diff --git a/packages/twenty-docker/helm/twenty/templates/_helpers.tpl b/packages/twenty-docker/helm/twenty/templates/_helpers.tpl index 661fb67c252..f9640baf2e0 100644 --- a/packages/twenty-docker/helm/twenty/templates/_helpers.tpl +++ b/packages/twenty-docker/helm/twenty/templates/_helpers.tpl @@ -89,6 +89,15 @@ password {{- end -}} {{- end -}} +{{/* Check if using external secret for redis password */}} +{{- define "twenty.redis.useExternalSecret" -}} +{{- if and (not .Values.redisInternal.enabled) .Values.redis.external.secretName .Values.redis.external.passwordKey -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + {{/* Compose Redis URL */}} {{- define "twenty.redisUrl" -}} {{- if .Values.server.env.REDIS_URL -}} @@ -99,9 +108,14 @@ password {{- else -}} {{- $host := .Values.redis.external.host | default "redis" -}} {{- $port := .Values.redis.external.port | default 6379 -}} +{{- if or (eq (include "twenty.redis.useExternalSecret" .) "true") (.Values.redis.external.password) -}} +{{- $auth := ":$(REDIS_PASSWORD)@" -}} +{{- printf "redis://%s%s:%v" $auth $host $port -}} +{{- else -}} {{- printf "redis://%s:%v" $host $port -}} {{- end -}} {{- end -}} +{{- end -}} {{/* Compose Server URL from override, ingress, or service */}} {{- define "twenty.serverUrl" -}} diff --git a/packages/twenty-docker/helm/twenty/templates/deployment-redis-internal.yaml b/packages/twenty-docker/helm/twenty/templates/deployment-redis-internal.yaml index b0a3172813a..8809bff337c 100644 --- a/packages/twenty-docker/helm/twenty/templates/deployment-redis-internal.yaml +++ b/packages/twenty-docker/helm/twenty/templates/deployment-redis-internal.yaml @@ -46,12 +46,12 @@ spec: volumeMounts: - name: redis-data mountPath: /data - volumes: - - name: redis-data - {{- if .Values.redisInternal.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.redisInternal.persistence.existingClaim | default (printf "%s-redis" (include "twenty.fullname" .)) }} - {{- else }} - emptyDir: {} - {{- end }} + volumes: + - name: redis-data + {{- if .Values.redisInternal.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.redisInternal.persistence.existingClaim | default (printf "%s-redis" (include "twenty.fullname" .)) }} + {{- else }} + emptyDir: {} + {{- end }} {{- end }} diff --git a/packages/twenty-docker/helm/twenty/templates/deployment-server.yaml b/packages/twenty-docker/helm/twenty/templates/deployment-server.yaml index d2b4f154710..e262422099f 100644 --- a/packages/twenty-docker/helm/twenty/templates/deployment-server.yaml +++ b/packages/twenty-docker/helm/twenty/templates/deployment-server.yaml @@ -83,16 +83,16 @@ spec: psql -h {{ include "twenty.fullname" . }}-db -p 5432 -U postgres -d postgres -v db="${DBNAME}" -Atc "SELECT 1 FROM pg_database WHERE datname = :'db'" | grep -q 1 || \ psql -h {{ include "twenty.fullname" . }}-db -p 5432 -U postgres -d postgres -v db="${DBNAME}" -c 'CREATE DATABASE :"db";' echo "Creating app user ${APP_USER} if it doesn't exist..." - psql -h {{ include "twenty.fullname" . }}-db -p 5432 -U postgres -d postgres -v app_user="${APP_USER}" -v app_password="${APP_PASSWORD}" <<'EOSQL' - DO - $do$ - BEGIN - IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = :'app_user') THEN - EXECUTE format('CREATE USER %I WITH PASSWORD %L', :'app_user', :'app_password'); - END IF; - END - $do$; - EOSQL + psql -h {{ include "twenty.fullname" . }}-db -p 5432 -U postgres -d postgres -v app_user="${APP_USER}" -v app_password="${APP_PASSWORD}" <<'EOSQL' + DO + $do$ + BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = :'app_user') THEN + EXECUTE format('CREATE USER %I WITH PASSWORD %L', :'app_user', :'app_password'); + END IF; + END + $do$; + EOSQL echo "Creating core schema and granting permissions..." psql -h {{ include "twenty.fullname" . }}-db -p 5432 -U postgres -d "${DBNAME}" -v app_user="${APP_USER}" -c 'CREATE SCHEMA IF NOT EXISTS core' psql -h {{ include "twenty.fullname" . }}-db -p 5432 -U postgres -d "${DBNAME}" -v db="${DBNAME}" -v app_user="${APP_USER}" -c 'GRANT ALL PRIVILEGES ON DATABASE :"db" TO :"app_user";' @@ -106,31 +106,6 @@ spec: psql -h {{ include "twenty.fullname" . }}-db -p 5432 -U postgres -d "${DBNAME}" -v app_user="${APP_USER}" -c 'ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO :"app_user";' echo "Database ${DBNAME} is ready." {{- end }} - - name: run-migrations - {{- $img := include "twenty.server.image" . }} - image: {{ include "twenty.image.repository" $img }}:{{ include "twenty.image.tag" $img }} - imagePullPolicy: {{ include "twenty.image.pullPolicy" $img }} - command: - - sh - - -c - - >- - npx -y typeorm migration:run -d dist/database/typeorm/core/core.datasource - env: - {{- if eq (include "twenty.db.useExternalSecret" .) "true" }} - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "twenty.dbPassword.secretName" . }} - key: {{ include "twenty.dbPassword.secretKey" . }} - - name: PG_DATABASE_URL - value: {{ include "twenty.dbUrl.template" . | quote }} - {{- else }} - - name: PG_DATABASE_URL - valueFrom: - secretKeyRef: - name: {{ include "twenty.dbUrl.secretName" . }} - key: url - {{- end }} containers: - name: server {{- $img := include "twenty.server.image" . }} @@ -154,6 +129,16 @@ spec: name: {{ include "twenty.dbUrl.secretName" . }} key: url {{- end }} + {{- if eq (include "twenty.redis.useExternalSecret" .) "true" }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.redis.external.secretName }} + key: {{ .Values.redis.external.passwordKey }} + {{- else if .Values.redis.external.password }} + - name: REDIS_PASSWORD + value: {{ .Values.redis.external.password | quote }} + {{- end }} - name: REDIS_URL value: {{ include "twenty.redisUrl" . | quote }} - name: SIGN_IN_PREFILLED @@ -171,7 +156,10 @@ spec: key: accessToken {{- $storageEnv := (include "twenty.storageEnv" .) }} {{- if $storageEnv }} - {{ $storageEnv | nindent 12 }} + {{- $storageEnv | nindent 12 }} + {{- end }} + {{- with .Values.server.extraEnv }} + {{- toYaml . | nindent 12 }} {{- end }} ports: - name: http-tcp diff --git a/packages/twenty-docker/helm/twenty/templates/deployment-worker.yaml b/packages/twenty-docker/helm/twenty/templates/deployment-worker.yaml index dc47d13a08b..d2e506d053a 100644 --- a/packages/twenty-docker/helm/twenty/templates/deployment-worker.yaml +++ b/packages/twenty-docker/helm/twenty/templates/deployment-worker.yaml @@ -67,6 +67,16 @@ spec: name: {{ include "twenty.dbUrl.secretName" . }} key: url {{- end }} + {{- if eq (include "twenty.redis.useExternalSecret" .) "true" }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.redis.external.secretName }} + key: {{ .Values.redis.external.passwordKey }} + {{- else if .Values.redis.external.password }} + - name: REDIS_PASSWORD + value: {{ .Values.redis.external.password | quote }} + {{- end }} - name: REDIS_URL value: {{ include "twenty.redisUrl" . | quote }} - name: STORAGE_TYPE @@ -76,6 +86,9 @@ spec: secretKeyRef: name: {{ include "twenty.secret.tokens.name" . }} key: accessToken + {{- with .Values.worker.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- $storageEnv := (include "twenty.storageEnv" .) }} {{- if $storageEnv }} {{ $storageEnv | nindent 12 }} diff --git a/packages/twenty-docker/helm/twenty/templates/pvc-redis-internal.yaml b/packages/twenty-docker/helm/twenty/templates/pvc-redis-internal.yaml new file mode 100644 index 00000000000..730d556c031 --- /dev/null +++ b/packages/twenty-docker/helm/twenty/templates/pvc-redis-internal.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.redisInternal.enabled .Values.redisInternal.persistence.enabled (not .Values.redisInternal.persistence.existingClaim) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "twenty.fullname" . }}-redis + namespace: {{ include "twenty.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "twenty.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: redis +spec: + accessModes: +{{ toYaml .Values.redisInternal.persistence.accessModes | nindent 4 }} + resources: + requests: + storage: {{ .Values.redisInternal.persistence.size }} + {{- if .Values.redisInternal.persistence.storageClass }} + storageClassName: {{ .Values.redisInternal.persistence.storageClass }} + {{- end }} +{{- end }} diff --git a/packages/twenty-docker/helm/twenty/values.yaml b/packages/twenty-docker/helm/twenty/values.yaml index c9e7623997c..088c9e5a9c5 100644 --- a/packages/twenty-docker/helm/twenty/values.yaml +++ b/packages/twenty-docker/helm/twenty/values.yaml @@ -52,6 +52,14 @@ server: SIGN_IN_PREFILLED: "false" ACCESS_TOKEN_EXPIRES_IN: "7d" LOGIN_TOKEN_EXPIRES_IN: "1h" + extraEnv: [] + # - name: EMAIL_DRIVER + # value: smtp + # - name: SMTP_PASSWORD + # valueFrom: + # secretKeyRef: + # name: smtp-creds + # key: password service: type: ClusterIP @@ -105,6 +113,8 @@ worker: cpu: 1000m memory: 2048Mi + extraEnv: [] + # PostgreSQL db: enabled: true @@ -174,3 +184,6 @@ redis: external: host: "" port: 6379 + password: "" + secretName: "" + passwordKey: ""