value: "pg-boss"
- - name: ACCESS_TOKEN_SECRET
- valueFrom:
- secretKeyRef:
- name: tokens
- key: accessToken
- - name: LOGIN_TOKEN_SECRET
- valueFrom:
- secretKeyRef:
- name: tokens
- key: loginToken
- - name: REFRESH_TOKEN_SECRET
- valueFrom:
- secretKeyRef:
- name: tokens
- key: refreshToken
- - name: FILE_TOKEN_SECRET
- valueFrom:
- secretKeyRef:
- name: tokens
- key: fileToken
- - image: twentycrm/twenty:latest
- imagePullPolicy: Always
- name: twentycrm
- ports:
- - containerPort: 3000
- name: http-tcp
- protocol: TCP
- resources:
- requests:
- memory: "256Mi"
- cpu: "250m"
- limits:
- memory: "1024Mi"
- cpu: "1000m"
- stdin: true
- tty: true
- volumeMounts:
- - mountPath: /app/docker-data
- name: twentycrm-server-data
- - mountPath: /app/.local-storage
- name: twentycrm-server-data
+ - name: twentycrm
+ image: twentycrm/twenty:latest
+ imagePullPolicy: Always
+ env:
+ - name: PORT
+ value: 3000
+ - name: SERVER_URL
+ value: "https://crm.example.com:443"
+ - name: FRONT_BASE_URL
+ value: "https://crm.example.com:443"
+ - name: "PG_DATABASE_URL"
+ value: "postgres://twenty:twenty@twenty-db.twentycrm.svc.cluster.local/default"
+ - name: "REDIS_HOST"
+ value: "twentycrm-redis.twentycrm.svc.cluster.local"
+ - name: "REDIS_PORT"
+ value: 6379
+ - name: ENABLE_DB_MIGRATIONS
+ value: "true"
+ - name: SIGN_IN_PREFILLED
+ value: "true"
+ - name: STORAGE_TYPE
+ value: "local"
+ - name: "MESSAGE_QUEUE_TYPE"
+ value: "bull-mq"
+ - name: "ACCESS_TOKEN_EXPIRES_IN"
+ value: "7d"
+ - name: "LOGIN_TOKEN_EXPIRES_IN"
+ value: "1h"
+ - name: ACCESS_TOKEN_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: tokens
+ key: accessToken
+ - name: LOGIN_TOKEN_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: tokens
+ key: loginToken
+ - name: REFRESH_TOKEN_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: tokens
+ key: refreshToken
+ - name: FILE_TOKEN_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: tokens
+ key: fileToken
+ ports:
+ - containerPort: 3000
+ name: http-tcp
+ protocol: TCP
+ resources:
+ requests:
+ memory: "256Mi"
+ cpu: "250m"
+ limits:
+ memory: "1024Mi"
+ cpu: "1000m"
+ stdin: true
+ tty: true
+ volumeMounts:
+ - mountPath: /app/docker-data
+ name: twentycrm-docker-data
+ - mountPath: /app/packages/twenty-server/.local-storage
+ name: twentycrm-server-data
dnsPolicy: ClusterFirst
restartPolicy: Always
diff --git a/packages/twenty-docker/k8s/manifests/deployment-worker.yaml b/packages/twenty-docker/k8s/manifests/deployment-worker.yaml
index b3834c46e515..b3a7e07a19aa 100644
--- a/packages/twenty-docker/k8s/manifests/deployment-worker.yaml
+++ b/packages/twenty-docker/k8s/manifests/deployment-worker.yaml
@@ -21,58 +21,60 @@ spec:
labels:
app: twentycrm-worker
spec:
- volumes:
- - name: twentycrm-worker-data
- persistentVolumeClaim:
- claimName: twentycrm-worker-pvc
containers:
- - env:
- - name: SERVER_URL
- value: "https://crm.example.com:443"
- - name: FRONT_BASE_URL
- value: "https://crm.example.com:443"
- - name: PG_DATABASE_URL
- value: "postgres://twenty:twenty@twenty-db.twentycrm.svc.cluster.local/default"
- - name: ENABLE_DB_MIGRATIONS
- value: "false" # it already runs on the server
- - name: STORAGE_TYPE
- value: "local"
- - name: "MESSAGE_QUEUE_TYPE"
- value: "pg-boss"
- - name: ACCESS_TOKEN_SECRET
- valueFrom:
- secretKeyRef:
- name: tokens
- key: accessToken
- - name: LOGIN_TOKEN_SECRET
- valueFrom:
- secretKeyRef:
- name: tokens
- key: loginToken
- - name: REFRESH_TOKEN_SECRET
- valueFrom:
- secretKeyRef:
- name: tokens
- key: refreshToken
- - name: FILE_TOKEN_SECRET
- valueFrom:
- secretKeyRef:
- name: tokens
- key: fileToken
- - image: twentycrm/twenty:latest
- imagePullPolicy: Always
- name: twentycrm
- command:
- - yarn
- - worker:prod
- resources:
- requests:
- memory: "256Mi"
- cpu: "250m"
- limits:
- memory: "1024Mi"
- cpu: "1000m"
- stdin: true
- tty: true
+ - name: twentycrm
+ image: twentycrm/twenty:latest
+ imagePullPolicy: Always
+ env:
+ - name: SERVER_URL
+ value: "https://crm.example.com:443"
+ - name: FRONT_BASE_URL
+ value: "https://crm.example.com:443"
+ - name: PG_DATABASE_URL
+ value: "postgres://twenty:twenty@twenty-db.twentycrm.svc.cluster.local/default"
+ - name: ENABLE_DB_MIGRATIONS
+ value: "false" # it already runs on the server
+ - name: STORAGE_TYPE
+ value: "local"
+ - name: "MESSAGE_QUEUE_TYPE"
+ value: "bull-mq"
+ - name: "CACHE_STORAGE_TYPE"
+ value: "redis"
+ - name: "REDIS_HOST"
+ value: "twentycrm-redis.twentycrm.svc.cluster.local"
+ - name: "REDIS_PORT"
+ value: 6379
+ - name: ACCESS_TOKEN_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: tokens
+ key: accessToken
+ - name: LOGIN_TOKEN_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: tokens
+ key: loginToken
+ - name: REFRESH_TOKEN_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: tokens
+ key: refreshToken
+ - name: FILE_TOKEN_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: tokens
+ key: fileToken
+ command:
+ - yarn
+ - worker:prod
+ resources:
+ requests:
+ memory: "1024Mi"
+ cpu: "250m"
+ limits:
+ memory: "2048Mi"
+ cpu: "1000m"
+ stdin: true
+ tty: true
dnsPolicy: ClusterFirst
restartPolicy: Always
diff --git a/packages/twenty-docker/k8s/manifests/ingress.yaml b/packages/twenty-docker/k8s/manifests/ingress.yaml
index b334aac21916..0bbae11dd72b 100644
--- a/packages/twenty-docker/k8s/manifests/ingress.yaml
+++ b/packages/twenty-docker/k8s/manifests/ingress.yaml
@@ -4,21 +4,21 @@ metadata:
name: twentycrm
namespace: twentycrm
annotations:
- nginx.ingress.kubernetes.io/configuration-snippet: |
+ nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "X-Forwarded-For $http_x_forwarded_for";
- nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
- kubernetes.io/ingress.class: "nginx"
- nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+ nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:
ingressClassName: nginx
rules:
- - host: crm.example.com
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: twentycrm-server
- port:
- name: http-tcp
+ - host: crm.example.com
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: twentycrm-server
+ port:
+ name: http-tcp
diff --git a/packages/twenty-docker/k8s/manifests/pv-docker-data.yaml b/packages/twenty-docker/k8s/manifests/pv-docker-data.yaml
new file mode 100644
index 000000000000..95fc52a26251
--- /dev/null
+++ b/packages/twenty-docker/k8s/manifests/pv-docker-data.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: twentycrm-docker-data-pv
+spec:
+ storageClassName: default
+ capacity:
+ storage: 100Mi
+ accessModes:
+ - ReadWriteOnce
+ persistentVolumeReclaimPolicy: Retain
diff --git a/packages/twenty-docker/k8s/manifests/pvc-docker-data.yaml b/packages/twenty-docker/k8s/manifests/pvc-docker-data.yaml
new file mode 100644
index 000000000000..12dd071a7f21
--- /dev/null
+++ b/packages/twenty-docker/k8s/manifests/pvc-docker-data.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: twentycrm-docker-data-pvc
+ namespace: twentycrm
+spec:
+ storageClassName: default
+ volumeName: twentycrm-docker-data-pv
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 100Mi
diff --git a/packages/twenty-docker/k8s/manifests/service-db.yaml b/packages/twenty-docker/k8s/manifests/service-db.yaml
index bb0e38df6d6d..89dbd1464bed 100644
--- a/packages/twenty-docker/k8s/manifests/service-db.yaml
+++ b/packages/twenty-docker/k8s/manifests/service-db.yaml
@@ -6,9 +6,9 @@ metadata:
spec:
internalTrafficPolicy: Cluster
ports:
- - port: 5432
- protocol: TCP
- targetPort: 5432
+ - port: 5432
+ protocol: TCP
+ targetPort: 5432
selector:
app: twentycrm-db
sessionAffinity: ClientIP
diff --git a/packages/twenty-docker/k8s/manifests/service-redis.yaml b/packages/twenty-docker/k8s/manifests/service-redis.yaml
new file mode 100644
index 000000000000..49f508897dfa
--- /dev/null
+++ b/packages/twenty-docker/k8s/manifests/service-redis.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: twentycrm-redis
+ namespace: twentycrm
+spec:
+ internalTrafficPolicy: Cluster
+ ports:
+ - port: 6379
+ protocol: TCP
+ targetPort: 6379
+ selector:
+ app: twentycrm-redis
+ sessionAffinity: ClientIP
+ sessionAffinityConfig:
+ clientIP:
+ timeoutSeconds: 10800
+ type: ClusterIP
diff --git a/packages/twenty-docker/k8s/manifests/service-server.yaml b/packages/twenty-docker/k8s/manifests/service-server.yaml
index 7fcc869a6edc..b45b28f312ff 100644
--- a/packages/twenty-docker/k8s/manifests/service-server.yaml
+++ b/packages/twenty-docker/k8s/manifests/service-server.yaml
@@ -6,10 +6,10 @@ metadata:
spec:
internalTrafficPolicy: Cluster
ports:
- - name: http-tcp
- port: 3000
- protocol: TCP
- targetPort: 3000
+ - name: http-tcp
+ port: 3000
+ protocol: TCP
+ targetPort: 3000
selector:
app: twentycrm-server
sessionAffinity: ClientIP
diff --git a/packages/twenty-docker/k8s/terraform/.terraform-docs.yml b/packages/twenty-docker/k8s/terraform/.terraform-docs.yml
index 00778168f3ee..792c543f4d30 100644
--- a/packages/twenty-docker/k8s/terraform/.terraform-docs.yml
+++ b/packages/twenty-docker/k8s/terraform/.terraform-docs.yml
@@ -15,12 +15,12 @@ output:
# TwentyCRM Terraform Docs
- This file was generated by [terraform-docs](https://terraform-docs.io/), for more information on how to install, configure and use visit their website.
+ This file was generated by [terraform-docs](https://terraform-docs.io/), for more information on how to install, configure, and use visit their website.
- To update this `README.md` after changes to the Terraform code in this folder, run: `terraform-docs .`
+ To update this `README.md` after changes to the Terraform code in this folder, run: `terraform-docs -c `./.terraform-docs.yml .`
To make configuration changes to how this doc is generated, see `./.terraform-docs.yml`
-
+
{{ .Content }}
@@ -45,4 +45,4 @@ settings:
read-comments: true
required: true
sensitive: true
- type: true
\ No newline at end of file
+ type: true
diff --git a/packages/twenty-docker/k8s/terraform/README.md b/packages/twenty-docker/k8s/terraform/README.md
index 10a7ab557cb7..f6955300a63f 100644
--- a/packages/twenty-docker/k8s/terraform/README.md
+++ b/packages/twenty-docker/k8s/terraform/README.md
@@ -1,9 +1,9 @@
# TwentyCRM Terraform Docs
-This file was generated by [terraform-docs](https://terraform-docs.io/), for more information on how to install, configure and use visit their website.
+This file was generated by [terraform-docs](https://terraform-docs.io/), for more information on how to install, configure, and use visit their website.
-To update this `README.md` after changes to the Terraform code in this folder, run: `terraform-docs .`
+To update this `README.md` after changes to the Terraform code in this folder, run: `terraform-docs -c `./.terraform-docs.yml .`
To make configuration changes to how this doc is generated, see `./.terraform-docs.yml`
@@ -12,30 +12,37 @@ To make configuration changes to how this doc is generated, see `./.terraform-do
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.9.2 |
-| [kubernetes](#requirement\_kubernetes) | >= 2.31.0 |
+| [kubernetes](#requirement\_kubernetes) | >= 2.32.0 |
+| [random](#requirement\_random) | >= 3.6.3 |
## Providers
| Name | Version |
|------|---------|
-| [kubernetes](#provider\_kubernetes) | >= 2.31.0 |
+| [kubernetes](#provider\_kubernetes) | >= 2.32.0 |
+| [random](#provider\_random) | >= 3.6.3 |
## Resources
| Name | Type |
|------|------|
| [kubernetes_deployment.twentycrm_db](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment) | resource |
+| [kubernetes_deployment.twentycrm_redis](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment) | resource |
| [kubernetes_deployment.twentycrm_server](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment) | resource |
| [kubernetes_deployment.twentycrm_worker](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment) | resource |
| [kubernetes_ingress.twentycrm](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress) | resource |
| [kubernetes_namespace.twentycrm](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_persistent_volume.db](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume) | resource |
+| [kubernetes_persistent_volume.docker_data](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume) | resource |
| [kubernetes_persistent_volume.server](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume) | resource |
| [kubernetes_persistent_volume_claim.db](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume_claim) | resource |
+| [kubernetes_persistent_volume_claim.docker_data](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume_claim) | resource |
| [kubernetes_persistent_volume_claim.server](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume_claim) | resource |
| [kubernetes_secret.twentycrm_tokens](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
| [kubernetes_service.twentycrm_db](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service) | resource |
+| [kubernetes_service.twentycrm_redis](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service) | resource |
| [kubernetes_service.twentycrm_server](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service) | resource |
+| [random_bytes.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/bytes) | resource |
## Inputs
@@ -43,22 +50,24 @@ To make configuration changes to how this doc is generated, see `./.terraform-do
|------|-------------|------|---------|:--------:|
| [twentycrm\_app\_hostname](#input\_twentycrm\_app\_hostname) | The protocol, DNS fully qualified hostname, and port used to access TwentyCRM in your environment. Ex: https://crm.example.com:443 | `string` | n/a | yes |
| [twentycrm\_pgdb\_admin\_password](#input\_twentycrm\_pgdb\_admin\_password) | TwentyCRM password for postgres database. | `string` | n/a | yes |
-| [twentycrm\_token\_accessToken](#input\_twentycrm\_token\_accessToken) | TwentyCRM access Token | `string` | n/a | yes |
-| [twentycrm\_token\_fileToken](#input\_twentycrm\_token\_fileToken) | TwentyCRM file Token | `string` | n/a | yes |
-| [twentycrm\_token\_loginToken](#input\_twentycrm\_token\_loginToken) | TwentyCRM login Token | `string` | n/a | yes |
-| [twentycrm\_token\_refreshToken](#input\_twentycrm\_token\_refreshToken) | TwentyCRM refresh Token | `string` | n/a | yes |
| [twentycrm\_app\_name](#input\_twentycrm\_app\_name) | A friendly name prefix to use for every component deployed. | `string` | `"twentycrm"` | no |
| [twentycrm\_db\_image](#input\_twentycrm\_db\_image) | TwentyCRM image for database deployment. This defaults to latest. | `string` | `"twentycrm/twenty-postgres:latest"` | no |
| [twentycrm\_db\_pv\_capacity](#input\_twentycrm\_db\_pv\_capacity) | Storage capacity provisioned for database persistent volume. | `string` | `"10Gi"` | no |
| [twentycrm\_db\_pv\_path](#input\_twentycrm\_db\_pv\_path) | Local path to use to store the physical volume if using local storage on nodes. | `string` | `""` | no |
| [twentycrm\_db\_pvc\_requests](#input\_twentycrm\_db\_pvc\_requests) | Storage capacity reservation for database persistent volume claim. | `string` | `"10Gi"` | no |
| [twentycrm\_db\_replicas](#input\_twentycrm\_db\_replicas) | Number of replicas for the TwentyCRM database deployment. This defaults to 1. | `number` | `1` | no |
+| [twentycrm\_docker\_data\_mount\_path](#input\_twentycrm\_docker\_data\_mount\_path) | TwentyCRM mount path for servers application data. Defaults to '/app/docker-data'. | `string` | `"/app/docker-data"` | no |
+| [twentycrm\_docker\_data\_pv\_capacity](#input\_twentycrm\_docker\_data\_pv\_capacity) | Storage capacity provisioned for server persistent volume. | `string` | `"10Gi"` | no |
+| [twentycrm\_docker\_data\_pv\_path](#input\_twentycrm\_docker\_data\_pv\_path) | Local path to use to store the physical volume if using local storage on nodes. | `string` | `""` | no |
+| [twentycrm\_docker\_data\_pvc\_requests](#input\_twentycrm\_docker\_data\_pvc\_requests) | Storage capacity reservation for server persistent volume claim. | `string` | `"10Gi"` | no |
| [twentycrm\_namespace](#input\_twentycrm\_namespace) | Namespace for all TwentyCRM resources | `string` | `"twentycrm"` | no |
-| [twentycrm\_server\_data\_mount\_path](#input\_twentycrm\_server\_data\_mount\_path) | TwentyCRM mount path for servers application data. Defaults to '/app/docker-data'. | `string` | `"/app/docker-data"` | no |
+| [twentycrm\_redis\_image](#input\_twentycrm\_redis\_image) | TwentyCRM image for Redis deployment. This defaults to latest. | `string` | `"redis/redis-stack-server:latest"` | no |
+| [twentycrm\_redis\_replicas](#input\_twentycrm\_redis\_replicas) | Number of replicas for the TwentyCRM Redis deployment. This defaults to 1. | `number` | `1` | no |
+| [twentycrm\_server\_data\_mount\_path](#input\_twentycrm\_server\_data\_mount\_path) | TwentyCRM mount path for servers application data. Defaults to '/app/packages/twenty-server/.local-storage'. | `string` | `"/app/packages/twenty-server/.local-storage"` | no |
| [twentycrm\_server\_image](#input\_twentycrm\_server\_image) | TwentyCRM server image for the server deployment. This defaults to latest. This value is also used for the workers image. | `string` | `"twentycrm/twenty:latest"` | no |
| [twentycrm\_server\_pv\_capacity](#input\_twentycrm\_server\_pv\_capacity) | Storage capacity provisioned for server persistent volume. | `string` | `"10Gi"` | no |
| [twentycrm\_server\_pv\_path](#input\_twentycrm\_server\_pv\_path) | Local path to use to store the physical volume if using local storage on nodes. | `string` | `""` | no |
| [twentycrm\_server\_pvc\_requests](#input\_twentycrm\_server\_pvc\_requests) | Storage capacity reservation for server persistent volume claim. | `string` | `"10Gi"` | no |
| [twentycrm\_server\_replicas](#input\_twentycrm\_server\_replicas) | Number of replicas for the TwentyCRM server deployment. This defaults to 1. | `number` | `1` | no |
| [twentycrm\_worker\_replicas](#input\_twentycrm\_worker\_replicas) | Number of replicas for the TwentyCRM worker deployment. This defaults to 1. | `number` | `1` | no |
-
\ No newline at end of file
+
diff --git a/packages/twenty-docker/k8s/terraform/deployment-redis.tf b/packages/twenty-docker/k8s/terraform/deployment-redis.tf
new file mode 100644
index 000000000000..d867dac76ee0
--- /dev/null
+++ b/packages/twenty-docker/k8s/terraform/deployment-redis.tf
@@ -0,0 +1,60 @@
+resource "kubernetes_deployment" "twentycrm_redis" {
+ metadata {
+ name = "${var.twentycrm_app_name}-redis"
+ namespace = kubernetes_namespace.twentycrm.metadata.0.name
+
+ labels = {
+ app = "${var.twentycrm_app_name}-redis"
+ }
+ }
+
+ spec {
+ replicas = var.twentycrm_redis_replicas
+ selector {
+ match_labels = {
+ app = "${var.twentycrm_app_name}-redis"
+ }
+ }
+
+ strategy {
+ type = "RollingUpdate"
+ rolling_update {
+ max_surge = "1"
+ max_unavailable = "1"
+ }
+ }
+
+ template {
+ metadata {
+ labels = {
+ app = "${var.twentycrm_app_name}-redis"
+ }
+ }
+
+ spec {
+ container {
+ image = var.twentycrm_redis_image
+ name = "redis"
+
+ port {
+ container_port = 6379
+ protocol = "TCP"
+ }
+
+ resources {
+ requests = {
+ cpu = "250m"
+ memory = "1024Mi"
+ }
+ limits = {
+ cpu = "500m"
+ memory = "2048Mi"
+ }
+ }
+ }
+ dns_policy = "ClusterFirst"
+ restart_policy = "Always"
+ }
+ }
+ }
+}
diff --git a/packages/twenty-docker/k8s/terraform/deployment-server.tf b/packages/twenty-docker/k8s/terraform/deployment-server.tf
index a3c1f9ac1d11..1868b17624da 100644
--- a/packages/twenty-docker/k8s/terraform/deployment-server.tf
+++ b/packages/twenty-docker/k8s/terraform/deployment-server.tf
@@ -37,20 +37,14 @@ resource "kubernetes_deployment" "twentycrm_server" {
stdin = true
tty = true
- security_context {
- allow_privilege_escalation = true
- privileged = true
- run_as_user = 1000
- }
-
env {
name = "PORT"
value = "3000"
}
- env {
- name = "DEBUG_MODE"
- value = false
- }
+ # env {
+ # name = "DEBUG_MODE"
+ # value = false
+ # }
env {
name = "SERVER_URL"
@@ -64,9 +58,16 @@ resource "kubernetes_deployment" "twentycrm_server" {
env {
name = "PG_DATABASE_URL"
- value = "postgres://twenty:${var.twentycrm_pgdb_admin_password}@${var.twentycrm_app_name}-db.${kubernetes_namespace.twentycrm.metadata.0.name}.svc.cluster.local/default"
+ value = "postgres://twenty:${var.twentycrm_pgdb_admin_password}@${kubernetes_service.twentycrm_db.metadata.0.name}.${kubernetes_namespace.twentycrm.metadata.0.name}.svc.cluster.local/default"
+ }
+ env {
+ name = "REDIS_HOST"
+ value = "${kubernetes_service.twentycrm_redis.metadata.0.name}.${kubernetes_namespace.twentycrm.metadata.0.name}.svc.cluster.local"
+ }
+ env {
+ name = "REDIS_PORT"
+ value = 6379
}
-
env {
name = "ENABLE_DB_MIGRATIONS"
value = "true"
@@ -83,7 +84,15 @@ resource "kubernetes_deployment" "twentycrm_server" {
}
env {
name = "MESSAGE_QUEUE_TYPE"
- value = "pg-boss"
+ value = "bull-mq"
+ }
+ env {
+ name = "ACCESS_TOKEN_EXPIRES_IN"
+ value = "7d"
+ }
+ env {
+ name = "LOGIN_TOKEN_EXPIRES_IN"
+ value = "1h"
}
env {
name = "ACCESS_TOKEN_SECRET"
@@ -145,6 +154,11 @@ resource "kubernetes_deployment" "twentycrm_server" {
name = "server-data"
mount_path = var.twentycrm_server_data_mount_path
}
+
+ volume_mount {
+ name = "docker-data"
+ mount_path = var.twentycrm_docker_data_mount_path
+ }
}
volume {
@@ -155,6 +169,14 @@ resource "kubernetes_deployment" "twentycrm_server" {
}
}
+ volume {
+ name = "docker-data"
+
+ persistent_volume_claim {
+ claim_name = kubernetes_persistent_volume_claim.docker_data.metadata.0.name
+ }
+ }
+
dns_policy = "ClusterFirst"
restart_policy = "Always"
}
@@ -162,6 +184,7 @@ resource "kubernetes_deployment" "twentycrm_server" {
}
depends_on = [
kubernetes_deployment.twentycrm_db,
+ kubernetes_deployment.twentycrm_redis,
kubernetes_secret.twentycrm_tokens
]
}
diff --git a/packages/twenty-docker/k8s/terraform/deployment-worker.tf b/packages/twenty-docker/k8s/terraform/deployment-worker.tf
index 9a005839ddda..78e5ea6dcc1d 100644
--- a/packages/twenty-docker/k8s/terraform/deployment-worker.tf
+++ b/packages/twenty-docker/k8s/terraform/deployment-worker.tf
@@ -50,7 +50,22 @@ resource "kubernetes_deployment" "twentycrm_worker" {
env {
name = "PG_DATABASE_URL"
- value = "postgres://twenty:${var.twentycrm_pgdb_admin_password}@${var.twentycrm_app_name}-db.${kubernetes_namespace.twentycrm.metadata.0.name}.svc.cluster.local/default"
+ value = "postgres://twenty:${var.twentycrm_pgdb_admin_password}@${kubernetes_service.twentycrm_db.metadata.0.name}.${kubernetes_namespace.twentycrm.metadata.0.name}.svc.cluster.local/default"
+ }
+
+ env {
+ name = "CACHE_STORAGE_TYPE"
+ value = "redis"
+ }
+
+ env {
+ name = "REDIS_HOST"
+ value = "${kubernetes_service.twentycrm_redis.metadata.0.name}.${kubernetes_namespace.twentycrm.metadata.0.name}.svc.cluster.local"
+ }
+
+ env {
+ name = "REDIS_PORT"
+ value = 6379
}
env {
@@ -64,7 +79,7 @@ resource "kubernetes_deployment" "twentycrm_worker" {
}
env {
name = "MESSAGE_QUEUE_TYPE"
- value = "pg-boss"
+ value = "bull-mq"
}
env {
@@ -110,11 +125,11 @@ resource "kubernetes_deployment" "twentycrm_worker" {
resources {
requests = {
cpu = "250m"
- memory = "256Mi"
+ memory = "1024Mi"
}
limits = {
cpu = "1000m"
- memory = "1024Mi"
+ memory = "2048Mi"
}
}
}
@@ -126,6 +141,8 @@ resource "kubernetes_deployment" "twentycrm_worker" {
}
depends_on = [
kubernetes_deployment.twentycrm_db,
- kubernetes_secret.twentycrm_tokens
+ kubernetes_deployment.twentycrm_redis,
+ kubernetes_deployment.twentycrm_server,
+ kubernetes_secret.twentycrm_tokens,
]
}
diff --git a/packages/twenty-docker/k8s/terraform/main.tf b/packages/twenty-docker/k8s/terraform/main.tf
index 66ae6e18e061..a0e208d15f5d 100644
--- a/packages/twenty-docker/k8s/terraform/main.tf
+++ b/packages/twenty-docker/k8s/terraform/main.tf
@@ -13,7 +13,11 @@ terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
- version = ">= 2.31.0"
+ version = ">= 2.32.0"
+ }
+ random = {
+ source = "hashicorp/random"
+ version = ">= 3.6.3"
}
}
}
diff --git a/packages/twenty-docker/k8s/terraform/pv-docker-data.tf b/packages/twenty-docker/k8s/terraform/pv-docker-data.tf
new file mode 100644
index 000000000000..9195fff61c8a
--- /dev/null
+++ b/packages/twenty-docker/k8s/terraform/pv-docker-data.tf
@@ -0,0 +1,19 @@
+resource "kubernetes_persistent_volume" "docker_data" {
+ metadata {
+ name = "${var.twentycrm_app_name}-docker-data-pv"
+ }
+ spec {
+ storage_class_name = "default"
+ capacity = {
+ storage = var.twentycrm_docker_data_pv_capacity
+ }
+ access_modes = ["ReadWriteOnce"]
+ # refer to Terraform Docs for your specific implementation requirements
+ # https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume
+ persistent_volume_source {
+ local {
+ path = var.twentycrm_docker_data_pv_path
+ }
+ }
+ }
+}
diff --git a/packages/twenty-docker/k8s/terraform/pvc-docker-data.tf b/packages/twenty-docker/k8s/terraform/pvc-docker-data.tf
new file mode 100644
index 000000000000..daac13dcc3a3
--- /dev/null
+++ b/packages/twenty-docker/k8s/terraform/pvc-docker-data.tf
@@ -0,0 +1,15 @@
+resource "kubernetes_persistent_volume_claim" "docker_data" {
+ metadata {
+ name = "${var.twentycrm_app_name}-docker-data-pvc"
+ namespace = kubernetes_namespace.twentycrm.metadata.0.name
+ }
+ spec {
+ access_modes = ["ReadWriteOnce"]
+ resources {
+ requests = {
+ storage = var.twentycrm_docker_data_pvc_requests
+ }
+ }
+ volume_name = kubernetes_persistent_volume.docker_data.metadata.0.name
+ }
+}
diff --git a/packages/twenty-docker/k8s/terraform/secret.tf b/packages/twenty-docker/k8s/terraform/secret.tf
index 664d07803ccc..2aa7ccf4765a 100644
--- a/packages/twenty-docker/k8s/terraform/secret.tf
+++ b/packages/twenty-docker/k8s/terraform/secret.tf
@@ -1,3 +1,18 @@
+locals {
+ tokens = [
+ "accessToken",
+ "loginToken",
+ "refreshToken",
+ "fileToken"
+ ]
+}
+
+resource "random_bytes" "this" {
+ for_each = toset(local.tokens)
+
+ length = 32
+}
+
resource "kubernetes_secret" "twentycrm_tokens" {
metadata {
name = "tokens"
@@ -5,11 +20,9 @@ resource "kubernetes_secret" "twentycrm_tokens" {
}
data = {
- accessToken = var.twentycrm_token_accessToken
- loginToken = var.twentycrm_token_loginToken
- refreshToken = var.twentycrm_token_refreshToken
- fileToken = var.twentycrm_token_fileToken
+ accessToken = random_bytes.this["accessToken"].base64
+ loginToken = random_bytes.this["loginToken"].base64
+ refreshToken = random_bytes.this["refreshToken"].base64
+ fileToken = random_bytes.this["fileToken"].base64
}
-
- # type = "kubernetes.io/basic-auth"
}
diff --git a/packages/twenty-docker/k8s/terraform/service-redis.tf b/packages/twenty-docker/k8s/terraform/service-redis.tf
new file mode 100644
index 000000000000..fab1c0051ccf
--- /dev/null
+++ b/packages/twenty-docker/k8s/terraform/service-redis.tf
@@ -0,0 +1,18 @@
+resource "kubernetes_service" "twentycrm_redis" {
+ metadata {
+ name = "${var.twentycrm_app_name}-redis"
+ namespace = kubernetes_namespace.twentycrm.metadata.0.name
+ }
+ spec {
+ selector = {
+ app = "${var.twentycrm_app_name}-redis"
+ }
+ session_affinity = "ClientIP"
+ port {
+ port = 6379
+ target_port = 6379
+ }
+
+ type = "ClusterIP"
+ }
+}
diff --git a/packages/twenty-docker/k8s/terraform/variables.tf b/packages/twenty-docker/k8s/terraform/variables.tf
index 53255aaf1489..7b682db79a35 100644
--- a/packages/twenty-docker/k8s/terraform/variables.tf
+++ b/packages/twenty-docker/k8s/terraform/variables.tf
@@ -1,30 +1,6 @@
######################
# Required Variables #
######################
-variable "twentycrm_token_accessToken" {
- type = string
- description = "TwentyCRM access Token"
- sensitive = true
-}
-
-variable "twentycrm_token_loginToken" {
- type = string
- description = "TwentyCRM login Token"
- sensitive = true
-}
-
-variable "twentycrm_token_refreshToken" {
- type = string
- description = "TwentyCRM refresh Token"
- sensitive = true
-}
-
-variable "twentycrm_token_fileToken" {
- type = string
- description = "TwentyCRM file Token"
- sensitive = true
-}
-
variable "twentycrm_pgdb_admin_password" {
type = string
description = "TwentyCRM password for postgres database."
@@ -77,8 +53,8 @@ variable "twentycrm_db_replicas" {
variable "twentycrm_server_data_mount_path" {
type = string
- default = "/app/docker-data"
- description = "TwentyCRM mount path for servers application data. Defaults to '/app/docker-data'."
+ default = "/app/packages/twenty-server/.local-storage"
+ description = "TwentyCRM mount path for servers application data. Defaults to '/app/packages/twenty-server/.local-storage'."
}
variable "twentycrm_db_pv_path" {
@@ -122,3 +98,39 @@ variable "twentycrm_namespace" {
default = "twentycrm"
description = "Namespace for all TwentyCRM resources"
}
+
+variable "twentycrm_redis_replicas" {
+ type = number
+ default = 1
+ description = "Number of replicas for the TwentyCRM Redis deployment. This defaults to 1."
+}
+
+variable "twentycrm_redis_image" {
+ type = string
+ default = "redis/redis-stack-server:latest"
+ description = "TwentyCRM image for Redis deployment. This defaults to latest."
+}
+
+variable "twentycrm_docker_data_mount_path" {
+ type = string
+ default = "/app/docker-data"
+ description = "TwentyCRM mount path for servers application data. Defaults to '/app/docker-data'."
+}
+
+variable "twentycrm_docker_data_pv_path" {
+ type = string
+ default = ""
+ description = "Local path to use to store the physical volume if using local storage on nodes."
+}
+
+variable "twentycrm_docker_data_pv_capacity" {
+ type = string
+ default = "100Mi"
+ description = "Storage capacity provisioned for server persistent volume."
+}
+
+variable "twentycrm_docker_data_pvc_requests" {
+ type = string
+ default = "100Mi"
+ description = "Storage capacity reservation for server persistent volume claim."
+}