feat: helm chart

packages/twenty-docker/helm/twenty/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 15.5.38
+- name: redis
+  repository: https://charts.bitnami.com/bitnami
+  version: 19.6.4
+digest: sha256:87164ca0739813dfd0bbf01227157e49277c2c8869ee0f22bc4a2e1f5a079bf6
+generated: "2025-12-24T22:10:09.94506-05:00"

packages/twenty-docker/helm/twenty/Chart.yaml

@@ -0,0 +1,17 @@
+apiVersion: v2
+name: twenty
+description: A Helm chart to deploy Twenty CRM (server + worker) with optional PostgreSQL and Redis dependencies.
+type: application
+version: 0.1.0
+appVersion: "latest"
+
+# Optional dependencies; enable via values (postgresql.enabled / redis.enabled)
+dependencies:
+  - name: postgresql
+    version: "15.*"
+    repository: "https://charts.bitnami.com/bitnami"
+    condition: postgresql.enabled
+  - name: redis
+    version: "19.*"
+    repository: "https://charts.bitnami.com/bitnami"
+    condition: redis.enabled

packages/twenty-docker/helm/twenty/QUICKSTART.md

@@ -0,0 +1,51 @@
+# Twenty Helm Chart - Quick Install
+
+## Simple Install
+
+Set your domain and install:
+
+```bash
+export DOMAIN=twenty.gc.kencove.com
+
+helm install my-twenty ./packages/twenty-docker/helm/twenty \
+  --namespace twentycrm --create-namespace --wait \
+  --set server.ingress.hosts[0].host=$DOMAIN \
+  --set server.ingress.tls[0].hosts[0]=$DOMAIN
+```
+
+That's it! The chart will:
+- Auto-generate a secure access token
+- Create the internal PostgreSQL database "twenty"
+- Create a DB app user with generated password
+- Run TypeORM migrations
+- Enable TLS via cert-manager (acme: true by default for letsencrypt-prod)
+
+## Access the App
+
+Visit: `https://$DOMAIN`
+
+Sign up to create your admin account through the web UI.
+
+## Retrieve System Credentials
+
+App secret token (for configuration/integrations):
+```bash
+kubectl get secret tokens -n twentycrm -o jsonpath='{.data.accessToken}' | base64 --decode && echo
+```
+
+Internal PostgreSQL credentials are managed by the chart and not exposed by default. If you need direct access, create your own user in the database pod or use an external PostgreSQL instance.
+
+## Advanced Configuration
+
+See [full README](README.md) for:
+- External PostgreSQL/Redis
+- S3 storage configuration
+- Custom resource limits
+- Bitnami dependency charts
+
+## Uninstall
+
+```bash
+helm uninstall my-twenty -n twentycrm
+kubectl delete namespace twentycrm
+```

packages/twenty-docker/helm/twenty/README.md

@@ -0,0 +1,78 @@
+# Twenty Helm Chart
+
+Deploy Twenty CRM on Kubernetes with configurable server, worker, PostgreSQL, and Redis components. The chart supports using Bitnami subcharts for PostgreSQL and Redis or bundled minimal internal deployments.
+
+## Features
+- Server and worker deployments with full env exposure via `values.yaml`.
+- Optional Bitnami `postgresql` and `redis` dependencies via conditions.
+- Internal lightweight Postgres (Spilo) and Redis when dependencies are disabled.
+- PVC-based persistence using dynamic storage classes (no static PV manifests).
+- Ingress with configurable annotations, hosts, and TLS.
+
+## Quick Start
+
+See [QUICKSTART.md](QUICKSTART.md) for a simple 2-line install with your domain.
+
+## Installing
+
+**Prerequisites:** Kubernetes 1.21+, Helm 3.8+, default StorageClass
+
+Internal DB + Redis (default):
+```bash
+helm install my-twenty ./packages/twenty-docker/helm/twenty \
+  --namespace twentycrm --create-namespace
+```
+
+Bitnami PostgreSQL/Redis:
+```bash
+helm repo add bitnami https://charts.bitnami.com/bitnami
+helm dependency build ./packages/twenty-docker/helm/twenty
+helm install my-twenty ./packages/twenty-docker/helm/twenty \
+  --namespace twentycrm --create-namespace \
+  --set postgresql.enabled=true \
+  --set redis.enabled=true
+```
+
+External DB/Redis:
+```bash
+helm install my-twenty ./packages/twenty-docker/helm/twenty \
+  --namespace twentycrm --create-namespace \
+  --set postgresql.enabled=false,db.enabled=false \
+  --set db.external.host=db.example.com \
+  --set redis.enabled=false,redisInternal.enabled=false
+```
+
+## Key Values
+
+
+See `values.yaml` for a comprehensive list.
+
+## Notes
+
+- Database URL and Redis URL are composed automatically from chart settings
+- Default database `twenty` is created via post-install hook
+- Access token auto-generated (32 chars) if not provided; reuses existing secret if present
+- TLS enabled by default via cert-manager (`acme: true`)
+- Requires default StorageClass for PVC provisioning
+## Testing
+
+```bash
+helm lint ./packages/twenty-docker/helm/twenty
+helm template my-twenty ./packages/twenty-docker/helm/twenty
+helm plugin install https://github.com/quintush/helm-unittest
+helm unittest ./packages/twenty-docker/helm/twenty
+```
+
+## Storage
+
+**Local (default):** Uses PVCs for persistence
+
+**S3:** Set `storage.type=s3` and provide credentials:
+```bash
+helm install my-twenty ./packages/twenty-docker/helm/twenty \
+  --set storage.type=s3 \
+  --set storage.s3.bucket=my-bucket \
+  --set storage.s3.region=us-east-1 \
+  --set storage.s3.accessKeyId=AKIA... \
+  --set storage.s3.secretAccessKey=secret
+```

packages/twenty-docker/helm/twenty/templates/NOTES.txt

@@ -0,0 +1,16 @@
+Thank you for installing Twenty!
+
+To access the application:
+
+- If ingress enabled:
+  - Primary host: {{ (index .Values.server.ingress.hosts 0).host | default "<set a host>" }}
+  - URL: {{ include "twenty.serverUrl" . }}
+- If ingress disabled: expose the service as needed (e.g., `kubectl port-forward svc/{{ include "twenty.fullname" . }}-server 3000:{{ .Values.server.service.port }}` or create a LoadBalancer/NodePort).
+
+Database:
+- Using Bitnami PostgreSQL: {{ ternary "yes" "no" .Values.postgresql.enabled }}
+- Using internal DB: {{ ternary "yes" "no" (and (not .Values.postgresql.enabled) .Values.db.enabled) }}
+
+Redis:
+- Using Bitnami Redis: {{ ternary "yes" "no" .Values.redis.enabled }}
+- Using internal Redis: {{ ternary "yes" "no" (and (not .Values.redis.enabled) .Values.redisInternal.enabled) }}

packages/twenty-docker/helm/twenty/templates/_helpers.tpl

@@ -0,0 +1,172 @@
+{{- define "twenty.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "twenty.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "twenty.namespace" -}}
+{{- if .Values.namespaceOverride -}}
+{{ .Values.namespaceOverride }}
+{{- else -}}
+{{ .Release.Namespace }}
+{{- end -}}
+{{- end -}}
+
+{{/* Server image fields merged with globals */}}
+{{- define "twenty.server.image" -}}
+{{- $repo := default $.Values.image.repository $.Values.server.image.repository -}}
+{{- $tag := default $.Values.image.tag $.Values.server.image.tag -}}
+{{- $pp := default $.Values.image.pullPolicy $.Values.server.image.pullPolicy -}}
+{{- printf "%s:%s|%s" $repo $tag $pp -}}
+{{- end -}}
+
+{{/* Worker image fields merged with globals */}}
+{{- define "twenty.worker.image" -}}
+{{- $repo := default $.Values.image.repository $.Values.worker.image.repository -}}
+{{- $tag := default $.Values.image.tag $.Values.worker.image.tag -}}
+{{- $pp := default $.Values.image.pullPolicy $.Values.worker.image.pullPolicy -}}
+{{- printf "%s:%s|%s" $repo $tag $pp -}}
+{{- end -}}
+
+{{/* Extract parts of image helper */}}
+{{- define "twenty.image.repository" -}}
+{{- regexFind "^([^:|]+)" . -}}
+{{- end -}}
+{{- define "twenty.image.tag" -}}
+{{- regexFind ":([^|]+)" . | trimPrefix ":" -}}
+{{- end -}}
+{{- define "twenty.image.pullPolicy" -}}
+{{- regexFind "\\|(.+)$" . | trimPrefix "|" -}}
+{{- end -}}
+
+{{/* Compose DB connection URL */}}
+{{- define "twenty.dbUrl" -}}
+{{- if .Values.server.env.PG_DATABASE_URL -}}
+{{- .Values.server.env.PG_DATABASE_URL -}}
+{{- else if .Values.postgresql.enabled -}}
+{{- $host := printf "%s-postgresql" (include "twenty.fullname" .) -}}
+{{- $user := .Values.postgresql.auth.username | default "postgres" -}}
+{{- $pass := .Values.postgresql.auth.password | default "postgres" -}}
+{{- $db := .Values.postgresql.auth.database | default "twenty" -}}
+{{- printf "postgres://%s:%s@%s.%s.svc.cluster.local/%s" $user $pass $host (include "twenty.namespace" .) $db -}}
+{{- else if and .Values.db.enabled (not .Values.postgresql.enabled) -}}
+{{- $host := printf "%s-db" (include "twenty.fullname" .) -}}
+{{- $db := .Values.db.internal.database | default "twenty" -}}
+{{- printf "postgres://postgres:postgres@%s.%s.svc.cluster.local/%s" $host (include "twenty.namespace" .) $db -}}
+{{- else -}}
+{{- $scheme := ternary "postgresql" "postgres" (eq .Values.db.external.ssl true) | default "postgres" -}}
+{{- $host := .Values.db.external.host -}}
+{{- $port := .Values.db.external.port | default 5432 -}}
+{{- $user := .Values.db.external.user | default "postgres" -}}
+{{- $pass := .Values.db.external.password | default "postgres" -}}
+{{- $db := .Values.db.external.database | default "twenty" -}}
+{{- printf "%s://%s:%s@%s:%v/%s" $scheme $user $pass $host $port $db -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Compose Redis URL */}}
+{{- define "twenty.redisUrl" -}}
+{{- if .Values.server.env.REDIS_URL -}}
+{{- .Values.server.env.REDIS_URL -}}
+{{- else if .Values.redis.enabled -}}
+{{- $host := printf "%s-redis-master" (include "twenty.fullname" .) -}}
+{{- printf "redis://%s.%s.svc.cluster.local:6379" $host (include "twenty.namespace" .) -}}
+{{- else if .Values.redisInternal.enabled -}}
+{{- $host := printf "%s-redis" (include "twenty.fullname" .) -}}
+{{- printf "redis://%s.%s.svc.cluster.local:6379" $host (include "twenty.namespace" .) -}}
+{{- else -}}
+{{- $host := .Values.redis.external.host | default "redis" -}}
+{{- $port := .Values.redis.external.port | default 6379 -}}
+{{- printf "redis://%s:%v" $host $port -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Compose Server URL from ingress, else service */}}
+{{- define "twenty.serverUrl" -}}
+{{- if and .Values.server.ingress.enabled (gt (len .Values.server.ingress.hosts) 0) -}}
+{{- $host := (index .Values.server.ingress.hosts 0).host -}}
+{{- $tls := gt (len .Values.server.ingress.tls) 0 -}}
+{{- $scheme := ternary "https" "http" $tls -}}
+{{- $port := ternary 443 80 $tls -}}
+{{- printf "%s://%s:%v" $scheme $host $port -}}
+{{- else -}}
+{{- $svc := printf "%s-server" (include "twenty.fullname" .) -}}
+{{- $ns := include "twenty.namespace" . -}}
+{{- $port := .Values.server.service.port | default 3000 -}}
+{{- printf "http://%s.%s.svc.cluster.local:%v" $svc $ns $port -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Tokens secret name */}}
+{{- define "twenty.secret.tokens.name" -}}
+{{- .Values.secrets.tokens.name | default "tokens" -}}
+{{- end -}}
+
+{{/* Access token value: reuse existing secret if present, else provided value, else generated */}}
+{{- define "twenty.secret.tokens.access" -}}
+{{- $name := include "twenty.secret.tokens.name" . -}}
+{{- $ns := include "twenty.namespace" . -}}
+{{- $existing := lookup "v1" "Secret" $ns $name -}}
+{{- if and $existing $existing.data.accessToken -}}
+{{- b64dec $existing.data.accessToken -}}
+{{- else if .Values.secrets.tokens.accessToken -}}
+{{- .Values.secrets.tokens.accessToken -}}
+{{- else -}}
+{{- randAlphaNum 32 -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Server container port: prefer env NODE_PORT, else service.port, else 3000 */}}
+{{- define "twenty.server.containerPort" -}}
+{{- if .Values.server.env.NODE_PORT -}}
+{{- .Values.server.env.NODE_PORT -}}
+{{- else if .Values.server.service.port -}}
+{{- .Values.server.service.port -}}
+{{- else -}}
+3000
+{{- end -}}
+{{- end -}}
+
+{{/* Storage type: prefer top-level storage.type, else legacy server.env.STORAGE_TYPE, else local */}}
+{{- define "twenty.storageType" -}}
+{{- if .Values.storage.type -}}
+{{- .Values.storage.type -}}
+{{- else if .Values.server.env.STORAGE_TYPE -}}
+{{- .Values.server.env.STORAGE_TYPE -}}
+{{- else -}}
+local
+{{- end -}}
+{{- end -}}
+
+{{/* Additional storage env vars (e.g., S3) */}}
+{{- define "twenty.storageEnv" -}}
+{{- if eq (include "twenty.storageType" .) "s3" -}}
+{{- with .Values.storage.s3.bucket }}
+- name: S3_BUCKET
+	value: {{ . | quote }}
+{{- end }}
+{{- with .Values.storage.s3.region }}
+- name: S3_REGION
+	value: {{ . | quote }}
+{{- end }}
+{{- with .Values.storage.s3.endpoint }}
+- name: S3_ENDPOINT
+	value: {{ . | quote }}
+{{- end }}
+{{- with .Values.storage.s3.accessKeyId }}
+- name: S3_ACCESS_KEY_ID
+	value: {{ . | quote }}
+{{- end }}
+{{- with .Values.storage.s3.secretAccessKey }}
+- name: S3_SECRET_ACCESS_KEY
+	value: {{ . | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}